From 86c3e390dd8969a540e13c9200ecfd18311e7498 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:36 +0530 Subject: [PATCH 001/137] [1password] - update ECS to 8.7.0 from 8.6.0 This updates the 1password integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/1password --- packages/1password/_dev/build/build.yml | 2 +- packages/1password/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-auditevents.json-expected.json | 6 +++--- .../audit_events/elasticsearch/ingest_pipeline/default.yml | 2 +- .../1password/data_stream/audit_events/sample_event.json | 2 +- .../_dev/test/pipeline/test-itemusages.json-expected.json | 4 ++-- .../item_usages/elasticsearch/ingest_pipeline/default.yml | 2 +- .../1password/data_stream/item_usages/sample_event.json | 2 +- .../test/pipeline/test-signinattempts.json-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../1password/data_stream/signin_attempts/sample_event.json | 2 +- packages/1password/docs/README.md | 6 +++--- packages/1password/manifest.yml | 2 +- 13 files changed, 23 insertions(+), 18 deletions(-) diff --git a/packages/1password/_dev/build/build.yml b/packages/1password/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/1password/_dev/build/build.yml +++ b/packages/1password/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 80e0c2e189a..19415285073 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.10.0" changes: - description: Add audit events to 1Password Events Reporting diff --git a/packages/1password/data_stream/audit_events/_dev/test/pipeline/test-auditevents.json-expected.json b/packages/1password/data_stream/audit_events/_dev/test/pipeline/test-auditevents.json-expected.json index 14cab23bf91..c61c6c267cc 100644 --- a/packages/1password/data_stream/audit_events/_dev/test/pipeline/test-auditevents.json-expected.json +++ b/packages/1password/data_stream/audit_events/_dev/test/pipeline/test-auditevents.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-24T21:16:52.827Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "suspend", @@ -67,7 +67,7 @@ { "@timestamp": "2022-10-24T21:16:52.827Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "suspend", @@ -129,4 +129,4 @@ } } ] -} +} \ No newline at end of file diff --git a/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 585e4555d92..38bba110557 100644 --- a/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/audit_events/sample_event.json b/packages/1password/data_stream/audit_events/sample_event.json index 4647d413c1f..218b9942cd0 100644 --- a/packages/1password/data_stream/audit_events/sample_event.json +++ b/packages/1password/data_stream/audit_events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", diff --git a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json index cbd063a0558..2451ce18fac 100644 --- a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json +++ b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-30T18:57:42.484Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reveal", @@ -76,7 +76,7 @@ { "@timestamp": "2021-08-30T19:10:00.123Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml index 6a113335f94..ad88bd8c125 100644 --- a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/item_usages/sample_event.json b/packages/1password/data_stream/item_usages/sample_event.json index 3612de4fe09..8db6e96333f 100644 --- a/packages/1password/data_stream/item_usages/sample_event.json +++ b/packages/1password/data_stream/item_usages/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", diff --git a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json index 2de0385b144..7c201d47a36 100644 --- a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json +++ b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-11T14:28:03.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success", @@ -78,7 +78,7 @@ { "@timestamp": "2021-08-11T15:04:22.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "credentials_failed", diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml index 1fa6de60b42..a8e6d3ad680 100644 --- a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/signin_attempts/sample_event.json b/packages/1password/data_stream/signin_attempts/sample_event.json index a8b4580caee..56ef6c88685 100644 --- a/packages/1password/data_stream/signin_attempts/sample_event.json +++ b/packages/1password/data_stream/signin_attempts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", diff --git a/packages/1password/docs/README.md b/packages/1password/docs/README.md index 12113dbc199..c05c12263e7 100644 --- a/packages/1password/docs/README.md +++ b/packages/1password/docs/README.md @@ -91,7 +91,7 @@ An example event for `signin_attempts` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", @@ -230,7 +230,7 @@ An example event for `item_usages` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", @@ -363,7 +363,7 @@ An example event for `audit_events` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "086ffa1b-8e21-4d62-84aa-125408782121", diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index d7c0042b513..685ab9eb70c 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password" -version: "1.10.0" +version: "1.11.0" license: basic description: Collect logs from 1Password with Elastic Agent. type: integration From 29c26b71f42250fb6ca07cba435ac5d2dffcfb80 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:36 +0530 Subject: [PATCH 002/137] [akamai] - update ECS to 8.7.0 from 8.6.0 This updates the akamai integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/akamai --- packages/akamai/_dev/build/build.yml | 2 +- packages/akamai/changelog.yml | 5 +++++ .../siem/_dev/test/pipeline/test-http-json.log-expected.json | 4 ++-- .../siem/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/akamai/data_stream/siem/sample_event.json | 2 +- packages/akamai/docs/README.md | 2 +- packages/akamai/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/akamai/_dev/build/build.yml b/packages/akamai/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/akamai/_dev/build/build.yml +++ b/packages/akamai/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 988c3d3cb75..2f4c735d84d 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json index 1af9c34e9ba..b6d4048618a 100644 --- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json @@ -107,7 +107,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml index 27c2d81bc69..81d736bdc58 100644 --- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml +++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Akamai logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/akamai/data_stream/siem/sample_event.json b/packages/akamai/data_stream/siem/sample_event.json index 8e9912964d3..c37cdf653a5 100644 --- a/packages/akamai/data_stream/siem/sample_event.json +++ b/packages/akamai/data_stream/siem/sample_event.json @@ -107,7 +107,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8f529f3f-731a-445a-be12-a74c00235b26", diff --git a/packages/akamai/docs/README.md b/packages/akamai/docs/README.md index c4a6bb14f47..220451a0807 100644 --- a/packages/akamai/docs/README.md +++ b/packages/akamai/docs/README.md @@ -257,7 +257,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8f529f3f-731a-445a-be12-a74c00235b26", diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index 02f77480904..aee203b0fe1 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: "2.4.1" +version: "2.5.0" release: ga description: Collect logs from Akamai with Elastic Agent. type: integration From ed275ad7d1fd2b1bb2455b3e7f159c121675ee6a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:38 +0530 Subject: [PATCH 003/137] [atlassian_bitbucket] - update ECS to 8.7.0 from 8.6.0 This updates the atlassian_bitbucket integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/atlassian_bitbucket --- .../atlassian_bitbucket/_dev/build/build.yml | 2 +- packages/atlassian_bitbucket/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 354 +++++++++--------- .../test-audit-files.log-expected.json | 204 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_bitbucket/docs/README.md | 2 +- packages/atlassian_bitbucket/manifest.yml | 2 +- 8 files changed, 289 insertions(+), 284 deletions(-) diff --git a/packages/atlassian_bitbucket/_dev/build/build.yml b/packages/atlassian_bitbucket/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/atlassian_bitbucket/_dev/build/build.yml +++ b/packages/atlassian_bitbucket/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index 174e06b336e..96e5e3786e2 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 09014585ccf..439fc824e0c 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -523,7 +523,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -688,7 +688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -892,7 +892,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1016,7 +1016,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1202,7 +1202,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1264,7 +1264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1326,7 +1326,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1401,7 +1401,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1470,7 +1470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1539,7 +1539,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1608,7 +1608,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", @@ -1728,7 +1728,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", @@ -1874,7 +1874,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -2097,7 +2097,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.license.audit.action.licensechanged", @@ -2164,7 +2164,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", @@ -2230,7 +2230,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2283,7 +2283,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2336,7 +2336,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2389,7 +2389,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2442,7 +2442,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2495,7 +2495,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2548,7 +2548,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2601,7 +2601,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2654,7 +2654,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2707,7 +2707,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2866,7 +2866,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2972,7 +2972,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3025,7 +3025,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3131,7 +3131,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3184,7 +3184,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3237,7 +3237,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3290,7 +3290,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3343,7 +3343,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3449,7 +3449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3502,7 +3502,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3714,7 +3714,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3767,7 +3767,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3820,7 +3820,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3873,7 +3873,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3926,7 +3926,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3979,7 +3979,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4032,7 +4032,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4085,7 +4085,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4191,7 +4191,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4244,7 +4244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4297,7 +4297,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4350,7 +4350,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4403,7 +4403,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4456,7 +4456,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4509,7 +4509,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4562,7 +4562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4615,7 +4615,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4668,7 +4668,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4721,7 +4721,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4774,7 +4774,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4827,7 +4827,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4880,7 +4880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4933,7 +4933,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4986,7 +4986,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5039,7 +5039,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5092,7 +5092,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5145,7 +5145,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5198,7 +5198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5251,7 +5251,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5304,7 +5304,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5357,7 +5357,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5410,7 +5410,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5463,7 +5463,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5516,7 +5516,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5569,7 +5569,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5622,7 +5622,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5675,7 +5675,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5728,7 +5728,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5781,7 +5781,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5834,7 +5834,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5887,7 +5887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5940,7 +5940,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5993,7 +5993,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6046,7 +6046,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6099,7 +6099,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6152,7 +6152,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6205,7 +6205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6258,7 +6258,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6311,7 +6311,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6364,7 +6364,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6417,7 +6417,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6470,7 +6470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6523,7 +6523,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6576,7 +6576,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6629,7 +6629,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6682,7 +6682,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6735,7 +6735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6788,7 +6788,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6841,7 +6841,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6894,7 +6894,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6947,7 +6947,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7000,7 +7000,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7053,7 +7053,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7106,7 +7106,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7159,7 +7159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7212,7 +7212,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7265,7 +7265,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7318,7 +7318,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7371,7 +7371,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7424,7 +7424,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7477,7 +7477,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7530,7 +7530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7583,7 +7583,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7636,7 +7636,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7689,7 +7689,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7742,7 +7742,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7795,7 +7795,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7848,7 +7848,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7901,7 +7901,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7954,7 +7954,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8007,7 +8007,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8060,7 +8060,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8113,7 +8113,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8166,7 +8166,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8219,7 +8219,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8272,7 +8272,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8325,7 +8325,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8378,7 +8378,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8431,7 +8431,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8484,7 +8484,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8537,7 +8537,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8590,7 +8590,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8643,7 +8643,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8696,7 +8696,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8749,7 +8749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8802,7 +8802,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8855,7 +8855,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8908,7 +8908,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8961,7 +8961,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9014,7 +9014,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9067,7 +9067,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9120,7 +9120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9173,7 +9173,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9226,7 +9226,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9279,7 +9279,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9332,7 +9332,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9385,7 +9385,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9438,7 +9438,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9491,7 +9491,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9544,7 +9544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9597,7 +9597,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9650,7 +9650,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9703,7 +9703,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9756,7 +9756,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9810,7 +9810,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", @@ -9860,7 +9860,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -9917,7 +9917,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.directorycreated", diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 48b82b0a4aa..83f1d507b3e 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", @@ -208,7 +208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", @@ -403,7 +403,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -545,7 +545,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -674,7 +674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -866,7 +866,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -930,7 +930,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -994,7 +994,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1058,7 +1058,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1269,7 +1269,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1333,7 +1333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -1423,7 +1423,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -1591,7 +1591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -1685,7 +1685,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", @@ -1764,7 +1764,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", @@ -1838,7 +1838,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", @@ -2005,7 +2005,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", @@ -2077,7 +2077,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2154,7 +2154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -2233,7 +2233,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -2304,7 +2304,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -2393,7 +2393,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", @@ -2481,7 +2481,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", @@ -2569,7 +2569,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", @@ -2659,7 +2659,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -2854,7 +2854,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.web.audit.action.logoutsuccess", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -2994,7 +2994,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3062,7 +3062,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -3203,7 +3203,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -3298,7 +3298,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", @@ -3398,7 +3398,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.created", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", @@ -3588,7 +3588,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -3729,7 +3729,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3806,7 +3806,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -3856,7 +3856,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled", @@ -3920,7 +3920,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", @@ -3999,7 +3999,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -4164,7 +4164,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", @@ -4233,7 +4233,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreationrequested", @@ -4307,7 +4307,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreated", @@ -4376,7 +4376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4450,7 +4450,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4524,7 +4524,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4603,7 +4603,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", @@ -4682,7 +4682,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", @@ -4756,7 +4756,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4845,7 +4845,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", @@ -4936,7 +4936,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", @@ -5027,7 +5027,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", @@ -5132,7 +5132,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", @@ -5222,7 +5222,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", @@ -5313,7 +5313,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", @@ -5404,7 +5404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", @@ -5494,7 +5494,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", @@ -5584,7 +5584,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", @@ -5674,7 +5674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", @@ -5765,7 +5765,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevoked", @@ -5856,7 +5856,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", @@ -5961,7 +5961,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", @@ -6036,7 +6036,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6103,7 +6103,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -6180,7 +6180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6244,7 +6244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", @@ -6323,7 +6323,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -6394,7 +6394,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -6488,7 +6488,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", @@ -6557,7 +6557,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6644,7 +6644,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", @@ -6731,7 +6731,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", @@ -6805,7 +6805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6872,7 +6872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -6949,7 +6949,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7018,7 +7018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeletionrequested", @@ -7092,7 +7092,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeleted", @@ -7159,7 +7159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7236,7 +7236,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7300,7 +7300,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectdeletionrequested", @@ -7369,7 +7369,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectdeleted", @@ -7436,7 +7436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7513,7 +7513,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7577,7 +7577,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectmodificationrequested", @@ -7664,7 +7664,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectmodified", @@ -7731,7 +7731,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7808,7 +7808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 40bee77fcb9..f96cb65aa41 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sample logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json index 9995588c437..8063bf26714 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json +++ b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/docs/README.md b/packages/atlassian_bitbucket/docs/README.md index 8f93308709c..13d4b5420e4 100644 --- a/packages/atlassian_bitbucket/docs/README.md +++ b/packages/atlassian_bitbucket/docs/README.md @@ -149,7 +149,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml index 86553fa476f..df65caaf517 100644 --- a/packages/atlassian_bitbucket/manifest.yml +++ b/packages/atlassian_bitbucket/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_bitbucket title: Atlassian Bitbucket -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from Atlassian Bitbucket with Elastic Agent. type: integration From 43e41e12a3360aca0b22571661f32c7312554a53 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:39 +0530 Subject: [PATCH 004/137] [atlassian_confluence] - update ECS to 8.7.0 from 8.6.0 This updates the atlassian_confluence integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/atlassian_confluence --- .../atlassian_confluence/_dev/build/build.yml | 2 +- packages/atlassian_confluence/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 364 +++++++++--------- .../test-audit-cloud.log-expected.json | 74 ++-- .../test-audit-files.log-expected.json | 128 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_confluence/docs/README.md | 2 +- packages/atlassian_confluence/manifest.yml | 2 +- 9 files changed, 293 insertions(+), 288 deletions(-) diff --git a/packages/atlassian_confluence/_dev/build/build.yml b/packages/atlassian_confluence/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/atlassian_confluence/_dev/build/build.yml +++ b/packages/atlassian_confluence/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index 68340c492c2..2014f794a36 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 84d9254e456..0bf8edcc1b3 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -199,7 +199,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -363,7 +363,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -609,7 +609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -691,7 +691,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -783,7 +783,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -981,7 +981,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1172,7 +1172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1370,7 +1370,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1462,7 +1462,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1561,7 +1561,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1660,7 +1660,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1851,7 +1851,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1950,7 +1950,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2049,7 +2049,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2148,7 +2148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2438,7 +2438,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2537,7 +2537,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2629,7 +2629,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2728,7 +2728,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2827,7 +2827,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3018,7 +3018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3117,7 +3117,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3216,7 +3216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3407,7 +3407,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3506,7 +3506,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3605,7 +3605,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3796,7 +3796,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3994,7 +3994,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4093,7 +4093,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4192,7 +4192,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4291,7 +4291,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4383,7 +4383,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4482,7 +4482,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4581,7 +4581,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4680,7 +4680,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4772,7 +4772,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4871,7 +4871,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4970,7 +4970,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5161,7 +5161,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5260,7 +5260,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5359,7 +5359,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5458,7 +5458,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5550,7 +5550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5649,7 +5649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5748,7 +5748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5941,7 +5941,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6028,7 +6028,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6115,7 +6115,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6289,7 +6289,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6376,7 +6376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6463,7 +6463,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6543,7 +6543,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6630,7 +6630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6717,7 +6717,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6891,7 +6891,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6978,7 +6978,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7058,7 +7058,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7145,7 +7145,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7232,7 +7232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7319,7 +7319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7399,7 +7399,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7486,7 +7486,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7573,7 +7573,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7660,7 +7660,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7740,7 +7740,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7827,7 +7827,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7914,7 +7914,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8001,7 +8001,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8081,7 +8081,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8168,7 +8168,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8255,7 +8255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8342,7 +8342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8422,7 +8422,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8509,7 +8509,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8596,7 +8596,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8683,7 +8683,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8763,7 +8763,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8850,7 +8850,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8937,7 +8937,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9024,7 +9024,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9104,7 +9104,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9184,7 +9184,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9271,7 +9271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9358,7 +9358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9445,7 +9445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9612,7 +9612,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9699,7 +9699,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9786,7 +9786,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9873,7 +9873,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9960,7 +9960,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10040,7 +10040,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10127,7 +10127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10214,7 +10214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10301,7 +10301,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10381,7 +10381,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10481,7 +10481,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.config.updated", @@ -10555,7 +10555,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -10638,7 +10638,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10721,7 +10721,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10804,7 +10804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10887,7 +10887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10970,7 +10970,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -11038,7 +11038,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -11113,7 +11113,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11208,7 +11208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11296,7 +11296,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11391,7 +11391,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11486,7 +11486,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11574,7 +11574,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11669,7 +11669,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11764,7 +11764,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11852,7 +11852,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11947,7 +11947,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12042,7 +12042,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12130,7 +12130,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12225,7 +12225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12320,7 +12320,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12408,7 +12408,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12686,7 +12686,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12781,7 +12781,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12876,7 +12876,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12964,7 +12964,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13059,7 +13059,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13154,7 +13154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13242,7 +13242,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13337,7 +13337,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13432,7 +13432,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13527,7 +13527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13615,7 +13615,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13710,7 +13710,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13805,7 +13805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13893,7 +13893,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13988,7 +13988,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14083,7 +14083,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14171,7 +14171,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14266,7 +14266,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14361,7 +14361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14449,7 +14449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14544,7 +14544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14639,7 +14639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14717,7 +14717,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14805,7 +14805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14909,7 +14909,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -15006,7 +15006,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15090,7 +15090,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15174,7 +15174,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15258,7 +15258,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15342,7 +15342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15426,7 +15426,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15510,7 +15510,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15594,7 +15594,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15666,7 +15666,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15741,7 +15741,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15906,7 +15906,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -15971,7 +15971,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -16034,7 +16034,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16097,7 +16097,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16170,7 +16170,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.renamed", @@ -16241,7 +16241,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.updated", @@ -16318,7 +16318,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.updated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 8faba223ee4..cdbc2030a28 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space logo uploaded", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space logo uploaded", @@ -128,7 +128,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space logo uploaded", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space configuration updated", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space created", @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space configuration updated", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space created", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -579,7 +579,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -820,7 +820,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -887,7 +887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -961,7 +961,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Group created", @@ -1247,7 +1247,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1395,7 +1395,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1465,7 +1465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Group created", @@ -1533,7 +1533,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1607,7 +1607,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1681,7 +1681,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1755,7 +1755,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1825,7 +1825,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Group created", @@ -1911,7 +1911,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space configuration updated", @@ -1988,7 +1988,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Space created", @@ -2047,7 +2047,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -2121,7 +2121,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -2208,7 +2208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -2354,7 +2354,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User details updated", @@ -2411,7 +2411,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User deactivated", @@ -2477,7 +2477,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Page archived", @@ -2540,7 +2540,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User details updated", @@ -2597,7 +2597,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User deactivated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 2661bf01d5c..02a82a1b36a 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -22,7 +22,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -540,7 +540,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -710,7 +710,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -795,7 +795,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -965,7 +965,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1050,7 +1050,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1135,7 +1135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1230,7 +1230,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1409,7 +1409,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1514,7 +1514,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1609,7 +1609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1698,7 +1698,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1793,7 +1793,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1888,7 +1888,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1977,7 +1977,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2072,7 +2072,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2256,7 +2256,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2446,7 +2446,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2535,7 +2535,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2725,7 +2725,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2909,7 +2909,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3099,7 +3099,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3188,7 +3188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3283,7 +3283,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3378,7 +3378,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3467,7 +3467,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3562,7 +3562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3657,7 +3657,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3746,7 +3746,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3841,7 +3841,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4025,7 +4025,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4120,7 +4120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4304,7 +4304,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4399,7 +4399,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4494,7 +4494,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4583,7 +4583,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4773,7 +4773,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4862,7 +4862,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4957,7 +4957,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5052,7 +5052,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5125,7 +5125,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -5192,7 +5192,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5273,7 +5273,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5345,7 +5345,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.global.settings.edited", @@ -5439,7 +5439,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -5530,7 +5530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5715,7 +5715,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 2015316757d..08117e92e42 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Confluence audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_confluence/data_stream/audit/sample_event.json b/packages/atlassian_confluence/data_stream/audit/sample_event.json index c5f8d8f0c8c..d5f4d3accc6 100644 --- a/packages/atlassian_confluence/data_stream/audit/sample_event.json +++ b/packages/atlassian_confluence/data_stream/audit/sample_event.json @@ -45,7 +45,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index d18b538400e..1af65bda6a9 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -168,7 +168,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index d08e7812bb7..f48ac2dbd08 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: "1.7.1" +version: "1.8.0" license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration From 514233a8a81da9ef2fd0b51fc537baaadf827ce1 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:41 +0530 Subject: [PATCH 005/137] [atlassian_jira] - update ECS to 8.7.0 from 8.6.0 This updates the atlassian_jira integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/atlassian_jira --- packages/atlassian_jira/_dev/build/build.yml | 2 +- packages/atlassian_jira/changelog.yml | 5 + .../pipeline/test-audit-api.log-expected.json | 196 +++++++++--------- .../test-audit-cloud.log-expected.json | 164 +++++++-------- .../test-audit-files.log-expected.json | 176 ++++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/atlassian_jira/docs/README.md | 2 +- packages/atlassian_jira/manifest.yml | 2 +- 9 files changed, 278 insertions(+), 273 deletions(-) diff --git a/packages/atlassian_jira/_dev/build/build.yml b/packages/atlassian_jira/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/atlassian_jira/_dev/build/build.yml +++ b/packages/atlassian_jira/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index 0f82b5b02cc..a6d9397dd38 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 3d9ec823d3a..831f64fb8d8 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:34:47.536Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -84,7 +84,7 @@ { "@timestamp": "2021-11-22T00:34:40.008Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -165,7 +165,7 @@ { "@timestamp": "2021-11-22T00:34:23.154Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", @@ -234,7 +234,7 @@ { "@timestamp": "2021-11-22T00:32:20.234Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -303,7 +303,7 @@ { "@timestamp": "2021-11-22T00:31:52.991Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -372,7 +372,7 @@ { "@timestamp": "2021-11-22T00:31:37.412Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -441,7 +441,7 @@ { "@timestamp": "2021-11-22T00:31:26.455Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -510,7 +510,7 @@ { "@timestamp": "2021-11-22T00:30:59.449Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -579,7 +579,7 @@ { "@timestamp": "2021-11-22T00:26:03.206Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -648,7 +648,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -717,7 +717,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -786,7 +786,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -860,7 +860,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.released", @@ -922,7 +922,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -996,7 +996,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -1064,7 +1064,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.project.created", @@ -1157,7 +1157,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -1219,7 +1219,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -1287,7 +1287,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1355,7 +1355,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1423,7 +1423,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1491,7 +1491,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1559,7 +1559,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1627,7 +1627,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1695,7 +1695,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1768,7 +1768,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1836,7 +1836,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1909,7 +1909,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1977,7 +1977,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2045,7 +2045,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2118,7 +2118,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2186,7 +2186,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2259,7 +2259,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2327,7 +2327,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2400,7 +2400,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2473,7 +2473,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2541,7 +2541,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2682,7 +2682,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2750,7 +2750,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2823,7 +2823,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2891,7 +2891,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2959,7 +2959,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3027,7 +3027,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3095,7 +3095,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3163,7 +3163,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3236,7 +3236,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3304,7 +3304,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3372,7 +3372,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3440,7 +3440,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3508,7 +3508,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3644,7 +3644,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3712,7 +3712,7 @@ { "@timestamp": "2021-11-22T00:08:34.072Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Board created", @@ -3774,7 +3774,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.filter.created", @@ -3869,7 +3869,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -3931,7 +3931,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -3999,7 +3999,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -4077,7 +4077,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4140,7 +4140,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4203,7 +4203,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4329,7 +4329,7 @@ { "@timestamp": "2021-11-22T00:07:09.088Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4402,7 +4402,7 @@ { "@timestamp": "2021-11-22T00:07:09.037Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4462,7 +4462,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4535,7 +4535,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4608,7 +4608,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4681,7 +4681,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4754,7 +4754,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4827,7 +4827,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4900,7 +4900,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4960,7 +4960,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5016,7 +5016,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5072,7 +5072,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5140,7 +5140,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5213,7 +5213,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5286,7 +5286,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5342,7 +5342,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5478,7 +5478,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5551,7 +5551,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5624,7 +5624,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5697,7 +5697,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -5772,7 +5772,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5845,7 +5845,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5918,7 +5918,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5991,7 +5991,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6064,7 +6064,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -6139,7 +6139,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.created", @@ -6233,7 +6233,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -6325,7 +6325,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6398,7 +6398,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6471,7 +6471,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6544,7 +6544,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6617,7 +6617,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.group.created", @@ -6681,7 +6681,7 @@ { "@timestamp": "2021-11-28T18:18:26.076Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.renamed", @@ -6752,7 +6752,7 @@ { "@timestamp": "2021-11-28T18:23:20.278Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.updated", @@ -6830,7 +6830,7 @@ { "@timestamp": "2021-11-28T18:23:13.741Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.updated", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 6108e9497ad..daf54e353b7 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-24T08:48:05.645Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project deleted", @@ -34,7 +34,7 @@ { "@timestamp": "2022-01-24T08:48:05.316Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme deleted", @@ -65,7 +65,7 @@ { "@timestamp": "2022-01-24T08:48:05.097Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -108,7 +108,7 @@ { "@timestamp": "2022-01-24T08:48:04.939Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -151,7 +151,7 @@ { "@timestamp": "2022-01-24T08:48:04.716Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -194,7 +194,7 @@ { "@timestamp": "2022-01-24T08:48:04.530Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -237,7 +237,7 @@ { "@timestamp": "2022-01-24T08:48:04.167Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -280,7 +280,7 @@ { "@timestamp": "2022-01-24T08:48:04.020Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow scheme deleted", @@ -311,7 +311,7 @@ { "@timestamp": "2022-01-24T08:48:03.965Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow deleted", @@ -342,7 +342,7 @@ { "@timestamp": "2022-01-24T08:48:03.371Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Notification scheme deleted", @@ -373,7 +373,7 @@ { "@timestamp": "2022-01-24T08:48:03.355Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project role deleted", @@ -404,7 +404,7 @@ { "@timestamp": "2022-01-24T08:48:03.339Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project role deleted", @@ -435,7 +435,7 @@ { "@timestamp": "2022-01-24T08:48:03.322Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project role deleted", @@ -466,7 +466,7 @@ { "@timestamp": "2022-01-24T08:48:03.305Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project role deleted", @@ -497,7 +497,7 @@ { "@timestamp": "2022-01-24T08:48:03.259Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Issue Security scheme deleted", @@ -528,7 +528,7 @@ { "@timestamp": "2022-01-24T08:48:03.223Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Permission scheme deleted", @@ -559,7 +559,7 @@ { "@timestamp": "2022-01-18T08:43:02.838Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -618,7 +618,7 @@ { "@timestamp": "2022-01-18T08:43:02.768Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -677,7 +677,7 @@ { "@timestamp": "2022-01-18T08:43:02.602Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ { "@timestamp": "2022-01-14T16:37:07.126Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -793,7 +793,7 @@ { "@timestamp": "2022-01-14T16:37:07.019Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -850,7 +850,7 @@ { "@timestamp": "2022-01-10T12:44:41.065Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User's password changed", @@ -904,7 +904,7 @@ { "@timestamp": "2022-01-06T09:49:07.418Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -947,7 +947,7 @@ { "@timestamp": "2022-01-05T07:23:49.369Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -981,7 +981,7 @@ { "@timestamp": "2022-01-05T07:23:49.162Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -1024,7 +1024,7 @@ { "@timestamp": "2021-12-13T14:10:35.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -1067,7 +1067,7 @@ { "@timestamp": "2021-12-10T11:57:29.971Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User's password changed", @@ -1121,7 +1121,7 @@ { "@timestamp": "2021-12-10T11:53:37.982Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-12-10T11:52:39.940Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Customer invited notification changed", @@ -1261,7 +1261,7 @@ { "@timestamp": "2021-12-07T17:15:05.069Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User created", @@ -1338,7 +1338,7 @@ { "@timestamp": "2021-12-07T17:03:54.188Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Customer permissions changed", @@ -1401,7 +1401,7 @@ { "@timestamp": "2021-12-07T16:56:48.122Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Request type deleted", @@ -1483,7 +1483,7 @@ { "@timestamp": "2021-12-07T16:56:24.940Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Request type deleted", @@ -1565,7 +1565,7 @@ { "@timestamp": "2021-12-07T16:56:07.861Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Request type deleted", @@ -1647,7 +1647,7 @@ { "@timestamp": "2021-12-07T16:54:03.906Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Request type deleted", @@ -1729,7 +1729,7 @@ { "@timestamp": "2021-12-07T16:46:02.950Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1788,7 +1788,7 @@ { "@timestamp": "2021-12-07T16:46:02.944Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1847,7 +1847,7 @@ { "@timestamp": "2021-12-07T16:46:02.939Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1906,7 +1906,7 @@ { "@timestamp": "2021-12-07T16:46:02.932Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User added to group", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-12-07T16:45:24.007Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Group created", @@ -2006,7 +2006,7 @@ { "@timestamp": "2021-12-07T16:29:41.490Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project created", @@ -2099,7 +2099,7 @@ { "@timestamp": "2021-12-07T16:29:38.789Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Custom email channel turned on", @@ -2165,7 +2165,7 @@ { "@timestamp": "2021-12-07T16:29:38.773Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud Email settings created", @@ -2221,7 +2221,7 @@ { "@timestamp": "2021-12-07T16:29:38.426Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud email channel turned on", @@ -2287,7 +2287,7 @@ { "@timestamp": "2021-12-07T16:29:36.956Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2376,7 +2376,7 @@ { "@timestamp": "2021-12-07T16:29:36.930Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2465,7 +2465,7 @@ { "@timestamp": "2021-12-07T16:29:36.903Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2554,7 +2554,7 @@ { "@timestamp": "2021-12-07T16:29:36.877Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2643,7 +2643,7 @@ { "@timestamp": "2021-12-07T16:29:36.849Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-12-07T16:29:36.823Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2821,7 +2821,7 @@ { "@timestamp": "2021-12-07T16:29:36.797Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2910,7 +2910,7 @@ { "@timestamp": "2021-12-07T16:29:36.770Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -2999,7 +2999,7 @@ { "@timestamp": "2021-12-07T16:29:36.743Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-12-07T16:29:36.717Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3177,7 +3177,7 @@ { "@timestamp": "2021-12-07T16:29:36.691Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3266,7 +3266,7 @@ { "@timestamp": "2021-12-07T16:29:36.664Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3355,7 +3355,7 @@ { "@timestamp": "2021-12-07T16:29:36.637Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3444,7 +3444,7 @@ { "@timestamp": "2021-12-07T16:29:36.609Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3533,7 +3533,7 @@ { "@timestamp": "2021-12-07T16:29:36.561Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3622,7 +3622,7 @@ { "@timestamp": "2021-12-07T16:29:36.529Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Project component created", @@ -3711,7 +3711,7 @@ { "@timestamp": "2021-12-07T16:29:36.499Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow scheme added to project", @@ -3771,7 +3771,7 @@ { "@timestamp": "2021-12-07T16:29:36.468Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -3833,7 +3833,7 @@ { "@timestamp": "2021-12-07T16:29:36.448Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -3888,7 +3888,7 @@ { "@timestamp": "2021-12-07T16:29:36.421Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow created", @@ -3954,7 +3954,7 @@ { "@timestamp": "2021-12-07T16:29:36.329Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -4016,7 +4016,7 @@ { "@timestamp": "2021-12-07T16:29:36.310Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -4071,7 +4071,7 @@ { "@timestamp": "2021-12-07T16:29:36.283Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow created", @@ -4137,7 +4137,7 @@ { "@timestamp": "2021-12-07T16:29:36.186Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow updated", @@ -4199,7 +4199,7 @@ { "@timestamp": "2021-11-18T10:58:11.410Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-18T10:58:11.132Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4333,7 +4333,7 @@ { "@timestamp": "2021-11-18T10:58:10.771Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow scheme added to project", @@ -4393,7 +4393,7 @@ { "@timestamp": "2021-11-18T10:58:10.754Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow scheme created", @@ -4459,7 +4459,7 @@ { "@timestamp": "2021-11-18T10:58:10.744Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Workflow created", @@ -4521,7 +4521,7 @@ { "@timestamp": "2021-11-18T10:58:10.473Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4588,7 +4588,7 @@ { "@timestamp": "2021-11-18T10:58:10.265Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4657,7 +4657,7 @@ { "@timestamp": "2021-11-18T10:58:10.174Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme added to project", @@ -4717,7 +4717,7 @@ { "@timestamp": "2021-11-18T10:58:10.146Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Field Configuration scheme created", @@ -4784,7 +4784,7 @@ { "@timestamp": "2021-11-18T10:58:10.114Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Issue Security scheme added to project", @@ -4844,7 +4844,7 @@ { "@timestamp": "2021-11-18T10:58:10.062Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Permission scheme added to project", @@ -4904,7 +4904,7 @@ { "@timestamp": "2021-11-17T16:00:37.374Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User updated", @@ -4951,7 +4951,7 @@ { "@timestamp": "2021-11-16T09:25:56.725Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "User updated", @@ -4998,7 +4998,7 @@ { "@timestamp": "2021-11-16T08:48:05.867Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Custom field created", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index da941b7aca1..83623ff9314 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.group.created", @@ -68,7 +68,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -143,7 +143,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -218,7 +218,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -293,7 +293,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -368,7 +368,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -462,7 +462,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.created", @@ -557,7 +557,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -632,7 +632,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -707,7 +707,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -782,7 +782,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -932,7 +932,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -1007,7 +1007,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1081,7 +1081,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1155,7 +1155,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1229,7 +1229,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1298,7 +1298,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1367,7 +1367,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1424,7 +1424,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1498,7 +1498,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1572,7 +1572,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1641,7 +1641,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1698,7 +1698,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1755,7 +1755,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -1817,7 +1817,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1891,7 +1891,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2039,7 +2039,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2113,7 +2113,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2187,7 +2187,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2261,7 +2261,7 @@ { "@timestamp": "2021-11-22T00:07:09.370Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -2323,7 +2323,7 @@ { "@timestamp": "2021-11-22T00:07:09.880Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2397,7 +2397,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2461,7 +2461,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2525,7 +2525,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2589,7 +2589,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2653,7 +2653,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -2801,7 +2801,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -2863,7 +2863,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.filter.created", @@ -2957,7 +2957,7 @@ { "@timestamp": "2021-11-22T00:08:34.720Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Board created", @@ -3019,7 +3019,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3157,7 +3157,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3226,7 +3226,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3295,7 +3295,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3364,7 +3364,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3433,7 +3433,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3502,7 +3502,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3645,7 +3645,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3714,7 +3714,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3783,7 +3783,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3852,7 +3852,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3921,7 +3921,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3995,7 +3995,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4064,7 +4064,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4133,7 +4133,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4207,7 +4207,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4276,7 +4276,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4350,7 +4350,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4424,7 +4424,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4493,7 +4493,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4567,7 +4567,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4636,7 +4636,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4710,7 +4710,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4779,7 +4779,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4848,7 +4848,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4922,7 +4922,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4991,7 +4991,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5065,7 +5065,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5134,7 +5134,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5203,7 +5203,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5272,7 +5272,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5341,7 +5341,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5479,7 +5479,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -5559,7 +5559,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -5621,7 +5621,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.project.created", @@ -5714,7 +5714,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -5783,7 +5783,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -5857,7 +5857,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.released", @@ -5931,7 +5931,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -6005,7 +6005,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.version.created", @@ -6074,7 +6074,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6145,7 +6145,7 @@ { "@timestamp": "2021-11-26T19:35:10.718Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.login.failed", @@ -6220,7 +6220,7 @@ { "@timestamp": "2021-11-26T19:33:29.363Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "jira.auditing.user.logged.in", diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 68b15bc748a..45cce84da82 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Jira audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/sample_event.json b/packages/atlassian_jira/data_stream/audit/sample_event.json index 2563c4f8fea..91e7e6b1ee4 100644 --- a/packages/atlassian_jira/data_stream/audit/sample_event.json +++ b/packages/atlassian_jira/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index c09d024d51c..426d1fcc745 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -135,7 +135,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index 705ca27801b..43bff80336a 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: "1.7.1" +version: "1.8.0" license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration From 4f8c67c949616c72d07ace1182bf3a164ecbf29c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:42 +0530 Subject: [PATCH 006/137] [auditd] - update ECS to 8.7.0 from 8.6.0 This updates the auditd integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/auditd --- packages/auditd/_dev/build/build.yml | 2 +- packages/auditd/changelog.yml | 5 + .../test-auditd-raw.log-expected.json | 94 +++++++++---------- .../test-auditd-useradd.log-expected.json | 16 ++-- .../test-truncated-execve.log-expected.json | 8 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../auditd/data_stream/log/sample_event.json | 2 +- packages/auditd/docs/README.md | 2 +- packages/auditd/manifest.yml | 2 +- 9 files changed, 69 insertions(+), 64 deletions(-) diff --git a/packages/auditd/_dev/build/build.yml b/packages/auditd/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/auditd/_dev/build/build.yml +++ b/packages/auditd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 630455b53ff..d2a14721ac9 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "3.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json index 85c5c6d2189..b9e327d6c03 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json @@ -15,7 +15,7 @@ "address": "192.168.0.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mac_ipsec_event", @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "syscall", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "proctitle", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "proctitle", @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "execve", @@ -465,7 +465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -497,7 +497,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -545,7 +545,7 @@ "runtime": "kvm" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -587,7 +587,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -669,7 +669,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -712,7 +712,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -797,7 +797,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -843,7 +843,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -937,7 +937,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1049,7 +1049,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1118,7 +1118,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1165,7 +1165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1251,7 +1251,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1284,7 +1284,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1335,7 +1335,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1436,7 +1436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1481,7 +1481,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1573,7 +1573,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1635,7 +1635,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1705,7 +1705,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1786,7 +1786,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cwd", @@ -1816,7 +1816,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "path", @@ -1840,7 +1840,7 @@ "log": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown[1329]", @@ -1870,7 +1870,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bprm_fcaps", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sockaddr", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ckaddr", @@ -1930,7 +1930,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -1962,7 +1962,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json index e533deed14b..243d2236f36 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -125,7 +125,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -343,7 +343,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -395,7 +395,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json index bf185a6f42d..53811bcaf0b 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "execve", @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "execve", @@ -131,7 +131,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "execve", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "execve", diff --git a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 53ea4448a29..945d8369b89 100644 --- a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index 5f7ed110155..92697190ff4 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "0e729d36-7ce3-4bd5-885c-ec10bc843703", diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index 785af8dffb7..72ae67b34fa 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -34,7 +34,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "0e729d36-7ce3-4bd5-885c-ec10bc843703", diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index 105aab5464a..434495cb127 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: "3.5.1" +version: "3.6.0" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration From ca52269839456a63602a0adc7006dc6ed8c2de32 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:43 +0530 Subject: [PATCH 007/137] [auditd_manager] - update ECS to 8.7.0 from 8.6.0 This updates the auditd_manager integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/auditd_manager --- packages/auditd_manager/_dev/build/build.yml | 2 +- packages/auditd_manager/changelog.yml | 5 +++ .../test-auditlogin-events.json-expected.json | 6 +-- .../test-centos7-events.json-expected.json | 16 ++++---- .../test-chown-events.json-expected.json | 2 +- .../test-passwd-events.json-expected.json | 8 ++-- .../test-setuid-events.json-expected.json | 6 +-- ...test-sudo-asuser-events.json-expected.json | 10 ++--- .../test-sudo-events.json-expected.json | 40 +++++++++---------- .../test-useradd-events.json-expected.json | 16 ++++---- .../test-userlogin-events.json-expected.json | 8 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/auditd/sample_event.json | 2 +- packages/auditd_manager/docs/README.md | 2 +- packages/auditd_manager/manifest.yml | 2 +- 15 files changed, 66 insertions(+), 61 deletions(-) diff --git a/packages/auditd_manager/_dev/build/build.yml b/packages/auditd_manager/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/auditd_manager/_dev/build/build.yml +++ b/packages/auditd_manager/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 7e5c6e64f11..0e207b17d01 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json index e24ed0e4f2b..d38091647f1 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json @@ -30,7 +30,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-login-id-to", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-login-id-to", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-login-id-to", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json index fa820a3cc11..81e0479e0ec 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started-session", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-group-account-to", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-user-account", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", @@ -644,7 +644,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json index 12b1ce2cbd3..5de2101a8f6 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json @@ -92,7 +92,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-file-ownership-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json index 54f5d76973a..9e96126ccf7 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-password", @@ -115,7 +115,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-password", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-password", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json index a5f5891e73a..b38d18f68d8 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-identity-of", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-identity-of", @@ -266,7 +266,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-identity-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json index b4375afc853..2e43a8375d9 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json index 0b292304004..1c13353fcb6 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started-session", @@ -400,7 +400,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -475,7 +475,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "acquired-credentials", @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -699,7 +699,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started-session", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "refreshed-credentials", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ran-command", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", @@ -990,7 +990,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -1066,7 +1066,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-role-to", @@ -1125,7 +1125,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started-session", @@ -1206,7 +1206,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "disposed-credentials", @@ -1281,7 +1281,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ended-session", @@ -1356,7 +1356,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "disposed-credentials", @@ -1431,7 +1431,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ended-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json index 888b07f8775..06d77472547 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json @@ -33,7 +33,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-group-account-to", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-group-account-to", @@ -190,7 +190,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-group-account-to", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-user-account", @@ -350,7 +350,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-password", @@ -506,7 +506,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -581,7 +581,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json index b49fb6373e9..7fa518f2714 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authenticated", @@ -247,7 +247,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "acquired-credentials", diff --git a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml index 81d9f521334..ddfea06730c 100644 --- a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: event.original target_field: auditd.messages diff --git a/packages/auditd_manager/data_stream/auditd/sample_event.json b/packages/auditd_manager/data_stream/auditd/sample_event.json index 30fd5a56a2c..525396f408d 100644 --- a/packages/auditd_manager/data_stream/auditd/sample_event.json +++ b/packages/auditd_manager/data_stream/auditd/sample_event.json @@ -72,7 +72,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/docs/README.md b/packages/auditd_manager/docs/README.md index 0c015fe2ee8..1cbe545840d 100644 --- a/packages/auditd_manager/docs/README.md +++ b/packages/auditd_manager/docs/README.md @@ -184,7 +184,7 @@ An example event for `auditd` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index d4fb816c96d..46812bc1b45 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auditd_manager title: "Auditd Manager" -version: "1.6.1" +version: "1.7.0" release: ga license: basic description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." From e59b325b128fa0f9a89208b5b75a2432b8880f1d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:44 +0530 Subject: [PATCH 008/137] [auth0] - update ECS to 8.7.0 from 8.6.0 This updates the auth0 integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/auth0 --- packages/auth0/_dev/build/build.yml | 2 +- packages/auth0/changelog.yml | 5 ++ .../test-login-failure.json-expected.json | 10 +-- .../test-login-success.json-expected.json | 44 +++++----- .../test-logout-success.json-expected.json | 6 +- .../test-mgmt-api-success.json-expected.json | 84 +++++++++---------- .../test-signup-failure.json-expected.json | 2 +- .../test-signup-success.json-expected.json | 10 +-- ...test-token-xchg-success.json-expected.json | 42 +++++----- ...est-user-behaviour-fail.json-expected.json | 4 +- ...-user-behaviour-success.json-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../auth0/data_stream/logs/sample_event.json | 2 +- packages/auth0/docs/README.md | 4 +- packages/auth0/manifest.yml | 2 +- 15 files changed, 113 insertions(+), 108 deletions(-) diff --git a/packages/auth0/_dev/build/build.yml b/packages/auth0/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/auth0/_dev/build/build.yml +++ b/packages/auth0/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index 4c54096bac6..1dad1869ee8 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json index 84a88ce43f2..80873292260 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-login", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-login", @@ -211,7 +211,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-login", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "invalid-username-or-email", @@ -360,7 +360,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "incorrect-password", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json index b6240313203..3339610e6fe 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json @@ -61,7 +61,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -516,7 +516,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -935,7 +935,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1051,7 +1051,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1295,7 +1295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1411,7 +1411,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1875,7 +1875,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -1991,7 +1991,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -2107,7 +2107,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -2223,7 +2223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", @@ -2479,7 +2479,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "successful-login", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json index e9ed499895b..55a3a09ef8f 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json @@ -24,7 +24,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logout-successful", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logout-successful", @@ -178,7 +178,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logout-successful", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json index 4c1f7b083b1..2e9d20eba28 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -680,7 +680,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -939,7 +939,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1280,7 +1280,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1519,7 +1519,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1623,7 +1623,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1733,7 +1733,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -1972,7 +1972,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2211,7 +2211,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2320,7 +2320,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2435,7 +2435,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2544,7 +2544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2646,7 +2646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2761,7 +2761,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2870,7 +2870,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -2972,7 +2972,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3065,7 +3065,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3175,7 +3175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3284,7 +3284,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3377,7 +3377,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3487,7 +3487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3690,7 +3690,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4006,7 +4006,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4122,7 +4122,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4361,7 +4361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4459,7 +4459,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4688,7 +4688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -4913,7 +4913,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5013,7 +5013,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5331,7 +5331,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5433,7 +5433,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op", @@ -5538,7 +5538,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", @@ -5639,7 +5639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json index 12a24d62760..a09b3b675c3 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json @@ -72,7 +72,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-signup-failed", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json index 28c5661aefa..feba398efae 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-signup", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-signup", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-signup", @@ -255,7 +255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-signup", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-signup", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json index 776d5402689..fa3b2c33500 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -88,7 +88,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -228,7 +228,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -298,7 +298,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -368,7 +368,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -438,7 +438,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -508,7 +508,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -578,7 +578,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -718,7 +718,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -788,7 +788,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -928,7 +928,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -998,7 +998,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1068,7 +1068,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1278,7 +1278,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1348,7 +1348,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1418,7 +1418,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json index d90f09519e2..89ee2f03bbe 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-to-send-email-notification", @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-to-send-email-notification", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json index b001b309c9c..36e8f25c5af 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sent-verification-email", diff --git a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index f90a1383552..2e96531051c 100644 --- a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Auth0 log stream events processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: auth0.logs.data copy_from: json.data diff --git a/packages/auth0/data_stream/logs/sample_event.json b/packages/auth0/data_stream/logs/sample_event.json index fa9ce88cdb5..9939077f1bc 100644 --- a/packages/auth0/data_stream/logs/sample_event.json +++ b/packages/auth0/data_stream/logs/sample_event.json @@ -83,7 +83,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index abff82e5ee3..2841c5aac66 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -111,7 +111,7 @@ The Auth0 logs dataset provides events from Auth0 log stream. All Auth0 log even | file.name | Name of the file including the extension, without the directory. | keyword | | file.path | Full path to the file, including the file name. It should include the drive letter, when appropriate. | keyword | | file.path.text | Multi-field of `file.path`. | match_only_text | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | Input type. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | @@ -256,7 +256,7 @@ An example event for `logs` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index 94c8151185a..43c541ce7a3 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0" -version: "1.4.1" +version: "1.5.0" license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration From 303b080a98e6f3c6822993b70f679896ab9b2a17 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:45 +0530 Subject: [PATCH 009/137] [azure_blob_storage] - update ECS to 8.7.0 This updates the azure_blob_storage integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/azure_blob_storage --- packages/azure_blob_storage/_dev/build/build.yml | 2 +- packages/azure_blob_storage/changelog.yml | 5 +++++ packages/azure_blob_storage/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/azure_blob_storage/_dev/build/build.yml b/packages/azure_blob_storage/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/azure_blob_storage/_dev/build/build.yml +++ b/packages/azure_blob_storage/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/azure_blob_storage/changelog.yml b/packages/azure_blob_storage/changelog.yml index 04c10e9ceec..a6633c1ecd4 100644 --- a/packages/azure_blob_storage/changelog.yml +++ b/packages/azure_blob_storage/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.1.0" changes: - description: Initial Release diff --git a/packages/azure_blob_storage/manifest.yml b/packages/azure_blob_storage/manifest.yml index 7940bd1887b..00b620b5758 100644 --- a/packages/azure_blob_storage/manifest.yml +++ b/packages/azure_blob_storage/manifest.yml @@ -3,7 +3,7 @@ name: azure_blob_storage title: Custom Azure Blob Storage Input description: Collect JSON data from configured Azure Blob Storage Container with Elastic Agent. type: integration -version: "0.1.0" +version: "0.2.0" conditions: kibana.version: "^8.6.2" categories: From d68430b4770a19305a2f9ca3b76846071ce726c0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:46 +0530 Subject: [PATCH 010/137] [azure_frontdoor] - update ECS to 8.7.0 from 8.6.0 This updates the azure_frontdoor integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/azure_frontdoor --- packages/azure_frontdoor/_dev/build/build.yml | 2 +- packages/azure_frontdoor/changelog.yml | 8 +++++--- .../_dev/test/pipeline/test-fdaccess.log-expected.json | 6 +++--- .../access/elasticsearch/ingest_pipeline/default.yml | 2 +- .../azure_frontdoor/data_stream/access/sample_event.json | 2 +- .../waf/_dev/test/pipeline/test-fdwaf.log-expected.json | 4 ++-- .../waf/elasticsearch/ingest_pipeline/default.yml | 2 +- .../azure_frontdoor/data_stream/waf/sample_event.json | 2 +- packages/azure_frontdoor/docs/README.md | 4 ++-- packages/azure_frontdoor/manifest.yml | 2 +- 10 files changed, 18 insertions(+), 16 deletions(-) diff --git a/packages/azure_frontdoor/_dev/build/build.yml b/packages/azure_frontdoor/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/azure_frontdoor/_dev/build/build.yml +++ b/packages/azure_frontdoor/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/azure_frontdoor/changelog.yml b/packages/azure_frontdoor/changelog.yml index 1c727263492..39ebdff6f77 100644 --- a/packages/azure_frontdoor/changelog.yml +++ b/packages/azure_frontdoor/changelog.yml @@ -1,5 +1,8 @@ -# newer versions go on top - +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.0.2" changes: - description: Modify default storage container name to avoid collisions @@ -10,4 +13,3 @@ - description: Initial draft of the package type: enhancement link: https://github.com/elastic/integrations/pull/2497 - diff --git a/packages/azure_frontdoor/data_stream/access/_dev/test/pipeline/test-fdaccess.log-expected.json b/packages/azure_frontdoor/data_stream/access/_dev/test/pipeline/test-fdaccess.log-expected.json index 9bbc286649d..a08b7201ca8 100644 --- a/packages/azure_frontdoor/data_stream/access/_dev/test/pipeline/test-fdaccess.log-expected.json +++ b/packages/azure_frontdoor/data_stream/access/_dev/test/pipeline/test-fdaccess.log-expected.json @@ -30,7 +30,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -129,7 +129,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml index 3b2a63bea27..ce40c6666b2 100644 --- a/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing azure frontdoor access logs processors: - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - set: field: event.category value: [network] diff --git a/packages/azure_frontdoor/data_stream/access/sample_event.json b/packages/azure_frontdoor/data_stream/access/sample_event.json index ed4a330c384..f884f14fdb1 100644 --- a/packages/azure_frontdoor/data_stream/access/sample_event.json +++ b/packages/azure_frontdoor/data_stream/access/sample_event.json @@ -40,7 +40,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d7426e8a-1535-4d9a-8f1e-1d5eab23567b", diff --git a/packages/azure_frontdoor/data_stream/waf/_dev/test/pipeline/test-fdwaf.log-expected.json b/packages/azure_frontdoor/data_stream/waf/_dev/test/pipeline/test-fdwaf.log-expected.json index c73cb83db27..579f53fef8b 100644 --- a/packages/azure_frontdoor/data_stream/waf/_dev/test/pipeline/test-fdwaf.log-expected.json +++ b/packages/azure_frontdoor/data_stream/waf/_dev/test/pipeline/test-fdwaf.log-expected.json @@ -24,7 +24,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Log", @@ -91,7 +91,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Block", diff --git a/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index 827f908bfd8..4372ed92683 100644 --- a/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing azure frontdoor waf logs processors: - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - set: field: event.category value: [network] diff --git a/packages/azure_frontdoor/data_stream/waf/sample_event.json b/packages/azure_frontdoor/data_stream/waf/sample_event.json index 7ae94c5b224..1c6ed8facad 100644 --- a/packages/azure_frontdoor/data_stream/waf/sample_event.json +++ b/packages/azure_frontdoor/data_stream/waf/sample_event.json @@ -34,7 +34,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "96bfc189-b7b0-43a7-8d45-a95fdac6425b", diff --git a/packages/azure_frontdoor/docs/README.md b/packages/azure_frontdoor/docs/README.md index 3e1c84cc016..e1cdb166c63 100644 --- a/packages/azure_frontdoor/docs/README.md +++ b/packages/azure_frontdoor/docs/README.md @@ -128,7 +128,7 @@ Users can also use this in case of a Hybrid Cloud model, where one may define th | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -260,7 +260,7 @@ Users can also use this in case of a Hybrid Cloud model, where one may define th | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/azure_frontdoor/manifest.yml b/packages/azure_frontdoor/manifest.yml index 4c39687c11e..aeca9b9de8d 100644 --- a/packages/azure_frontdoor/manifest.yml +++ b/packages/azure_frontdoor/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: azure_frontdoor title: "Azure Frontdoor" -version: 0.0.2 +version: "0.1.0" license: basic description: "This Elastic integration collects logs from Azure Frontdoor." type: integration From 5fd12ead664300e1692293b44f4b40b07a70c596 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:47 +0530 Subject: [PATCH 011/137] [barracuda] - update ECS to 8.7.0 from 8.6.0 This updates the barracuda integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/barracuda --- packages/barracuda/_dev/build/build.yml | 2 +- packages/barracuda/changelog.yml | 5 +++++ .../pipeline/test-access.log-expected.json | 12 ++++++------ .../test/pipeline/test-audit.log-expected.json | 4 ++-- .../test-network-firewall.log-expected.json | 8 ++++---- .../pipeline/test-system.log-expected.json | 18 +++++++++--------- .../test-web-firewall.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/waf/sample_event.json | 2 +- packages/barracuda/docs/README.md | 2 +- packages/barracuda/manifest.yml | 2 +- 11 files changed, 36 insertions(+), 31 deletions(-) diff --git a/packages/barracuda/_dev/build/build.yml b/packages/barracuda/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/barracuda/_dev/build/build.yml +++ b/packages/barracuda/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index e5a1c989946..a26c5877321 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.1.0" changes: - description: Add system log and audit log support diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-expected.json index b64514022d5..c87ce75d046 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-expected.json @@ -48,7 +48,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -181,7 +181,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -306,7 +306,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -438,7 +438,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -567,7 +567,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -689,7 +689,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-expected.json index 73bcaec3400..8d43927c378 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-expected.json @@ -33,7 +33,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -92,7 +92,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-network-firewall.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-network-firewall.log-expected.json index 49605bc9ed5..47ec6c86aad 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-network-firewall.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-network-firewall.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DENY", @@ -134,7 +134,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DENY", @@ -227,7 +227,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DENY", @@ -320,7 +320,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DENY", diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log-expected.json index 887e2cea8e5..e96e9f746f7 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -271,7 +271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-web-firewall.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-web-firewall.log-expected.json index f6b11d2088c..80a657ae9ed 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-web-firewall.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-web-firewall.log-expected.json @@ -44,7 +44,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOG", @@ -163,7 +163,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOG", @@ -283,7 +283,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOG", @@ -398,7 +398,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOG", @@ -514,7 +514,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DENY", diff --git a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index ef0101f82a8..44d8561d80e 100644 --- a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - grok: field: event.original patterns: diff --git a/packages/barracuda/data_stream/waf/sample_event.json b/packages/barracuda/data_stream/waf/sample_event.json index 253ed923409..3da164d6f1f 100644 --- a/packages/barracuda/data_stream/waf/sample_event.json +++ b/packages/barracuda/data_stream/waf/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11940e5d-16a1-424a-aeb2-97fb8029a5d0", diff --git a/packages/barracuda/docs/README.md b/packages/barracuda/docs/README.md index f5eb0d41ee5..5fa34825e37 100644 --- a/packages/barracuda/docs/README.md +++ b/packages/barracuda/docs/README.md @@ -55,7 +55,7 @@ An example event for `waf` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11940e5d-16a1-424a-aeb2-97fb8029a5d0", diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index ccccc7a9f77..ab10dee2ee2 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: barracuda title: "Barracuda Logs" -version: 1.1.0 +version: "1.2.0" description: Ingest Events from Barracuda Web Application Firewall type: integration categories: From bab65d2c75f33cd46923de07f5a7f1316e026ce4 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:48 +0530 Subject: [PATCH 012/137] [barracuda_cloudgen_firewall] - update ECS to 8.7.0 from 8.6.0 This updates the barracuda_cloudgen_firewall integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/barracuda_cloudgen_firewall --- packages/barracuda_cloudgen_firewall/_dev/build/build.yml | 2 +- packages/barracuda_cloudgen_firewall/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-firewall.log-expected.json | 2 +- .../log/_dev/test/pipeline/test-threat.log-expected.json | 6 +++--- .../log/_dev/test/pipeline/test-web.log-expected.json | 4 ++-- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/barracuda_cloudgen_firewall/docs/README.md | 2 +- packages/barracuda_cloudgen_firewall/manifest.yml | 2 +- 9 files changed, 16 insertions(+), 11 deletions(-) diff --git a/packages/barracuda_cloudgen_firewall/_dev/build/build.yml b/packages/barracuda_cloudgen_firewall/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/barracuda_cloudgen_firewall/_dev/build/build.yml +++ b/packages/barracuda_cloudgen_firewall/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/barracuda_cloudgen_firewall/changelog.yml b/packages/barracuda_cloudgen_firewall/changelog.yml index 37ea6cc0494..a3b664271c0 100644 --- a/packages/barracuda_cloudgen_firewall/changelog.yml +++ b/packages/barracuda_cloudgen_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Barracuda CloudGen Firewall as GA. diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json index d5efe171748..4e58049e1e0 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json @@ -32,7 +32,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "End", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json index e12ca9152f2..fc0d3e6475f 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -84,7 +84,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -160,7 +160,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json index ff231459774..d180d411b8d 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json @@ -27,7 +27,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "0", @@ -129,7 +129,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "0", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 60dec83bed2..bc9beac0b47 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Barracuda CloudGen Firewall processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Metadata about the origin of the event captured from the Lumberjack connection. - rename: diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json b/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json index ce85d3801cb..7ce866306d1 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "70e82165-776e-4b35-98b8-b0c9491f4b6e", diff --git a/packages/barracuda_cloudgen_firewall/docs/README.md b/packages/barracuda_cloudgen_firewall/docs/README.md index 27e4cbfccf0..04332c2721c 100644 --- a/packages/barracuda_cloudgen_firewall/docs/README.md +++ b/packages/barracuda_cloudgen_firewall/docs/README.md @@ -70,7 +70,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "70e82165-776e-4b35-98b8-b0c9491f4b6e", diff --git a/packages/barracuda_cloudgen_firewall/manifest.yml b/packages/barracuda_cloudgen_firewall/manifest.yml index b68163de3af..6b6ee3abc26 100644 --- a/packages/barracuda_cloudgen_firewall/manifest.yml +++ b/packages/barracuda_cloudgen_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda_cloudgen_firewall title: Barracuda CloudGen Firewall Logs -version: "1.0.0" +version: "1.1.0" description: Collect logs from Barracuda CloudGen Firewall devices with Elastic Agent. categories: ["network", "security", "firewall_security"] release: ga From 94ee31fa18a87d52bc5435f4eca94c7ad675aca5 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:49 +0530 Subject: [PATCH 013/137] [bluecoat] - update ECS to 8.7.0 from 8.6.0 This updates the bluecoat integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/bluecoat --- packages/bluecoat/_dev/build/build.yml | 2 +- packages/bluecoat/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/director/sample_event.json | 2 +- packages/bluecoat/docs/README.md | 2 +- packages/bluecoat/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/bluecoat/_dev/build/build.yml b/packages/bluecoat/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/bluecoat/_dev/build/build.yml +++ b/packages/bluecoat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 5e105438aef..a3122448394 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json index 8bcc63b1cc0..4c82eda72d7 100644 --- a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[1001]: kernel time sync enabled utl", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context quasiarc: liqua", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[5699]: Audit daemon rotating log files", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[5066]: Normal exit ehend", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context vol: luptat", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003ceumiu.medium\u003e Processing command: accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context nci: ofdeFin", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[6668]: Audit daemon rotating log files", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[1613]: Normal exit mvolu", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[2959]: ntpd gelit-r tatno", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[654]: Updated timestamp for job rmagni to sit", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dmd: : \u003c\u003ctenima.very-high\u003e Health state for metric\"seq3874.mail.domain\" \"quid\" changed to \"fug\", reason: \"success\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[2067]: Audit daemon rotating log files", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "pm[5969]: \u003c\u003ctquovol.very-high\u003e check_license_validity(), tae", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "logrotate: : ALERT exited abnormally with temUten", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sshd: : \u003c\u003cdun.medium\u003e error: Bind to port Duisau on psum failed: failure", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "configd: : \u003c\u003cend.medium\u003e itaut@rveli: command: accept", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003cluptat.low\u003e authd_signal_handler(), quam", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "xinetd[6547]: Started working: onproide available services", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "logrotate: : ALERT exited abnormally with tfug", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003curE.medium\u003e Processing command: deny", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rsyslogd: : Warning: rehe", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sshd: : \u003c\u003cstiae.medium\u003e error: Bind to port erc on amqu failed: unknown", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[4515]: ntpd emp-r aperia", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context run: vol", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "logrotate: : ALERT exited abnormally with mporain", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003cmpori.very-high\u003e connect: atu", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cmd: : \u003c\u003ctexp.medium\u003e cmd starting adeseru", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cli[7108]: \u003c\u003c-uam.low\u003e tmo@::fficiade:10.2.53.125 : CLI launched", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "pm[7061]: \u003c\u003cihilmo.very-high\u003e ntpd will start in tlabo", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "poller[795]: \u003c\u003coluptate.low\u003e Querying content system for job results.", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "runner[6134]: \u003c\u003cedo.very-high\u003e Processing command: allow", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "epmd: : epmd: epmd running orpor", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "runner[602]: \u003c\u003cemvel.very-high\u003e Failed to exec olup", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "shutdown[2807]: shutting down non", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "configd: : \u003c\u003cugiatnu.high\u003e sperna@sintocc: command: cancel", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[2986]: Audit daemon rotating log files", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "configd: : \u003c\u003cccaecat.medium\u003e CREATE onsequ", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[1243]: Audit daemon rotating log files", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "xinetd[6599]: Started working: naal available services", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "xinetd[5850]: Started working: rQu available services", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003cboree.low\u003e queips: undefined symbol: ncidi", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003color.very-high\u003e authd_close(): npr", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[6373]: Anacron 1.3962 started on epre", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cli[3979]: \u003c\u003c-iduntu.medium\u003e temUt@avol752.www5.test : Processing command accept", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cmd: : \u003c\u003camc.medium\u003e cmd starting isiuta", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccd: : \u003c\u003colab.low\u003e Device elitse6672.internal.localdomain: mquisno", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "runner[1859]: \u003c\u003ctasnulap.high\u003e Failed to exec umSe", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "shutdown[6110]: shutting down itau", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sshd[2415]: PAM lorsita more authentication failure; dolore", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rsyslogd: : Warning: tio", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cli[802]: \u003c\u003c-gnaaliqu.very-high\u003e velillu@::cteturad:10.18.204.87 : Processing a secure command...", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003creprehe.high\u003e connect: inimveni", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003clitani.low\u003e authd_close(): psumqu", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "runner[2558]: \u003c\u003cicabo.high\u003e Failed to exec edquiac", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[4538]: Updated timestamp for job remips to uisaute", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "auditd[6837]: Audit daemon rotating log files", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "pm[1493]: \u003c\u003cetdolor.high\u003e print_msg(), dic", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "configd: : \u003c\u003cavolupt.low\u003e Device \"itation4168.api.domain\" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "epmd: : epmd: invalid packet size (mquae)", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "runner[429]: \u003c\u003ccorpori.very-high\u003e File reading failed", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "shutdown[7595]: shutting down emqu", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003cleumiur.low\u003e The HB command is accept", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003cest.very-high\u003e authd_signal_handler(), isetquas", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003cpsaqua.medium\u003e authd_signal_handler(), gnaal", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "logrotate: : ALERT exited abnormally with voluptas", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[627]: ntpd exiting on signal orin", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context ecillu: mmodoc", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cli[1140]: \u003c\u003c-abore.high\u003e modocon@ipsu3680.mail.test : Processing command: deny", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sshd: : bad username mquisn", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[1313]: ntpd derit-r orese", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccd: : \u003c\u003cleumiur.medium\u003e Device Communication Daemon online", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rsyslogd: : Warning: moles", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "restorecond: : Reset file context olup: aco", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "shutdown[609]: shutting down ser", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[2991]: ntpd orinrep-r quiavol", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dmd: : \u003c\u003cquin.medium\u003e inserted device id = sBonor2001.www5.example and serial number = amc into DB", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccd: : \u003c\u003came.very-high\u003e ccd_handle_read_failure(), uid", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cmd: : \u003c\u003cscivel.high\u003e cmd starting lmolesti", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dmd: : \u003c\u003cemaperia.high\u003e inserted device id = ersp6625.internal.domain and serial number = seq into DB", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cmd: : \u003c\u003ctanimid.medium\u003e cmd starting uipexe", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003core.low\u003e The HB command is cancel", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[7360]: Normal exit tperspic", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dmd: : \u003c\u003cict.very-high\u003e Filter on (tetura) things. riosamni", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccd: : \u003c\u003cumetMa.low\u003e Device eleumiu2454.api.local: tat", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "schedulerd: : \u003c\u003clumqu.very-high\u003e System time changed, recomputing job run times.", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "xinetd[3450]: Started working: aconsequ available services", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "authd: : \u003c\u003csequat.high\u003e handle_authd unknown message =utemvel", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rsyslogd: : Warning: iusm", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[16]: time reset stquido", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccd: : \u003c\u003caaliq.high\u003e Device olu5333.www.domain: orumSe", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "anacron[80]: Normal exit ici", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[7612]: kernel time sync enabled nturmag", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "schedulerd: : \u003c\u003cici.very-high\u003e Executing Job \"tquo\" execution iatnu", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "logrotate: : ALERT exited abnormally with ntut", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "poller[7151]: \u003c\u003cess.high\u003e Querying content system for job results.", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntpd[2314]: ntpd litanim-r rQuisaut", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "heartbeat: : \u003c\u003cmetco.high\u003e Processing command: block", "tags": [ diff --git a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml index 370d60b4ec8..37c29baaf95 100644 --- a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Blue Coat Director processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/bluecoat/data_stream/director/sample_event.json b/packages/bluecoat/data_stream/director/sample_event.json index 857c06b785c..3a266c9e7cd 100644 --- a/packages/bluecoat/data_stream/director/sample_event.json +++ b/packages/bluecoat/data_stream/director/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/bluecoat/docs/README.md b/packages/bluecoat/docs/README.md index 2c0028e8372..5dfdcb8459e 100644 --- a/packages/bluecoat/docs/README.md +++ b/packages/bluecoat/docs/README.md @@ -72,7 +72,7 @@ The `director` dataset collects Blue Coat Director logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index 21068bfb7db..0f27552a589 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: "0.12.1" +version: "0.13.0" description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security", "proxy_security"] release: experimental From bba42df41f45bb923b57b4c132c12b2c69000862 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:50 +0530 Subject: [PATCH 014/137] [box_events] - update ECS to 8.7.0 from 8.6.0 This updates the box_events integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/box_events --- packages/box_events/_dev/build/build.yml | 2 +- packages/box_events/changelog.yml | 5 + .../test-anomalous-download.log-expected.json | 2 +- .../test/pipeline/test-copy.log-expected.json | 2 +- .../pipeline/test-create.log-expected.json | 2 +- .../pipeline/test-download.log-expected.json | 2 +- .../test-event-types.log-expected.json | 260 +++++++++--------- .../test-malicious-content.log-expected.json | 2 +- .../pipeline/test-preview.log-expected.json | 2 +- .../pipeline/test-rename.log-expected.json | 2 +- ...est-suspicious-locations.log-expected.json | 2 +- ...test-suspicious-sessions.log-expected.json | 2 +- .../pipeline/test-trash.log-expected.json | 2 +- .../pipeline/test-upload.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/events/sample_event.json | 2 +- packages/box_events/manifest.yml | 2 +- 17 files changed, 150 insertions(+), 145 deletions(-) diff --git a/packages/box_events/_dev/build/build.yml b/packages/box_events/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/box_events/_dev/build/build.yml +++ b/packages/box_events/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/box_events/changelog.yml b/packages/box_events/changelog.yml index 8564a209847..7329640b066 100644 --- a/packages/box_events/changelog.yml +++ b/packages/box_events/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Box Events as GA. diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-anomalous-download.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-anomalous-download.log-expected.json index d5fe53df4df..50913c67234 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-anomalous-download.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-anomalous-download.log-expected.json @@ -47,7 +47,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json index 6bf03badd80..bd29bbd38b3 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_COPY", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json index a86926e6431..bbd65a50d6a 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_CREATE", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json index f7349e321ff..8d067542ee8 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json @@ -71,7 +71,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_DOWNLOAD", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json index c06da4f5b69..ec2faebea79 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACCESS_GRANTED", @@ -21,7 +21,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACCESS_REVOKED", @@ -40,7 +40,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_DEVICE_ASSOCIATION", @@ -59,7 +59,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_LOGIN_ACTIVITY_DEVICE", @@ -79,7 +79,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADMIN_LOGIN", @@ -97,7 +97,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "APPLICATION_CREATED", @@ -115,7 +115,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "APPLICATION_PUBLIC_KEY_ADDED", @@ -135,7 +135,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "APPLICATION_PUBLIC_KEY_DELETED", @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ADMIN_ROLE", @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_FOLDER_PERMISSION", @@ -192,7 +192,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLABORATION_ACCEPT", @@ -211,7 +211,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLABORATION_EXPIRATION", @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLABORATION_INVITE", @@ -249,7 +249,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLABORATION_REMOVE", @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLABORATION_ROLE_CHANGE", @@ -287,7 +287,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLAB_ADD_COLLABORATOR", @@ -306,7 +306,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLAB_INVITE_COLLABORATOR", @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLAB_REMOVE_COLLABORATOR", @@ -343,7 +343,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COLLAB_ROLE_CHANGE", @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMMENT_CREATE", @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMMENT_DELETE", @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_ACCESS", @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_ABNORMAL_DOWNLOAD_ACTIVITY", @@ -437,7 +437,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_AUTOMATION_ADD", @@ -455,7 +455,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_AUTOMATION_DELETE", @@ -473,7 +473,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_POLICY_ADD", @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_SHARING_POLICY_VIOLATION", @@ -512,7 +512,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CONTENT_WORKFLOW_UPLOAD_POLICY_VIOLATION", @@ -532,7 +532,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COPY", @@ -550,7 +550,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DATA_RETENTION_CREATE_RETENTION", @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DATA_RETENTION_REMOVE_RETENTION", @@ -588,7 +588,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE", @@ -606,7 +606,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_USER", @@ -625,7 +625,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DEVICE_TRUST_CHECK_FAILED", @@ -645,7 +645,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DOWNLOAD", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EDIT", @@ -682,7 +682,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EDIT_USER", @@ -700,7 +700,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EMAIL_ALIAS_CONFIRM", @@ -718,7 +718,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EMAIL_ALIAS_REMOVE", @@ -736,7 +736,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_TWO_FACTOR_AUTH", @@ -754,7 +754,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENTERPRISE_APP_AUTHORIZATION_UPDATE", @@ -773,7 +773,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FAILED_LOGIN", @@ -793,7 +793,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FILE_MARKED_MALICIOUS", @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FILE_WATERMARKED_DOWNLOAD", @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_ADD_ITEM", @@ -849,7 +849,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_ADD_USER", @@ -868,7 +868,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_CREATION", @@ -887,7 +887,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_DELETION", @@ -906,7 +906,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_EDITED", @@ -925,7 +925,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_REMOVE_ITEM", @@ -944,7 +944,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_REMOVE_USER", @@ -964,7 +964,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_COPY", @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_CREATE", @@ -1000,7 +1000,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_DOWNLOAD", @@ -1018,7 +1018,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_MAKE_CURRENT_VERSION", @@ -1037,7 +1037,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_MODIFY", @@ -1055,7 +1055,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_MOVE", @@ -1074,7 +1074,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_OPEN", @@ -1092,7 +1092,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_PREVIEW", @@ -1110,7 +1110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_RENAME", @@ -1129,7 +1129,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_SHARED", @@ -1148,7 +1148,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_SHARED_CREATE", @@ -1167,7 +1167,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_SHARED_UNSHARE", @@ -1186,7 +1186,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_SHARED_UPDATE", @@ -1205,7 +1205,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_SYNC", @@ -1224,7 +1224,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_TRASH", @@ -1243,7 +1243,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_UNDELETE_VIA_TRASH", @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_UNSYNC", @@ -1281,7 +1281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_UPLOAD", @@ -1299,7 +1299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LEGAL_HOLD_ASSIGNMENT_CREATE", @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LEGAL_HOLD_ASSIGNMENT_DELETE", @@ -1337,7 +1337,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LEGAL_HOLD_POLICY_CREATE", @@ -1356,7 +1356,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LEGAL_HOLD_POLICY_DELETE", @@ -1375,7 +1375,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LEGAL_HOLD_POLICY_UPDATE", @@ -1394,7 +1394,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOCK", @@ -1413,7 +1413,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOCK_CREATE", @@ -1432,7 +1432,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOCK_DESTROY", @@ -1451,7 +1451,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN", @@ -1469,7 +1469,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MASTER_INVITE_ACCEPT", @@ -1487,7 +1487,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MASTER_INVITE_REJECT", @@ -1505,7 +1505,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_INSTANCE_CREATE", @@ -1523,7 +1523,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_INSTANCE_DELETE", @@ -1541,7 +1541,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_INSTANCE_UPDATE", @@ -1559,7 +1559,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_TEMPLATE_CREATE", @@ -1577,7 +1577,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_TEMPLATE_DELETE", @@ -1595,7 +1595,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "METADATA_TEMPLATE_UPDATE", @@ -1613,7 +1613,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOVE", @@ -1632,7 +1632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NEW_USER", @@ -1650,7 +1650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PREVIEW", @@ -1668,7 +1668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_DEVICE_ASSOCIATION", @@ -1686,7 +1686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_LOGIN_ACTIVITY_DEVICE", @@ -1705,7 +1705,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME", @@ -1724,7 +1724,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RETENTION_POLICY_ASSIGNMENT_ADD", @@ -1743,7 +1743,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHARE", @@ -1762,7 +1762,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHARE_EXPIRATION", @@ -1781,7 +1781,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_ALERT", @@ -1799,7 +1799,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED", @@ -1818,7 +1818,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED_MISSING_JUSTIFICATION", @@ -1837,7 +1837,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED", @@ -1856,7 +1856,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED_MISSING_JUSTIFICATION", @@ -1875,7 +1875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_JUSTIFICATION_APPROVAL", @@ -1894,7 +1894,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_ASSIGNED", @@ -1913,7 +1913,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_CANCELLED", @@ -1932,7 +1932,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_COMPLETED", @@ -1951,7 +1951,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_CONVERTED", @@ -1970,7 +1970,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_CREATED", @@ -1989,7 +1989,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_DECLINED", @@ -2008,7 +2008,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_EXPIRED", @@ -2027,7 +2027,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_SIGNED", @@ -2046,7 +2046,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGN_DOCUMENT_VIEWED_BY_SIGNED", @@ -2065,7 +2065,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGNER_DOWNLOADED", @@ -2084,7 +2084,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIGNER_FORWARDED", @@ -2103,7 +2103,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "STORAGE_EXPIRATION", @@ -2121,7 +2121,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TAG_ITEM_CREATE", @@ -2140,7 +2140,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TASK_ASSIGNMENT_CREATE", @@ -2160,7 +2160,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TASK_ASSIGNMENT_DELETE", @@ -2180,7 +2180,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TASK_ASSIGNMENT_UPDATE", @@ -2200,7 +2200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TASK_CREATE", @@ -2219,7 +2219,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TASK_UPDATE", @@ -2238,7 +2238,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TERMS_OF_SERVICE_ACCEPT", @@ -2257,7 +2257,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TERMS_OF_SERVICE_REJECT", @@ -2276,7 +2276,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNDELETE", @@ -2294,7 +2294,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNLOCK", @@ -2312,7 +2312,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNSHARE", @@ -2331,7 +2331,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_COLLABORATION_EXPIRATION", @@ -2351,7 +2351,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_SHARE_EXPIRATION", @@ -2370,7 +2370,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPLOAD", @@ -2388,7 +2388,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_AUTHENTICATE_OAUTH2_ACCESS_TOKEN_CREATE", @@ -2408,7 +2408,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "WATERMARK_LABEL_CREATE", @@ -2427,7 +2427,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "WATERMARK_LABEL_DELETE", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-malicious-content.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-malicious-content.log-expected.json index 8077cc0ec3a..c868dc2edc8 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-malicious-content.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-malicious-content.log-expected.json @@ -61,7 +61,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json index c21be1c1a10..0a899c88ce2 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json @@ -71,7 +71,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_PREVIEW", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json index 847be1b8afe..c2ac56b83f8 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_RENAME", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-locations.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-locations.log-expected.json index 52a4940b0b7..4b68e7e3b10 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-locations.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-locations.log-expected.json @@ -19,7 +19,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-sessions.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-sessions.log-expected.json index ca7752d5892..430dfe60c6c 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-sessions.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-suspicious-sessions.log-expected.json @@ -22,7 +22,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json index 872615b35d6..16007a640a4 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json @@ -49,7 +49,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_TRASH", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json index e977d933cff..f85fe63e4a6 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ITEM_UPLOAD", diff --git a/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 120d82a5c76..c926080bf2d 100644 --- a/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Events processors: - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/events/sample_event.json b/packages/box_events/data_stream/events/sample_event.json index ad07c49af3f..0249c047234 100644 --- a/packages/box_events/data_stream/events/sample_event.json +++ b/packages/box_events/data_stream/events/sample_event.json @@ -57,7 +57,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "52ca6e8b-8f09-4ce6-a173-ec44c538809f", diff --git a/packages/box_events/manifest.yml b/packages/box_events/manifest.yml index c0ec7ee2b7c..06ade20d03d 100644 --- a/packages/box_events/manifest.yml +++ b/packages/box_events/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: box_events title: Box Events -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: "Collect logs from Box with Elastic Agent" From 7186789da042fb3dc5677846abcba5e3f6efad0d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:52 +0530 Subject: [PATCH 015/137] [carbon_black_cloud] - update ECS to 8.7.0 from 8.6.0 This updates the carbon_black_cloud integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/carbon_black_cloud --- .../carbon_black_cloud/_dev/build/build.yml | 2 +- packages/carbon_black_cloud/changelog.yml | 5 ++++ .../pipeline/test-alert.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alert/sample_event.json | 2 +- ...et-vulnerability-summary.log-expected.json | 16 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../sample_event.json | 2 +- .../pipeline/test-audit.log-expected.json | 14 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../test-endpoint-event.log-expected.json | 30 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../endpoint_event/sample_event.json | 2 +- .../test-watchlist-hit.log-expected.json | 12 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../watchlist_hit/sample_event.json | 2 +- packages/carbon_black_cloud/docs/README.md | 10 +++---- packages/carbon_black_cloud/manifest.yml | 2 +- 19 files changed, 61 insertions(+), 56 deletions(-) diff --git a/packages/carbon_black_cloud/_dev/build/build.yml b/packages/carbon_black_cloud/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/carbon_black_cloud/_dev/build/build.yml +++ b/packages/carbon_black_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 9d0c8a1142b..3ccfded1601 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index 06e8716ebd1..4bd4b5b4159 100644 --- a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "end": "2021-01-04T23:25:58.000Z", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "end": "2020-11-17T22:02:16.000Z", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "end": "2021-01-04T22:22:42.000Z", diff --git a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 049fe05e34e..63599707575 100644 --- a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/alert/sample_event.json b/packages/carbon_black_cloud/data_stream/alert/sample_event.json index 68d61206e70..3cbefa3fd5b 100644 --- a/packages/carbon_black_cloud/data_stream/alert/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/alert/sample_event.json @@ -53,7 +53,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json index b03818f3790..ecc4efbe034 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -312,7 +312,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml index ebc5e148b09..31c9ea0eb4f 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: state diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json index a225397a882..72a9b8dc359 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", diff --git a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 39fa15e8a39..1279491d6a1 100644 --- a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "16xxxxxxxxxx8ac7bd", @@ -51,7 +51,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "21xxxxxxxxxx93ff7c", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "28xxxxxxxxxx8ac7bd", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "34xxxxxxxxxxd9ccf9", @@ -159,7 +159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "3axxxxxxxxxx2e5035", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "32xxxxxxxxxx189c6d", @@ -231,7 +231,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "a9xxxxxxxxxx4b3d2c", diff --git a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 37fe69af46f..2e117b29eaa 100644 --- a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/audit/sample_event.json b/packages/carbon_black_cloud/data_stream/audit/sample_event.json index 8094cb6976d..85eb5a728af 100644 --- a/packages/carbon_black_cloud/data_stream/audit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/audit/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index 3cb137b222c..81d0f92aa57 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CREATE_KEY", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_WRITE_VALUE", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -504,7 +504,7 @@ "path": "c:\\windows\\system32\\fltlib.dll" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -625,7 +625,7 @@ "path": "c:\\windows\\system32\\dnsapi.dll" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -867,7 +867,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1067,7 +1067,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1162,7 +1162,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE", @@ -1260,7 +1260,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE", @@ -1362,7 +1362,7 @@ "port": 62909 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CONNECTION_CREATE", @@ -1470,7 +1470,7 @@ "port": 9716 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", @@ -1588,7 +1588,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_LOAD_SCRIPT", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index 51a1fa76395..8091f4b9823 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json index d0ca7661770..271b237b29f 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "carbon_black_cloud": { "endpoint_event": { diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json index 754120ff8ef..e5883e53731 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -683,7 +683,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml index f3e5aa9b517..9bb3767bdaa 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud watchlist hit. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json index 3fab6c773af..52349893bc1 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json @@ -18,7 +18,7 @@ "version": "8.0.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "process": { "parent": { diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index 0cfbc1e880f..ce69ccdc821 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -92,7 +92,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", @@ -246,7 +246,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", @@ -456,7 +456,7 @@ An example event for `endpoint_event` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "carbon_black_cloud": { "endpoint_event": { @@ -698,7 +698,7 @@ An example event for `watchlist_hit` looks as following: "version": "8.0.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "process": { "parent": { @@ -934,7 +934,7 @@ An example event for `asset_vulnerability_summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "d25950db-7f14-44a1-8b37-581c2fe716ba", diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index 1ee05586feb..68a1a0bb7a1 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration From 2fa57113782722355d46a1a4a6ac986178f3112f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:53 +0530 Subject: [PATCH 016/137] [carbonblack_edr] - update ECS to 8.7.0 from 8.6.0 This updates the carbonblack_edr integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/carbonblack_edr --- packages/carbonblack_edr/_dev/build/build.yml | 2 +- packages/carbonblack_edr/changelog.yml | 5 + .../pipeline/test-events.json-expected.json | 198 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/carbonblack_edr/docs/README.md | 4 +- packages/carbonblack_edr/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 4f7408a29d3..442a55fb24c 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index 68e937c3a77..ea87852180a 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -89,7 +89,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -127,7 +127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -590,7 +590,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -633,7 +633,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -748,7 +748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -791,7 +791,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -823,7 +823,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -1000,7 +1000,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -1032,7 +1032,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1082,7 +1082,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -1220,7 +1220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -1257,7 +1257,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -1528,7 +1528,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -1565,7 +1565,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -1601,7 +1601,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -1645,7 +1645,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -1679,7 +1679,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1731,7 +1731,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -1808,7 +1808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -1916,7 +1916,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -1952,7 +1952,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -1993,7 +1993,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2039,7 +2039,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2123,7 +2123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -2194,7 +2194,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -2255,7 +2255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -2292,7 +2292,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -2328,7 +2328,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -2369,7 +2369,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -2457,7 +2457,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.module", @@ -2501,7 +2501,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2551,7 +2551,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -2667,7 +2667,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2790,7 +2790,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -2832,7 +2832,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.module", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2925,7 +2925,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -3016,7 +3016,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.remotethread", @@ -3063,7 +3063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -3136,7 +3136,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -3177,7 +3177,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3223,7 +3223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -3265,7 +3265,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.module", @@ -3309,7 +3309,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -3444,7 +3444,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.remotethread", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -3542,7 +3542,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.childproc", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.tamper", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -3749,7 +3749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.module", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3842,7 +3842,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -3888,7 +3888,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -3942,7 +3942,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.remotethread", @@ -3989,7 +3989,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.regmod", @@ -4040,7 +4040,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.childproc", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.observed", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.filemod", @@ -4167,7 +4167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.moduleload", @@ -4255,7 +4255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.module", @@ -4299,7 +4299,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4348,7 +4348,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.netconn", @@ -4396,7 +4396,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.filemod", @@ -4447,7 +4447,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ingress.event.remotethread", diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 5c8831e8413..6e5c9b6cc70 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing CarbonBlack EDR logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Validate that the input document conforms to the expected format # to avoid repetitive checks. diff --git a/packages/carbonblack_edr/data_stream/log/sample_event.json b/packages/carbonblack_edr/data_stream/log/sample_event.json index e5feb698853..719ee6d31ca 100644 --- a/packages/carbonblack_edr/data_stream/log/sample_event.json +++ b/packages/carbonblack_edr/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index 44faeb2957e..2fc65129d70 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -58,7 +58,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", @@ -295,7 +295,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 038dc9faa0e..5046694fd98 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration From ba1391a14d54fa4b264c4e17ad26458e2833092b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:54 +0530 Subject: [PATCH 017/137] [cef] - update ECS to 8.7.0 from 8.6.0 This updates the cef integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cef --- packages/cef/_dev/build/build.yml | 2 +- packages/cef/changelog.yml | 5 +++++ .../pipeline/test-arcsight.json-expected.json | 8 ++++---- .../test/pipeline/test-cef.json-expected.json | 8 ++++---- .../test-checkpoint.json-expected.json | 6 +++--- .../test-cisco-asa.json-expected.json | 2 +- .../test-fp-ngfw-smc.json-expected.json | 20 +++++++++---------- .../test-netscaler.json-expected.json | 10 +++++----- .../pipeline/test-syslog.json-expected.json | 2 +- .../test-trend-micro.json-expected.json | 16 +++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../cef/data_stream/log/sample_event.json | 2 +- packages/cef/docs/README.md | 2 +- packages/cef/manifest.yml | 2 +- 14 files changed, 46 insertions(+), 41 deletions(-) diff --git a/packages/cef/_dev/build/build.yml b/packages/cef/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cef/_dev/build/build.yml +++ b/packages/cef/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 568b135d575..ace9a658634 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json index 02b7294ef65..4ab00937706 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json @@ -50,7 +50,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "agent:016", @@ -129,7 +129,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "agent:030", @@ -200,7 +200,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "agent:044", @@ -279,7 +279,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "agent:031", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json index 62d4197efdc..4ad28863767 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json @@ -31,7 +31,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18", @@ -146,7 +146,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18", @@ -272,7 +272,7 @@ "ip": "192.168.1.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json index 03b9a8dd572..8eba47dadef 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json @@ -77,7 +77,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Bypass", @@ -235,7 +235,7 @@ "ip": "::1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Drop", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json index a074873f9fc..e0f1a1ef7f1 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json @@ -88,7 +88,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "305012", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json index 524cd2fda2f..b2f9eb41b21 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json @@ -21,7 +21,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0", @@ -66,7 +66,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "9005", @@ -122,7 +122,7 @@ "ip": "10.1.1.40" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allow", @@ -213,7 +213,7 @@ "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "70019", @@ -284,7 +284,7 @@ "ip": "192.168.1.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Refuse", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "70021", @@ -416,7 +416,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "72714", @@ -474,7 +474,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "72715", @@ -532,7 +532,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "72716", @@ -589,7 +589,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "78002", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json index 97800365a20..1160442916b 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json @@ -28,7 +28,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -86,7 +86,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", @@ -144,7 +144,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "transformed", @@ -202,7 +202,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "transformed", @@ -260,7 +260,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json index c5706af8c25..f2702a1755c 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json @@ -56,7 +56,7 @@ "domain": "centos7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Started", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json index 98a3943bc5d..17a8787ffb0 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json @@ -19,7 +19,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "600", @@ -82,7 +82,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Delete", @@ -143,7 +143,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "detectOnly", @@ -231,7 +231,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Log", @@ -286,7 +286,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updated", @@ -379,7 +379,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "IDS:Reset", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "3002795", @@ -502,7 +502,7 @@ "version": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "5000000", diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 10247e69fcf..c242adf66fc 100644 --- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CEF logs. CEF decoding happens in the Agent. This perf processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - convert: field: event.id diff --git a/packages/cef/data_stream/log/sample_event.json b/packages/cef/data_stream/log/sample_event.json index e42fd079dd2..8cc29678381 100644 --- a/packages/cef/data_stream/log/sample_event.json +++ b/packages/cef/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/docs/README.md b/packages/cef/docs/README.md index 7e22f398e51..12ce5ce9b5e 100644 --- a/packages/cef/docs/README.md +++ b/packages/cef/docs/README.md @@ -175,7 +175,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index a48753e2bf9..079f571198d 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: "2.6.2" +version: "2.7.0" release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration From 35b83f6210a42c1c6ec809778b58db313189473f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:55 +0530 Subject: [PATCH 018/137] [checkpoint] - update ECS to 8.7.0 from 8.6.0 This updates the checkpoint integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/checkpoint --- packages/checkpoint/_dev/build/build.yml | 2 +- packages/checkpoint/changelog.yml | 5 ++ ...est-checkpoint-with-time.log-expected.json | 8 +-- .../test-checkpoint.log-expected.json | 54 +++++++++---------- .../test/pipeline/test-r80x.log-expected.json | 4 +- .../test/pipeline/test-r81x.log-expected.json | 36 ++++++------- .../test-trailing-space.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/firewall/sample_event.json | 2 +- packages/checkpoint/docs/README.md | 4 +- packages/checkpoint/manifest.yml | 2 +- 11 files changed, 63 insertions(+), 58 deletions(-) diff --git a/packages/checkpoint/_dev/build/build.yml b/packages/checkpoint/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/checkpoint/_dev/build/build.yml +++ b/packages/checkpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 5a86a2ce5a0..f1e785bdca9 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.18.0" changes: - description: Improve documentation. diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json index 2a94f132eda..affc071649c 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json @@ -14,7 +14,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -94,7 +94,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Drop", @@ -170,7 +170,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Decrypt", @@ -256,7 +256,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Decrypt", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json index b7afe8b3be5..b8c69c78635 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json @@ -6,7 +6,7 @@ "sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -42,7 +42,7 @@ "sys_message": "installed Standard" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -86,7 +86,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -171,7 +171,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -245,7 +245,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -311,7 +311,7 @@ "status": "Finished" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -364,7 +364,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -452,7 +452,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -513,7 +513,7 @@ "status": "Started" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -566,7 +566,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -640,7 +640,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -706,7 +706,7 @@ "status": "Finished" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -745,7 +745,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -811,7 +811,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -846,7 +846,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -886,7 +886,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -968,7 +968,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Drop", @@ -1025,7 +1025,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -1096,7 +1096,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -1167,7 +1167,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -1238,7 +1238,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -1309,7 +1309,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -1374,7 +1374,7 @@ "syslog_severity": "Notice" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1427,7 +1427,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Drop", @@ -1514,7 +1514,7 @@ "subscription_stat_desc": "Contract is up to date." }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1583,7 +1583,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Drop", @@ -1689,7 +1689,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Block", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json index 869ba615805..9ba361977c4 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json @@ -6,7 +6,7 @@ "origin_sic_name": "CN=xxx-dc-gw-1_gw-vp-ext-7,O=7checkpoint-mng..tstst7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -59,7 +59,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json index 2d20fb4bb4d..ba3c5c5b383 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json @@ -13,7 +13,7 @@ "packets": 30 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -78,7 +78,7 @@ "ip": "81.2.69.142" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -161,7 +161,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -255,7 +255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -337,7 +337,7 @@ "ip": "10.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -398,7 +398,7 @@ "sendtotrackerasadvancedauditlog": "0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -453,7 +453,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -502,7 +502,7 @@ "operation": "Set Object" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -553,7 +553,7 @@ "session_uid": "b08fb9da-a627-48b3-a815-0433f8ce6e06" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -608,7 +608,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -662,7 +662,7 @@ "system_application": "AutoUpdater" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -754,7 +754,7 @@ "stormagentname": "daemon" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -790,7 +790,7 @@ "session_uid": "7ab751aa-66a7-4756-b66b-97a88b0a21fc" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -844,7 +844,7 @@ "origin_sic_name": "cn=cp_mgmt,o=gw-0b8ccd..zx8qy7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -887,7 +887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", @@ -976,7 +976,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Block", @@ -1096,7 +1096,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Block", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json index cc30d4707b6..b24862a75c4 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json @@ -14,7 +14,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index f01a26cdc76..ffec74cbc7c 100644 --- a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing checkpoint firewall logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/checkpoint/data_stream/firewall/sample_event.json b/packages/checkpoint/data_stream/firewall/sample_event.json index 91b67503839..894c0b335c2 100644 --- a/packages/checkpoint/data_stream/firewall/sample_event.json +++ b/packages/checkpoint/data_stream/firewall/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "ecc82406-78ce-41c1-b1e2-7c12ce01f525", diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index 617badbea75..7cdeedf2c49 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -66,7 +66,7 @@ An example event for `firewall` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "ecc82406-78ce-41c1-b1e2-7c12ce01f525", @@ -670,7 +670,7 @@ An example event for `firewall` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 9fb9d434bc5..c12b0c38ebc 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.18.0" +version: "1.19.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration From 6b689f94cfeacbbe2793a3c57d7dd774b90586f3 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:56 +0530 Subject: [PATCH 019/137] [cisco_aironet] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_aironet integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_aironet --- packages/cisco_aironet/_dev/build/build.yml | 2 +- packages/cisco_aironet/changelog.yml | 5 ++ .../test-aironet-messages.log-expected.json | 62 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_aironet/docs/README.md | 2 +- packages/cisco_aironet/manifest.yml | 2 +- 7 files changed, 41 insertions(+), 36 deletions(-) diff --git a/packages/cisco_aironet/_dev/build/build.yml b/packages/cisco_aironet/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_aironet/_dev/build/build.yml +++ b/packages/cisco_aironet/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_aironet/changelog.yml b/packages/cisco_aironet/changelog.yml index 79429565140..1acee04af98 100644 --- a/packages/cisco_aironet/changelog.yml +++ b/packages/cisco_aironet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Cisco Aironet as GA. diff --git a/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json b/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json index c46a507ff78..7a531341338 100644 --- a/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json +++ b/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json @@ -7,7 +7,7 @@ "mac": "2C-6D-C1-F5-0C-80" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Q_IND", @@ -49,7 +49,7 @@ "mac": "66-7C-DE-EF-D9-18" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ARP_ORPHANPKT_DETECTED", @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "\u003c132\u003eWLC001: -Traceback: 0x11759554 0x1175b0f0 0x1175d2b8 0x11766124 0x116d0cf8 0xfff2ae0888 0xfff29f2cfc" @@ -116,7 +116,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_NAME_DELETED", @@ -156,7 +156,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_NAME_CREATED", @@ -201,7 +201,7 @@ "ip": "fe80::1e24:cdff:fe11:2f90" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENTRY_CREATED", @@ -243,7 +243,7 @@ "ip": "fe80::aee2:d3ff:feba:56a4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENTRY_DELETED", @@ -286,7 +286,7 @@ "mac": "70-EE-50-56-99-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENTRY_CHANGED", @@ -323,7 +323,7 @@ "mac": "E8-96-06-02-02-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Q_IND", @@ -368,7 +368,7 @@ "ip": "fe80::48d:c1bc:6c01:6e85" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Q_IND", @@ -423,7 +423,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AAA_AUTH_ADMIN_USER", @@ -460,7 +460,7 @@ { "@timestamp": "2023-08-22T18:14:03.172Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADMIN_MODE_DISABLE", @@ -506,7 +506,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIG_ALARM_OFF", @@ -545,7 +545,7 @@ "mac": "4A-B8-CB-63-1D-BD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIG_ALARM_OFF_CONT", @@ -583,7 +583,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIG_INFO1", @@ -630,7 +630,7 @@ "mac": "80-7D-3A-9B-2F-FC" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MAX_EAPOL_KEY_RETRANS", @@ -667,7 +667,7 @@ "mac": "CC-73-14-61-B0-8F" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RRM_LOGMSG", @@ -701,7 +701,7 @@ { "@timestamp": "2023-08-29T10:58:28.227Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RRM_LOGMSG", @@ -739,7 +739,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ABORT_AUTH", @@ -784,7 +784,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Q_IND", @@ -821,7 +821,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Q_IND", @@ -865,7 +865,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INVALID_WPA_KEY_STATE", @@ -902,7 +902,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "WPA_SEND_STATE_ERR", @@ -939,7 +939,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INVALID_REPLAY_CTR", @@ -973,7 +973,7 @@ { "@timestamp": "2023-08-29T10:47:25.944Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REPLAY_ERR", @@ -1010,7 +1010,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CLIENT_NOT_FOUND", @@ -1044,7 +1044,7 @@ { "@timestamp": "2023-08-22T18:14:24.651Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SIG_ALARM_OFF", @@ -1075,7 +1075,7 @@ { "@timestamp": "2023-08-29T10:58:58.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INVALID_REQUEST", @@ -1112,7 +1112,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AAA_AUTH_SEND_FAIL", @@ -1146,7 +1146,7 @@ { "@timestamp": "2023-08-20T14:55:28.577Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MLD_INVALID_IPV6_PKT", @@ -1180,7 +1180,7 @@ { "@timestamp": "2023-08-22T10:24:20.959Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILESTATION_NOT_FOUND", diff --git a/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 79b4174a13e..ffdab394c75 100644 --- a/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: field: event.original patterns: diff --git a/packages/cisco_aironet/data_stream/log/sample_event.json b/packages/cisco_aironet/data_stream/log/sample_event.json index 69305877c08..533a5e6fbd6 100644 --- a/packages/cisco_aironet/data_stream/log/sample_event.json +++ b/packages/cisco_aironet/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_aironet/docs/README.md b/packages/cisco_aironet/docs/README.md index fde8d2d2f4f..20ef2a3b59e 100644 --- a/packages/cisco_aironet/docs/README.md +++ b/packages/cisco_aironet/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_aironet/manifest.yml b/packages/cisco_aironet/manifest.yml index 464951bb4e6..87efda94969 100644 --- a/packages/cisco_aironet/manifest.yml +++ b/packages/cisco_aironet/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_aironet title: "Cisco Aironet" -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: "Integration for Cisco Aironet WLC Logs" From ed016cf1bfeb516724e3534f679385432f112410 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:57:59 +0530 Subject: [PATCH 020/137] [cisco_asa] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_asa integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_asa --- packages/cisco_asa/_dev/build/build.yml | 2 +- packages/cisco_asa/changelog.yml | 5 + ...test-additional-messages.log-expected.json | 210 +++---- ...test-anyconnect-messages.log-expected.json | 26 +- .../pipeline/test-asa-fix.log-expected.json | 28 +- .../test-asa-missing-groups.log-expected.json | 10 +- .../test/pipeline/test-asa.log-expected.json | 538 +++++++++--------- .../test-dap-records.log-expected.json | 2 +- .../pipeline/test-filtered.log-expected.json | 6 +- .../pipeline/test-hostnames.log-expected.json | 4 +- .../test-non-canonical.log-expected.json | 42 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 174 +++--- .../test/pipeline/test-sip.log-expected.json | 8 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_asa/docs/README.md | 2 +- packages/cisco_asa/manifest.yml | 2 +- 18 files changed, 537 insertions(+), 532 deletions(-) diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 9ae46d81739..ef11ec6773e 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.15.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.14.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index c9e34506561..21f7afb6850 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -110,7 +110,7 @@ "port": 53500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -190,7 +190,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -252,7 +252,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -313,7 +313,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -377,7 +377,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -453,7 +453,7 @@ "port": 111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -537,7 +537,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -611,7 +611,7 @@ "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -688,7 +688,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -756,7 +756,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -861,7 +861,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -924,7 +924,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1047,7 +1047,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -1115,7 +1115,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -1184,7 +1184,7 @@ "port": 55225 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1273,7 +1273,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1353,7 +1353,7 @@ "port": 54230 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1431,7 +1431,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1502,7 +1502,7 @@ "port": 57006 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1576,7 +1576,7 @@ "port": 14322 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1650,7 +1650,7 @@ "port": 53356 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1737,7 +1737,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1825,7 +1825,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1906,7 +1906,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1981,7 +1981,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2050,7 +2050,7 @@ "port": 65020 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2122,7 +2122,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2193,7 +2193,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2264,7 +2264,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2336,7 +2336,7 @@ "port": 10051 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2411,7 +2411,7 @@ "port": 10051 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2486,7 +2486,7 @@ "port": 10051 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2560,7 +2560,7 @@ "port": 10051 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2640,7 +2640,7 @@ "port": 39222 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2714,7 +2714,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2767,7 +2767,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2827,7 +2827,7 @@ "port": 3452 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2905,7 +2905,7 @@ "port": 6007 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2974,7 +2974,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3017,7 +3017,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 1985 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3131,7 +3131,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3174,7 +3174,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3224,7 +3224,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3302,7 +3302,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3353,7 +3353,7 @@ "port": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3429,7 +3429,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3500,7 +3500,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3562,7 +3562,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3624,7 +3624,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3686,7 +3686,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3765,7 +3765,7 @@ "port": 9101 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3858,7 +3858,7 @@ "port": 51635 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3936,7 +3936,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4004,7 +4004,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4055,7 +4055,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4118,7 +4118,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4175,7 +4175,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -4244,7 +4244,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -4311,7 +4311,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4379,7 +4379,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -4440,7 +4440,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4521,7 +4521,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4588,7 +4588,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4648,7 +4648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4721,7 +4721,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4785,7 +4785,7 @@ "port": 23 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4869,7 +4869,7 @@ "port": 123123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "bypass", @@ -4956,7 +4956,7 @@ "port": 514514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -5034,7 +5034,7 @@ "port": 123412 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5117,7 +5117,7 @@ "port": 514514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5201,7 +5201,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -5274,7 +5274,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted", @@ -5355,7 +5355,7 @@ "port": 7777 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -5432,7 +5432,7 @@ "port": 7777 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "error", @@ -5503,7 +5503,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5556,7 +5556,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5607,7 +5607,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "error", @@ -5659,7 +5659,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "error", @@ -5704,7 +5704,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5748,7 +5748,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "error", @@ -5793,7 +5793,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "error", @@ -5845,7 +5845,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5921,7 +5921,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6017,7 +6017,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6117,7 +6117,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6211,7 +6211,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6264,7 +6264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6317,7 +6317,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6370,7 +6370,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6431,7 +6431,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -6506,7 +6506,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -6579,7 +6579,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6639,7 +6639,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -6693,7 +6693,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6749,7 +6749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6808,7 +6808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6867,7 +6867,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6931,7 +6931,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", @@ -6999,7 +6999,7 @@ "ip": "192.168.0.8" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -7065,7 +7065,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", @@ -7130,7 +7130,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-failed", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index df64e1fb93a..56598acd353 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -83,7 +83,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -160,7 +160,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -237,7 +237,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -314,7 +314,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -391,7 +391,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -468,7 +468,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -545,7 +545,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -622,7 +622,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -671,7 +671,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-error", @@ -748,7 +748,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-connected", @@ -825,7 +825,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-disconnected", @@ -880,7 +880,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-connected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 2a4868902d2..71be3c787dd 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -103,7 +103,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -179,7 +179,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -250,7 +250,7 @@ "port": 57621 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -328,7 +328,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -384,7 +384,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -458,7 +458,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -529,7 +529,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -600,7 +600,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -672,7 +672,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -761,7 +761,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -863,7 +863,7 @@ "port": 9803 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -975,7 +975,7 @@ "port": 9803 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1093,7 +1093,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index 2eaf982d79a..cb82237bd51 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -99,7 +99,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -154,7 +154,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -188,7 +188,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 8e4db73104d..bf057ed98bc 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -179,7 +179,7 @@ "port": 1758 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -265,7 +265,7 @@ "port": 1757 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -351,7 +351,7 @@ "port": 1755 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -437,7 +437,7 @@ "port": 1754 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -523,7 +523,7 @@ "port": 1752 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -609,7 +609,7 @@ "port": 1749 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -695,7 +695,7 @@ "port": 1750 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -781,7 +781,7 @@ "port": 1747 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -867,7 +867,7 @@ "port": 1742 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -953,7 +953,7 @@ "port": 1741 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1039,7 +1039,7 @@ "port": 1739 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1125,7 +1125,7 @@ "port": 1740 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1211,7 +1211,7 @@ "port": 1738 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1297,7 +1297,7 @@ "port": 1756 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1383,7 +1383,7 @@ "port": 1737 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1469,7 +1469,7 @@ "port": 1736 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1555,7 +1555,7 @@ "port": 1765 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1640,7 +1640,7 @@ "port": 1188 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1724,7 +1724,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1805,7 +1805,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1894,7 +1894,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1975,7 +1975,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2059,7 +2059,7 @@ "port": 8257 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2143,7 +2143,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2223,7 +2223,7 @@ "port": 8258 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2307,7 +2307,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2392,7 +2392,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2477,7 +2477,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2558,7 +2558,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2643,7 +2643,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2727,7 +2727,7 @@ "port": 8259 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2811,7 +2811,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2891,7 +2891,7 @@ "port": 1189 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3060,7 +3060,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3141,7 +3141,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3226,7 +3226,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3310,7 +3310,7 @@ "port": 8265 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3394,7 +3394,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3479,7 +3479,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3564,7 +3564,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3645,7 +3645,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3730,7 +3730,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3814,7 +3814,7 @@ "port": 8266 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3898,7 +3898,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3979,7 +3979,7 @@ "port": 1453 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4069,7 +4069,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4150,7 +4150,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4235,7 +4235,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4319,7 +4319,7 @@ "port": 8267 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4403,7 +4403,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4483,7 +4483,7 @@ "port": 8268 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4567,7 +4567,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4647,7 +4647,7 @@ "port": 8269 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4731,7 +4731,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4816,7 +4816,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4897,7 +4897,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4981,7 +4981,7 @@ "port": 8270 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5065,7 +5065,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5145,7 +5145,7 @@ "port": 8271 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5229,7 +5229,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5314,7 +5314,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5395,7 +5395,7 @@ "port": 1457 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5480,7 +5480,7 @@ "port": 8272 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5564,7 +5564,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5645,7 +5645,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5729,7 +5729,7 @@ "port": 8273 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5813,7 +5813,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5893,7 +5893,7 @@ "port": 8267 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5976,7 +5976,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6060,7 +6060,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6140,7 +6140,7 @@ "port": 8268 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6223,7 +6223,7 @@ "port": 8269 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6306,7 +6306,7 @@ "port": 8270 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6389,7 +6389,7 @@ "port": 8271 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6472,7 +6472,7 @@ "port": 8272 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6555,7 +6555,7 @@ "port": 8273 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6639,7 +6639,7 @@ "port": 1382 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6725,7 +6725,7 @@ "port": 1385 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6810,7 +6810,7 @@ "port": 8278 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6894,7 +6894,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6975,7 +6975,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7057,7 +7057,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7139,7 +7139,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7221,7 +7221,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7303,7 +7303,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7385,7 +7385,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7467,7 +7467,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7549,7 +7549,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7631,7 +7631,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7713,7 +7713,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7795,7 +7795,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7877,7 +7877,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7959,7 +7959,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8040,7 +8040,7 @@ "port": 8279 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8124,7 +8124,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8204,7 +8204,7 @@ "port": 1190 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8288,7 +8288,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8369,7 +8369,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -8458,7 +8458,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8539,7 +8539,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -8623,7 +8623,7 @@ "port": 8280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8707,7 +8707,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8787,7 +8787,7 @@ "port": 8281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8871,7 +8871,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8952,7 +8952,7 @@ "port": 1276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9037,7 +9037,7 @@ "port": 8282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9121,7 +9121,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9202,7 +9202,7 @@ "port": 1277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9287,7 +9287,7 @@ "port": 8283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9371,7 +9371,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9452,7 +9452,7 @@ "port": 1278 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9538,7 +9538,7 @@ "port": 1279 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9623,7 +9623,7 @@ "port": 8284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9707,7 +9707,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9788,7 +9788,7 @@ "port": 1280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9873,7 +9873,7 @@ "port": 8285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9957,7 +9957,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10037,7 +10037,7 @@ "port": 8286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10121,7 +10121,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10201,7 +10201,7 @@ "port": 8287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10285,7 +10285,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10365,7 +10365,7 @@ "port": 8288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10449,7 +10449,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10530,7 +10530,7 @@ "port": 1281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10616,7 +10616,7 @@ "port": 1282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10702,7 +10702,7 @@ "port": 1283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10787,7 +10787,7 @@ "port": 8289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10871,7 +10871,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10951,7 +10951,7 @@ "port": 8290 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11035,7 +11035,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11116,7 +11116,7 @@ "port": 1284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11201,7 +11201,7 @@ "port": 8291 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11285,7 +11285,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11366,7 +11366,7 @@ "port": 1285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11452,7 +11452,7 @@ "port": 1286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11542,7 +11542,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11622,7 +11622,7 @@ "port": 8292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11706,7 +11706,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11787,7 +11787,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11876,7 +11876,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11957,7 +11957,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12041,7 +12041,7 @@ "port": 8293 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12125,7 +12125,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12206,7 +12206,7 @@ "port": 1288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12292,7 +12292,7 @@ "port": 1287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12382,7 +12382,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12463,7 +12463,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12547,7 +12547,7 @@ "port": 8294 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12631,7 +12631,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12712,7 +12712,7 @@ "port": 68 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12796,7 +12796,7 @@ "port": 8276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12884,7 +12884,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12969,7 +12969,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13050,7 +13050,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13139,7 +13139,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13220,7 +13220,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13305,7 +13305,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13394,7 +13394,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13475,7 +13475,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13559,7 +13559,7 @@ "port": 8295 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13643,7 +13643,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13728,7 +13728,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13809,7 +13809,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13893,7 +13893,7 @@ "port": 8296 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13977,7 +13977,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14057,7 +14057,7 @@ "port": 8297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14141,7 +14141,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14221,7 +14221,7 @@ "port": 8298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14305,7 +14305,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14386,7 +14386,7 @@ "port": 1293 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14471,7 +14471,7 @@ "port": 8299 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14555,7 +14555,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14635,7 +14635,7 @@ "port": 8300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14719,7 +14719,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14800,7 +14800,7 @@ "port": 1294 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14886,7 +14886,7 @@ "port": 1295 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14972,7 +14972,7 @@ "port": 1296 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15057,7 +15057,7 @@ "port": 8301 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15141,7 +15141,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15221,7 +15221,7 @@ "port": 8302 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15305,7 +15305,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15390,7 +15390,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15471,7 +15471,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15556,7 +15556,7 @@ "port": 1297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15641,7 +15641,7 @@ "port": 8303 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15725,7 +15725,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15805,7 +15805,7 @@ "port": 8304 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15889,7 +15889,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15970,7 +15970,7 @@ "port": 1298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16056,7 +16056,7 @@ "port": 1300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16141,7 +16141,7 @@ "port": 8305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16225,7 +16225,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16305,7 +16305,7 @@ "port": 8306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16389,7 +16389,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16469,7 +16469,7 @@ "port": 8280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16552,7 +16552,7 @@ "port": 8281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16635,7 +16635,7 @@ "port": 8282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16718,7 +16718,7 @@ "port": 8283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16801,7 +16801,7 @@ "port": 8284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16884,7 +16884,7 @@ "port": 8285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16967,7 +16967,7 @@ "port": 8286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17050,7 +17050,7 @@ "port": 8287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17133,7 +17133,7 @@ "port": 8288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17216,7 +17216,7 @@ "port": 8289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17299,7 +17299,7 @@ "port": 8290 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17382,7 +17382,7 @@ "port": 8291 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17465,7 +17465,7 @@ "port": 8292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17548,7 +17548,7 @@ "port": 8297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17631,7 +17631,7 @@ "port": 8298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17714,7 +17714,7 @@ "port": 8308 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -17798,7 +17798,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -17878,7 +17878,7 @@ "port": 8299 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17961,7 +17961,7 @@ "port": 8300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18049,7 +18049,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18134,7 +18134,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18215,7 +18215,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18300,7 +18300,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18384,7 +18384,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18468,7 +18468,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18548,7 +18548,7 @@ "port": 8301 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18631,7 +18631,7 @@ "port": 8302 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18714,7 +18714,7 @@ "port": 8303 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18797,7 +18797,7 @@ "port": 8304 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18880,7 +18880,7 @@ "port": 8305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18963,7 +18963,7 @@ "port": 8306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19046,7 +19046,7 @@ "port": 8307 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19130,7 +19130,7 @@ "port": 1305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19216,7 +19216,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19298,7 +19298,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19380,7 +19380,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19461,7 +19461,7 @@ "port": 8310 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19545,7 +19545,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19626,7 +19626,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19708,7 +19708,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19790,7 +19790,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19872,7 +19872,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19954,7 +19954,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20118,7 +20118,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20200,7 +20200,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20364,7 +20364,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20446,7 +20446,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20528,7 +20528,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20610,7 +20610,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20692,7 +20692,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20774,7 +20774,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20856,7 +20856,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20938,7 +20938,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21020,7 +21020,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21102,7 +21102,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21184,7 +21184,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21266,7 +21266,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21348,7 +21348,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21430,7 +21430,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21512,7 +21512,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21594,7 +21594,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21676,7 +21676,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21758,7 +21758,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21840,7 +21840,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21922,7 +21922,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22004,7 +22004,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22086,7 +22086,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22168,7 +22168,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22250,7 +22250,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22336,7 +22336,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index 700317c80c9..461238b7a77 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logged-in", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 2c57ab0e8c9..3de2255eadd 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -53,7 +53,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index d9af57bceb2..ab534596452 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -78,7 +78,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json index 3c4826fccf1..33dd90e212e 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json @@ -19,7 +19,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -99,7 +99,7 @@ "port": 10050 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -183,7 +183,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -267,7 +267,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -345,7 +345,7 @@ "port": 54703 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -415,7 +415,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -516,7 +516,7 @@ "port": 62409 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -606,7 +606,7 @@ "port": 56421 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -696,7 +696,7 @@ "port": 50578 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -782,7 +782,7 @@ "port": 56570 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -875,7 +875,7 @@ "port": 2511 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -970,7 +970,7 @@ "port": 2511 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1045,7 +1045,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -1120,7 +1120,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -1195,7 +1195,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1270,7 +1270,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1338,7 +1338,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-connected", @@ -1416,7 +1416,7 @@ "asa": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "client-vpn-connected", @@ -1495,7 +1495,7 @@ "domain": "mirror" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1557,7 +1557,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "Jul 1 09:27:13 216.160.83.56 : AAA user authentication Rejected : reason = AAA failure : server = 81.2.69.142 : user = 123 : user IP = 89.160.20.112", @@ -1594,7 +1594,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "Jul 1 09:27:13 216.160.83.56 : AAA user authentication Rejected : reason = Account has been disabled : server = 81.2.69.144 : user = alice : user IP = 89.160.20.128", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 5007c6b592e..c087f2534bf 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -105,7 +105,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -178,7 +178,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 92709a26a05..abf6e54718a 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -86,7 +86,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -158,7 +158,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -306,7 +306,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -383,7 +383,7 @@ "port": 12834 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -456,7 +456,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -528,7 +528,7 @@ "port": 25882 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -604,7 +604,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -677,7 +677,7 @@ "port": 45392 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -750,7 +750,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -825,7 +825,7 @@ "port": 52925 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -904,7 +904,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -985,7 +985,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1050,7 +1050,7 @@ "port": 10879 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1123,7 +1123,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1194,7 +1194,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1257,7 +1257,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1328,7 +1328,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1399,7 +1399,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1470,7 +1470,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1541,7 +1541,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1612,7 +1612,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1683,7 +1683,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1754,7 +1754,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1825,7 +1825,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1896,7 +1896,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1965,7 +1965,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2028,7 +2028,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2091,7 +2091,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2162,7 +2162,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2375,7 +2375,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2446,7 +2446,7 @@ "port": 8111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2517,7 +2517,7 @@ "port": 8111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2588,7 +2588,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2659,7 +2659,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2731,7 +2731,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2805,7 +2805,7 @@ "port": 11180 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2878,7 +2878,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2952,7 +2952,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3030,7 +3030,7 @@ "port": 1234 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3108,7 +3108,7 @@ "port": 1234 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3182,7 +3182,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3260,7 +3260,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3338,7 +3338,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3414,7 +3414,7 @@ "port": 5679 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3481,7 +3481,7 @@ "port": 5679 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3550,7 +3550,7 @@ "port": 5000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3628,7 +3628,7 @@ "port": 1234 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3705,7 +3705,7 @@ "port": 1234 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3778,7 +3778,7 @@ "port": 1235 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3856,7 +3856,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3927,7 +3927,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3991,7 +3991,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4055,7 +4055,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4119,7 +4119,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4183,7 +4183,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4247,7 +4247,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4311,7 +4311,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4375,7 +4375,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4442,7 +4442,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4515,7 +4515,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4583,7 +4583,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4653,7 +4653,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4741,7 +4741,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4822,7 +4822,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4892,7 +4892,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4946,7 +4946,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5004,7 +5004,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5089,7 +5089,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5163,7 +5163,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5249,7 +5249,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5360,7 +5360,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5473,7 +5473,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -5569,7 +5569,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -5669,7 +5669,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", @@ -5763,7 +5763,7 @@ "port": 18449 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5841,7 +5841,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5914,7 +5914,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6004,7 +6004,7 @@ "port": 50120 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6108,7 +6108,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6211,7 +6211,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6309,7 +6309,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6417,7 +6417,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6522,7 +6522,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index 3097c39a63e..1f109505df3 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -84,7 +84,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -220,7 +220,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 07599f033c4..355e316c5aa 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -13,7 +13,7 @@ processors: message: "Processor {{ _ingest.on_failure_processor_type }} with tag {{ _ingest.on_failure_processor_tag }} in pipeline {{ _ingest.on_failure_pipeline }} failed with message: {{ _ingest.on_failure_message }}" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # # Parse the syslog header # diff --git a/packages/cisco_asa/data_stream/log/sample_event.json b/packages/cisco_asa/data_stream/log/sample_event.json index 9a791184fa3..4386089341d 100644 --- a/packages/cisco_asa/data_stream/log/sample_event.json +++ b/packages/cisco_asa/data_stream/log/sample_event.json @@ -25,7 +25,7 @@ "port": 8256 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "07815f3b-703a-41bd-802e-d773e9f55819", diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index f0badecdc72..525175d7972 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -41,7 +41,7 @@ An example event for `log` looks as following: "port": 8256 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "07815f3b-703a-41bd-802e-d773e9f55819", diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index bb2978277c2..bec2d8418da 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.14.1" +version: "2.15.0" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration From f99974b756578dde969612b0f287b76f9ca02ea4 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:01 +0530 Subject: [PATCH 021/137] [cisco_duo] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_duo integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_duo --- packages/cisco_duo/_dev/build/build.yml | 2 +- packages/cisco_duo/changelog.yml | 5 +++ .../pipeline/test-admin.log-expected.json | 16 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/admin/sample_event.json | 2 +- .../test/pipeline/test-auth.log-expected.json | 34 +++++++++---------- .../pipeline/test-empty.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/auth/sample_event.json | 2 +- .../test-offline-enrollment.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../offline_enrollment/sample_event.json | 2 +- .../pipeline/test-summary.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/summary/sample_event.json | 2 +- .../pipeline/test-telephony.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/telephony/sample_event.json | 2 +- packages/cisco_duo/docs/README.md | 10 +++--- packages/cisco_duo/manifest.yml | 2 +- 20 files changed, 56 insertions(+), 51 deletions(-) diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 9283a2fe034..6ded297a8a4 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.8.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index 9ade6b0ff32..6b8d7cb6966 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "activation_begin", @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "admin_activate_duo_push", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "activation_begin", @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "activation_set_password", @@ -155,7 +155,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "admin_self_activate", @@ -200,7 +200,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "admin_update", @@ -246,7 +246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_update", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_update", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 91d69d456eb..b529f7a7628 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo administrator logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/admin/sample_event.json b/packages/cisco_duo/data_stream/admin/sample_event.json index 73355367dbf..199e10fd083 100644 --- a/packages/cisco_duo/data_stream/admin/sample_event.json +++ b/packages/cisco_duo/data_stream/admin/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index 7c9e933dfd4..d1e887b2138 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -40,7 +40,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -434,7 +434,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -674,7 +674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -795,7 +795,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -907,7 +907,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1020,7 +1020,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1133,7 +1133,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1246,7 +1246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1359,7 +1359,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1472,7 +1472,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1581,7 +1581,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1686,7 +1686,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1791,7 +1791,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1886,7 +1886,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-empty.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-empty.log-expected.json index a1139b49cea..f51331f25ea 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-empty.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-empty.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 553274ef984..389c55eaddd 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo authentication logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/sample_event.json b/packages/cisco_duo/data_stream/auth/sample_event.json index 59814f33f14..27a7c4b94e5 100644 --- a/packages/cisco_duo/data_stream/auth/sample_event.json +++ b/packages/cisco_duo/data_stream/auth/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index ee7ed5baf60..9f112101437 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index d2cb8b487d7..531a40cc1ea 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo offline enrollment logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json index 4cdae35ea20..07107e830b6 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index 1417b363239..f00839d313d 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-01-13T12:03:27.851925502Z", + "@timestamp": "2023-03-31T13:28:00.749830837Z", "cisco_duo": { "summary": { "admin_count": 6, @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" @@ -21,7 +21,7 @@ ] }, { - "@timestamp": "2023-01-13T12:03:27.851936683Z", + "@timestamp": "2023-03-31T13:28:00.749839671Z", "cisco_duo": { "summary": { "admin_count": 3, @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index 18645e39e85..d7e6fce79bf 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo summary logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/summary/sample_event.json b/packages/cisco_duo/data_stream/summary/sample_event.json index 9656c579a1e..409092e7d42 100644 --- a/packages/cisco_duo/data_stream/summary/sample_event.json +++ b/packages/cisco_duo/data_stream/summary/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 86f8fa0a58b..ee2771b9be0 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index ff859423470..6d2b9fa9c7b 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo telephony logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/cisco_duo/data_stream/telephony/sample_event.json b/packages/cisco_duo/data_stream/telephony/sample_event.json index 381c4c81f89..ccf77f9abe3 100644 --- a/packages/cisco_duo/data_stream/telephony/sample_event.json +++ b/packages/cisco_duo/data_stream/telephony/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/docs/README.md b/packages/cisco_duo/docs/README.md index ea81ceb261b..3a2bdabf715 100644 --- a/packages/cisco_duo/docs/README.md +++ b/packages/cisco_duo/docs/README.md @@ -54,7 +54,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -223,7 +223,7 @@ An example event for `auth` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -473,7 +473,7 @@ An example event for `offline_enrollment` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -597,7 +597,7 @@ An example event for `summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -704,7 +704,7 @@ An example event for `telephony` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index ce76800c459..cdd405378ba 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: "1.8.1" +version: "1.9.0" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration From 020f243949d29c412d0709ed45d1756fb3578960 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:03 +0530 Subject: [PATCH 022/137] [cisco_ftd] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_ftd integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_ftd --- packages/cisco_ftd/_dev/build/build.yml | 2 +- packages/cisco_ftd/changelog.yml | 5 + .../pipeline/test-asa-fix.log-expected.json | 12 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test/pipeline/test-dns.log-expected.json | 42 +- .../pipeline/test-filtered.log-expected.json | 4 +- ...est-firepower-management.log-expected.json | 68 +-- .../pipeline/test-ftd-fix.log-expected.json | 4 +- .../pipeline/test-intrusion.log-expected.json | 8 +- .../test-no-type-id.log-expected.json | 8 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 144 ++--- ...test-security-connection.log-expected.json | 28 +- ...st-security-file-malware.log-expected.json | 22 +- ...st-security-malware-site.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_ftd/docs/README.md | 2 +- packages/cisco_ftd/manifest.yml | 2 +- 19 files changed, 452 insertions(+), 447 deletions(-) diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 96daf9dad51..1dc17ab092f 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.9.2" changes: - description: Add network.bytes and dns.question.registered_name diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 0660d5479ec..b57775b2089 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -103,7 +103,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -179,7 +179,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -250,7 +250,7 @@ "port": 57621 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -328,7 +328,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -388,7 +388,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-creation", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 07ae5055b65..8693e948f0d 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "port": 1772 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -179,7 +179,7 @@ "port": 1758 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -265,7 +265,7 @@ "port": 1757 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -351,7 +351,7 @@ "port": 1755 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -437,7 +437,7 @@ "port": 1754 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -523,7 +523,7 @@ "port": 1752 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -609,7 +609,7 @@ "port": 1749 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -695,7 +695,7 @@ "port": 1750 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -781,7 +781,7 @@ "port": 1747 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -867,7 +867,7 @@ "port": 1742 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -953,7 +953,7 @@ "port": 1741 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1039,7 +1039,7 @@ "port": 1739 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1125,7 +1125,7 @@ "port": 1740 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1211,7 +1211,7 @@ "port": 1738 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1297,7 +1297,7 @@ "port": 1756 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1383,7 +1383,7 @@ "port": 1737 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1469,7 +1469,7 @@ "port": 1736 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1555,7 +1555,7 @@ "port": 1765 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1640,7 +1640,7 @@ "port": 1188 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1724,7 +1724,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1805,7 +1805,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1894,7 +1894,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1975,7 +1975,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2059,7 +2059,7 @@ "port": 8257 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2143,7 +2143,7 @@ "port": 1773 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2223,7 +2223,7 @@ "port": 8258 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2307,7 +2307,7 @@ "port": 1774 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2392,7 +2392,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2477,7 +2477,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2558,7 +2558,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2643,7 +2643,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -2727,7 +2727,7 @@ "port": 8259 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2811,7 +2811,7 @@ "port": 1775 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2891,7 +2891,7 @@ "port": 1189 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3060,7 +3060,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3141,7 +3141,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3226,7 +3226,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3310,7 +3310,7 @@ "port": 8265 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3394,7 +3394,7 @@ "port": 1452 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3479,7 +3479,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3564,7 +3564,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3645,7 +3645,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3730,7 +3730,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3814,7 +3814,7 @@ "port": 8266 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3898,7 +3898,7 @@ "port": 1453 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3979,7 +3979,7 @@ "port": 1453 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4069,7 +4069,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4150,7 +4150,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4235,7 +4235,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4319,7 +4319,7 @@ "port": 8267 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4403,7 +4403,7 @@ "port": 1454 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4483,7 +4483,7 @@ "port": 8268 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4567,7 +4567,7 @@ "port": 1455 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4647,7 +4647,7 @@ "port": 8269 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4731,7 +4731,7 @@ "port": 1456 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4816,7 +4816,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4897,7 +4897,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -4981,7 +4981,7 @@ "port": 8270 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5065,7 +5065,7 @@ "port": 1457 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5145,7 +5145,7 @@ "port": 8271 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5229,7 +5229,7 @@ "port": 1458 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5314,7 +5314,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5395,7 +5395,7 @@ "port": 1457 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5480,7 +5480,7 @@ "port": 8272 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5564,7 +5564,7 @@ "port": 1459 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5645,7 +5645,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5729,7 +5729,7 @@ "port": 8273 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5813,7 +5813,7 @@ "port": 1460 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5893,7 +5893,7 @@ "port": 8267 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -5976,7 +5976,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6060,7 +6060,7 @@ "port": 1385 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6140,7 +6140,7 @@ "port": 8268 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6223,7 +6223,7 @@ "port": 8269 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6306,7 +6306,7 @@ "port": 8270 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6389,7 +6389,7 @@ "port": 8271 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6472,7 +6472,7 @@ "port": 8272 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6555,7 +6555,7 @@ "port": 8273 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6639,7 +6639,7 @@ "port": 1382 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6725,7 +6725,7 @@ "port": 1385 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -6810,7 +6810,7 @@ "port": 8278 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6894,7 +6894,7 @@ "port": 1386 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -6975,7 +6975,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7057,7 +7057,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7139,7 +7139,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7221,7 +7221,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7303,7 +7303,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7385,7 +7385,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7467,7 +7467,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7549,7 +7549,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7631,7 +7631,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7713,7 +7713,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7795,7 +7795,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7877,7 +7877,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -7959,7 +7959,7 @@ "port": 8277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8040,7 +8040,7 @@ "port": 8279 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8124,7 +8124,7 @@ "port": 1275 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8204,7 +8204,7 @@ "port": 1190 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8288,7 +8288,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8369,7 +8369,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -8458,7 +8458,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8539,7 +8539,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -8623,7 +8623,7 @@ "port": 8280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8707,7 +8707,7 @@ "port": 1276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8787,7 +8787,7 @@ "port": 8281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8871,7 +8871,7 @@ "port": 1277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -8952,7 +8952,7 @@ "port": 1276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9037,7 +9037,7 @@ "port": 8282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9121,7 +9121,7 @@ "port": 1278 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9202,7 +9202,7 @@ "port": 1277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9287,7 +9287,7 @@ "port": 8283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9371,7 +9371,7 @@ "port": 1279 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9452,7 +9452,7 @@ "port": 1278 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9538,7 +9538,7 @@ "port": 1279 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9623,7 +9623,7 @@ "port": 8284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9707,7 +9707,7 @@ "port": 1280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9788,7 +9788,7 @@ "port": 1280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -9873,7 +9873,7 @@ "port": 8285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -9957,7 +9957,7 @@ "port": 1281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10037,7 +10037,7 @@ "port": 8286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10121,7 +10121,7 @@ "port": 1282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10201,7 +10201,7 @@ "port": 8287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10285,7 +10285,7 @@ "port": 1283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10365,7 +10365,7 @@ "port": 8288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10449,7 +10449,7 @@ "port": 1284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10530,7 +10530,7 @@ "port": 1281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10616,7 +10616,7 @@ "port": 1282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10702,7 +10702,7 @@ "port": 1283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -10787,7 +10787,7 @@ "port": 8289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10871,7 +10871,7 @@ "port": 1285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -10951,7 +10951,7 @@ "port": 8290 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11035,7 +11035,7 @@ "port": 1286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11116,7 +11116,7 @@ "port": 1284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11201,7 +11201,7 @@ "port": 8291 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11285,7 +11285,7 @@ "port": 1287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11366,7 +11366,7 @@ "port": 1285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11452,7 +11452,7 @@ "port": 1286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11542,7 +11542,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11622,7 +11622,7 @@ "port": 8292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11706,7 +11706,7 @@ "port": 1288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11787,7 +11787,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -11876,7 +11876,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -11957,7 +11957,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12041,7 +12041,7 @@ "port": 8293 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12125,7 +12125,7 @@ "port": 1289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12206,7 +12206,7 @@ "port": 1288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12292,7 +12292,7 @@ "port": 1287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12382,7 +12382,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12463,7 +12463,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12547,7 +12547,7 @@ "port": 8294 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12631,7 +12631,7 @@ "port": 1290 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12712,7 +12712,7 @@ "port": 68 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12796,7 +12796,7 @@ "port": 8276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -12884,7 +12884,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -12969,7 +12969,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13050,7 +13050,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13139,7 +13139,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13220,7 +13220,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13305,7 +13305,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13394,7 +13394,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13475,7 +13475,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13559,7 +13559,7 @@ "port": 8295 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13643,7 +13643,7 @@ "port": 1291 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13728,7 +13728,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13809,7 +13809,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -13893,7 +13893,7 @@ "port": 8296 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -13977,7 +13977,7 @@ "port": 1292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14057,7 +14057,7 @@ "port": 8297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14141,7 +14141,7 @@ "port": 1293 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14221,7 +14221,7 @@ "port": 8298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14305,7 +14305,7 @@ "port": 1294 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14386,7 +14386,7 @@ "port": 1293 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14471,7 +14471,7 @@ "port": 8299 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14555,7 +14555,7 @@ "port": 1295 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14635,7 +14635,7 @@ "port": 8300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14719,7 +14719,7 @@ "port": 1296 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -14800,7 +14800,7 @@ "port": 1294 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14886,7 +14886,7 @@ "port": 1295 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -14972,7 +14972,7 @@ "port": 1296 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15057,7 +15057,7 @@ "port": 8301 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15141,7 +15141,7 @@ "port": 1297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15221,7 +15221,7 @@ "port": 8302 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15305,7 +15305,7 @@ "port": 1298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15390,7 +15390,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15471,7 +15471,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15556,7 +15556,7 @@ "port": 1297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -15641,7 +15641,7 @@ "port": 8303 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15725,7 +15725,7 @@ "port": 1299 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15805,7 +15805,7 @@ "port": 8304 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15889,7 +15889,7 @@ "port": 1300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -15970,7 +15970,7 @@ "port": 1298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16056,7 +16056,7 @@ "port": 1300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16141,7 +16141,7 @@ "port": 8305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16225,7 +16225,7 @@ "port": 1301 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16305,7 +16305,7 @@ "port": 8306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16389,7 +16389,7 @@ "port": 1302 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -16469,7 +16469,7 @@ "port": 8280 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16552,7 +16552,7 @@ "port": 8281 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16635,7 +16635,7 @@ "port": 8282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16718,7 +16718,7 @@ "port": 8283 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16801,7 +16801,7 @@ "port": 8284 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16884,7 +16884,7 @@ "port": 8285 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -16967,7 +16967,7 @@ "port": 8286 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17050,7 +17050,7 @@ "port": 8287 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17133,7 +17133,7 @@ "port": 8288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17216,7 +17216,7 @@ "port": 8289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17299,7 +17299,7 @@ "port": 8290 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17382,7 +17382,7 @@ "port": 8291 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17465,7 +17465,7 @@ "port": 8292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17548,7 +17548,7 @@ "port": 8297 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17631,7 +17631,7 @@ "port": 8298 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17714,7 +17714,7 @@ "port": 8308 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -17798,7 +17798,7 @@ "port": 1304 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -17878,7 +17878,7 @@ "port": 8299 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -17961,7 +17961,7 @@ "port": 8300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18049,7 +18049,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18134,7 +18134,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18215,7 +18215,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18300,7 +18300,7 @@ "port": 56132 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18384,7 +18384,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18468,7 +18468,7 @@ "port": 1305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -18548,7 +18548,7 @@ "port": 8301 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18631,7 +18631,7 @@ "port": 8302 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18714,7 +18714,7 @@ "port": 8303 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18797,7 +18797,7 @@ "port": 8304 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18880,7 +18880,7 @@ "port": 8305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -18963,7 +18963,7 @@ "port": 8306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19046,7 +19046,7 @@ "port": 8307 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19130,7 +19130,7 @@ "port": 1305 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -19216,7 +19216,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19298,7 +19298,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19380,7 +19380,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19461,7 +19461,7 @@ "port": 8310 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19545,7 +19545,7 @@ "port": 1306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19626,7 +19626,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19708,7 +19708,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19790,7 +19790,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19872,7 +19872,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -19954,7 +19954,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20118,7 +20118,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20200,7 +20200,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20364,7 +20364,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20446,7 +20446,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20528,7 +20528,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20610,7 +20610,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20692,7 +20692,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20774,7 +20774,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20856,7 +20856,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -20938,7 +20938,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21020,7 +21020,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21102,7 +21102,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21184,7 +21184,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21266,7 +21266,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21348,7 +21348,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21430,7 +21430,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21512,7 +21512,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21594,7 +21594,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21676,7 +21676,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21758,7 +21758,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21840,7 +21840,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -21922,7 +21922,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22004,7 +22004,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22086,7 +22086,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22168,7 +22168,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -22250,7 +22250,7 @@ "port": 8309 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index dbafdfa1186..2849f3567a9 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -68,7 +68,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -210,7 +210,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -350,7 +350,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -493,7 +493,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -634,7 +634,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -774,7 +774,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -917,7 +917,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1057,7 +1057,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1198,7 +1198,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1340,7 +1340,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1480,7 +1480,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1612,7 +1612,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1754,7 +1754,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1895,7 +1895,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2037,7 +2037,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2179,7 +2179,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2319,7 +2319,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2459,7 +2459,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2599,7 +2599,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2735,7 +2735,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -2877,7 +2877,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 93737dd98fc..ee8c78d35d5 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -53,7 +53,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index a522f74e190..5980c469397 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -47,7 +47,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -88,7 +88,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -129,7 +129,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -170,7 +170,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -211,7 +211,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -252,7 +252,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -293,7 +293,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -334,7 +334,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -375,7 +375,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -416,7 +416,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -457,7 +457,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -498,7 +498,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -539,7 +539,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -580,7 +580,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -621,7 +621,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -662,7 +662,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -703,7 +703,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -744,7 +744,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -785,7 +785,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -826,7 +826,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -867,7 +867,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -908,7 +908,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -949,7 +949,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -990,7 +990,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1031,7 +1031,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1072,7 +1072,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1113,7 +1113,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1154,7 +1154,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1195,7 +1195,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1236,7 +1236,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1277,7 +1277,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1318,7 +1318,7 @@ "ftd": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", @@ -1360,7 +1360,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json index ea21549aec4..34b93d8d7c8 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json @@ -12,7 +12,7 @@ "ip": "192.168.0.38" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -82,7 +82,7 @@ "ip": "192.168.0.139" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index e2c2b2fd38a..e9ecc6db877 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", @@ -149,7 +149,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", @@ -255,7 +255,7 @@ "port": 39114 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", @@ -359,7 +359,7 @@ "port": 40740 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index 83eb3294664..8940114f3ed 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -18,7 +18,7 @@ "ip": "10.8.12.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", @@ -83,7 +83,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -212,7 +212,7 @@ "port": 64311 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index f04cee9dea0..36282073429 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -105,7 +105,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -178,7 +178,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index b6820265363..0f0dc0226c7 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -86,7 +86,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -158,7 +158,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -306,7 +306,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -383,7 +383,7 @@ "port": 12834 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -459,7 +459,7 @@ "port": 4952 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -528,7 +528,7 @@ "port": 25882 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -604,7 +604,7 @@ "port": 52925 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -677,7 +677,7 @@ "port": 45392 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -754,7 +754,7 @@ "port": 4953 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -825,7 +825,7 @@ "port": 52925 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -904,7 +904,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -985,7 +985,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -1050,7 +1050,7 @@ "port": 10879 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1127,7 +1127,7 @@ "port": 4954 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1194,7 +1194,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1257,7 +1257,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1328,7 +1328,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1399,7 +1399,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1470,7 +1470,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1541,7 +1541,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1612,7 +1612,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1683,7 +1683,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1754,7 +1754,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1825,7 +1825,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1896,7 +1896,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1965,7 +1965,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2028,7 +2028,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2091,7 +2091,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2162,7 +2162,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2375,7 +2375,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2446,7 +2446,7 @@ "port": 8111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2517,7 +2517,7 @@ "port": 8111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2588,7 +2588,7 @@ "port": 40443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2659,7 +2659,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2731,7 +2731,7 @@ "port": 2000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2805,7 +2805,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2882,7 +2882,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2960,7 +2960,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3042,7 +3042,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3122,7 +3122,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3198,7 +3198,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3280,7 +3280,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3362,7 +3362,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3442,7 +3442,7 @@ "port": 5679 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3513,7 +3513,7 @@ "port": 5679 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3586,7 +3586,7 @@ "port": 5000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3668,7 +3668,7 @@ "port": 65000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3749,7 +3749,7 @@ "port": 65000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -3826,7 +3826,7 @@ "port": 1235 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3908,7 +3908,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow-expiration", @@ -3979,7 +3979,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4043,7 +4043,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4107,7 +4107,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4171,7 +4171,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4235,7 +4235,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4299,7 +4299,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4363,7 +4363,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4427,7 +4427,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4494,7 +4494,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4567,7 +4567,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4635,7 +4635,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4705,7 +4705,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4796,7 +4796,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4881,7 +4881,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -4951,7 +4951,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5063,7 +5063,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -5138,7 +5138,7 @@ "port": 59864 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index 13c71230942..25e0f3afdd1 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -42,7 +42,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -153,7 +153,7 @@ "packets": 1 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -291,7 +291,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -427,7 +427,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -552,7 +552,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -681,7 +681,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -824,7 +824,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -952,7 +952,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1079,7 +1079,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-started", @@ -1196,7 +1196,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1331,7 +1331,7 @@ "port": 631 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1445,7 +1445,7 @@ "port": 7680 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1553,7 +1553,7 @@ "port": 8193 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", @@ -1666,7 +1666,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index 8f3e81e52f9..b710b987603 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -31,7 +31,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -127,7 +127,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -223,7 +223,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -319,7 +319,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -419,7 +419,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -526,7 +526,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file-detected", @@ -637,7 +637,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", @@ -759,7 +759,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", @@ -869,7 +869,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", @@ -991,7 +991,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", @@ -1116,7 +1116,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index 5cb49f51eae..67178535b55 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -64,7 +64,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f0e24934e5b..7ef4c8d052a 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # # Parse the syslog header # diff --git a/packages/cisco_ftd/data_stream/log/sample_event.json b/packages/cisco_ftd/data_stream/log/sample_event.json index 5991e4fadfa..535326b36cc 100644 --- a/packages/cisco_ftd/data_stream/log/sample_event.json +++ b/packages/cisco_ftd/data_stream/log/sample_event.json @@ -60,7 +60,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5e0930d1-5b1a-49ee-aeb3-63c987faabde", diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index bda245a2ac7..1ac798c1c82 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -81,7 +81,7 @@ An example event for `log` looks as following: "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5e0930d1-5b1a-49ee-aeb3-63c987faabde", diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 47b0f8fe4be..6e9adacab41 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: "2.9.2" +version: "2.10.0" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration From e0a933afdcc1a9e83986a77f0a26650218516569 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:04 +0530 Subject: [PATCH 023/137] [cisco_ios] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_ios integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_ios --- packages/cisco_ios/_dev/build/build.yml | 2 +- packages/cisco_ios/changelog.yml | 5 +++ .../pipeline/test-asr920.log-expected.json | 18 ++++----- .../pipeline/test-cisco-ios.log-expected.json | 38 +++++++++---------- ...est-date-format-tzoffset.log-expected.json | 4 +- .../test-date-format.log-expected.json | 36 +++++++++--------- .../pipeline/test-syslog.log-expected.json | 8 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_ios/docs/README.md | 2 +- packages/cisco_ios/manifest.yml | 2 +- 11 files changed, 62 insertions(+), 57 deletions(-) diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index b8141ac174b..15bc9224dc6 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.12.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json index 516ec8963cf..af34dfd7c80 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json @@ -14,7 +14,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -126,7 +126,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -177,7 +177,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -242,7 +242,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -280,7 +280,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -347,7 +347,7 @@ "ip": "224.0.0.18" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -414,7 +414,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index 8f56bfc7242..cc7ac5e21f4 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -14,7 +14,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -68,7 +68,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -125,7 +125,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -188,7 +188,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allow", @@ -252,7 +252,7 @@ "port": 15600 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -307,7 +307,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -366,7 +366,7 @@ "port": 15600 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -416,7 +416,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -453,7 +453,7 @@ "port": 15600 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -521,7 +521,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -571,7 +571,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -678,7 +678,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -732,7 +732,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -846,7 +846,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "multicast-join", @@ -907,7 +907,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "multicast-join", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -985,7 +985,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index 2e1f7d1620e..48a0b9cce89 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -41,7 +41,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index a5e6229811c..53750451693 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -41,7 +41,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -393,7 +393,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -457,7 +457,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -489,7 +489,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -553,7 +553,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index 397b3e528c9..d157d71df08 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -73,7 +73,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bc35b482aa1..947d95cdf62 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.category value: network diff --git a/packages/cisco_ios/data_stream/log/sample_event.json b/packages/cisco_ios/data_stream/log/sample_event.json index 4a2b3c96ce9..b308034b906 100644 --- a/packages/cisco_ios/data_stream/log/sample_event.json +++ b/packages/cisco_ios/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_ios/docs/README.md b/packages/cisco_ios/docs/README.md index 87253903b6f..b0db1a71752 100644 --- a/packages/cisco_ios/docs/README.md +++ b/packages/cisco_ios/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index f56b58006ad..adf1aee0545 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: "1.12.0" +version: "1.13.0" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration From 9ac3d0dbf80e25f8838f2fb0b94b1ae2e6cda00c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:08 +0530 Subject: [PATCH 024/137] [cisco_ise] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_ise integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_ise --- packages/cisco_ise/_dev/build/build.yml | 2 +- packages/cisco_ise/changelog.yml | 5 ++ ...st-pipeline-ad-connector.log-expected.json | 26 ++++---- ...ve-and-operational-audit.log-expected.json | 66 +++++++++---------- ...ication-flow-diagnostics.log-expected.json | 20 +++--- ...pipeline-failed-attempts.log-expected.json | 14 ++-- .../test-pipeline-guest.log-expected.json | 10 +-- ...ntity-stores-diagnostics.log-expected.json | 34 +++++----- ...l-operations-diagnostics.log-expected.json | 12 ++-- ...test-pipeline-my-devices.log-expected.json | 8 +-- ...e-passed-authentications.log-expected.json | 10 +-- ...eline-policy-diagnostics.log-expected.json | 16 ++--- ...lient-provisioning-audit.log-expected.json | 4 +- ...peline-radius-accounting.log-expected.json | 6 +- ...eline-radius-diagnostics.log-expected.json | 54 +++++++-------- ...peline-system-statistics.log-expected.json | 12 ++-- ...peline-tacacs-accounting.log-expected.json | 8 +-- ...eline-threat-centric-nac.log-expected.json | 8 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_ise/docs/README.md | 2 +- packages/cisco_ise/manifest.yml | 2 +- 22 files changed, 164 insertions(+), 159 deletions(-) diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_ise/_dev/build/build.yml +++ b/packages/cisco_ise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 36c01394e95..35b98feed0f 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json index 6f4e93a9836..b9d392743ab 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -105,7 +105,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -178,7 +178,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -246,7 +246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -311,7 +311,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -444,7 +444,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -580,7 +580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -642,7 +642,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -706,7 +706,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ad-connector", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -817,7 +817,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json index ac4a27b45be..ab669dc339e 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -188,7 +188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -347,7 +347,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -431,7 +431,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -518,7 +518,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -599,7 +599,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "feedservice", @@ -659,7 +659,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "feedservice", @@ -733,7 +733,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -810,7 +810,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -891,7 +891,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -968,7 +968,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap-tls", @@ -1044,7 +1044,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap-tls", @@ -1123,7 +1123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -1225,7 +1225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -1307,7 +1307,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -1399,7 +1399,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "process-management", @@ -1480,7 +1480,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -1560,7 +1560,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -1640,7 +1640,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -1715,7 +1715,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -1790,7 +1790,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -1866,7 +1866,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -1942,7 +1942,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -2018,7 +2018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "administrator-login", @@ -2086,7 +2086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -2145,7 +2145,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -2220,7 +2220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -2327,7 +2327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -2420,7 +2420,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -2509,7 +2509,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", @@ -2593,7 +2593,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "configuration-changes", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json index 7a38e679350..29ade686b8c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -62,7 +62,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -486,7 +486,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -591,7 +591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -706,7 +706,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -816,7 +816,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflow", @@ -907,7 +907,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication", @@ -987,7 +987,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json index 88b06890d77..847b32ed211 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -83,7 +83,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-attempt", @@ -267,7 +267,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-attempt", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "guest", @@ -491,7 +491,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -675,7 +675,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -1106,7 +1106,7 @@ "port": 1645 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed-attempt", @@ -1190,7 +1190,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json index 84e288ed326..c9567b6dd29 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "guest", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "guest", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json index e8aafda248e..dd4997f9658 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -49,7 +49,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -232,7 +232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -327,7 +327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -420,7 +420,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -489,7 +489,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -549,7 +549,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -609,7 +609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -669,7 +669,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -813,7 +813,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -904,7 +904,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -994,7 +994,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -1085,7 +1085,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "local-user-db", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -1248,7 +1248,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "external-active-directory", @@ -1325,7 +1325,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json index 9eefdd9d39e..9fd1ba8fd5d 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -28,7 +28,7 @@ "port": 9025 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "profiler", @@ -152,7 +152,7 @@ "port": 9005 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -217,7 +217,7 @@ "port": 9005 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "system-management", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logging", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json index 70150b08a45..8f6799a5093 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mydevices", @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json index 3a76b890a77..c137f39c598 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -196,7 +196,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "passed-authentication", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "guest", @@ -455,7 +455,7 @@ "port": 1645 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "passed-authentication", @@ -539,7 +539,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -610,7 +610,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json index 4edd15e3a00..6e0eca76512 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -41,7 +41,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -138,7 +138,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -259,7 +259,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -373,7 +373,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -467,7 +467,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -566,7 +566,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -658,7 +658,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json index f6e4e1e5b9b..3dab4477dc3 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eps", @@ -102,7 +102,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json index 0a129608f23..9fe0eb8e780 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -114,7 +114,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius-accounting", @@ -231,7 +231,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius-accounting", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json index 01651a7251c..0c91da52283 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -58,7 +58,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -181,7 +181,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -266,7 +266,7 @@ "port": 1813 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -375,7 +375,7 @@ "port": 1813 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -496,7 +496,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -599,7 +599,7 @@ "port": 73 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -677,7 +677,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -776,7 +776,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -885,7 +885,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -984,7 +984,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -1087,7 +1087,7 @@ "port": 1813 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -1185,7 +1185,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -1300,7 +1300,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -1423,7 +1423,7 @@ "port": 72 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -1538,7 +1538,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -1653,7 +1653,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -1771,7 +1771,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -1895,7 +1895,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2019,7 +2019,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2144,7 +2144,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2263,7 +2263,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2377,7 +2377,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2496,7 +2496,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2614,7 +2614,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2732,7 +2732,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2851,7 +2851,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "eap", @@ -2964,7 +2964,7 @@ "port": 1892 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json index 23bf1c55a2d..b1082d6a8d5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -313,7 +313,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -491,7 +491,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json index 7d775a5a069..16a10cb9cb6 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -112,7 +112,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tacacs-accounting", @@ -263,7 +263,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tacacs-accounting", @@ -433,7 +433,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tacacs-accounting", @@ -578,7 +578,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json index 1ae02956a63..a73460c858c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "irf", @@ -94,7 +94,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "irf", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "radius", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ea9c4149f32..5657ad42e0c 100644 --- a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco ISE logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_ise/data_stream/log/sample_event.json b/packages/cisco_ise/data_stream/log/sample_event.json index 836108a0216..5b5616e6ecf 100644 --- a/packages/cisco_ise/data_stream/log/sample_event.json +++ b/packages/cisco_ise/data_stream/log/sample_event.json @@ -122,7 +122,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_ise/docs/README.md b/packages/cisco_ise/docs/README.md index 8d04477172e..6b54928582f 100644 --- a/packages/cisco_ise/docs/README.md +++ b/packages/cisco_ise/docs/README.md @@ -158,7 +158,7 @@ An example event for `log` looks as following: "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 67313338a46..24300335fd4 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration From a18c3cd8bf3dbf1eee385e5c61dcf1df3b407274 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:10 +0530 Subject: [PATCH 025/137] [cisco_meraki] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_meraki integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_meraki --- packages/cisco_meraki/_dev/build/build.yml | 2 +- packages/cisco_meraki/changelog.yml | 5 + .../test-mx-events.json-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/events/sample_event.json | 2 +- .../test-airmarshal-events.log-expected.json | 350 +++++++++--------- .../pipeline/test-events.log-expected.json | 46 +-- .../pipeline/test-flows.log-expected.json | 26 +- .../pipeline/test-ip-flow.log-expected.json | 16 +- .../test-security-events.log-expected.json | 10 +- .../test/pipeline/test-urls.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_meraki/docs/README.md | 8 +- packages/cisco_meraki/manifest.yml | 2 +- 15 files changed, 245 insertions(+), 240 deletions(-) diff --git a/packages/cisco_meraki/_dev/build/build.yml b/packages/cisco_meraki/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_meraki/_dev/build/build.yml +++ b/packages/cisco_meraki/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 26389679993..8f397492495 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.0" changes: - description: Capture firewall rules from flows. diff --git a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json index 62b61e1b672..b9c36d080b3 100644 --- a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json +++ b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cellular came up", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Insight Alert", @@ -133,7 +133,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Failover event detected", diff --git a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 4b7da4508a5..3c785afd3f6 100644 --- a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Cisco Meraki events processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.serial_number copy_from: json.deviceSerial diff --git a/packages/cisco_meraki/data_stream/events/sample_event.json b/packages/cisco_meraki/data_stream/events/sample_event.json index bf910cd75ce..c36da6f78fa 100644 --- a/packages/cisco_meraki/data_stream/events/sample_event.json +++ b/packages/cisco_meraki/data_stream/events/sample_event.json @@ -37,7 +37,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c5f4a269-fab9-4c19-9b0f-2f270ed03375", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json index 94d6fd5725f..2940dd11390 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json @@ -14,7 +14,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -59,7 +59,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -104,7 +104,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -150,7 +150,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -192,7 +192,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -237,7 +237,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -283,7 +283,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -328,7 +328,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -373,7 +373,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -419,7 +419,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -461,7 +461,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -506,7 +506,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -551,7 +551,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -597,7 +597,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -642,7 +642,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -687,7 +687,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -732,7 +732,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -777,7 +777,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -822,7 +822,7 @@ "mac": "78-55-CD-18-8F-76" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -869,7 +869,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -911,7 +911,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -956,7 +956,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1002,7 +1002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1048,7 +1048,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1094,7 +1094,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1139,7 +1139,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1185,7 +1185,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1230,7 +1230,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1276,7 +1276,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1322,7 +1322,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1364,7 +1364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1409,7 +1409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1454,7 +1454,7 @@ "mac": "0E-8D-FB-70-0F-A8" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1499,7 +1499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1545,7 +1545,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1591,7 +1591,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1633,7 +1633,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1678,7 +1678,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1723,7 +1723,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1768,7 +1768,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1813,7 +1813,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1858,7 +1858,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1903,7 +1903,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1949,7 +1949,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -1994,7 +1994,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2040,7 +2040,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2083,7 +2083,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2125,7 +2125,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2170,7 +2170,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2215,7 +2215,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2260,7 +2260,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2305,7 +2305,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2350,7 +2350,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2396,7 +2396,7 @@ "mac": "90-AC-3F-02-31-59" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2438,7 +2438,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2483,7 +2483,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2529,7 +2529,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2574,7 +2574,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2619,7 +2619,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2665,7 +2665,7 @@ "mac": "08-A7-C0-3B-5A-95" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2707,7 +2707,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2753,7 +2753,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2799,7 +2799,7 @@ "mac": "AE-17-E8-C7-E2-9D" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2845,7 +2845,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2890,7 +2890,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2935,7 +2935,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -2980,7 +2980,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3026,7 +3026,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3071,7 +3071,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3116,7 +3116,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3162,7 +3162,7 @@ "mac": "6E-DA-36-A2-39-71" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3204,7 +3204,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3249,7 +3249,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3294,7 +3294,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3340,7 +3340,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3386,7 +3386,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3433,7 +3433,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3475,7 +3475,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3520,7 +3520,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3565,7 +3565,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3610,7 +3610,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3655,7 +3655,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3700,7 +3700,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3745,7 +3745,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3791,7 +3791,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3836,7 +3836,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3881,7 +3881,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3927,7 +3927,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -3973,7 +3973,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4019,7 +4019,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4065,7 +4065,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4110,7 +4110,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4155,7 +4155,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4200,7 +4200,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4246,7 +4246,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4288,7 +4288,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4333,7 +4333,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4379,7 +4379,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4421,7 +4421,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4466,7 +4466,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4512,7 +4512,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4558,7 +4558,7 @@ "mac": "EE-CE-D5-6A-B6-22" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4600,7 +4600,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4645,7 +4645,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4690,7 +4690,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4737,7 +4737,7 @@ "mac": "AE-17-E8-C7-E1-41" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4779,7 +4779,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4825,7 +4825,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4867,7 +4867,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4912,7 +4912,7 @@ "mac": "E2-CB-9C-B5-D7-80" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -4957,7 +4957,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5002,7 +5002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5047,7 +5047,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5092,7 +5092,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5137,7 +5137,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5182,7 +5182,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5228,7 +5228,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5273,7 +5273,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5319,7 +5319,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5364,7 +5364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5409,7 +5409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5454,7 +5454,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5499,7 +5499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5544,7 +5544,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5589,7 +5589,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5634,7 +5634,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5679,7 +5679,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5724,7 +5724,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5770,7 +5770,7 @@ "mac": "34-8F-27-25-CC-48" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssid-spoofing-detected", @@ -5812,7 +5812,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5857,7 +5857,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5902,7 +5902,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5947,7 +5947,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -5992,7 +5992,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6037,7 +6037,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6082,7 +6082,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6128,7 +6128,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6173,7 +6173,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6218,7 +6218,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6263,7 +6263,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6308,7 +6308,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6353,7 +6353,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6399,7 +6399,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6444,7 +6444,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6489,7 +6489,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6534,7 +6534,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6579,7 +6579,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6624,7 +6624,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6669,7 +6669,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6714,7 +6714,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6759,7 +6759,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6804,7 +6804,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6850,7 +6850,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6896,7 +6896,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6942,7 +6942,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -6988,7 +6988,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7033,7 +7033,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7078,7 +7078,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7123,7 +7123,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7168,7 +7168,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7213,7 +7213,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7258,7 +7258,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7304,7 +7304,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7350,7 +7350,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7395,7 +7395,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7440,7 +7440,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7485,7 +7485,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7530,7 +7530,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7576,7 +7576,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7622,7 +7622,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7668,7 +7668,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7714,7 +7714,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7759,7 +7759,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7805,7 +7805,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", @@ -7850,7 +7850,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-ssid-detected", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json index 0b417d42ecc..9d4be659f85 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json @@ -12,7 +12,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dynamic-frequency-selection-detected", @@ -53,7 +53,7 @@ "mac": "E5-A4-98-71-9A-FE" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-wpa-failed-auth-or-deauth", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-wpa-authentication", @@ -151,7 +151,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-disassociation-request", @@ -195,7 +195,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-association-request", @@ -232,7 +232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site-to-site-vpn", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site-to-site-vpn", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "vpn-connectivity-change", @@ -348,7 +348,7 @@ "mac": "E0-CB-BC-02-4F-80" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-offer", @@ -386,7 +386,7 @@ "mac": "A4-83-E7-02-A2-F1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-no-offer", @@ -433,7 +433,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site-to-site-vpn", @@ -497,7 +497,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-disassociation-request", @@ -539,7 +539,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "association-rejected-for-load-balancing", @@ -581,7 +581,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-association-request", @@ -623,7 +623,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-wpa-authentication", @@ -664,7 +664,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -715,7 +715,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -770,7 +770,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-association-request", @@ -813,7 +813,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-8021x-auth", @@ -856,7 +856,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "8021x_auth", @@ -916,7 +916,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-disassociation-request", @@ -979,7 +979,7 @@ "event_type": "events" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-disassociation-request", @@ -1021,7 +1021,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "wifi-wpa-authentication", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json index 253ecc6dd18..bda95603afd 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json @@ -14,7 +14,7 @@ "port": 15600 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -73,7 +73,7 @@ "port": 44210 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -131,7 +131,7 @@ "port": 15500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -174,7 +174,7 @@ "ip": "ff02::1:ffb6:a227" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -216,7 +216,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -270,7 +270,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -314,7 +314,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -373,7 +373,7 @@ "port": 9998 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -417,7 +417,7 @@ "ip": "172.28.1.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -475,7 +475,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -520,7 +520,7 @@ "port": 3289 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -565,7 +565,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", @@ -610,7 +610,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-session-initiated", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json index 72565086a0b..f8ff9d5d457 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -130,7 +130,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -190,7 +190,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -307,7 +307,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -424,7 +424,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json index 0f17dd8248f..a905875d903 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json @@ -17,7 +17,7 @@ "port": 56391 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ids-signature-matched", @@ -93,7 +93,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malicious-file-actioned", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "issued-retrospective-malicious-disposition", @@ -188,7 +188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ids-signature-matched", @@ -246,7 +246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ids-signature-matched", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json index 7f537a48fdd..8733a5e598f 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json @@ -32,7 +32,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "http-access-error", @@ -98,7 +98,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "http-access", @@ -164,7 +164,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "http-access", diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d030359c839..aab490063e5 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Meraki syslog processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_meraki/data_stream/log/sample_event.json b/packages/cisco_meraki/data_stream/log/sample_event.json index a616730c3d4..7130bb81401 100644 --- a/packages/cisco_meraki/data_stream/log/sample_event.json +++ b/packages/cisco_meraki/data_stream/log/sample_event.json @@ -27,7 +27,7 @@ "port": 56391 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c5f4a269-fab9-4c19-9b0f-2f270ed03375", diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index 83efab342c2..24c231306b0 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -181,7 +181,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -323,7 +323,7 @@ An example event for `log` looks as following: "port": 56391 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c5f4a269-fab9-4c19-9b0f-2f270ed03375", @@ -509,7 +509,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -658,7 +658,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c5f4a269-fab9-4c19-9b0f-2f270ed03375", diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 541ee5adb2e..16a2614c115 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki -version: "1.6.0" +version: "1.7.0" license: basic description: Collect logs from Cisco Meraki with Elastic Agent. type: integration From 985b91c867331b36461d031be6780f5e7bea2d3d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:11 +0530 Subject: [PATCH 026/137] [cisco_nexus] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_nexus integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_nexus --- packages/cisco_nexus/_dev/build/build.yml | 2 +- packages/cisco_nexus/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-nexus.log-expected.json | 2 +- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/cisco_nexus/data_stream/log/sample_event.json | 2 +- packages/cisco_nexus/docs/README.md | 4 ++-- packages/cisco_nexus/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/cisco_nexus/_dev/build/build.yml b/packages/cisco_nexus/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_nexus/_dev/build/build.yml +++ b/packages/cisco_nexus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 00ee9c60c34..b7e44980b8c 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 32b0ae1180e..a35d0eff842 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login", "tags": [ diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f7ed9a455d6..713327c1c24 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_nexus/data_stream/log/sample_event.json b/packages/cisco_nexus/data_stream/log/sample_event.json index 89a0bd992ee..1160ec27ccd 100644 --- a/packages/cisco_nexus/data_stream/log/sample_event.json +++ b/packages/cisco_nexus/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/docs/README.md b/packages/cisco_nexus/docs/README.md index d67abe6fac4..4900725389b 100644 --- a/packages/cisco_nexus/docs/README.md +++ b/packages/cisco_nexus/docs/README.md @@ -29,7 +29,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -153,7 +153,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index baa68e0d453..658c28ec69b 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: "0.9.0" +version: "0.10.0" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration From f3d9b497ae52ff947466114bae33b6de79990425 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:13 +0530 Subject: [PATCH 027/137] [cisco_secure_email_gateway] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_secure_email_gateway integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_secure_email_gateway --- .../_dev/build/build.yml | 2 +- .../cisco_secure_email_gateway/changelog.yml | 5 +++ .../test-common-amp.log-expected.json | 18 ++++----- .../test-common-anti-spam.log-expected.json | 6 +-- ...ommon-consolidated-event.log-expected.json | 18 ++++----- ...t-common-content-scanner.log-expected.json | 4 +- .../test-common-error.log-expected.json | 8 ++-- .../test-common-gui-log.log-expected.json | 22 +++++----- .../test-common-status.log-expected.json | 2 +- .../test-common-system.log-expected.json | 10 ++--- .../test-common-text-mail.log-expected.json | 40 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../cisco_secure_email_gateway/docs/README.md | 2 +- .../cisco_secure_email_gateway/manifest.yml | 2 +- 15 files changed, 74 insertions(+), 69 deletions(-) diff --git a/packages/cisco_secure_email_gateway/_dev/build/build.yml b/packages/cisco_secure_email_gateway/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_secure_email_gateway/_dev/build/build.yml +++ b/packages/cisco_secure_email_gateway/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index d027419cf85..129072a9207 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.2" changes: - description: Fix grok pattern in AMP pipeline. diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json index dd75c45191a..c8ee3ddb700 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -55,7 +55,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -206,7 +206,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -253,7 +253,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json index 5c79e9bedcf..d62b88590a5 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json index a79a069d100..9a23ce5422d 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -448,7 +448,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -552,7 +552,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -656,7 +656,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -773,7 +773,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -901,7 +901,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json index 166fb3a15f4..d0fdb0eaf5d 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json index ac51b70b685..b2aeac64631 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -122,7 +122,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "'Critical \u003cSystem\u003e example.com: Log Error: Subscription error_logs: Failed to connect to 10....' (attempt #0)", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json index 703c2f9ab05..c8ac9144702 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json @@ -14,7 +14,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -88,7 +88,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -142,7 +142,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -230,7 +230,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -314,7 +314,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -344,7 +344,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -374,7 +374,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json index 3d0a854c3d3..dc9a3d8c615 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json @@ -96,7 +96,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "0" diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json index 4ed0d84c71e..d64588864f3 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -147,7 +147,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json index 090e8fbed3e..fc69f62a1e4 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "111" @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "\"Warning \u003cSystem\u003e cisco.esa: URL category definitions have changed.; Added new category '...\"", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -191,7 +191,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "6" @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "6", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -401,7 +401,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "6" @@ -435,7 +435,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "message_id": "6" @@ -468,7 +468,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -498,7 +498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -563,7 +563,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -591,7 +591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "'Warning \u003cSystem\u003e cisco.esa: Your \"Sophos Anti-Virus\" key will expire in under 60 day(s)....'", @@ -628,7 +628,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -671,7 +671,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "to": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3ac299d9a31..dc49577bc7b 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Secure Email Gateway logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: _tmp.filepath value: '{{{log.file.path}}}' diff --git a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json index e0d22cbed2b..bd07ae4b0f7 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "610726cd-f180-4f66-aada-78088db0abce", diff --git a/packages/cisco_secure_email_gateway/docs/README.md b/packages/cisco_secure_email_gateway/docs/README.md index 37c5d51891c..a2e56ab1293 100644 --- a/packages/cisco_secure_email_gateway/docs/README.md +++ b/packages/cisco_secure_email_gateway/docs/README.md @@ -222,7 +222,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "610726cd-f180-4f66-aada-78088db0abce", diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 821c6fed8b4..77c2495443d 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "1.6.2" +version: "1.7.0" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration From 9e35542b3ac670cec5660a8f2a5229c49bdbe690 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:14 +0530 Subject: [PATCH 028/137] [cisco_secure_endpoint] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_secure_endpoint integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_secure_endpoint --- .../_dev/build/build.yml | 2 +- packages/cisco_secure_endpoint/changelog.yml | 5 + .../test-cisco-amp1.log-expected.json | 98 ++++----- .../test-cisco-amp2.log-expected.json | 84 ++++---- .../test-cisco-amp3.log-expected.json | 90 ++++---- .../test-cisco-amp4.log-expected.json | 200 +++++++++--------- .../test-cisco-amp5.log-expected.json | 124 +++++------ .../test-cisco-amp6.log-expected.json | 106 +++++----- .../test-cisco-amp7.log-expected.json | 98 ++++----- .../test-cisco-amp8.log-expected.json | 12 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/event/sample_event.json | 2 +- packages/cisco_secure_endpoint/docs/README.md | 2 +- packages/cisco_secure_endpoint/manifest.yml | 2 +- 14 files changed, 416 insertions(+), 411 deletions(-) diff --git a/packages/cisco_secure_endpoint/_dev/build/build.yml b/packages/cisco_secure_endpoint/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_secure_endpoint/_dev/build/build.yml +++ b/packages/cisco_secure_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 0aa18837f46..8978719df47 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.8.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index ed829a895c4..c9939c9eb4e 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -622,7 +622,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -700,7 +700,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1044,7 +1044,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1130,7 +1130,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1214,7 +1214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1286,7 +1286,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1430,7 +1430,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1575,7 +1575,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1753,7 +1753,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "File Fetch Completed", @@ -1842,7 +1842,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1920,7 +1920,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1992,7 +1992,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "File Fetch Completed", @@ -2069,7 +2069,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -2133,7 +2133,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2204,7 +2204,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2355,7 +2355,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2609,7 +2609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -2676,7 +2676,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -2762,7 +2762,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -2841,7 +2841,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -2993,7 +2993,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -3058,7 +3058,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3232,7 +3232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3330,7 +3330,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3408,7 +3408,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3494,7 +3494,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3594,7 +3594,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3693,7 +3693,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3822,7 +3822,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -3958,7 +3958,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Scan Completed, No Detections", @@ -4016,7 +4016,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Scan Started", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index b2f738c9ff8..61e0b4c5177 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SecureX Threat Hunting Incident", @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -278,7 +278,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -377,7 +377,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -481,7 +481,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -589,7 +589,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -697,7 +697,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -805,7 +805,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -913,7 +913,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -1021,7 +1021,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DFC Threat Detected", @@ -1114,7 +1114,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1194,7 +1194,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1287,7 +1287,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Multiple Infected Files", @@ -1365,7 +1365,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1455,7 +1455,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1541,7 +1541,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1630,7 +1630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Executed malware", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1887,7 +1887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1973,7 +1973,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2063,7 +2063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2153,7 +2153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2239,7 +2239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2418,7 +2418,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2508,7 +2508,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2594,7 +2594,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2680,7 +2680,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2770,7 +2770,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2856,7 +2856,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2942,7 +2942,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3021,7 +3021,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3282,7 +3282,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3372,7 +3372,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3458,7 +3458,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3544,7 +3544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3626,7 +3626,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Executed malware", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3783,7 +3783,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index 259acea6f39..0856f3859fa 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -113,7 +113,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -777,7 +777,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -860,7 +860,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -943,7 +943,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1192,7 +1192,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1275,7 +1275,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1441,7 +1441,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1520,7 +1520,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1603,7 +1603,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1686,7 +1686,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1773,7 +1773,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1872,7 +1872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1959,7 +1959,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2058,7 +2058,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2145,7 +2145,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2327,7 +2327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2426,7 +2426,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2850,7 +2850,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2940,7 +2940,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3116,7 +3116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3195,7 +3195,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3281,7 +3281,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3439,7 +3439,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3518,7 +3518,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3694,7 +3694,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3784,7 +3784,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index 35934397289..552b620ee2c 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -120,7 +120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Executed malware", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -447,7 +447,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -541,7 +541,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -869,7 +869,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -944,7 +944,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1019,7 +1019,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1094,7 +1094,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1244,7 +1244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1319,7 +1319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1394,7 +1394,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1469,7 +1469,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1544,7 +1544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1619,7 +1619,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1694,7 +1694,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1844,7 +1844,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1919,7 +1919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1994,7 +1994,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2070,7 +2070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2264,7 +2264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2365,7 +2365,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2461,7 +2461,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2532,7 +2532,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2603,7 +2603,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2745,7 +2745,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2895,7 +2895,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2970,7 +2970,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3121,7 +3121,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3224,7 +3224,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3322,7 +3322,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3393,7 +3393,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3465,7 +3465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3649,7 +3649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3750,7 +3750,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3847,7 +3847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3933,7 +3933,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4023,7 +4023,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4126,7 +4126,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4219,7 +4219,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -4274,7 +4274,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -4338,7 +4338,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4413,7 +4413,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4488,7 +4488,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -4639,7 +4639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -4718,7 +4718,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -4876,7 +4876,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4975,7 +4975,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -5073,7 +5073,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -5148,7 +5148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5294,7 +5294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -5445,7 +5445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -5524,7 +5524,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -5685,7 +5685,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -5760,7 +5760,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -5910,7 +5910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6135,7 +6135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6210,7 +6210,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6360,7 +6360,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6435,7 +6435,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6511,7 +6511,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -6610,7 +6610,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -6707,7 +6707,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -6792,7 +6792,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -6867,7 +6867,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -6942,7 +6942,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -7017,7 +7017,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -7089,7 +7089,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7179,7 +7179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7269,7 +7269,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7359,7 +7359,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7449,7 +7449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7539,7 +7539,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7629,7 +7629,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7719,7 +7719,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7809,7 +7809,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7899,7 +7899,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -7993,7 +7993,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -8086,7 +8086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 82035cee595..cee89bd099a 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -285,7 +285,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -375,7 +375,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -478,7 +478,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -651,7 +651,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -813,7 +813,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -977,7 +977,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1127,7 +1127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -1270,7 +1270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1432,7 +1432,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1593,7 +1593,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1664,7 +1664,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1819,7 +1819,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1905,7 +1905,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1980,7 +1980,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2055,7 +2055,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2127,7 +2127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2206,7 +2206,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2285,7 +2285,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2368,7 +2368,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2566,7 +2566,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detection", @@ -2639,7 +2639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2714,7 +2714,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2789,7 +2789,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2864,7 +2864,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2936,7 +2936,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3015,7 +3015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3173,7 +3173,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3252,7 +3252,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3331,7 +3331,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -3492,7 +3492,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3564,7 +3564,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3654,7 +3654,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3736,7 +3736,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3825,7 +3825,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3976,7 +3976,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -4145,7 +4145,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -4220,7 +4220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -4292,7 +4292,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4378,7 +4378,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4550,7 +4550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4636,7 +4636,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4722,7 +4722,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4808,7 +4808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4894,7 +4894,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -5065,7 +5065,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index 8bfa90d3168..df4b9b7ccf6 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -187,7 +187,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -671,7 +671,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -757,7 +757,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -984,7 +984,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -1056,7 +1056,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1350,7 +1350,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1551,7 +1551,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1626,7 +1626,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1848,7 +1848,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2016,7 +2016,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -2095,7 +2095,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2250,7 +2250,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2332,7 +2332,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2404,7 +2404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2498,7 +2498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2593,7 +2593,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2683,7 +2683,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2782,7 +2782,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2872,7 +2872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2957,7 +2957,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3028,7 +3028,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -3104,7 +3104,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Potential Dropper Infection", @@ -3269,7 +3269,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3655,7 +3655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3730,7 +3730,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3880,7 +3880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -3956,7 +3956,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4053,7 +4053,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -4288,7 +4288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index db7347af9e5..89637df7dda 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -606,7 +606,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -678,7 +678,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -932,7 +932,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -1010,7 +1010,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -1137,7 +1137,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "File Fetch Completed", @@ -1224,7 +1224,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1322,7 +1322,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -1397,7 +1397,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -1473,7 +1473,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1572,7 +1572,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -1670,7 +1670,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Policy Update", @@ -1800,7 +1800,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Executed malware", @@ -1881,7 +1881,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Multiple Infected Files", @@ -1958,7 +1958,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -2030,7 +2030,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2188,7 +2188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2277,7 +2277,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2427,7 +2427,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Quarantine Failure", @@ -2499,7 +2499,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2655,7 +2655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -2902,7 +2902,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Quarantined", @@ -2974,7 +2974,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3064,7 +3064,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3154,7 +3154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3248,7 +3248,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Threat Detected", @@ -3351,7 +3351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malicious Activity Detection", @@ -3452,7 +3452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3538,7 +3538,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3624,7 +3624,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3710,7 +3710,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -3864,7 +3864,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Quarantine", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Retrospective Detection", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json index febc643c3e3..ffa52f5eeef 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Cloud IOC", diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index e9b407284ec..362fba00246 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -42,7 +42,7 @@ processors: ####################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: alert diff --git a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json index 007fdd8e520..eabc2272685 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json +++ b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/docs/README.md b/packages/cisco_secure_endpoint/docs/README.md index 18a30cdadf5..83b9613121a 100644 --- a/packages/cisco_secure_endpoint/docs/README.md +++ b/packages/cisco_secure_endpoint/docs/README.md @@ -65,7 +65,7 @@ An example event for `event` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 67795aff56c..ba50e5e2c82 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint -version: "2.8.1" +version: "2.9.0" license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration From 870136901d368f4d7896c25b7b1954895175b93d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:15 +0530 Subject: [PATCH 029/137] [cisco_umbrella] - update ECS to 8.7.0 from 8.6.0 This updates the cisco_umbrella integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cisco_umbrella --- packages/cisco_umbrella/_dev/build/build.yml | 2 +- packages/cisco_umbrella/changelog.yml | 5 ++++ .../test-umbrella-auditlogs.log-expected.json | 2 +- ...brella-cloudfirewalllogs.log-expected.json | 4 +-- .../test-umbrella-dnslogs.log-expected.json | 6 ++--- .../test-umbrella-iplogs.log-expected.json | 4 +-- .../test-umbrella-proxylogs.log-expected.json | 26 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/cisco_umbrella/docs/README.md | 4 +-- packages/cisco_umbrella/manifest.yml | 2 +- 11 files changed, 32 insertions(+), 27 deletions(-) diff --git a/packages/cisco_umbrella/_dev/build/build.yml b/packages/cisco_umbrella/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cisco_umbrella/_dev/build/build.yml +++ b/packages/cisco_umbrella/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 61d90b12898..bc19fa03ee4 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.8.0" changes: - description: Release Cisco Umbrella datastream as GA. diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json index 4a9b4bde3ae..ebd7d0c7884 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index 5c22f73969c..1d94b2ae6b6 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -28,7 +28,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -104,7 +104,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index 245cc892bca..9266df2fe2e 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -31,7 +31,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", @@ -112,7 +112,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Blocked", @@ -188,7 +188,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index 002dad17c62..2028e2fb01c 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -25,7 +25,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -87,7 +87,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index 963edb5c8f2..a69cabdce7c 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -31,7 +31,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -117,7 +117,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -280,7 +280,7 @@ "ip": "89.160.20.130" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -371,7 +371,7 @@ "ip": "1.128.2.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -478,7 +478,7 @@ "ip": "67.43.156.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -577,7 +577,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -671,7 +671,7 @@ "ip": "67.43.156.205" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -760,7 +760,7 @@ "ip": "67.43.156.205" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -857,7 +857,7 @@ "ip": "67.43.156.205" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -954,7 +954,7 @@ "ip": "67.43.156.205" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1051,7 +1051,7 @@ "ip": "67.43.156.205" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1150,7 +1150,7 @@ "ip": "67.43.156.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a332314a6cb..2b91f420519 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Umbrella processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: Cisco diff --git a/packages/cisco_umbrella/data_stream/log/sample_event.json b/packages/cisco_umbrella/data_stream/log/sample_event.json index 2afc9a11312..bf6e8fa74cb 100644 --- a/packages/cisco_umbrella/data_stream/log/sample_event.json +++ b/packages/cisco_umbrella/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index 3f5424d2779..35d694777bc 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "related": { "hash": [ @@ -211,7 +211,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index 7404e0672c8..8c6f1dce241 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: "1.8.0" +version: "1.9.0" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration From 10313b1350e182a2a7249da5e5da382b89e46f02 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:16 +0530 Subject: [PATCH 030/137] [citrix_waf] - update ECS to 8.7.0 from 8.6.0 This updates the citrix_waf integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/citrix_waf --- packages/citrix_waf/_dev/build/build.yml | 2 +- packages/citrix_waf/changelog.yml | 5 +++++ .../test-citrix-waf-cef.log-expected.json | 20 +++++++++---------- .../test-citrix-waf-native.log-expected.json | 12 +++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/citrix_waf/docs/README.md | 2 +- packages/citrix_waf/manifest.yml | 2 +- 8 files changed, 26 insertions(+), 21 deletions(-) diff --git a/packages/citrix_waf/_dev/build/build.yml b/packages/citrix_waf/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/citrix_waf/_dev/build/build.yml +++ b/packages/citrix_waf/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/citrix_waf/changelog.yml b/packages/citrix_waf/changelog.yml index f3a2d81b991..82c74dfff91 100644 --- a/packages/citrix_waf/changelog.yml +++ b/packages/citrix_waf/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json index 18241b61a2a..ce47d060a66 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json @@ -34,7 +34,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", @@ -181,7 +181,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "transformed", @@ -255,7 +255,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -331,7 +331,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", @@ -407,7 +407,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", @@ -480,7 +480,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "transformed", @@ -553,7 +553,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "transformed", @@ -626,7 +626,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", @@ -700,7 +700,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "not blocked", diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json index 0940d6aa337..9cc425b9872 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json @@ -31,7 +31,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "60", @@ -69,7 +69,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "5743593", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "4471", @@ -145,7 +145,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "4472", @@ -183,7 +183,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "4473", @@ -221,7 +221,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "4474", diff --git a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 08aa9c2b25a..d928c066c87 100644 --- a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Citrix Web App Firewall logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/citrix_waf/data_stream/log/sample_event.json b/packages/citrix_waf/data_stream/log/sample_event.json index a729904ecfd..0e18f2dc87b 100644 --- a/packages/citrix_waf/data_stream/log/sample_event.json +++ b/packages/citrix_waf/data_stream/log/sample_event.json @@ -44,7 +44,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e30119bc-b47d-4e56-86e3-4a9683305c6e", diff --git a/packages/citrix_waf/docs/README.md b/packages/citrix_waf/docs/README.md index 0b3e297a38a..eac6ab9946b 100644 --- a/packages/citrix_waf/docs/README.md +++ b/packages/citrix_waf/docs/README.md @@ -95,7 +95,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e30119bc-b47d-4e56-86e3-4a9683305c6e", diff --git a/packages/citrix_waf/manifest.yml b/packages/citrix_waf/manifest.yml index c6d1240fd4c..14301c1e782 100644 --- a/packages/citrix_waf/manifest.yml +++ b/packages/citrix_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: citrix_waf title: "Citrix Web App Firewall" -version: "1.3.1" +version: "1.4.0" license: basic description: Ingest events from Citrix Systems Web App Firewall. type: integration From ddcdb4fcb7afedd663622302b91af173faff85b6 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:18 +0530 Subject: [PATCH 031/137] [cloudflare] - update ECS to 8.7.0 from 8.6.0 This updates the cloudflare integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cloudflare --- packages/cloudflare/_dev/build/build.yml | 2 +- packages/cloudflare/changelog.yml | 5 + .../pipeline/test-audit.log-expected.json | 94 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../pipeline/test-http-json.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/logpull/sample_event.json | 2 +- packages/cloudflare/docs/README.md | 6 +- packages/cloudflare/manifest.yml | 2 +- 10 files changed, 64 insertions(+), 59 deletions(-) diff --git a/packages/cloudflare/_dev/build/build.yml b/packages/cloudflare/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cloudflare/_dev/build/build.yml +++ b/packages/cloudflare/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index bf10d0714f0..081af319aee 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.4.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 100f4edd616..4d93850bc09 100644 --- a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_create", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_revoke", @@ -185,7 +185,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "api_key_view", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "api_key_view", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rotate_api_key", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "api_key_created", @@ -493,7 +493,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_create", @@ -569,7 +569,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "purge", @@ -736,7 +736,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tls_settings_deployed", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", @@ -871,7 +871,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_revoke", @@ -953,7 +953,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_revoke", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_roll", @@ -1115,7 +1115,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_create", @@ -1204,7 +1204,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1294,7 +1294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1475,7 +1475,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1566,7 +1566,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1657,7 +1657,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1748,7 +1748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1839,7 +1839,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -1929,7 +1929,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -2019,7 +2019,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -2109,7 +2109,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -2199,7 +2199,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_del", @@ -2288,7 +2288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2377,7 +2377,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2644,7 +2644,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2734,7 +2734,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2824,7 +2824,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -2914,7 +2914,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3272,7 +3272,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3361,7 +3361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rec_add", @@ -3442,7 +3442,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pending", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tls_settings_deployed", @@ -3584,7 +3584,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add", @@ -3667,7 +3667,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_setting", @@ -3748,7 +3748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_create", @@ -3824,7 +3824,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login", diff --git a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 30f0f6cfd63..f76114f4a75 100644 --- a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/audit/sample_event.json b/packages/cloudflare/data_stream/audit/sample_event.json index 8f08e6facbb..8ef47d9ec99 100644 --- a/packages/cloudflare/data_stream/audit/sample_event.json +++ b/packages/cloudflare/data_stream/audit/sample_event.json @@ -33,7 +33,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json index abd6ed20c21..5ecfbe7358f 100644 --- a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json @@ -105,7 +105,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -283,7 +283,7 @@ "bytes": 24743 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -487,7 +487,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml index c6859935476..61a11a1d99f 100644 --- a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/logpull/sample_event.json b/packages/cloudflare/data_stream/logpull/sample_event.json index 82827305c53..09b255a013f 100644 --- a/packages/cloudflare/data_stream/logpull/sample_event.json +++ b/packages/cloudflare/data_stream/logpull/sample_event.json @@ -103,7 +103,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/docs/README.md b/packages/cloudflare/docs/README.md index d3eb37b3dd2..e9b7a54024e 100644 --- a/packages/cloudflare/docs/README.md +++ b/packages/cloudflare/docs/README.md @@ -106,7 +106,7 @@ Audit logs summarize the history of changes made within your Cloudflare account. | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -178,7 +178,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -539,7 +539,7 @@ An example event for `logpull` looks as following: "bytes": 2848 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 27c22578ea9..5bbad72bb75 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: "2.4.2" +version: "2.5.0" release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration From 23743b64769a86c1a3fe9548eca4dcfe90bdb09d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:20 +0530 Subject: [PATCH 032/137] [cloudflare_logpush] - update ECS to 8.7.0 from 8.6.0 This updates the cloudflare_logpush integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cloudflare_logpush --- packages/cloudflare_logpush/_dev/build/build.yml | 2 +- packages/cloudflare_logpush/changelog.yml | 5 +++++ .../pipeline/test-pipeline-audit.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../pipeline/test-pipeline-dns.log-expected.json | 2 +- .../dns/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dns/sample_event.json | 2 +- .../test-pipeline-firewall-event.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/firewall_event/sample_event.json | 2 +- .../test-pipeline-http-request.log-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/http_request/sample_event.json | 2 +- .../test-pipeline-nel-report.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/nel_report/sample_event.json | 2 +- ...st-pipeline-network-analytics.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../network_analytics/sample_event.json | 2 +- .../test-pipeline-spectrum-event.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/spectrum_event/sample_event.json | 2 +- packages/cloudflare_logpush/docs/README.md | 14 +++++++------- packages/cloudflare_logpush/manifest.yml | 2 +- 25 files changed, 36 insertions(+), 31 deletions(-) diff --git a/packages/cloudflare_logpush/_dev/build/build.yml b/packages/cloudflare_logpush/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cloudflare_logpush/_dev/build/build.yml +++ b/packages/cloudflare_logpush/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cloudflare_logpush/changelog.yml b/packages/cloudflare_logpush/changelog.yml index 7c66afa276a..abbd6bf577c 100644 --- a/packages/cloudflare_logpush/changelog.yml +++ b/packages/cloudflare_logpush/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Cloudflare Logpush as GA. diff --git a/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index fb34c68d6df..5a8ecbed581 100644 --- a/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "token_create", diff --git a/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 36fcd3ca4b5..71005e24a5b 100644 --- a/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/audit/sample_event.json b/packages/cloudflare_logpush/data_stream/audit/sample_event.json index 59d690ef468..25ff741a0fe 100644 --- a/packages/cloudflare_logpush/data_stream/audit/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/audit/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json b/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json index efe2cbf4465..0d1407306f4 100644 --- a/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 0fd97f2ff5c..94bf8343254 100644 --- a/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare DNS logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/dns/sample_event.json b/packages/cloudflare_logpush/data_stream/dns/sample_event.json index b41498cf146..1af833f241b 100644 --- a/packages/cloudflare_logpush/data_stream/dns/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/dns/sample_event.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json b/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json index 1e95c8d2441..3021d2cbcad 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json @@ -64,7 +64,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml index 7d4d724dd39..974f0a1d673 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Firewall Event logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json b/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json index 886f2a7bcd9..e0bb9f4809b 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json @@ -75,7 +75,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json b/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json index 73398ae8df6..97e9ca71b64 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json @@ -174,7 +174,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -417,7 +417,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml index c3ab47a5c2d..6c37920ae2d 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare HTTP Request logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/http_request/sample_event.json b/packages/cloudflare_logpush/data_stream/http_request/sample_event.json index 748c44b7953..0103b7074d8 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/http_request/sample_event.json @@ -184,7 +184,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8eafc4b3-b5f0-4541-ae2a-c9bb2f2e0074", diff --git a/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json b/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json index 37ab7224145..5a33929f377 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json @@ -26,7 +26,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "type": "network-error" diff --git a/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml index 79c5afae114..998816a4d1d 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare NEL Report logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json b/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json index af6d220bbbc..1ae12947d65 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json @@ -37,7 +37,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json b/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json index 717be2556ae..9b906caed0a 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json @@ -167,7 +167,7 @@ "port": 5678 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml index 51c2267ea51..c1efe86a194 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Network Analytics logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json b/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json index a6f21a73ddf..e7af330ce2f 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json @@ -178,7 +178,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json b/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json index 04c514ef9c2..d5995500045 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json @@ -59,7 +59,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connect", diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml index e779c242fe4..aeccb10507f 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Spectrum Event logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json b/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json index 87bb4bc9529..632c40542da 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json @@ -70,7 +70,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/docs/README.md b/packages/cloudflare_logpush/docs/README.md index 38b343b1cdd..0d4bbff1507 100644 --- a/packages/cloudflare_logpush/docs/README.md +++ b/packages/cloudflare_logpush/docs/README.md @@ -166,7 +166,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -347,7 +347,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -540,7 +540,7 @@ An example event for `firewall_event` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -920,7 +920,7 @@ An example event for `http_request` looks as following: "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8eafc4b3-b5f0-4541-ae2a-c9bb2f2e0074", @@ -1219,7 +1219,7 @@ An example event for `nel_report` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -1504,7 +1504,7 @@ An example event for `network_analytics` looks as following: "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -1788,7 +1788,7 @@ An example event for `spectrum_event` looks as following: "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/manifest.yml b/packages/cloudflare_logpush/manifest.yml index 6090153d04a..e12de9f0eab 100644 --- a/packages/cloudflare_logpush/manifest.yml +++ b/packages/cloudflare_logpush/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cloudflare_logpush title: Cloudflare Logpush -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect and parse logs from Cloudflare API with Elastic Agent. From 9e74a8d5e1495d5db960269e5d10be21719b7d75 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:22 +0530 Subject: [PATCH 033/137] [crowdstrike] - update ECS to 8.7.0 from 8.6.0 This updates the crowdstrike integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/crowdstrike --- packages/crowdstrike/_dev/build/build.yml | 2 +- packages/crowdstrike/changelog.yml | 5 + ...test-falcon-audit-events.log-expected.json | 26 +- .../test-falcon-commandline.log-expected.json | 2 +- .../test-falcon-events.log-expected.json | 6 +- .../test-falcon-sample.log-expected.json | 14 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/falcon/sample_event.json | 2 +- .../test/pipeline/test-fdr.log-expected.json | 260 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/fdr/sample_event.json | 2 +- packages/crowdstrike/docs/README.md | 8 +- packages/crowdstrike/manifest.yml | 2 +- 13 files changed, 169 insertions(+), 164 deletions(-) diff --git a/packages/crowdstrike/_dev/build/build.yml b/packages/crowdstrike/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/crowdstrike/_dev/build/build.yml +++ b/packages/crowdstrike/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 8691cebfd73..a6396ff1938 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.11.2" changes: - description: Reduce duplicate document ingestion. diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json index 0b38a22e6a6..924b9978433 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_activity_audit_event", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -604,7 +604,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -658,7 +658,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -729,7 +729,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-commandline.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-commandline.log-expected.json index b2b9a26bf2a..509887936ed 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-commandline.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-commandline.log-expected.json @@ -7,7 +7,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\n \"event\": {\n \"CommandLine\": \"here are two spaces-\u003e \u003c-. see https://github.com/elastic/integrations/issues/4746\"\n }\n}", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json index 276479ed6b5..09c5d70f0f4 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Prevention, process killed.", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "incident", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json index b7433344bfe..4dcbcb360a2 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json @@ -46,7 +46,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "incident", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_activity_audit_event", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Detection, process would have been blocked if related prevention policy setting was enabled.", diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index cd93f284762..88814705da7 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Ingest pipeline for normalizing CrowdStrike Falcon logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/crowdstrike/data_stream/falcon/sample_event.json b/packages/crowdstrike/data_stream/falcon/sample_event.json index 3f49df2c739..bffebd34aa6 100644 --- a/packages/crowdstrike/data_stream/falcon/sample_event.json +++ b/packages/crowdstrike/data_stream/falcon/sample_event.json @@ -52,7 +52,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json index f570e2aa5ba..142e1bc6741 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json @@ -18,7 +18,7 @@ "name": "SyntheticProcessRollup2MacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SyntheticProcessRollup2", @@ -124,7 +124,7 @@ "name": "EndOfProcessMacV15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -215,7 +215,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RawBindIP6", @@ -311,7 +311,7 @@ "name": "ProcessRollup2StatsMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2Stats", @@ -414,7 +414,7 @@ "name": "SensorHeartbeatMacV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SensorHeartbeat", @@ -490,7 +490,7 @@ "name": "ProcessRollup2MacV5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -607,7 +607,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkReceiveAcceptIP4", @@ -700,7 +700,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RawBindIP4", @@ -803,7 +803,7 @@ "port": 50626 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP6", @@ -896,7 +896,7 @@ "name": "ProcessRollup2LinV6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -1006,7 +1006,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP6", @@ -1090,7 +1090,7 @@ "name": "OoxmlFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OoxmlFileWritten", @@ -1190,7 +1190,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP4", @@ -1290,7 +1290,7 @@ "name": "ChannelVersionRequiredLinV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ChannelVersionRequired", @@ -1352,7 +1352,7 @@ "name": "LocalIpAddressIP6LinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressIP6", @@ -1442,7 +1442,7 @@ "name": "ChannelVersionRequiredMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ChannelVersionRequired", @@ -1506,7 +1506,7 @@ "name": "SensorHeartbeatLinV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SensorHeartbeat", @@ -1574,7 +1574,7 @@ "name": "JavaClassFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "JavaClassFileWritten", @@ -1675,7 +1675,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP4", @@ -1769,7 +1769,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DnsRequest", @@ -1843,7 +1843,7 @@ "name": "NewScriptWrittenMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewScriptWritten", @@ -1926,7 +1926,7 @@ "name": "LocalIpAddressRemovedIP6LinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2013,7 +2013,7 @@ "name": "DirectoryCreateMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DirectoryCreate", @@ -2118,7 +2118,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkCloseIP4", @@ -2243,7 +2243,7 @@ "name": "FsVolumeMountedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeMounted", @@ -2319,7 +2319,7 @@ "name": "LocalIpAddressIP4LinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressIP4", @@ -2407,7 +2407,7 @@ "name": "LocalIpAddressRemovedIP6MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2506,7 +2506,7 @@ "name": "LocalIpAddressIP6MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressIP6", @@ -2598,7 +2598,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP4", @@ -2681,7 +2681,7 @@ "name": "ExecutableDeletedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ExecutableDeleted", @@ -2761,7 +2761,7 @@ "name": "GzipFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GzipFileWritten", @@ -2838,7 +2838,7 @@ "name": "IOServiceRegisterMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "IOServiceRegister", @@ -2907,7 +2907,7 @@ "name": "PtyCreatedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PtyCreated", @@ -2983,7 +2983,7 @@ "name": "LocalIpAddressRemovedIP4MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressRemovedIP4", @@ -3075,7 +3075,7 @@ "port": 9 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkCloseIP6", @@ -3165,7 +3165,7 @@ "name": "ConfigStateUpdateLinV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ConfigStateUpdate", @@ -3234,7 +3234,7 @@ "name": "SuspiciousDnsRequestMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -3314,7 +3314,7 @@ "name": "ErrorEventLinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ErrorEvent", @@ -3411,7 +3411,7 @@ "name": "ConfigStateUpdateMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ConfigStateUpdate", @@ -3480,7 +3480,7 @@ "name": "KextLoadMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "KextLoad", @@ -3555,7 +3555,7 @@ "name": "ChannelVersionRequiredLinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ChannelVersionRequired", @@ -3619,7 +3619,7 @@ "name": "ProcessRollup2StatsLinV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2Stats", @@ -3712,7 +3712,7 @@ "name": "UserIdentityMacV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserIdentity", @@ -3800,7 +3800,7 @@ "name": "DeliverLocalFXToCloudMacV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DeliverLocalFXToCloud", @@ -3861,7 +3861,7 @@ "name": "CreateProcessArgsMac" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CreateProcessArgs", @@ -3963,7 +3963,7 @@ "name": "PdfFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PdfFileWritten", @@ -4047,7 +4047,7 @@ "name": "GroupIdentityMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupIdentity", @@ -4120,7 +4120,7 @@ "name": "MachOFileWrittenMacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MachOFileWritten", @@ -4214,7 +4214,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP6", @@ -4419,7 +4419,7 @@ "name": "CurrentSystemTagsMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CurrentSystemTags", @@ -4488,7 +4488,7 @@ "name": "NewExecutableWrittenMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewExecutableWritten", @@ -4697,7 +4697,7 @@ "name": "LfoUploadDataCompleteMacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LfoUploadDataComplete", @@ -4774,7 +4774,7 @@ "name": "LightningLatencyInfoMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LightningLatencyInfo", @@ -4870,7 +4870,7 @@ "name": "NeighborListIP4MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NeighborListIP4", @@ -4939,7 +4939,7 @@ "name": "ZipFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ZipFileWritten", @@ -5044,7 +5044,7 @@ "name": "AgentOnlineMacV13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AgentOnline", @@ -5126,7 +5126,7 @@ "name": "CriticalFileAccessedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CriticalFileAccessed", @@ -5219,7 +5219,7 @@ "name": "OsVersionInfoMacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OsVersionInfo", @@ -5305,7 +5305,7 @@ "name": "ConfigStateUpdateLinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ConfigStateUpdate", @@ -5373,7 +5373,7 @@ "name": "LFODownloadConfirmationLinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5458,7 +5458,7 @@ "name": "TarFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TarFileWritten", @@ -5551,7 +5551,7 @@ "name": "AgentConnectMacV5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AgentConnect", @@ -5623,7 +5623,7 @@ "name": "LFODownloadConfirmationMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5710,7 +5710,7 @@ "name": "AsepFileChangeMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AsepFileChange", @@ -5792,7 +5792,7 @@ "name": "TerminateProcessLinV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TerminateProcess", @@ -5867,7 +5867,7 @@ "name": "FirewallEnabledMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FirewallEnabled", @@ -5940,7 +5940,7 @@ "name": "FsVolumeUnmountedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeUnmounted", @@ -6015,7 +6015,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP4", @@ -6099,7 +6099,7 @@ "name": "ELFFileWrittenMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ELFFileWritten", @@ -6194,7 +6194,7 @@ "name": "OsVersionInfoLinV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OsVersionInfo", @@ -6265,7 +6265,7 @@ "name": "CriticalFileModifiedMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CriticalFileModified", @@ -6358,7 +6358,7 @@ "name": "NeighborListIP6MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NeighborListIP6", @@ -6428,7 +6428,7 @@ "name": "NewScriptWrittenMacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewScriptWritten", @@ -6527,7 +6527,7 @@ "name": "SystemCapacityMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SystemCapacity", @@ -6601,7 +6601,7 @@ "name": "FirmwareAnalysisStatusMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FirmwareAnalysisStatus", @@ -6684,7 +6684,7 @@ "name": "LocalIpAddressIP4MacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LocalIpAddressIP4", @@ -6778,7 +6778,7 @@ "name": "ProcessRollup2LinV5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -6891,7 +6891,7 @@ "name": "EndOfProcessMacV14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -7025,7 +7025,7 @@ "name": "EndOfProcessV15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -7126,7 +7126,7 @@ "name": "EndOfProcessMacV12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -7223,7 +7223,7 @@ "name": "ProcessRollup2V17" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -7326,7 +7326,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DnsRequest", @@ -7400,7 +7400,7 @@ "name": "CriticalFileAccessedLinV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CriticalFileAccessed", @@ -7497,7 +7497,7 @@ "name": "ProcessRollup2MacV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -7608,7 +7608,7 @@ "name": "NewScriptWrittenV7" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewScriptWritten", @@ -7708,7 +7708,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP4", @@ -7813,7 +7813,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP4", @@ -7918,7 +7918,7 @@ "name": "UserLogonV8" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLogon", @@ -8014,7 +8014,7 @@ "name": "PeFileWrittenV14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PeFileWritten", @@ -8114,7 +8114,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLogoff", @@ -8205,7 +8205,7 @@ "name": "NewExecutableWrittenV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewExecutableWritten", @@ -8294,7 +8294,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP4", @@ -8404,7 +8404,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLogonFailed2", @@ -8493,7 +8493,7 @@ "name": "ExecutableDeletedV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ExecutableDeleted", @@ -8589,7 +8589,7 @@ "name": "EndOfProcessMacV11" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -8669,7 +8669,7 @@ "name": "RegisterRawInputDevicesEtwV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RegisterRawInputDevicesEtw", @@ -8747,7 +8747,7 @@ "name": "LFODownloadConfirmationV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LFODownloadConfirmation", @@ -8840,7 +8840,7 @@ "name": "NewExecutableRenamedV6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewExecutableRenamed", @@ -8933,7 +8933,7 @@ "name": "DirectoryCreateV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DirectoryCreate", @@ -9022,7 +9022,7 @@ "name": "ServiceStartedV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ServiceStarted", @@ -9118,7 +9118,7 @@ "port": 2181 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP6", @@ -9216,7 +9216,7 @@ "name": "UserIdentityV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserIdentity", @@ -9332,7 +9332,7 @@ "name": "ProcessRollup2V16" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -9440,7 +9440,7 @@ "name": "RansomwareOpenFileV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RansomwareOpenFile", @@ -9576,7 +9576,7 @@ "name": "EndOfProcessV14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EndOfProcess", @@ -9673,7 +9673,7 @@ "name": "OoxmlFileWrittenV11" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OoxmlFileWritten", @@ -9763,7 +9763,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP6", @@ -9860,7 +9860,7 @@ "name": "AsepFileChangeMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AsepFileChange", @@ -9947,7 +9947,7 @@ "name": "UserLogonFailedV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLogonFailed", @@ -10044,7 +10044,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkConnectIP6", @@ -10138,7 +10138,7 @@ "name": "NewExecutableRenamedMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NewExecutableRenamed", @@ -10230,7 +10230,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP6", @@ -10316,7 +10316,7 @@ "name": "SuspiciousDnsRequestV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -10402,7 +10402,7 @@ "name": "FsVolumeMountedV6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeMounted", @@ -10482,7 +10482,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NetworkListenIP4", @@ -10576,7 +10576,7 @@ "name": "HostedServiceStartedV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "HostedServiceStarted", @@ -10657,7 +10657,7 @@ "name": "HostedServiceStoppedV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "HostedServiceStopped", @@ -10739,7 +10739,7 @@ "name": "PdfFileWrittenV11" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PdfFileWritten", @@ -10841,7 +10841,7 @@ "name": "ProcessRollup2V18" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -10938,7 +10938,7 @@ "name": "UserIdentityMacV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserIdentity", @@ -11023,7 +11023,7 @@ "name": "HostInfoV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "HostInfo", @@ -11101,7 +11101,7 @@ "name": "GenericFileWrittenV11" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GenericFileWritten", @@ -11184,7 +11184,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeUnmounted", @@ -11257,7 +11257,7 @@ "name": "FirewallDisabledMacV1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FirewallDisabled", @@ -11339,7 +11339,7 @@ "cid": "ffffffff30a3407dae27d0503611022ff" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2021-11-09T05:47:19.952Z", @@ -11418,7 +11418,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLogoff", @@ -11518,7 +11518,7 @@ "name": "ProcessRollup2V19" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ProcessRollup2", @@ -11619,7 +11619,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeUnmounted", @@ -11701,7 +11701,7 @@ "subnet": "10.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-16T01:57:00.343Z", @@ -11784,7 +11784,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FsVolumeUnmounted", diff --git a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml index fa1391c9f25..046d41c3a48 100644 --- a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml @@ -191,7 +191,7 @@ processors: ## ECS fields. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## Categorization. - script: diff --git a/packages/crowdstrike/data_stream/fdr/sample_event.json b/packages/crowdstrike/data_stream/fdr/sample_event.json index a2e60cd5cc4..61539bdd9a9 100644 --- a/packages/crowdstrike/data_stream/fdr/sample_event.json +++ b/packages/crowdstrike/data_stream/fdr/sample_event.json @@ -31,7 +31,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "1255e325-ccf6-47ee-8e56-25027fa532e2", diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index a01c3c12ad1..35190cefbac 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -171,7 +171,7 @@ Contains endpoint data and CrowdStrike Falcon platform audit data forwarded from | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -278,7 +278,7 @@ An example event for `falcon` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -825,7 +825,7 @@ and/or `session_token`. | host.geo.country_name | Country name. | keyword | | host.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | | keyword | | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.offset | | long | @@ -950,7 +950,7 @@ An example event for `fdr` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "1255e325-ccf6-47ee-8e56-25027fa532e2", diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index 4f8b2154ba6..e4a24dabdbc 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.11.2" +version: "1.12.0" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: 1.0.0 From 08ea0baa36ee1a15cee75db738b903a81f34ad02 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:22 +0530 Subject: [PATCH 034/137] [cyberark_pta] - update ECS to 8.7.0 from 8.6.0 This updates the cyberark_pta integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cyberark_pta --- packages/cyberark_pta/_dev/build/build.yml | 2 +- packages/cyberark_pta/changelog.yml | 5 +++++ .../pipeline/test-active-dormant-user.json-expected.json | 2 +- .../pipeline/test-suspected-cred-theft.json-expected.json | 2 +- .../events/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/cyberark_pta/data_stream/events/sample_event.json | 2 +- packages/cyberark_pta/manifest.yml | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/cyberark_pta/_dev/build/build.yml b/packages/cyberark_pta/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cyberark_pta/_dev/build/build.yml +++ b/packages/cyberark_pta/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cyberark_pta/changelog.yml b/packages/cyberark_pta/changelog.yml index cbfb997acee..1676d5fd8f8 100644 --- a/packages/cyberark_pta/changelog.yml +++ b/packages/cyberark_pta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Cyberark Privileged Threat Analytics as GA. diff --git a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json index 4f952353ad1..b0e221fb16c 100644 --- a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json +++ b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "26", diff --git a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json index 8ecd5132796..ee0e5de2330 100644 --- a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json +++ b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1", diff --git a/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml index a5bc150400a..f48bd7b56a6 100644 --- a/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CyberArk PTA processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.action value: "{{cef.extensions.deviceCustomString5}}" diff --git a/packages/cyberark_pta/data_stream/events/sample_event.json b/packages/cyberark_pta/data_stream/events/sample_event.json index fa2e67e7c0e..cb948b7dba9 100644 --- a/packages/cyberark_pta/data_stream/events/sample_event.json +++ b/packages/cyberark_pta/data_stream/events/sample_event.json @@ -55,7 +55,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "61c2aa93-e34e-4412-bd9b-ce85257847de", diff --git a/packages/cyberark_pta/manifest.yml b/packages/cyberark_pta/manifest.yml index 87d163ca076..15eddd63f00 100644 --- a/packages/cyberark_pta/manifest.yml +++ b/packages/cyberark_pta/manifest.yml @@ -1,6 +1,6 @@ name: cyberark_pta title: Cyberark Privileged Threat Analytics -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect security logs from Cyberark PTA integration. From 9ab826afb3143669fd7cc3215d544d7cc466e7b3 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:27 +0530 Subject: [PATCH 035/137] [cyberarkpas] - update ECS to 8.7.0 from 8.6.0 This updates the cyberarkpas integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cyberarkpas --- packages/cyberarkpas/_dev/build/build.yml | 2 +- packages/cyberarkpas/changelog.yml | 5 +++ ...st-105-add-file-category.log-expected.json | 12 +++--- ...106-update-file-category.log-expected.json | 12 +++--- ...107-delete-file-category.log-expected.json | 2 +- .../test-124-rename-file.log-expected.json | 2 +- ...est-125-rename-file-cont.log-expected.json | 2 +- .../test-126-unlock-file.log-expected.json | 2 +- ...130-cpm-disable-password.log-expected.json | 2 +- ...t-178-get-user-s-details.log-expected.json | 2 +- .../test-180-add-user.log-expected.json | 24 ++++++------ .../test-181-update-safe.log-expected.json | 2 +- .../test-185-add-safe.log-expected.json | 4 +- .../test-187-add-folder.log-expected.json | 4 +- ...-full-gateway-connection.log-expected.json | 18 ++++----- ...rtial-gateway-connection.log-expected.json | 2 +- ...kup-files-deletion-start.log-expected.json | 2 +- ...ackup-files-deletion-end.log-expected.json | 2 +- ...t-22-cpm-verify-password.log-expected.json | 4 +- ...23-action-on-closed-safe.log-expected.json | 6 +-- ...t-24-cpm-change-password.log-expected.json | 8 ++-- ...est-259-add-update-group.log-expected.json | 8 ++-- ...est-265-add-group-member.log-expected.json | 28 +++++++------- ...-266-remove-group-member.log-expected.json | 4 +- .../test-273-remove-owner.log-expected.json | 2 +- .../test-278-add-rule.log-expected.json | 2 +- ...lear-users-history-start.log-expected.json | 6 +-- ...-clear-users-history-end.log-expected.json | 6 +-- ...lear-safes-history-start.log-expected.json | 2 +- ...-clear-safes-history-end.log-expected.json | 2 +- .../test-294-store-password.log-expected.json | 20 +++++----- ...st-295-retrieve-password.log-expected.json | 26 ++++++------- .../test-300-psm-connect.log-expected.json | 34 ++++++++--------- .../test-302-psm-disconnect.log-expected.json | 32 ++++++++-------- ...304-psm-upload-recording.log-expected.json | 2 +- .../test-308-use-password.log-expected.json | 22 +++++------ ...309-undefined-user-logon.log-expected.json | 10 ++--- ...1-cpm-reconcile-password.log-expected.json | 2 +- ...tor-dr-replication-start.log-expected.json | 6 +-- ...nitor-dr-replication-end.log-expected.json | 6 +-- ...ord-detailed-information.log-expected.json | 2 +- ...-317-reset-user-password.log-expected.json | 2 +- .../test-32-add-owner.log-expected.json | 32 ++++++++-------- ...cpm-auto-detection-start.log-expected.json | 2 +- ...7-cpm-auto-detection-end.log-expected.json | 2 +- .../test-33-update-owner.log-expected.json | 14 +++---- ...se-expiration-date-start.log-expected.json | 2 +- ...ense-expiration-date-end.log-expected.json | 2 +- ...7-monitor-fw-rules-start.log-expected.json | 6 +-- ...358-monitor-fw-rules-end.log-expected.json | 6 +-- .../test-359-sql-command.log-expected.json | 20 +++++----- ...st-361-keystroke-logging.log-expected.json | 14 +++---- ...m-verify-password-failed.log-expected.json | 30 +++++++-------- ...5-blservice-audit-record.log-expected.json | 10 ++--- ...st-4-user-authentication.log-expected.json | 4 +- .../test-411-window-title.log-expected.json | 2 +- ...st-412-keystroke-logging.log-expected.json | 2 +- ...t-414-cpm-verify-ssh-key.log-expected.json | 2 +- .../test-427-store-ssh-key.log-expected.json | 2 +- ...est-428-retrieve-ssh-key.log-expected.json | 6 +-- ...eate-discovery-succeeded.log-expected.json | 2 +- .../test-459-general-audit.log-expected.json | 6 +-- ...thentication-was-updated.log-expected.json | 2 +- ...ault-certificate-is-sha1.log-expected.json | 6 +-- ...bulk-operation-succeeded.log-expected.json | 2 +- .../test-50-store-file.log-expected.json | 12 +++--- .../test-51-retrieve-file.log-expected.json | 6 +-- .../test-52-delete-file.log-expected.json | 20 +++++----- ...m-change-password-failed.log-expected.json | 2 +- ...st-59-clear-safe-history.log-expected.json | 8 ++-- ...econcile-password-failed.log-expected.json | 18 ++++----- ...t-62-create-file-version.log-expected.json | 16 ++++---- .../pipeline/test-7-logon.log-expected.json | 24 ++++++------ .../pipeline/test-8-logoff.log-expected.json | 30 +++++++-------- .../test-88-set-password.log-expected.json | 38 +++++++++---------- ...-98-open-file-write-only.log-expected.json | 8 ++-- .../test-99-open-file.log-expected.json | 2 +- .../test-legacysyslog.log-expected.json | 4 +- .../test-rfc5424syslog.log-expected.json | 8 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/cyberarkpas/docs/README.md | 4 +- packages/cyberarkpas/manifest.yml | 2 +- 83 files changed, 365 insertions(+), 360 deletions(-) diff --git a/packages/cyberarkpas/_dev/build/build.yml b/packages/cyberarkpas/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cyberarkpas/_dev/build/build.yml +++ b/packages/cyberarkpas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index b7701f45152..6b3a931b3aa 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json index 9398e40bf8c..8f298c3f340 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json index 15992b6ac65..3f61c88f7cd 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", @@ -358,7 +358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json index 47b225c681a..2c2ecd4f3a8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json @@ -26,7 +26,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json index 507d24e2447..0a5dd841fd0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rename file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json index 5790c124ffd..cd9171c12cf 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rename file (cont.)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json index 104ebbcb86d..4c9ce425475 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unlock file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json index 10d76d1afe8..0318c3eb376 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm disable password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json index 27be8035128..08499d095ef 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "get user's details", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json index 9ded062d8cc..fd4b157b828 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -251,7 +251,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -485,7 +485,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -564,7 +564,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -643,7 +643,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add user", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json index afb2a2cbc90..b258aa51ebc 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json index 83cd5eea943..34b9aaa7d7f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add safe", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json index 15959a78c04..cc21f3ccbef 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add folder", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add folder", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json index 902b8da97de..562d9ea819b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -554,7 +554,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "full gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json index abe65c6c256..2355fcd58f1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "partial gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json index 27c8bd30cfa..10d48e35cca 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "old backup files deletion start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json index 58ac92780c1..ce3b78565f9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "old backup files deletion end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json index 55d598eeadc..11fa74d93be 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json index 441b9eecab1..6cec51d5ec2 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "action on closed safe", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "action on closed safe", @@ -136,7 +136,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "action on closed safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json index ec964c38fa1..e257e607334 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json @@ -42,7 +42,7 @@ "domain": "radiussrv.cyberark.local" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm change password", @@ -136,7 +136,7 @@ "domain": "components" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm change password", @@ -239,7 +239,7 @@ "domain": "components" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm change password", @@ -343,7 +343,7 @@ "domain": "components" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm change password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json index 1228d62d539..fe4d0b4ec94 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add/update group", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add/update group", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add/update group", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add/update group", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json index 19bdb0d81d0..4a78bcb4c69 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -396,7 +396,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -459,7 +459,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -586,7 +586,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -650,7 +650,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -714,7 +714,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -778,7 +778,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json index ea067ba7edb..51e0fdfa41e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json index 6efbba33c68..437e9301e45 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json index 988308481ee..3e9dd7b3c1d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add rule", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json index 08e8c42cc37..5bb355b513b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear users history start", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T03:00:20.000Z", + "@timestamp": "2023-03-08T03:00:20.000Z", "cyberarkpas": { "audit": { "action": "Auto Clear Users History start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear users history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json index 5e6824c408a..9d1e8e777ab 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear users history end", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T03:00:20.000Z", + "@timestamp": "2023-03-08T03:00:20.000Z", "cyberarkpas": { "audit": { "action": "Auto Clear Users History end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear users history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json index 50a04ca2fca..e67dac0d847 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear safes history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json index 2203a6d38b7..3e7d51ed0ae 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "auto clear safes history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json index d6a5b1b0c9a..01a7d687c07 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -90,7 +90,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -449,7 +449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -517,7 +517,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -596,7 +596,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", @@ -674,7 +674,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json index a19fb87605e..843ae317f47 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -219,7 +219,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -410,7 +410,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -510,7 +510,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -600,7 +600,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -979,7 +979,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json index edb1d5122f2..f7271a96d2b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -387,7 +387,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -621,7 +621,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -861,7 +861,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1250,7 +1250,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1379,7 +1379,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1504,7 +1504,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1629,7 +1629,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1763,7 +1763,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -1897,7 +1897,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm connect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json index 9e710a8d4c6..cdd898c4a87 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -156,7 +156,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -632,7 +632,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -876,7 +876,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1009,7 +1009,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1402,7 +1402,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1656,7 +1656,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1792,7 +1792,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", @@ -1928,7 +1928,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm disconnect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json index 9478ec833b4..dc0e2146e87 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "psm upload recording", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json index 6d72725d5fb..8f7254d21bb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -351,7 +351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -458,7 +458,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -672,7 +672,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -1025,7 +1025,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", @@ -1148,7 +1148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "use password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json index 82cf857cdb6..248a7994e55 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", @@ -95,7 +95,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", @@ -254,7 +254,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", @@ -338,7 +338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json index 2b80ed20b01..8ae714dd632 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json @@ -44,7 +44,7 @@ "domain": "dbserver.cyberark.local" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json index 6cfdf3caa90..6c2a5887da8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor dr replication start", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T02:48:07.000Z", + "@timestamp": "2023-03-08T02:48:07.000Z", "cyberarkpas": { "audit": { "action": "Monitor DR Replication start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor dr replication start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json index 01afce90f9a..c437b30f2a7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor dr replication end", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T02:48:07.000Z", + "@timestamp": "2023-03-08T02:48:07.000Z", "cyberarkpas": { "audit": { "action": "Monitor DR Replication end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor dr replication end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json index c356dd699e3..3bd77479141 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reset user password detailed information", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json index 6ca58d211d0..9e8c2225575 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reset user password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json index b75bda4b092..ec7872a7feb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -179,7 +179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -260,7 +260,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -422,7 +422,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -503,7 +503,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -584,7 +584,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -827,7 +827,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -908,7 +908,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -989,7 +989,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -1151,7 +1151,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json index 2cc3aa65d07..701e2a0ada9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm auto-detection start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json index 7d300edcf73..9cae391cc79 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm auto-detection end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json index 8d604323262..62ea30b9494 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json index 97d638c467b..5fbf8c16f01 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor license expiration date start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json index 8730aac4039..ed9ac61b9c4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor license expiration date end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json index 2084b0bb05a..f1e6e43b40e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor fw rules start", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T02:32:56.000Z", + "@timestamp": "2023-03-08T02:32:56.000Z", "cyberarkpas": { "audit": { "action": "Monitor FW rules start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor fw rules start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json index 9c8f03b9a8c..ca7bff55e03 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor fw rules end", @@ -53,7 +53,7 @@ ] }, { - "@timestamp": "2022-03-08T02:32:56.000Z", + "@timestamp": "2023-03-08T02:32:56.000Z", "cyberarkpas": { "audit": { "action": "Monitor FW Rules end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "monitor fw rules end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json index c20e27c899f..62416b9452a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -766,7 +766,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -884,7 +884,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -1002,7 +1002,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", @@ -1120,7 +1120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sql command", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json index b4430431ad8..8faa3736183 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -164,7 +164,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -426,7 +426,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -693,7 +693,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", @@ -829,7 +829,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json index 9d59ffe574b..20ae74d6a21 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -640,7 +640,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -749,7 +749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1076,7 +1076,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1188,7 +1188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1412,7 +1412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json index e9bcf217791..96f9d564a80 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json @@ -23,7 +23,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blservice audit record", @@ -86,7 +86,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blservice audit record", @@ -149,7 +149,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blservice audit record", @@ -212,7 +212,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blservice audit record", @@ -275,7 +275,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blservice audit record", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json index 6e6902c147b..23147491058 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", @@ -96,7 +96,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json index c3910ad9048..ae5c9119406 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "window title", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json index d62d363ec7f..960d27494da 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json index 88dfde6b93f..7fb20542591 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm verify ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json index c5ebe4a3bfa..4ec93316f05 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json index 142f17d701a..67ab34a03e9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve ssh key", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve ssh key", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json index bfea93104cd..7d5e85bacd5 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create discovery succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json index fc75c012a33..af1e66859b6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "general audit", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "general audit", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "general audit", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json index 8d1770558c7..7daf1a12c4e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "the component public key for jwt authentication was updated", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json index b6ef26b68ba..87a57eaa709 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", @@ -54,7 +54,7 @@ ] }, { - "@timestamp": "2022-03-08T07:46:54.000Z", + "@timestamp": "2023-03-08T07:46:54.000Z", "cyberarkpas": { "audit": { "action": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json index 82686937d25..f531f81a4a6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update existing add account bulk operation succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json index d4540f30d5f..00b04b92bfa 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", @@ -337,7 +337,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "store file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json index f8f396b3ab3..6d52c6cce5a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve file", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json index 75a4c2edb8f..9fcfac2b201 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json @@ -31,7 +31,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -106,7 +106,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -372,7 +372,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -445,7 +445,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -518,7 +518,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -595,7 +595,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", @@ -672,7 +672,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json index 43ed37e8e8d..8ec1bd0a937 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json @@ -54,7 +54,7 @@ "domain": "rhel7.cybr.com" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm change password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json index b7d763706ad..3076f5a4289 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "clear safe history", @@ -54,7 +54,7 @@ ] }, { - "@timestamp": "2022-03-08T03:10:31.000Z", + "@timestamp": "2023-03-08T03:10:31.000Z", "cyberarkpas": { "audit": { "action": "Clear Safe History", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "clear safe history", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "clear safe history", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json index f0dfb8cc6db..b06f018fa3e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json @@ -54,7 +54,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -172,7 +172,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -288,7 +288,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -406,7 +406,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -524,7 +524,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -641,7 +641,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -760,7 +760,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -877,7 +877,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", @@ -997,7 +997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cpm reconcile password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json index 88d249cfa5f..47d0dbca81f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -84,7 +84,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -216,7 +216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -283,7 +283,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -413,7 +413,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create file version", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json index 0abe7837a56..6635adba037 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.2.0.3" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -417,7 +417,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -492,7 +492,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -576,7 +576,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -655,7 +655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -805,7 +805,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json index c862dc74feb..bf45e946762 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -727,7 +727,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -812,7 +812,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -959,7 +959,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", @@ -1049,7 +1049,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logoff", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json index 1452caf5054..1a1dccd9764 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -105,7 +105,7 @@ ] }, { - "@timestamp": "2022-03-08T02:54:46.000Z", + "@timestamp": "2023-03-08T02:54:46.000Z", "cyberarkpas": { "audit": { "action": "Set Password", @@ -118,7 +118,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -635,7 +635,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -759,7 +759,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -945,7 +945,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", @@ -1007,7 +1007,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "set password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json index efc07568083..9436a45bb59 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open file (write only)", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open file (write only)", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open file (write only)", @@ -213,7 +213,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open file (write only)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json index 966fd9f16cc..74c1c9c220f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json index e03e68b2a75..1b033db1a06 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-03-08T03:41:01.000Z", + "@timestamp": "2023-03-08T03:41:01.000Z", "cyberarkpas": { "audit": { "action": "Retrieve File", @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json index 06f5ec8e113..d941353cf78 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "retrieve file", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 03a9e915868..89723256a26 100644 --- a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: # - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # # Set event.original from message, unless reindexing. diff --git a/packages/cyberarkpas/data_stream/audit/sample_event.json b/packages/cyberarkpas/data_stream/audit/sample_event.json index 4d48f6187dd..6b9072ccda8 100644 --- a/packages/cyberarkpas/data_stream/audit/sample_event.json +++ b/packages/cyberarkpas/data_stream/audit/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/docs/README.md b/packages/cyberarkpas/docs/README.md index 1ed3f919e1d..4896e56f279 100644 --- a/packages/cyberarkpas/docs/README.md +++ b/packages/cyberarkpas/docs/README.md @@ -68,7 +68,7 @@ An example event for `audit` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -255,7 +255,7 @@ An example event for `audit` looks as following: | event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | file.path | Full path to the file, including the file name. It should include the drive letter, when appropriate. | keyword | | file.path.text | Multi-field of `file.path`. | match_only_text | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | Type of Filebeat input. | keyword | | log.file.path | Path to the log file. | keyword | | log.flags | Flags for the log file. | keyword | diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index a3cfeb01def..afaa995a77a 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: "2.9.1" +version: "2.10.0" release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration From 83b839a33268ad13b59009458f33e4a2959a4787 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:28 +0530 Subject: [PATCH 036/137] [cylance] - update ECS to 8.7.0 from 8.6.0 This updates the cylance integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/cylance --- packages/cylance/_dev/build/build.yml | 2 +- packages/cylance/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../test-rsa2elk-output.json-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/protect/sample_event.json | 2 +- packages/cylance/docs/README.md | 2 +- packages/cylance/manifest.yml | 2 +- 8 files changed, 111 insertions(+), 106 deletions(-) diff --git a/packages/cylance/_dev/build/build.yml b/packages/cylance/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/cylance/_dev/build/build.yml +++ b/packages/cylance/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index de5174c6de2..f7b2e408499 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json index 4a7de571243..ccd86de3b8d 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "29-January-2016 06:09:59 high boNemoe4402.www.invalid dolore \u003c\u003csequa\u003eabo 2016-1-29T6:09:59.squira nostrud4819.mail.test CylancePROTECT mqui nci [billoi] Event Type: AuditLog, Event Name: ZoneAdd, Message: Policy Assigned:orev; Devices: pisciv , User: uii umexe (estlabo)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-2-12T1:12:33.olupt volup208.invalid CylancePROTECT eosquir orsi [nulapari] Event Type: AuditLog, Event Name: LoginSuccess, Message: Devices: vol, User: luptat isiutal (moenimi)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "26-Feb-2016 8:15:08 very-high anonnu410.internal.home aqu \u003c\u003cutper\u003esquame 26T20:15:08.ntex eius6159.www5.localhost CylancePROTECT Event Name:Alert, Device Message: Device: aer User: ),lupt (tia oloremqu Zone Names: temvel Device Id: iatu", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-3-12T3:17:42.ceroinBC ratvolup497.www.corp CylancePROTECT ionofde con [uia] Event Type: AuditLog, Event Name: SystemSecurity, Message: ommodic, User: mipsu consec (taliquip)", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-3-26T10:20:16.gelit tatno5625.api.local CylancePROTECT taev roidents [oluptas] Event Type: AuditLog, Event Name: Alert, Message: Source: taliqu; SHA256: ommod; Reason: failure, User: tur aperi (iveli)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uatDuis 2016-4-9T5:22:51.ude maveniam1399.mail.lan CylancePROTECT siutaliq exercit [tempor] Event Type: omnis, Event Name: SystemSecurity, Device Name: eip, Agent Version: lupta, IP Address: (10.124.61.119), MAC Address: (01:00:5e:dc:bb:8b), Logged On Users: (occ), OS: ect Zone Names: reetdolo", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "24-Apr-2016 12:25:25 low lor340.mail.local natura \u003c\u003caboris\u003eima 24T00:25:25.tanimi nimadmin6499.local CylancePROTECT Event Name:Device Policy Assigned, Device Message: Device: dexe User: ),urerep (aquaeab liqu Zone Names: lorem Device Id: emq", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ari 2016-5-8T7:27:59.equun suntinc4934.www5.test CylancePROTECT ipis gelits [tatevel] Event Type: AuditLog, Event Name: ThreatUpdated, Message: Policy: uptatev; SHA256: uovol, User: )dmi (olab mquisnos", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "22-May-2016 14:30:33 medium tvol457.internal.local inim \u003c\u003cema\u003eroinBCSe 2016-5-22T2:30:33.onse tae1382.mail.localhost CylancePROTECT oluptate ofdeF tion Event Type: orsitame, Event Name: threat_quarantined, Threat Class: lit, Threat Subclass: iam, SHA256: qua, MD5: umdo", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-6-5T9:33:08.eniam reetdolo2451.www.example CylancePROTECT rumet oll [erc] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: llam, File Path: aspern, Interpreter: itlabori, Interpreter Version: 1.2344, Zone Names: ollit, User Name: usan", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "olo 2016-6-20T4:35:42.uaera sitas4259.mail.corp CylancePROTECT atquovo iumto aboreetd Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Zone: dun; Policy: enim; Value: saute, User: vel quu (undeo)", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-7-4T11:38:16.isqu uis7612.www5.domain CylancePROTECT llumquid tation [ips] Event Type: emeumfug, Event Name: Registration, emporinc", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cup 2016-7-18T6:40:50.boNemoen uid7309.api.domain CylancePROTECT uradi aborumSe luptat Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: Policy: antiumto, User: strude ctetura (usmod)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2-Aug-2016 1:43:25 high fugit7668.www5.invalid lupt \u003c\u003cxea\u003equa 2T01:43:25.luptatev admi3749.api.lan CylancePROTECT Event Name:DeviceRemove, Device Message: Device: tinvol; Zones Removed: dolore; Zones Added: abor, User: iqui etc (etM), Zone Names:nimadmin Device Id: ditautfu", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-8-16T8:45:59.ostr rudexerc703.internal.host CylancePROTECT itaut imaven [liqua] Event Type: ScriptControl, Event Name: fullaccess, Device Name: onproide, File Path: Nemoen, Interpreter: tfug, Interpreter Version: 1.5383 (ccu), Zone Names: urE, User Name: isaute", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eomnisis 2016-8-30T3:48:33.mqui civeli370.www5.local CylancePROTECT sunt stl tdolorem Event Type: AuditLog, Event Name: Alert, Message: The Device: picia was auto assigned to the Zone: IP Address: Fake Devices, User: mUtenima emaperi ()tame", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2016/09/13 22:51:07 ivelits712.api.example CylancePROTECT Event Type: AppControl, etdolo inv [agnaali] Event Type: AppControl, Event Name: threat_found, Device Name: sequatur, IP Address: (10.199.98.186), Action: cancel, Action Type: nihi, File Path: Lor, SHA256: itecto, Zone Names: erc", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "olupt 2016-9-28T5:53:42.modoco estqu1709.internal.example CylancePROTECT ostrume molest [upt] Event Type: Threat, Event Name: LoginSuccess, Device Name: uasia, IP Address: (10.64.70.5), File Name: ici, Path: giatquov, Drive Type: eritquii, SHA256: dexeac, MD5: iscinge, Status: atvol, Cylance Score: 145.898000, Found Date: uames, File Type: tati, Is Running: utaliqu, Auto Run: oriosamn, Detected By: deFinibu, Zone Names: iadese, Is Malware: imidest, Is Unique To Cylance: emagnama, Threat Classification: eprehend", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016-10-12T12:56:16.suntinc xeac7155.www.localdomain CylancePROTECT taliq intoccae [ents] Event Type: pida, Event Name: Alert, Device Name: idolor, Agent Version: emeumfu, IP Address: (10.143.239.210), MAC Address: (01:00:5e:93:1c:9f), Logged On Users: (oinBCSe), OS: mnisist Zone Names: sedd", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ipitla 2016-10-26T7:58:50.quae maccusa5126.api.domain CylancePROTECT idex xerci [aqu] Event Type: ExploitAttempt, Event Name: Alert, Device Name: olorema, IP Address: (10.32.143.134), Action: accept, Process ID: 2289, Process Name: aliqu.exe, User Name: olupta, Violation Type: mipsumd, Zone Names: eFinib", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10-Nov-2016 3:01:24 low eav3687.internal.local siar \u003c\u003corev\u003eiamquis 10T03:01:24.quirat llu4718.localhost CylancePROTECT Event Name:DeviceEdit, Device Name:conseq, External Device Type:oidentsu, External Device Vendor ID:atiset, External Device Name:atu, External Device Product ID:umexerci, External Device Serial Number:ern, Zone Names:psaquae", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 24 10:03:59 doloremi7402.www.test CylancePROTECT Event Type:stquidol, Event Name:DeviceRemove, Device Message: Device: leumiu; Policy Changed: namali to 'taevit', User: rinrepre etconse (tincu), Zone Names:ari, Device Id: exercit", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "8-December-2016 17:06:33 very-high occae1180.internal.localhost aquaeabi \u003c\u003clita\u003eadeseru 2016-12-8T5:06:33.emoe eaq908.api.home CylancePROTECT itame intoc [oluptas] Event Type: tNequepo, Event Name: ZoneAddDevice, Device Name: luptasn, Zone Names:equat", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ihilmole 2016-12-23T12:09:07.eriamea amre146.mail.host CylancePROTECT pisciv iquidex radipisc Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Policy: nti; SHA256: abi; Category: sectetur, User: )uioffi (oru temqu", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ommodico 2017-1-6T7:11:41.quatD mcolab379.internal.home CylancePROTECT tsedqu agnid [proide] Event Type: ScriptControl, Event Name: DeviceRemove, Device Name: tper, File Path: olor, Interpreter: Neque, Interpreter Version: 1.4129 (xerc), Zone Names: iutali, User Name: fdeFi", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 20 2:14:16 tasuntex5037.www.corp CylancePROTECT Event Type:boN, Event Name:threat_quarantined, Device Name:ectio, Agent Version:dutper, IP Address: (10.237.205.140), MAC Address: (01:00:5e:3f:c4:6c), Logged On Users: (uames), OS:iduntu, Zone Names:veniam", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "3-Feb-2017 9:16:50 very-high reme622.mail.example isnisiu \u003c\u003cbore\u003etsu 3T21:16:50.tcons sciun4694.api.lan CylancePROTECT Event Name:LoginSuccess, Device Message: Device: nsect User: ),idata (rumwritt magnid Zone Names: enderit Device Id: untex", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "paquioff 2017-2-18T4:19:24.mquisnos maven3758.www.invalid CylancePROTECT labor didunt uptatema Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: udan, IP Address: (10.74.104.215), Action: cancel, Process ID: 7410, Process Name: mveleu.exe, User Name: nofdeFin, Violation Type: sequam, Zone Names: temvel", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "4-Mar-2017 11:21:59 medium tvolu3997.mail.home eiu \u003c\u003cntiumdo\u003eautfu 4T11:21:59.gnaaliq mni7200.mail.localdomain CylancePROTECT Event Name:pechange, Device Name:idolor, Zone Names:uisau, Device Id: eleum", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 18 6:24:33 ate4627.localdomain CylancePROTECT Event Type:officiad, Event Name:Device Policy Assigned, Message: The Device:quinescwas auto assigned to Zone:madmi, User:tur", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2-April-2017 01:27:07 very-high orem6702.invalid tev \u003c\u003csaute\u003entocca 2017-4-2T1:27:07.ostru ntoccae1705.internal.invalid CylancePROTECT temquiav equatu [upta] Event Type: ScriptControl, Event Name: Alert, Device Name: sBon, File Path: orro, Interpreter: tae, Interpreter Version: 1.3212, Zone Names: tlab, User Name: aperiame", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "16-Apr-2017 8:29:41 high tobea2364.internal.localhost itinvol \u003c\u003ceavolup\u003efugiatn 16T08:29:41.docon etconsec6708.internal.invalid CylancePROTECT Event Name:PolicyAdd, Device Name:ersp, External Device Type:tquov, External Device Vendor ID:diconseq, External Device Name:inven, External Device Product ID:osquira, External Device Serial Number:tes, Zone Names:mquame", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-4-30T3:32:16.squirati Sedutp7428.internal.home CylancePROTECT utlabor itessequ [porro] Event Type: AuditLog, Event Name: PolicyAdd, Message: Zone: iquipe; Policy: itempor; Value: quin, User: upida tvolupt (eufugi)", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uamni 2017-5-14T10:34:50.ctet ati4639.www5.home CylancePROTECT archite loreme [untu] Event Type: AuditLog, Event Name: Alert, Message: Device: ven; User: con nisist (usmodte)", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-5-29T5:37:24.eturadi torever662.www5.home CylancePROTECT quam sumdolor [meaqueip] Event Type: AuditLog, Event Name: PolicyAdd, Message: The Device: pexe was auto assigned to the Zone: IP Address: 10.70.168.240, User: amcol adeser ()oin", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "12-June-2017 12:39:58 medium meius3932.internal.example ccaeca \u003c\u003cumdolo\u003euptate 2017-6-12T12:39:58.amc cusant1701.api.localdomain CylancePROTECT siutaliq dutp psaquaea Event Type: taevita, Event Name: DeviceRemove, Device Name: siut, Agent Version: tconsect, IP Address: (10.190.175.158), MAC Address: (01:00:5e:45:8b:97), Logged On Users: (ditemp), OS: edqui", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "26-June-2017 19:42:33 very-high rnatu2805.www.home enderi \u003c\u003cmquisno\u003eodoconse 2017-6-26T7:42:33.quamqua eacommod1930.internal.lan CylancePROTECT tpersp stla uptatema Event Type: AuditLog, Event Name: fullaccess, Message: Device: uradi; SHA256: tot; Category: llamco, User: )nea (psum tasnulap", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-7-11T2:45:07.oremipsu emeumfug4387.internal.lan CylancePROTECT uidol litani [utodita] Event Type: AuditLog, Event Name: Alert, Message: Device: untincul; SHA256: iduntu, User: )ccaeca (niamq lapariat", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uat 2017-7-25T9:47:41.tiaec rumwrit764.www5.local CylancePROTECT edquiac urerepr [eseru] Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: etMal, External Device Type: qua, External Device Vendor ID: rsita, External Device Name: ate, External Device Product ID: ipsamvo, External Device Serial Number: onula, Zone Names: miu", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 8 4:50:15 mex2054.mail.corp CylancePROTECT Event Type:luptat, Event Name:SyslogSettingsSave, Message: Provider:ica, Source IP:10.13.66.97, User: dicta taedicta (ritt)#015", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-8-22T11:52:50.dictasun veniamqu7284.mail.invalid CylancePROTECT nte mvel nof Event Type: AuditLog, Event Name: DeviceEdit, Message: The Device: tetur was auto assigned to the Zone: IP Address: Fake Devices, User: ()xce", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "6-September-2017 06:55:24 high isiu5733.api.domain etdolor \u003c\u003clupta\u003exeaco 2017-9-6T6:55:24.nvolupt oremi1485.api.localhost CylancePROTECT iosa boNemoe [onsequ] Event Type: AuditLog, Event Name: threat_quarantined, Message: SHA256: amvolupt; Reason: success, User: atisund xea (ites)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eri 2017-9-20T1:57:58.quunt olori416.api.test CylancePROTECT elit cidunt plica Event Type: ExploitAttempt, Event Name: Alert, Device Name: exeaco, IP Address: (10.31.190.145), Action: cancel, Process ID: 5530, Process Name: accusant.exe, User Name: onse, Violation Type: admin, Zone Names: stenatu", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "4-Oct-2017 9:00:32 high nvol6269.internal.local tla \u003c\u003citem\u003enimid 4T21:00:32.dat periam126.api.host CylancePROTECT Event Name:threat_found, Threat Class:rExc, Threat Subclass:iusmo, SHA256:tame, MD5:naaliq", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "19-October-2017 04:03:07 medium toccaec7645.www5.home psaqua \u003c\u003cullamcor\u003eitationu 2017-10-19T4:03:07.proident maliquam2147.internal.home CylancePROTECT lores ritati orisni Event Type: DeviceControl, Event Name: PolicyAdd, Device Name: estl, External Device Type: sitam, External Device Vendor ID: orem, External Device Name: rcit, External Device Product ID: llamco, External Device Serial Number: atu, Zone Names: untincul", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iuntNe 2017-11-2T11:05:41.atise tate6578.api.localdomain CylancePROTECT emvele isnost [olorem] Event Type: Threat, Event Name: PolicyAdd, Device Name: yCiceroi, IP Address: (10.252.165.146), File Name: iquamqua, Path: sit, Drive Type: rumSect, SHA256: ita, MD5: vitaed, Status: exeaco, Cylance Score: 51.523000, Found Date: mven, File Type: olorsit, Is Running: tore, Auto Run: elits, Detected By: consequa, Zone Names: turadip, Is Malware: tatevel, Is Unique To Cylance: boreetdo, Threat Classification: undeom", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-11-16T6:08:15.uov itlab6956.mail.local CylancePROTECT loremqu tetur amvo Event Type: siuta, Event Name: threat_changed, Device Name: ommodo, Agent Version: uptat, IP Address: (10.105.46.101, tatione), MAC Address: (01:00:5e:de:32:2c, ori), Logged On Users: (tconsect), OS: rum", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-12-1T1:10:49.ugiatn midestl1919.host CylancePROTECT cingel modocon [ipsu] Event Type: ntNeq, Event Name: Device Policy Assigned, Device Name: aUt, Agent Version: boNem, IP Address: (10.124.88.222), MAC Address: (01:00:5e:f9:78:c2), Logged On Users: (onu), OS: liquaUte", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ria 2017-12-15T8:13:24.atDu nsec923.internal.local CylancePROTECT agnaaliq tlaboree norumet Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: mod, IP Address: (10.28.120.149), Action: deny, Process ID: 3916, Process Name: tinvolup.exe, User Name: tsed, Violation Type: inv, Zone Names: rroq", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017-12-29T3:15:58.mipsamvo eiusmod3517.internal.invalid CylancePROTECT oreveri ehende [eaqueip] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: olup; SHA256: labor, User: )dol (sciun metcons", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "12-January-2018 22:18:32 high asnu3806.api.lan tamet \u003c\u003cperspici\u003eationul 2018/01/12T22:18:32.mquisn queips4947.mail.example CylancePROTECT molestia quir eavolup Event Type: AppControl, Event Name: Registration, Device Name: labore, IP Address: (10.165.16.231), Action: accept, Action Type: uto, File Path: iuntNequ, SHA256: esseq, Zone Names: aincidun", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "27-January-2018 05:21:06 low oloreseo5039.test derit \u003c\u003corese\u003edolor 2018-1-27T5:21:06.econs ntexpl3889.www.home CylancePROTECT yCic nder [mdolore] Event Type: Cic, Event Name: DeviceRemove, Device Name: saqu, Agent Version: iscive, IP Address: (10.156.34.19), MAC Address: (01:00:5e:54:ab:3f), Logged On Users: (imveni), OS: ariaturE Zone Names: stquid", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ree 2018-2-10T12:23:41.saquaea ation6657.www.home CylancePROTECT iatqu lorsi repreh Event Type: AuditLog, Event Name: Registration, Message: sitamet, User: utlabo tetur (tionula)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "24-Feb-2018 7:26:15 very-high idolor3916.www5.home tas \u003c\u003cautfugi\u003etasun 24T19:26:15.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "llam 2018-3-11T2:28:49.cti aparia1179.www.localdomain CylancePROTECT rever ore offici Event Type: AuditLog, Event Name: DeviceEdit, Message: Devices: metco, User: acom ceroinB (nim)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "25-March-2018 09:31:24 medium taliqui5348.mail.localdomain loremag \u003c\u003ctcu\u003eiatqu 2018-3-25T9:31:24.inBCSedu erspi5757.local CylancePROTECT suntex iacons [occaec] Event Type: DeviceControl, Event Name: LoginSuccess, Device Name: uov, External Device Type: quaeab, External Device Vendor ID: fici, External Device Name: imve, External Device Product ID: quide, External Device Serial Number: quaU, Zone Names: undeomni", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "liquid 2018-4-8T4:33:58.enim Finibus1411.www5.corp CylancePROTECT xea taed umdolo Event Type: AuditLog, Event Name: fullaccess, Message: Policy Assigned:rroqu; Devices: dquiaco , User: nibus vitaed (ser)", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 22 11:36:32 upt7879.www5.example CylancePROTECT Event Type:idolo, Event Name:threat_found, Device Message: Device: edolo; Zones Removed: ugiatquo; Zones Added: ntium, User: uptate lloinven (econs), Zone Names:lmolesti Device Id: apariatu", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2018/05/07 06:39:06 erspi4926.www5.test CylancePROTECT Event Type: AppControl, incidid quin [autemv] Event Type: AppControl, Event Name: PolicyAdd, Device Name: fugits, IP Address: (10.153.34.43), Action: allow, Action Type: acommo, File Path: isi, SHA256: culpaq, Zone Names: saute", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018-5-21T1:41:41.abor magnid3343.home CylancePROTECT tesseq niam [pernat] Event Type: DeviceControl, Event Name: threat_found, Device Name: gitse, External Device Type: ugitse, External Device Vendor ID: quiineav, External Device Name: billoinv, External Device Product ID: sci, External Device Serial Number: col, Zone Names: obea", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "4-Jun-2018 8:44:15 high uptatem4483.localhost inrepr \u003c\u003cmol\u003eumdolors 4T20:44:15.dolori asperna7623.www.home CylancePROTECT Event Name:ThreatUpdated, Message: Device:dexewas auto assigned to Zone:tat, User:onproide", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "riosa 2018-6-19T3:46:49.tNe pisc3553.internal.home CylancePROTECT rautod olest eataev Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: ritati, IP Address: (10.43.110.203), Action: allow, Process ID: 1359, Process Name: nim.exe, User Name: ame, Violation Type: amvolu, Zone Names: mip", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "3-July-2018 10:49:23 medium iame4937.local tiumd \u003c\u003cntmoll\u003emexer 2018/07/03T10:49:23.estla uipexe7153.api.corp CylancePROTECT saqu remips illoi Event Type: AppControl, Event Name: ZoneAdd, Device Name: abori, IP Address: (10.127.20.244), Action: block, Action Type: uelauda, File Path: ema, SHA256: odi, Zone Names: ptatems", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nde 2018-7-17T5:51:58.abillo undeom845.www5.example CylancePROTECT quaer eetdo [tlab] Event Type: ScriptControl, Event Name: LoginSuccess, Device Name: liq, File Path: seddoeiu, Interpreter: nse, Interpreter Version: 1.3421, Zone Names: quira, User Name: tassita", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 1 12:54:32 atis6201.internal.invalid CylancePROTECT Event Type:nisiut, Event Name:threat_changed, Message: Device:quirawas auto assigned to Zone:rror, User:tatema", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "15-August-2018 07:57:06 low tperspic7591.www.lan ict \u003c\u003csquirati\u003etem 2018-8-15T7:57:06.mestq ura675.mail.localdomain CylancePROTECT eleumiu uei Nequepo Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: seddo, External Device Type: uam, External Device Vendor ID: orumSec, External Device Name: nisiuta, External Device Product ID: stiaecon, External Device Serial Number: dol, Zone Names: sumquiad", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "29-August-2018 14:59:40 high oeni179.api.localhost gna \u003c\u003cisiutali\u003elumqu 2018-8-29T2:59:40.onulamco ons5050.mail.test CylancePROTECT unt tass [tiumdol] Event Type: Threat, Event Name: threat_quarantined, Device Name: mquiad, IP Address: (10.48.209.115), File Name: psa, Path: nculpaq, Drive Type: reseosqu, SHA256: sequat, MD5: lor, Status: ccaec, Cylance Score: 75.498000, Found Date: ommo, File Type: iame, Is Running: laudanti, Auto Run: umiurer, Detected By: rere, Zone Names: cta, Is Malware: aevi, Is Unique To Cylance: uameiusm, Threat Classification: adm", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "12-September-2018 22:02:15 medium mnihilm1903.internal.host ditautf \u003c\u003citametc\u003eori 2018-9-12T10:02:15.uamqu olori4584.mail.domain CylancePROTECT sunt autfugit emUte Event Type: AuditLog, Event Name: ThreatUpdated, Message: Zone: nturmag; Policy: tura; Value: osquirat, User: equat aliquid (usantiu)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "27-Sep-2018 5:04:49 very-high trudex4443.www5.localhost lor \u003c\u003cxplic\u003eeseruntm 27T05:04:49.lpaquiof oloreeu7597.mail.home CylancePROTECT Event Name:PolicyAdd, Device Name:nula, Agent Version:quiacons, IP Address: (10.7.99.47), MAC Address: (01:00:5e:e8:41:ae), Logged On Users: (evolupta), OS:teturadi, Zone Names:ditau", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "hend 2018-10-11T12:07:23.eacommo ueip5847.api.test CylancePROTECT umd sciveli [dolorem] Event Type: sed, Event Name: Device Updated, Threat Class: Nemoenim, Threat Subclass: usm, SHA256: labori, MD5: porai", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ostr 2018-10-25T7:09:57.sec uid3520.www.home CylancePROTECT eFini ectob [mrema] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: prehend, File Path: eufug, Interpreter: roquisq, Interpreter Version: 1.989 (est), Zone Names: civelits, User Name: ici", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 9 2:12:32 miurerep3693.mail.localhost CylancePROTECT Event Type:iduntu, Event Name:SyslogSettingsSave, Device Name:inibusB, Zone Names:nostrud", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 23 9:15:06 esse3795.www.host CylancePROTECT Event Type:pariatur, Event Name:SyslogSettingsSave, Message: The Device:imaveniawas auto assigned to Zone:expli, User:ugiat", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "bore 2018-12-7T4:17:40.ptate teir7585.www5.localdomain CylancePROTECT quu xeac [llitanim] Event Type: AuditLog, Event Name: SystemSecurity, Message: Devices: oreverit, User: scip Finibus (Utenimad)", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 21 11:20:14 hen1901.example CylancePROTECT Event Type:ali, Event Name:SyslogSettingsSave, Device Name:quunt, External Device Type:itasp, External Device Vendor ID:qui, External Device Name:equeporr, External Device Product ID:met, External Device Serial Number:volup, Zone Names:ptate, Device Id: entsu, Policy Name: conse", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 5 6:22:49 mag4267.www.test CylancePROTECT Event Type:atura, Event Name:Alert, Device Message: Device: oreeu User: ),nvo (iamqui tassita Zone Names: colabori Device Id: imidestl", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-1-19T1:25:23.minimve serrorsi1096.www5.localdomain CylancePROTECT lamco cit [siar] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: The Device: reetdo was auto assigned to the Zone: IP Address: Fake Devices, User: ()ever", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "quiav 2019-2-2T8:27:57.mse prehen4807.mail.invalid CylancePROTECT liqua ariatur [labo] Event Type: DeviceControl, Event Name: SystemSecurity, Device Name: remq, External Device Type: unt, External Device Vendor ID: tla, External Device Name: arch, External Device Product ID: lite, External Device Serial Number: ugia, Zone Names: meum", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 17 3:30:32 nvolupta126.www.domain CylancePROTECT Event Type:quas, Event Name:threat_found, Device Name:orp, File Path:ender, Interpreter:dico, Interpreter Version:1.5848, Zone Names:Utenima, User Name: olore", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "3-March-2019 10:33:06 medium radip4253.www.corp gna \u003c\u003cici\u003equamnih 2019-3-3T10:33:06.asnulap yCiceroi5998.mail.home CylancePROTECT inc tect uiad Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: roinBCSe, External Device Type: maperiam, External Device Vendor ID: mSec, External Device Name: smoditem, External Device Product ID: tatisetq, External Device Serial Number: uidolo, Zone Names: umdolore", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-3-17T5:35:40.abori sit1400.www.lan CylancePROTECT ames amni [tatio] Event Type: AuditLog, Event Name: ZoneAdd, Message: Zone: ntsunti; Policy: borios; Value: ani, User: uid idatat (onev)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iosamni 2019-4-1T12:38:14.idu sis3986.internal.lan CylancePROTECT tsedquia its umdolor Event Type: isiu, Event Name: Device Policy Assigned, Device Name: mmodi, Agent Version: snostr, IP Address: (10.232.90.3), MAC Address: (01:00:5e:e6:a6:a2), Logged On Users: (midestl), OS: nci", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "hilmole 2019-4-15T7:40:49.sequ sectetu7182.localdomain CylancePROTECT dolor lorumwri [amnihil] Event Type: orissus, Event Name: Device Updated, uido", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-4-29T2:43:23.itse officiad4982.www5.domain CylancePROTECT lumqui quiavolu [upta] Event Type: AuditLog, Event Name: ZoneAdd, Message: Device: umtota; User: etdolore magnaa (sumquiad)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-5-13T9:45:57.Duisa consequa1486.internal.localdomain CylancePROTECT aevitaed byCic [leumiur] Event Type: ptatemse, Event Name: pechange, Threat Class: quaeratv, Threat Subclass: involu, SHA256: tobeata, MD5: nesciun", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "onorumet 2019-5-28T4:48:31.ptatema eavolup6981.www5.example CylancePROTECT psaquaea rchit psumq Event Type: DeviceControl, Event Name: threat_changed, Device Name: lum, External Device Type: xerc, External Device Vendor ID: ctetura, External Device Name: msequ, External Device Product ID: nvol, External Device Serial Number: enimadmi, Zone Names: tateveli", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-6-11T11:51:06.oremip its6443.mail.example CylancePROTECT natuserr ostrudex [nse] Event Type: miurere, Event Name: fullaccess, Device Name: tlabo, Agent Version: tatemse, IP Address: (10.139.80.71), MAC Address: (01:00:5e:bc:c1:21), Logged On Users: (orem), OS: eniamqui", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "25-June-2019 18:53:40 high tnulapa7580.www.domain adeser \u003c\u003cuasiarc\u003edoeiu 2019-6-25T6:53:40.onsectet dentsunt6061.www5.home CylancePROTECT tobeata imven onnumqua Event Type: quioff, Event Name: SyslogSettingsSave, Device Names: (upt), Policy Name: atatnonp, User: nvol dtemp (mquis)", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10-July-2019 01:56:14 medium midest133.www5.example tocca \u003c\u003corsitvol\u003entor 2019-7-10T1:56:14.oinBCSed oid218.api.invalid CylancePROTECT roquisqu ariat midestl Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: mcorpori, User: mqu pteursi (orsitam)", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "totamre 2019-7-24T8:58:48.rpo velites4233.internal.home CylancePROTECT uisaute uun end Event Type: odocons, Event Name: Alert, Threat Class: asp, Threat Subclass: dexercit, SHA256: amn, MD5: itessequ", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "7-August-2019 16:01:23 low sumd3215.test aUtenima \u003c\u003cturQuis\u003etaevi 2019-8-7T4:01:23.uames tconsec7604.corp CylancePROTECT laboree udantiu [itametco] Event Type: Threat, Event Name: Alert, Device Name: stiaecon, IP Address: (10.223.246.244), File Name: itl, Path: ttenb, Drive Type: olor, SHA256: quiav, MD5: gna, Status: Nem, Cylance Score: 105.845000, Found Date: lors, File Type: oluptat, Is Running: enimad, Auto Run: tis, Detected By: qua, Zone Names: con, Is Malware: tore, Is Unique To Cylance: sequatD, Threat Classification: ercitati", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "21-Aug-2019 11:03:57 high oeiusmo5035.api.local tconse \u003c\u003crem\u003etseddoei 21T23:03:57.teursint etMa3452.www5.test CylancePROTECT Event Name:threat_found, Device Name:nturmag, File Path:uredol, Interpreter:maliqua, Interpreter Version:1.4613, Zone Names:mquia, User Name: omnisi, Device Id: etMalor, Policy Name: mco", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "5-September-2019 06:06:31 high taspe1205.mail.domain cti \u003c\u003commodoc\u003ense 2019-9-5T6:06:31.mveniam tuser2694.internal.invalid CylancePROTECT tlaboru aeabillo [ciad] Event Type: ugiatqu, Event Name: threat_found, Device Names: (turveli), Policy Name: isciv, User: natus boreet (luptasnu)", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "edqu 2019-9-19T1:09:05.tationu gnaaliq5240.api.test CylancePROTECT nula ameaquei [gnama] Event Type: esciun, Event Name: pechange, Threat Class: ratvo, Threat Subclass: ntutl, SHA256: volupt, MD5: ine", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "3-Oct-2019 8:11:40 low ditaut33.mail.localhost iumdo \u003c\u003coreeu\u003emea 3T20:11:40.ssec illum2625.test CylancePROTECT Event Name:LoginSuccess, Threat Class:iaeconse, Threat Subclass:uisa, SHA256:nimadmin, MD5:tdolo", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "18-October-2019 03:14:14 high porissus1225.www5.corp ddoe \u003c\u003cuptateve\u003eured 2019-10-18T3:14:14.ctetu oreeu6419.www.corp CylancePROTECT cul iinea snos Event Type: AuditLog, Event Name: PolicyAdd, Message: Device: moenimip; User: uames tium (ianonn)", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-11-1T10:16:48.tiset sci333.mail.home CylancePROTECT doloreeu lors eumfu Event Type: docons, Event Name: PolicyAdd, Device Names: (eumf), Policy Name: roquisq, User: uasi maveniam (uis)", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "imi 2019-11-15T5:19:22.animi edutpers6452.api.host CylancePROTECT ntiumt sumquia vento Event Type: sitv, Event Name: LoginSuccess, Threat Class: com, Threat Subclass: rep, SHA256: mveni, MD5: aquae", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "30-November-2019 00:21:57 low iaturE3103.api.domain aturve \u003c\u003cptateve\u003eiatu 2019/11/30T00:21:57.use nulamc5617.mail.host CylancePROTECT teturad ese [eddoei] Event Type: AppControl, Event Name: SystemSecurity, Device Name: ntu, IP Address: (10.134.137.205), Action: deny, Action Type: duntut, File Path: emporin, SHA256: oreseosq, Zone Names: etquasia", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019-12-14T7:24:31.cinge tatem4713.internal.host CylancePROTECT elites pariat [nimip] Event Type: AuditLog, Event Name: threat_found, Message: Zone: usci; Policy: unturmag; Value: dexeaco, User: lupta ura (oreeufug)", "tags": [ diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json index 7cc01f022bf..07c71792f01 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json @@ -15,7 +15,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml index 6471cc16a2c..053db4d2efb 100644 --- a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CylanceProtect processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - gsub: field: host.mac ignore_missing: true diff --git a/packages/cylance/data_stream/protect/sample_event.json b/packages/cylance/data_stream/protect/sample_event.json index c0dc0fb410c..4f54d455088 100644 --- a/packages/cylance/data_stream/protect/sample_event.json +++ b/packages/cylance/data_stream/protect/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/docs/README.md b/packages/cylance/docs/README.md index fe09f5fb495..494b8fd9007 100644 --- a/packages/cylance/docs/README.md +++ b/packages/cylance/docs/README.md @@ -72,7 +72,7 @@ The `protect` dataset collects CylanceProtect logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index e42c1d4f551..41f65c48471 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: "0.12.1" +version: "0.13.0" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security", "edr_xdr"] release: experimental From 936776d193480fc6ca3c691589eab8892e74ec7b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:29 +0530 Subject: [PATCH 037/137] [darktrace] - update ECS to 8.7.0 from 8.6.0 This updates the darktrace integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/darktrace --- packages/darktrace/_dev/build/build.yml | 2 +- packages/darktrace/changelog.yml | 5 +++++ .../pipeline/test-ai-analyst-alert.log-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ai_analyst_alert/sample_event.json | 2 +- .../pipeline/test-model-breach-alert.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/model_breach_alert/sample_event.json | 2 +- .../test-system-status-alert.log-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/system_status_alert/sample_event.json | 2 +- packages/darktrace/docs/README.md | 8 ++++---- packages/darktrace/manifest.yml | 2 +- 13 files changed, 26 insertions(+), 21 deletions(-) diff --git a/packages/darktrace/_dev/build/build.yml b/packages/darktrace/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/darktrace/_dev/build/build.yml +++ b/packages/darktrace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/darktrace/changelog.yml b/packages/darktrace/changelog.yml index 54b22b7db7e..51cf203f55f 100644 --- a/packages/darktrace/changelog.yml +++ b/packages/darktrace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Darktrace as GA. diff --git a/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json b/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json index de853001207..90df777d092 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json +++ b/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json @@ -135,7 +135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -409,7 +409,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml index 8b2e4648ab1..081efd6fbb5 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing AI Analyst Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json b/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json index 239c10e0c1b..7ee90544ebf 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json +++ b/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json @@ -144,7 +144,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json b/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json index 09d256cbc5e..771081a0308 100644 --- a/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json +++ b/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2022-07-13T02:12:45.000Z", @@ -515,7 +515,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1157,7 +1157,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2022-08-05T09:35:45.460Z", @@ -1235,7 +1235,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2022-08-05T09:34:46.317Z", diff --git a/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml index 62286fa8303..946a576f218 100644 --- a/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Model Breach Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/model_breach_alert/sample_event.json b/packages/darktrace/data_stream/model_breach_alert/sample_event.json index feb62514360..97bcc0de7a5 100644 --- a/packages/darktrace/data_stream/model_breach_alert/sample_event.json +++ b/packages/darktrace/data_stream/model_breach_alert/sample_event.json @@ -499,7 +499,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json b/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json index d5a57e22d1b..caae41e60d6 100644 --- a/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json +++ b/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "abcdabcd-1234-1234-1234-3abababcdcd3", @@ -74,7 +74,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "abcd1234-1234-1234-1234-3abababcdcd3", diff --git a/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml index 6ea536bb14b..32d9d5521da 100644 --- a/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing System Status Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/system_status_alert/sample_event.json b/packages/darktrace/data_stream/system_status_alert/sample_event.json index fbf44c001d0..4fdf726115d 100644 --- a/packages/darktrace/data_stream/system_status_alert/sample_event.json +++ b/packages/darktrace/data_stream/system_status_alert/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/docs/README.md b/packages/darktrace/docs/README.md index 79e7cf49116..7753d4cbe06 100644 --- a/packages/darktrace/docs/README.md +++ b/packages/darktrace/docs/README.md @@ -254,7 +254,7 @@ An example event for `ai_analyst_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", @@ -439,7 +439,7 @@ An example event for `ai_analyst_alert` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -979,7 +979,7 @@ An example event for `model_breach_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", @@ -1308,7 +1308,7 @@ An example event for `system_status_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/manifest.yml b/packages/darktrace/manifest.yml index bc35dc2d60a..e0fb8234f9c 100644 --- a/packages/darktrace/manifest.yml +++ b/packages/darktrace/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: darktrace title: Darktrace -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect logs from Darktrace with Elastic Agent. From e399e6c6c152fe4334c9fc36bbbfe00862625ab5 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:30 +0530 Subject: [PATCH 038/137] [f5] - update ECS to 8.7.0 from 8.6.0 This updates the f5 integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/f5 --- packages/f5/_dev/build/build.yml | 2 +- packages/f5/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../f5/data_stream/bigipafm/sample_event.json | 2 +- .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../f5/data_stream/bigipapm/sample_event.json | 2 +- packages/f5/docs/README.md | 4 +- packages/f5/manifest.yml | 2 +- 10 files changed, 213 insertions(+), 208 deletions(-) diff --git a/packages/f5/_dev/build/build.yml b/packages/f5/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/f5/_dev/build/build.yml +++ b/packages/f5/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index ce3e170d5fe..69ccef23d38 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.14.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.13.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json index 320e8aa4848..907c71be106 100644 --- a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iusm modtempo olab6078.home olaboris tur itv [F5@odoco acl_policy_name=ria acl_policy_type=min acl_rule_name=ite action=Closed hostname=tatemac3541.api.corp bigip_mgmt_ip=10.228.193.207 context_name=liqua context_type=ciade date_time=Jan 29 2016 06:09:59 dest_ip=10.125.114.51 dst_geo=umq dest_port=2288 device_product=pexe device_vendor=nes device_version=1.2262 drop_reason=reveri errdefs_msgno=boNemoe errdefs_msg_name=equepor flow_id=eni ip_protocol=ipv6 severity=low partition_name=ehend route_domain=ritquiin sa_translation_pool=umqui sa_translation_type=reeufugi source_ip=10.208.121.85 src_geo=sperna source_port=884 source_user=billoi translated_dest_ip=10.165.201.71 translated_dest_port=6153 translated_ip_protocol=tatemU translated_route_domain=deF translated_source_ip=10.11.196.142 translated_source_port=5222 translated_vlan=iatnu vlan=3810", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eporr quipexe alo4540.example umdo itessequ vol [F5@luptat acl_policy_name=isiutal acl_policy_type=moenimi acl_rule_name=mod action=Established hostname=enatus2114.mail.home bigip_mgmt_ip=10.51.132.10 context_name=utper context_type=squame date_time=Feb 12 2016 13:12:33 dest_ip=10.173.116.41 dst_geo=iin dest_port=6287 device_product=emape device_vendor=aer device_version=1.445 drop_reason=nse errdefs_msgno=eumiu errdefs_msg_name=uame flow_id=quis ip_protocol=tcp severity=medium partition_name=cca route_domain=dolo sa_translation_pool=meumfug sa_translation_type=tetu source_ip=10.162.9.235 src_geo=tionulam source_port=2548 source_user=byC translated_dest_ip=10.94.67.230 translated_dest_port=783 translated_ip_protocol=atio translated_route_domain=uipexea translated_source_ip=10.92.202.200 translated_source_port=6772 translated_vlan=eFini vlan=859", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "exe iatu ionofde2424.api.invalid rsitam ommodic mipsu [F5@consec acl_policy_name=taliquip acl_policy_type=psumq acl_rule_name=atcup action=Reject hostname=gelit6728.api.invalid bigip_mgmt_ip=10.122.116.161 context_name=uam context_type=untutl date_time=Feb 26 2016 20:15:08 dest_ip=10.40.68.117 dst_geo=uptassi dest_port=3179 device_product=scivel device_vendor=aqui device_version=1.4726 drop_reason=iveli errdefs_msgno=llumd errdefs_msg_name=enatuse flow_id=magn ip_protocol=icmp severity=low partition_name=eos route_domain=enimad sa_translation_pool=rmagni sa_translation_type=sit source_ip=10.209.155.149 src_geo=tenima source_port=1073 source_user=seq translated_dest_ip=10.82.56.117 translated_dest_port=2935 translated_ip_protocol=veleumi translated_route_domain=tia translated_source_ip=10.191.68.244 translated_source_port=6905 translated_vlan=veri vlan=5990", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "siutaliq exercit tempor4496.www.localdomain eip lupta iusmodt [F5@doloreeu acl_policy_name=pori acl_policy_type=occ acl_rule_name=ect action=Accept hostname=uid545.www5.localhost bigip_mgmt_ip=10.12.44.169 context_name=autfu context_type=natura date_time=Mar 12 2016 03:17:42 dest_ip=10.163.217.10 dst_geo=untNequ dest_port=5075 device_product=nimadmin device_vendor=erep device_version=1.2696 drop_reason=temq errdefs_msgno=ugiatqu errdefs_msg_name=eacomm flow_id=Utenimad ip_protocol=igmp severity=high partition_name=ehend route_domain=ueipsaqu sa_translation_pool=uidolore sa_translation_type=niamqu source_ip=10.202.66.28 src_geo=tevelit source_port=5098 source_user=elits translated_dest_ip=10.131.233.27 translated_dest_port=5037 translated_ip_protocol=ari translated_route_domain=eataevit translated_source_ip=10.50.112.141 translated_source_port=7303 translated_vlan=dmi vlan=499", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mquisnos loremagn iciade3433.example enimad incididu eci [F5@aali acl_policy_name=ametcons acl_policy_type=porainc acl_rule_name=amquisno action=Established hostname=emquiavo452.internal.localhost bigip_mgmt_ip=10.151.111.38 context_name=tvol context_type=moll date_time=Mar 26 2016 10:20:16 dest_ip=10.228.149.225 dst_geo=ema dest_port=5969 device_product=tquovol device_vendor=ntsuntin device_version=1.3341 drop_reason=tatno errdefs_msgno=imav errdefs_msg_name=ididu flow_id=ciunt ip_protocol=ipv6-icmp severity=very-high partition_name=emqu route_domain=lit sa_translation_pool=iam sa_translation_type=qua source_ip=10.159.182.171 src_geo=umdolore source_port=6680 source_user=mol translated_dest_ip=10.96.35.212 translated_dest_port=3982 translated_ip_protocol=rumet translated_route_domain=oll translated_source_ip=10.206.197.113 translated_source_port=4075 translated_vlan=temUten vlan=4125", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iqu ollit usan6343.www5.domain olo uaera sitas [F5@ehenderi acl_policy_name=pidatat acl_policy_type=gni acl_rule_name=tquiinea action=Drop hostname=sun1403.www.invalid bigip_mgmt_ip=10.126.177.162 context_name=eriame context_type=lorema date_time=Apr 09 2016 17:22:51 dest_ip=10.213.82.64 dst_geo=rnatura dest_port=3007 device_product=ddoeiu device_vendor=enb device_version=1.6179 drop_reason=onse errdefs_msgno=liq errdefs_msg_name=metcon flow_id=smo ip_protocol=igmp severity=medium partition_name=emporinc route_domain=untutlab sa_translation_pool=tem sa_translation_type=ons source_ip=10.213.113.28 src_geo=ali source_port=6446 source_user=ist translated_dest_ip=10.169.144.147 translated_dest_port=2399 translated_ip_protocol=nibus translated_route_domain=edquiano translated_source_ip=10.89.163.114 translated_source_port=5166 translated_vlan=par vlan=686", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rveli rsint omm4276.www.example onofd taed lup [F5@remeumf acl_policy_name=antiumto acl_policy_type=strude acl_rule_name=ctetura action=Closed hostname=ittenbyC7838.api.localdomain bigip_mgmt_ip=10.18.124.28 context_name=ido context_type=paqu date_time=Apr 24 2016 00:25:25 dest_ip=10.158.194.3 dst_geo=qua dest_port=2945 device_product=quip device_vendor=oin device_version=1.6316 drop_reason=elaudant errdefs_msgno=tinvol errdefs_msg_name=dolore flow_id=abor ip_protocol=udp severity=medium partition_name=etc route_domain=etM sa_translation_pool=nimadmin sa_translation_type=ditautfu source_ip=10.146.88.52 src_geo=entsu source_port=5364 source_user=rudexerc translated_dest_ip=10.101.223.43 translated_dest_port=6494 translated_ip_protocol=quam translated_route_domain=adm translated_source_ip=10.103.107.47 translated_source_port=6094 translated_vlan=Nemoen vlan=2827", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "icab mwr fugi4637.www.lan imadmini ntutla equa [F5@mexercit acl_policy_name=dtem acl_policy_type=tasuntex acl_rule_name=sunt action=Reject hostname=ume465.corp bigip_mgmt_ip=10.189.109.245 context_name=emaperi context_type=tame date_time=May 08 2016 07:27:59 dest_ip=10.83.234.60 dst_geo=ivelits dest_port=712 device_product=iusmodt device_vendor=etdolo device_version=1.3768 drop_reason=lorumw errdefs_msgno=ommod errdefs_msg_name=sequatur flow_id=uidolo ip_protocol=ipv6-icmp severity=high partition_name=nihi route_domain=Lor sa_translation_pool=itecto sa_translation_type=erc source_ip=10.69.57.206 src_geo=olupt source_port=5979 source_user=onse translated_dest_ip=10.110.99.17 translated_dest_port=6888 translated_ip_protocol=ostrume translated_route_domain=molest translated_source_ip=10.150.220.75 translated_source_port=1298 translated_vlan=tisetq vlan=5372", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ici giatquov eritquii3561.www.example taut oreseos uames [F5@tati acl_policy_name=utaliqu acl_policy_type=oriosamn acl_rule_name=deFinibu action=Drop hostname=iciatisu1463.www5.localdomain bigip_mgmt_ip=10.153.136.222 context_name=tem context_type=est date_time=May 22 2016 14:30:33 dest_ip=10.176.205.96 dst_geo=nidolo dest_port=3409 device_product=taliq device_vendor=intoccae device_version=1.2299 drop_reason=dolo errdefs_msgno=Loremip errdefs_msg_name=idolor flow_id=emeumfu ip_protocol=ipv6-icmp severity=very-high partition_name=lupt route_domain=psaquae sa_translation_pool=oinBCSe sa_translation_type=mnisist source_ip=10.199.34.241 src_geo=amvolup source_port=7700 source_user=temveleu translated_dest_ip=10.19.194.101 translated_dest_port=3605 translated_ip_protocol=numqu translated_route_domain=qui translated_source_ip=10.121.219.204 translated_source_port=3496 translated_vlan=utali vlan=3611", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "reetd lumqui itinvo7084.mail.corp equep iavolu den [F5@tutla acl_policy_name=olorema acl_policy_type=iades acl_rule_name=siarchi action=Reject hostname=aliqu6801.api.localdomain bigip_mgmt_ip=10.46.27.57 context_name=ihilm context_type=atDu date_time=Jun 05 2016 21:33:08 dest_ip=10.128.232.208 dst_geo=usmodt dest_port=1837 device_product=run device_vendor=mque device_version=1.4138 drop_reason=quirat errdefs_msgno=llu errdefs_msg_name=licab flow_id=eirure ip_protocol=rdp severity=medium partition_name=oidentsu route_domain=atiset sa_translation_pool=atu sa_translation_type=umexerci source_ip=10.64.141.105 src_geo=iadese source_port=2374 source_user=ice translated_dest_ip=10.57.103.192 translated_dest_port=2716 translated_ip_protocol=oei translated_route_domain=tlabori translated_source_ip=10.182.199.231 translated_source_port=1426 translated_vlan=data vlan=4478", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nnum eritqu uradip7152.www5.home luptasn hitect dol [F5@leumiu acl_policy_name=namali acl_policy_type=taevit acl_rule_name=rinrepre action=Closed hostname=itame189.domain bigip_mgmt_ip=10.32.67.231 context_name=estia context_type=eaq date_time=Jun 20 2016 04:35:42 dest_ip=10.66.80.221 dst_geo=serunt dest_port=7865 device_product=texp device_vendor=tMalor device_version=1.7410 drop_reason=emoe errdefs_msgno=eaq errdefs_msg_name=amest flow_id=corp ip_protocol=tcp severity=low partition_name=rehender route_domain=iae sa_translation_pool=dantiumt sa_translation_type=luptasn source_ip=10.164.6.207 src_geo=olestiae source_port=5485 source_user=pic translated_dest_ip=10.160.210.31 translated_dest_port=7741 translated_ip_protocol=duntut translated_route_domain=magni translated_source_ip=10.3.134.237 translated_source_port=3156 translated_vlan=radipisc vlan=7020", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "fficiade uscipit vitaedi1318.corp temqu edol colab [F5@ommodico acl_policy_name=quatD acl_policy_type=mcolab acl_rule_name=neav action=Established hostname=tsedqu2456.www5.invalid bigip_mgmt_ip=10.182.178.217 context_name=tlab context_type=volupt date_time=Jul 04 2016 11:38:16 dest_ip=10.188.169.107 dst_geo=beata dest_port=6448 device_product=fdeFi device_vendor=texp device_version=1.3545 drop_reason=etdol errdefs_msgno=uela errdefs_msg_name=boN flow_id=eprehend ip_protocol=tcp severity=medium partition_name=aboN route_domain=ihilmo sa_translation_pool=radi sa_translation_type=gel source_ip=10.235.101.253 src_geo=veniam source_port=2400 source_user=giatnu translated_dest_ip=10.42.138.192 translated_dest_port=3403 translated_ip_protocol=quioffi translated_route_domain=uptate translated_source_ip=10.201.6.10 translated_source_port=6608 translated_vlan=sequa vlan=2851", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ate aliquam nimid893.mail.corp umwr oluptate issus [F5@osamn acl_policy_name=isnisiu acl_policy_type=bore acl_rule_name=tsu action=Closed hostname=stlabo1228.mail.host bigip_mgmt_ip=10.151.161.70 context_name=edo context_type=asia date_time=Jul 18 2016 18:40:50 dest_ip=10.108.167.93 dst_geo=enderit dest_port=5858 device_product=essecil device_vendor=citation device_version=1.3795 drop_reason=eco errdefs_msgno=Utenimad errdefs_msg_name=orpor flow_id=tlabo ip_protocol=rdp severity=low partition_name=emvel route_domain=tmollita sa_translation_pool=fde sa_translation_type=nsecte source_ip=10.22.102.198 src_geo=eroi source_port=176 source_user=nse translated_dest_ip=10.194.247.171 translated_dest_port=4940 translated_ip_protocol=mquisnos translated_route_domain=maven translated_source_ip=10.86.101.235 translated_source_port=3266 translated_vlan=lapar vlan=1024", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tfu udan orema6040.api.corp mveleu nofdeFin sequam [F5@temvel acl_policy_name=ris acl_policy_type=nisi acl_rule_name=dant action=Reject hostname=ecte4762.local bigip_mgmt_ip=10.204.35.15 context_name=quidolor context_type=tessec date_time=Aug 02 2016 01:43:25 dest_ip=10.135.160.125 dst_geo=mve dest_port=513 device_product=itatio device_vendor=uta device_version=1.4901 drop_reason=sintoc errdefs_msgno=volupt errdefs_msg_name=siste flow_id=uiinea ip_protocol=icmp severity=low partition_name=volupta route_domain=rcitati sa_translation_pool=eni sa_translation_type=ionevo source_ip=10.174.252.105 src_geo=sperna source_port=5368 source_user=mnisi translated_dest_ip=10.107.168.60 translated_dest_port=2227 translated_ip_protocol=oinBC translated_route_domain=quameius translated_source_ip=10.167.172.155 translated_source_port=3544 translated_vlan=etdo vlan=706", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ese isaute ptatemq95.api.host Nequepo ipsumd ntocc [F5@uteirure acl_policy_name=nevo acl_policy_type=ide acl_rule_name=aali action=Drop hostname=smo7167.www.test bigip_mgmt_ip=10.214.249.164 context_name=tco context_type=uae date_time=Aug 16 2016 08:45:59 dest_ip=10.187.20.98 dst_geo=quinesc dest_port=6218 device_product=santiumd device_vendor=turadip device_version=1.3427 drop_reason=niamqui errdefs_msgno=orem errdefs_msg_name=sno flow_id=atno ip_protocol=ipv6-icmp severity=high partition_name=volu route_domain=nonn sa_translation_pool=inventor sa_translation_type=quiavol source_ip=10.99.249.210 src_geo=iatisu source_port=6684 source_user=upta translated_dest_ip=10.182.191.174 translated_dest_port=1759 translated_ip_protocol=adm translated_route_domain=leumiur translated_source_ip=10.81.26.208 translated_source_port=7651 translated_vlan=isc vlan=5933", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tobea tor qui4499.api.local fugiatn docon etconsec [F5@ios acl_policy_name=evolu acl_policy_type=ersp acl_rule_name=tquov action=Drop hostname=sauteiru4554.api.domain bigip_mgmt_ip=10.220.5.143 context_name=com context_type=tnulapa date_time=Aug 30 2016 15:48:33 dest_ip=10.108.85.148 dst_geo=eriti dest_port=2201 device_product=norum device_vendor=madmi device_version=1.1766 drop_reason=sequatu errdefs_msgno=quameius errdefs_msg_name=nisiuta flow_id=roid ip_protocol=icmp severity=very-high partition_name=eprehen route_domain=entor sa_translation_pool=xeacomm sa_translation_type=nihil source_ip=10.101.226.128 src_geo=rsitv source_port=3087 source_user=porro translated_dest_ip=10.88.101.53 translated_dest_port=2458 translated_ip_protocol=tatemUt translated_route_domain=modtemp translated_source_ip=10.201.238.90 translated_source_port=2715 translated_vlan=remag vlan=3759", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ccaecat tquiin tse4198.www.localdomain ptasn taedicta itam [F5@str acl_policy_name=idolore acl_policy_type=pid acl_rule_name=illoin action=Reject hostname=untut4046.internal.domain bigip_mgmt_ip=10.217.150.196 context_name=uine context_type=udant date_time=Sep 13 2016 22:51:07 dest_ip=10.183.59.41 dst_geo=untu dest_port=5676 device_product=ven device_vendor=con device_version=1.7491 drop_reason=amnih errdefs_msgno=ium errdefs_msg_name=esciuntN flow_id=idunt ip_protocol=udp severity=low partition_name=rQu route_domain=oremeu sa_translation_pool=laudant sa_translation_type=isnost source_ip=10.157.18.252 src_geo=itess source_port=52 source_user=evit translated_dest_ip=10.30.133.66 translated_dest_port=1921 translated_ip_protocol=velitse translated_route_domain=oditem translated_source_ip=10.243.218.215 translated_source_port=662 translated_vlan=rsitvolu vlan=3751", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sumdolor meaqueip npr4414.api.localdomain boNem ess ipisci [F5@gitsed acl_policy_name=tqu acl_policy_type=reprehen acl_rule_name=trumexer action=Accept hostname=quid3147.mail.home bigip_mgmt_ip=10.66.181.6 context_name=epre context_type=tobeata date_time=Sep 28 2016 05:53:42 dest_ip=10.181.53.249 dst_geo=iduntu dest_port=1655 device_product=temUt device_vendor=avol device_version=1.752 drop_reason=essequam errdefs_msgno=acommo errdefs_msg_name=nturma flow_id=str ip_protocol=ipv6 severity=high partition_name=etur route_domain=itecto sa_translation_pool=reetdol sa_translation_type=totamre source_ip=10.148.161.250 src_geo=ciadeser source_port=6135 source_user=adipisc translated_dest_ip=10.181.133.187 translated_dest_port=1079 translated_ip_protocol=aquioffi translated_route_domain=tamet translated_source_ip=10.167.227.44 translated_source_port=6595 translated_vlan=eFi vlan=6733", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "its ender riamea1540.www.host seq tutlab sau [F5@atevelit acl_policy_name=meius acl_policy_type=billo acl_rule_name=labo action=Reject hostname=umdolo1029.mail.localhost bigip_mgmt_ip=10.54.17.32 context_name=orumSe context_type=ratv date_time=Oct 12 2016 12:56:16 dest_ip=10.119.81.180 dst_geo=psaquaea dest_port=1348 device_product=nts device_vendor=siut device_version=1.5663 drop_reason=ano errdefs_msgno=piscinge errdefs_msg_name=tvol flow_id=velitess ip_protocol=ipv6 severity=high partition_name=uunturm route_domain=temUte sa_translation_pool=sit sa_translation_type=olab source_ip=10.84.163.178 src_geo=ima source_port=2031 source_user=mquisno translated_dest_ip=10.107.9.163 translated_dest_port=5433 translated_ip_protocol=eacommod translated_route_domain=ctetura translated_source_ip=10.74.11.43 translated_source_port=55 translated_vlan=seosqui vlan=6797", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uradi tot llamco7206.www.home oremagna ncididun umSe [F5@xeacomm acl_policy_name=cinge acl_policy_type=itla acl_rule_name=iamquis action=Accept hostname=lorsita2019.internal.home bigip_mgmt_ip=10.192.229.221 context_name=ect context_type=modocons date_time=Oct 26 2016 19:58:50 dest_ip=10.199.194.188 dst_geo=odoconse dest_port=228 device_product=quatu device_vendor=veli device_version=1.5726 drop_reason=nonp errdefs_msgno=labo errdefs_msg_name=ulapar flow_id=aboreetd ip_protocol=igmp severity=low partition_name=llitanim route_domain=invo sa_translation_pool=hit sa_translation_type=urv source_ip=10.112.32.213 src_geo=runtmol source_port=1749 source_user=odi translated_dest_ip=10.184.73.211 translated_dest_port=6540 translated_ip_protocol=esseci translated_route_domain=tametcon translated_source_ip=10.230.129.252 translated_source_port=3947 translated_vlan=isis vlan=4917", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "utlab emUteni rum959.host velillu cteturad bor [F5@rauto acl_policy_name=ationev acl_policy_type=umdolor acl_rule_name=uaUten action=Reject hostname=paquioff624.mail.invalid bigip_mgmt_ip=10.161.148.64 context_name=ibusBon context_type=ven date_time=Nov 10 2016 03:01:24 dest_ip=10.162.114.217 dst_geo=doloreme dest_port=60 device_product=onemulla device_vendor=evitaed device_version=1.1721 drop_reason=suntin errdefs_msgno=itse errdefs_msg_name=umexerc flow_id=oremipsu ip_protocol=ipv6-icmp severity=medium partition_name=amco route_domain=ssecillu sa_translation_pool=liqua sa_translation_type=olo source_ip=10.199.216.143 src_geo=fdeF source_port=593 source_user=ccaeca translated_dest_ip=10.198.213.189 translated_dest_port=5024 translated_ip_protocol=remagn translated_route_domain=mquae translated_source_ip=10.7.200.140 translated_source_port=3298 translated_vlan=olupt vlan=2189", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "edquiac urerepr eseru4234.mail.example qua rsita ate [F5@ipsamvo acl_policy_name=onula acl_policy_type=miu acl_rule_name=rationev action=Reject hostname=mex2054.mail.corp bigip_mgmt_ip=10.65.232.27 context_name=ica context_type=lillum date_time=Nov 24 2016 10:03:59 dest_ip=10.199.40.38 dst_geo=taedicta dest_port=3409 device_product=poriss device_vendor=tvolup device_version=1.1000 drop_reason=siu errdefs_msgno=snost errdefs_msg_name=tpersp flow_id=llamc ip_protocol=tcp severity=very-high partition_name=mvel route_domain=nof sa_translation_pool=usmodi sa_translation_type=mvolu source_ip=10.206.96.56 src_geo=aincidu source_port=2687 source_user=uaeab translated_dest_ip=10.128.157.27 translated_dest_port=1493 translated_ip_protocol=etdolor translated_route_domain=lupta translated_source_ip=10.22.187.69 translated_source_port=3590 translated_vlan=oremi vlan=1485", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nbyCi tevel usc5760.www5.localdomain cab atisund xea [F5@ites acl_policy_name=isetq acl_policy_type=iutali acl_rule_name=velite action=Closed hostname=avolupt7576.api.corp bigip_mgmt_ip=10.194.210.62 context_name=porincid context_type=atisetqu date_time=Dec 08 2016 17:06:33 dest_ip=10.51.213.42 dst_geo=dipisci dest_port=3449 device_product=ilmol device_vendor=eri device_version=1.3104 drop_reason=ueipsa errdefs_msgno=tae errdefs_msg_name=autodit flow_id=elit ip_protocol=udp severity=high partition_name=plica route_domain=ore sa_translation_pool=quidolor sa_translation_type=inven source_ip=10.71.114.14 src_geo=itsedd source_port=3010 source_user=admin translated_dest_ip=10.68.253.120 translated_dest_port=481 translated_ip_protocol=est translated_route_domain=uptatemU translated_source_ip=10.183.130.225 translated_source_port=5693 translated_vlan=item vlan=2738", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dat periam dqu6144.api.localhost dutpers erun orisn [F5@reetd acl_policy_name=prehen acl_policy_type=ntutlabo acl_rule_name=iusmodte action=Established hostname=loi7596.www5.home bigip_mgmt_ip=10.31.177.226 context_name=deserun context_type=esseq date_time=Dec 23 2016 00:09:07 dest_ip=10.209.157.8 dst_geo=giatquov dest_port=1918 device_product=enderi device_vendor=ptatem device_version=1.341 drop_reason=fugi errdefs_msgno=labo errdefs_msg_name=nostrud flow_id=gnaal ip_protocol=ggp severity=medium partition_name=cupi route_domain=tame sa_translation_pool=atione sa_translation_type=lores source_ip=10.45.253.103 src_geo=uii source_port=5923 source_user=remagn translated_dest_ip=10.47.255.237 translated_dest_port=2311 translated_ip_protocol=uuntur translated_route_domain=enderit translated_source_ip=10.107.45.175 translated_source_port=4185 translated_vlan=rumSecti vlan=4593", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "atise tate onevo4326.internal.local isnost olorem ido [F5@emqu acl_policy_name=riss acl_policy_type=iquamqua acl_rule_name=sit action=Reject hostname=nsequat1971.internal.invalid bigip_mgmt_ip=10.225.212.189 context_name=mven context_type=olorsit date_time=Jan 06 2017 07:11:41 dest_ip=10.121.239.183 dst_geo=illu dest_port=4875 device_product=turadip device_vendor=tatevel device_version=1.1607 drop_reason=ptassita errdefs_msgno=its errdefs_msg_name=lore flow_id=idol ip_protocol=igmp severity=high partition_name=isn route_domain=sBono sa_translation_pool=loremqu sa_translation_type=tetur source_ip=10.213.94.135 src_geo=tMal source_port=2607 source_user=dquia translated_dest_ip=10.55.105.113 translated_dest_port=3214 translated_ip_protocol=tatione translated_route_domain=nimveni translated_source_ip=10.44.58.106 translated_source_port=1241 translated_vlan=quid vlan=4814", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eporroq ulla iqu4614.www5.example abore squ uiadol [F5@Duisa acl_policy_name=lupta acl_policy_type=aUt acl_rule_name=boNem action=Reject hostname=ectiono2241.lan bigip_mgmt_ip=10.2.114.9 context_name=rehende context_type=velillu date_time=Jan 20 2017 14:14:16 dest_ip=10.94.139.127 dst_geo=mUten dest_port=1812 device_product=quidolor device_vendor=oqu device_version=1.51 drop_reason=tlaboree errdefs_msgno=norumet errdefs_msg_name=dtempo flow_id=tin ip_protocol=tcp severity=high partition_name=imad route_domain=tinvolup sa_translation_pool=tsed sa_translation_type=inv source_ip=10.163.209.70 src_geo=atu source_port=4718 source_user=olabor translated_dest_ip=10.69.161.78 translated_dest_port=1282 translated_ip_protocol=iruredol translated_route_domain=incidid translated_source_ip=10.255.74.136 translated_source_port=5902 translated_vlan=eaqueips vlan=6396", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "volupta dmi untexpl2847.www5.local eiusmod emoe uiinea [F5@mnisiut acl_policy_name=avolu acl_policy_type=Except acl_rule_name=olup action=Closed hostname=umetMal1664.mail.lan bigip_mgmt_ip=10.46.115.216 context_name=equun context_type=sitvo date_time=Feb 03 2017 21:16:50 dest_ip=10.223.198.146 dst_geo=iciad dest_port=7874 device_product=mad device_vendor=onse device_version=1.380 drop_reason=mipsum errdefs_msgno=lmo errdefs_msg_name=aliquamq flow_id=dtempori ip_protocol=rdp severity=medium partition_name=voluptat route_domain=ugit sa_translation_pool=tatem sa_translation_type=metcons source_ip=10.252.102.110 src_geo=henderit source_port=7829 source_user=perspici translated_dest_ip=10.184.59.148 translated_dest_port=6933 translated_ip_protocol=queips translated_route_domain=midest translated_source_ip=10.12.129.137 translated_source_port=721 translated_vlan=orroqu vlan=472", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "labore uela ntexplic4824.internal.localhost dolorsit archite remq [F5@veniamq acl_policy_name=occ acl_policy_type=oloreseo acl_rule_name=iruredol action=Established hostname=derit5270.mail.local bigip_mgmt_ip=10.105.52.140 context_name=ntexpl context_type=dunt date_time=Feb 18 2017 04:19:24 dest_ip=10.20.55.199 dst_geo=nder dest_port=3238 device_product=itanim device_vendor=nesciun device_version=1.1729 drop_reason=mollita errdefs_msgno=tatem errdefs_msg_name=iae flow_id=quido ip_protocol=ipv6-icmp severity=very-high partition_name=inBC route_domain=mol sa_translation_pool=tur sa_translation_type=ictas source_ip=10.81.184.7 src_geo=saquaea source_port=6344 source_user=eetd translated_dest_ip=10.155.204.243 translated_dest_port=459 translated_ip_protocol=lorsi translated_route_domain=repreh translated_source_ip=10.199.194.79 translated_source_port=7713 translated_vlan=illumqui vlan=3414", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "amali ate idolor3916.www5.home tas autfugi tasun [F5@duntutla acl_policy_name=ntium acl_policy_type=iration acl_rule_name=umwritte action=Closed hostname=orisni5238.mail.lan bigip_mgmt_ip=10.177.238.45 context_name=iumt context_type=tsed date_time=Mar 04 2017 11:21:59 dest_ip=10.249.120.78 dst_geo=unte dest_port=893 device_product=ueipsa device_vendor=scipitl device_version=1.1453 drop_reason=aparia errdefs_msgno=tatnon errdefs_msg_name=leumiur flow_id=tetura ip_protocol=ggp severity=very-high partition_name=oluptat route_domain=metco sa_translation_pool=acom sa_translation_type=ceroinB source_ip=10.110.2.166 src_geo=exeacomm source_port=79 source_user=taliqui translated_dest_ip=10.18.226.72 translated_dest_port=5140 translated_ip_protocol=olupta translated_route_domain=tsuntinc translated_source_ip=10.251.231.142 translated_source_port=872 translated_vlan=urExcep vlan=102", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "suntex iacons occaec7487.corp quaeab fici imve [F5@quide acl_policy_name=quaU acl_policy_type=undeomni acl_rule_name=accusa action=Established hostname=iutali7297.www.domain bigip_mgmt_ip=10.190.122.27 context_name=mporainc context_type=xea date_time=Mar 18 2017 18:24:33 dest_ip=10.123.113.152 dst_geo=billo dest_port=2618 device_product=radipisc device_vendor=Cice device_version=1.6332 drop_reason=vitaed errdefs_msgno=ser errdefs_msg_name=etconsec flow_id=elillum ip_protocol=tcp severity=high partition_name=rnat route_domain=eprehend sa_translation_pool=rem sa_translation_type=edolo source_ip=10.99.202.229 src_geo=eosquira source_port=4392 source_user=lloinven translated_dest_ip=10.100.199.226 translated_dest_port=7617 translated_ip_protocol=apariatu translated_route_domain=lorsita translated_source_ip=10.192.98.247 translated_source_port=4308 translated_vlan=temaccu vlan=5302", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uptassit ncidi tlabori4803.www5.local oconse mag tob [F5@dolores acl_policy_name=equamnih acl_policy_type=taliqui acl_rule_name=eiu action=Drop hostname=orumw5960.www5.home bigip_mgmt_ip=10.248.111.207 context_name=dolor context_type=tiumto date_time=Apr 02 2017 01:27:07 dest_ip=10.38.28.151 dst_geo=nrepreh dest_port=5251 device_product=equep device_vendor=ever device_version=1.6463 drop_reason=atq errdefs_msgno=erspi errdefs_msg_name=iqu flow_id=niamqu ip_protocol=rdp severity=medium partition_name=icab route_domain=sBonor sa_translation_pool=fugits sa_translation_type=mipsumqu source_ip=10.172.154.97 src_geo=admi source_port=7165 source_user=culpaq translated_dest_ip=10.162.97.197 translated_dest_port=4357 translated_ip_protocol=tcupida translated_route_domain=isa translated_source_ip=10.37.193.70 translated_source_port=170 translated_vlan=tesseq vlan=7693", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "pernat rerepre nculpaq3821.www5.invalid billoinv sci col [F5@obea acl_policy_name=emp acl_policy_type=agnaaliq acl_rule_name=est action=Reject hostname=oinv5493.internal.domain bigip_mgmt_ip=10.36.63.31 context_name=nisiu context_type=imad date_time=Apr 16 2017 08:29:41 dest_ip=10.30.101.79 dst_geo=itasp dest_port=4927 device_product=sitametc device_vendor=onsequa device_version=1.3912 drop_reason=ntmo errdefs_msgno=loreeu errdefs_msg_name=temse flow_id=aspernat ip_protocol=ipv6 severity=very-high partition_name=caecat route_domain=rautod sa_translation_pool=olest sa_translation_type=eataev source_ip=10.171.221.230 src_geo=edquia source_port=1977 source_user=otamr translated_dest_ip=10.222.165.250 translated_dest_port=2757 translated_ip_protocol=amvolu translated_route_domain=mip translated_source_ip=10.45.35.180 translated_source_port=653 translated_vlan=maccusa vlan=7248", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nimad ataevita oremqu542.internal.localhost uteir boree isn [F5@ulla acl_policy_name=equatDu acl_policy_type=pta acl_rule_name=enbyCi action=Reject hostname=tnonproi195.api.home bigip_mgmt_ip=10.238.4.219 context_name=uide context_type=scivel date_time=Apr 30 2017 15:32:16 dest_ip=10.150.9.246 dst_geo=meumfugi dest_port=7010 device_product=emaperia device_vendor=Section device_version=1.4329 drop_reason=iame errdefs_msgno=orroquis errdefs_msg_name=aquio flow_id=riatu ip_protocol=udp severity=low partition_name=tanimid route_domain=isnostru sa_translation_pool=nofdeFi sa_translation_type=aquioff source_ip=10.1.171.61 src_geo=amnisi source_port=7258 source_user=reetdolo translated_dest_ip=10.199.127.211 translated_dest_port=3598 translated_ip_protocol=ilmole translated_route_domain=ugi translated_source_ip=10.83.238.145 translated_source_port=5392 translated_vlan=emveleum vlan=3661", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nde abillo undeom845.www5.example quaer eetdo tlab [F5@spernatu acl_policy_name=exercita acl_policy_type=sBonorum acl_rule_name=atems action=Drop hostname=edictasu5362.internal.localhost bigip_mgmt_ip=10.65.141.244 context_name=turmag context_type=ipsaqu date_time=May 14 2017 22:34:50 dest_ip=10.203.69.36 dst_geo=quira dest_port=3091 device_product=ore device_vendor=tation device_version=1.3789 drop_reason=porincid errdefs_msgno=tperspic errdefs_msg_name=equu flow_id=sintoc ip_protocol=rdp severity=very-high partition_name=tetura route_domain=riosamni sa_translation_pool=icta sa_translation_type=luptate source_ip=10.170.252.219 src_geo=iqui source_port=1978 source_user=Nequepo translated_dest_ip=10.44.226.104 translated_dest_port=7020 translated_ip_protocol=nse translated_route_domain=veniam translated_source_ip=10.74.213.42 translated_source_port=5922 translated_vlan=sse vlan=2498", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "inBCSe otamrem tutlabor4180.internal.host consecte pteurs catcupi [F5@autf acl_policy_name=saqu acl_policy_type=uptat acl_rule_name=unt action=Reject hostname=uido492.www5.home bigip_mgmt_ip=10.180.48.221 context_name=lors context_type=aconsequ date_time=May 29 2017 05:37:24 dest_ip=10.33.195.166 dst_geo=sequat dest_port=4596 device_product=utemvel device_vendor=epteur device_version=1.2965 drop_reason=iusm errdefs_msgno=roi errdefs_msg_name=busBonor flow_id=stquido ip_protocol=igmp severity=high partition_name=mnisi route_domain=usmo sa_translation_pool=iamea sa_translation_type=imaveni source_ip=10.183.223.149 src_geo=cor source_port=2648 source_user=nihil translated_dest_ip=10.225.255.211 translated_dest_port=5595 translated_ip_protocol=citati translated_route_domain=uamei translated_source_ip=10.225.141.172 translated_source_port=956 translated_vlan=fugiatn vlan=3309", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "aaliq nat uovolupt307.internal.host serror onse umquam [F5@emagn acl_policy_name=emulla acl_policy_type=mips acl_rule_name=itae action=Established hostname=redo6311.api.invalid bigip_mgmt_ip=10.176.64.28 context_name=olup context_type=remipsu date_time=Jun 12 2017 12:39:58 dest_ip=10.92.6.176 dst_geo=mcorpor dest_port=7420 device_product=autfugit device_vendor=emUte device_version=1.7612 drop_reason=nturmag errdefs_msgno=tura errdefs_msg_name=osquirat flow_id=equat ip_protocol=tcp severity=high partition_name=usantiu route_domain=idunt sa_translation_pool=atqu sa_translation_type=naturau source_ip=10.97.138.181 src_geo=oluptat source_port=7128 source_user=eseruntm translated_dest_ip=10.205.174.181 translated_dest_port=766 translated_ip_protocol=olor translated_route_domain=etquasia translated_source_ip=10.169.123.103 translated_source_port=519 translated_vlan=uisa vlan=6863", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Cicero evolupta teturadi4718.api.local piscivel hend eacommo [F5@ueip acl_policy_name=maliqu acl_policy_type=iati acl_rule_name=minim action=Established hostname=dolorem1698.www.domain bigip_mgmt_ip=10.75.120.11 context_name=urau context_type=etur date_time=Jun 26 2017 19:42:33 dest_ip=10.20.73.247 dst_geo=laborum dest_port=5749 device_product=xeac device_vendor=umdolors device_version=1.4226 drop_reason=uiadolo errdefs_msgno=empor errdefs_msg_name=umexerci flow_id=duntut ip_protocol=ggp severity=very-high partition_name=prehend route_domain=eufug sa_translation_pool=roquisq sa_translation_type=temporai source_ip=10.53.101.131 src_geo=ici source_port=5097 source_user=tquo translated_dest_ip=10.204.4.40 translated_dest_port=271 translated_ip_protocol=sitvo translated_route_domain=ine translated_source_ip=10.169.101.161 translated_source_port=4577 translated_vlan=ipi vlan=4211", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "exerci idata ese4384.mail.domain rumexerc isiutali iquidexe [F5@illumq acl_policy_name=luptatem acl_policy_type=ite acl_rule_name=tasnul action=Reject hostname=evitae7333.www.lan bigip_mgmt_ip=10.28.51.219 context_name=ess context_type=quiad date_time=Jul 11 2017 02:45:07 dest_ip=10.43.210.236 dst_geo=litanim dest_port=2135 device_product=orsitam device_vendor=modico device_version=1.2990 drop_reason=itatio errdefs_msgno=porinc errdefs_msg_name=riame flow_id=riat ip_protocol=udp severity=very-high partition_name=eriam route_domain=pernat sa_translation_pool=udan sa_translation_type=archi source_ip=10.6.222.112 src_geo=aliqu source_port=780 source_user=onsequu translated_dest_ip=10.156.117.169 translated_dest_port=2939 translated_ip_protocol=agnamal translated_route_domain=quei translated_source_ip=10.87.120.87 translated_source_port=1636 translated_vlan=teni vlan=4967", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dant etdolor uat7787.www.host iti nimadm nculp [F5@asp acl_policy_name=eacom acl_policy_type=mag acl_rule_name=gelitse action=Drop hostname=arc2412.mail.lan bigip_mgmt_ip=10.247.44.59 context_name=eiusmo context_type=ainc date_time=Jul 25 2017 09:47:41 dest_ip=10.173.129.72 dst_geo=ecill dest_port=6831 device_product=snu device_vendor=inibusB device_version=1.388 drop_reason=texplica errdefs_msgno=oco errdefs_msg_name=aboree flow_id=ainci ip_protocol=udp severity=high partition_name=pariatur route_domain=uames sa_translation_pool=umtotamr sa_translation_type=mquido source_ip=10.57.89.155 src_geo=rur source_port=3553 source_user=ntorever translated_dest_ip=10.253.167.17 translated_dest_port=2990 translated_ip_protocol=seos translated_route_domain=exercita translated_source_ip=10.4.126.103 translated_source_port=892 translated_vlan=tco vlan=3607", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "oluptate lit santi837.api.domain turadip dip idolo [F5@Ute acl_policy_name=ptassita acl_policy_type=caecatcu acl_rule_name=inBC action=Established hostname=olorsi2746.internal.localhost bigip_mgmt_ip=10.15.240.220 context_name=teir context_type=quep date_time=Aug 08 2017 16:50:15 dest_ip=10.63.78.66 dst_geo=xeac dest_port=7061 device_product=abor device_vendor=oreverit device_version=1.6451 drop_reason=reetdo errdefs_msgno=tat errdefs_msg_name=eufugia flow_id=ncididun ip_protocol=tcp severity=medium partition_name=periamea route_domain=itametco sa_translation_pool=vel sa_translation_type=quunt source_ip=10.248.206.210 src_geo=nonn source_port=4478 source_user=met translated_dest_ip=10.36.69.125 translated_dest_port=7157 translated_ip_protocol=entsu translated_route_domain=conse translated_source_ip=10.143.183.208 translated_source_port=5214 translated_vlan=umwri vlan=4057", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "atura tur tur5914.internal.invalid tassita colabori imidestl [F5@piscing acl_policy_name=ceroi acl_policy_type=iconsequ acl_rule_name=iat action=Established hostname=edqu2208.www.localhost bigip_mgmt_ip=10.6.32.7 context_name=exerci context_type=inesciu date_time=Aug 22 2017 23:52:50 dest_ip=10.141.216.14 dst_geo=emu dest_port=5311 device_product=psa device_vendor=ate device_version=1.4386 drop_reason=fugitse errdefs_msgno=minimve errdefs_msg_name=serrorsi flow_id=tametco ip_protocol=ipv6-icmp severity=high partition_name=lore route_domain=isci sa_translation_pool=Dui sa_translation_type=reetdo source_ip=10.69.170.107 src_geo=iumtotam source_port=1010 source_user=ipitlabo translated_dest_ip=10.34.133.2 translated_dest_port=4807 translated_ip_protocol=nderi translated_route_domain=liqua translated_source_ip=10.142.186.43 translated_source_port=4691 translated_vlan=sautei vlan=2363", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "voluptas velill rspic5453.www.local meum borumSec aecatcup [F5@snisiut acl_policy_name=siar acl_policy_type=quas acl_rule_name=occaeca action=Closed hostname=ender5647.www5.example bigip_mgmt_ip=10.142.22.24 context_name=ulamc context_type=cept date_time=Sep 06 2017 06:55:24 dest_ip=10.93.88.228 dst_geo=rchitect dest_port=3402 device_product=gna device_vendor=ici device_version=1.2026 drop_reason=olu errdefs_msgno=iameaque errdefs_msg_name=identsun flow_id=ender ip_protocol=ipv6 severity=low partition_name=tect route_domain=uiad sa_translation_pool=doconse sa_translation_type=eni source_ip=10.121.153.197 src_geo=smoditem source_port=6593 source_user=borumSec translated_dest_ip=10.59.103.10 translated_dest_port=768 translated_ip_protocol=oquisq translated_route_domain=abori translated_source_ip=10.170.165.164 translated_source_port=505 translated_vlan=uiineavo vlan=5554", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uidexeac sequa ntsunti2313.internal.invalid uinesc cid emi [F5@Bonorum acl_policy_name=lesti acl_policy_type=oreseo acl_rule_name=reprehen action=Established hostname=sis3986.internal.lan bigip_mgmt_ip=10.133.10.122 context_name=texplic context_type=edutp date_time=Sep 20 2017 13:57:58 dest_ip=10.93.59.189 dst_geo=eserun dest_port=3034 device_product=eniamqu device_vendor=inimav device_version=1.1576 drop_reason=imadm errdefs_msgno=uta errdefs_msg_name=tisu flow_id=remagnam ip_protocol=icmp severity=low partition_name=meiusm route_domain=nidolo sa_translation_pool=atquovol sa_translation_type=quunt source_ip=10.247.114.30 src_geo=olesti source_port=7584 source_user=quaeabil translated_dest_ip=10.19.99.129 translated_dest_port=956 translated_ip_protocol=itesse translated_route_domain=iamqui translated_source_ip=10.176.83.7 translated_source_port=5908 translated_vlan=inim vlan=6806", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sed oremeumf lesti5921.api.localhost enima tnulapar ico [F5@giatquo acl_policy_name=lors acl_policy_type=its acl_rule_name=dolor action=Drop hostname=uatu2894.api.lan bigip_mgmt_ip=10.64.139.17 context_name=pro context_type=ice date_time=Oct 04 2017 21:00:32 dest_ip=10.87.238.169 dst_geo=conse dest_port=5351 device_product=mcol device_vendor=lup device_version=1.3824 drop_reason=upta errdefs_msgno=sedquian errdefs_msg_name=cti flow_id=rumSecti ip_protocol=rdp severity=medium partition_name=eca route_domain=oluptate sa_translation_pool=Duisa sa_translation_type=consequa source_ip=10.40.177.138 src_geo=aevitaed source_port=1082 source_user=rep translated_dest_ip=10.8.29.219 translated_dest_port=6890 translated_ip_protocol=quaeratv translated_route_domain=involu translated_source_ip=10.70.7.23 translated_source_port=2758 translated_vlan=amcolab vlan=4306", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "odic iuta liquaUte209.internal.test olores scipit lloinve [F5@borisnis acl_policy_name=onorumet acl_policy_type=ptatema acl_rule_name=eavolup action=Closed hostname=rmagnido5483.local bigip_mgmt_ip=10.180.62.222 context_name=ptatev context_type=atu date_time=Oct 19 2017 04:03:07 dest_ip=10.234.26.132 dst_geo=msequ dest_port=2383 device_product=mwritten device_vendor=tat device_version=1.6066 drop_reason=osa errdefs_msgno=mini errdefs_msg_name=rors flow_id=ssusci ip_protocol=udp severity=medium partition_name=inimve route_domain=uio sa_translation_pool=mexercit sa_translation_type=byC source_ip=10.2.189.20 src_geo=orin source_port=535 source_user=uptasnul translated_dest_ip=10.67.221.220 translated_dest_port=239 translated_ip_protocol=aedict translated_route_domain=niamqui translated_source_ip=10.67.173.228 translated_source_port=5767 translated_vlan=tatemse vlan=4493", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uamestqu mpor orem6479.api.host seq rumSe tatnonp [F5@ommo acl_policy_name=adeser acl_policy_type=uasiarc acl_rule_name=doeiu action=Reject hostname=uian521.www.example bigip_mgmt_ip=10.209.52.47 context_name=imven context_type=onnumqua date_time=Nov 02 2017 11:05:41 dest_ip=10.141.201.173 dst_geo=upt dest_port=6017 device_product=itautfu device_vendor=nesci device_version=1.5040 drop_reason=mquis errdefs_msgno=lorsi errdefs_msg_name=tetura flow_id=eeufug ip_protocol=ipv6 severity=medium partition_name=tevelite route_domain=tocca sa_translation_pool=orsitvol sa_translation_type=ntor source_ip=10.147.127.181 src_geo=minimav source_port=6994 source_user=tasu translated_dest_ip=10.56.134.118 translated_dest_port=358 translated_ip_protocol=evo translated_route_domain=mcorpori translated_source_ip=10.196.176.243 translated_source_port=3465 translated_vlan=orsitam vlan=4991", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "prehende lup tpers2217.internal.lan nula tdolorem qui [F5@olupt acl_policy_name=nemulla acl_policy_type=asp acl_rule_name=dexercit action=Closed hostname=taliq5213.api.corp bigip_mgmt_ip=10.226.24.84 context_name=ectobea context_type=dat date_time=Nov 16 2017 18:08:15 dest_ip=10.91.18.221 dst_geo=aut dest_port=5596 device_product=uames device_vendor=tconsec device_version=1.7604 drop_reason=oll errdefs_msgno=laboree errdefs_msg_name=udantiu flow_id=itametco ip_protocol=ipv6 severity=very-high partition_name=odico route_domain=rsint sa_translation_pool=itl sa_translation_type=ttenb source_ip=10.231.18.90 src_geo=lapa source_port=4860 source_user=Nem translated_dest_ip=10.85.13.237 translated_dest_port=4072 translated_ip_protocol=upidata translated_route_domain=ici translated_source_ip=10.248.140.59 translated_source_port=5760 translated_vlan=ident vlan=4293", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "quelaud luptat rinrep6482.api.lan nimv emeu tatemac [F5@quisn acl_policy_name=rem acl_policy_type=ulamcola acl_rule_name=remagnaa action=Accept hostname=ntsunt4894.mail.domain bigip_mgmt_ip=10.203.46.215 context_name=mcorpori context_type=orisn date_time=Dec 01 2017 01:10:49 dest_ip=10.88.194.242 dst_geo=mco dest_port=6246 device_product=itame device_vendor=tenat device_version=1.5407 drop_reason=yCiceroi errdefs_msgno=nostrum errdefs_msg_name=orroquis flow_id=eumi ip_protocol=icmp severity=low partition_name=aea route_domain=tvolu sa_translation_pool=dutper sa_translation_type=tlaboru source_ip=10.207.183.204 src_geo=equuntu source_port=2673 source_user=eruntmo translated_dest_ip=10.8.224.72 translated_dest_port=6506 translated_ip_protocol=ion translated_route_domain=rured translated_source_ip=10.59.215.207 translated_source_port=6195 translated_vlan=ore vlan=5842", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "xerc Nequep ametcon7485.www.test rro tuser ctasu [F5@irat acl_policy_name=sitame acl_policy_type=oinven acl_rule_name=natu action=Drop hostname=mexer3864.api.corp bigip_mgmt_ip=10.98.154.146 context_name=nula context_type=ameaquei date_time=Dec 15 2017 08:13:24 dest_ip=10.72.114.116 dst_geo=mquis dest_port=7760 device_product=olupta device_vendor=isno device_version=1.6814 drop_reason=ine errdefs_msgno=aeco errdefs_msg_name=rinrepr flow_id=dutp ip_protocol=ipv6-icmp severity=very-high partition_name=giatqu route_domain=rsint sa_translation_pool=rsi sa_translation_type=paq source_ip=10.73.84.95 src_geo=uisautem source_port=6701 source_user=sitam translated_dest_ip=10.255.145.22 translated_dest_port=6949 translated_ip_protocol=emUtenim translated_route_domain=ende translated_source_ip=10.230.38.148 translated_source_port=3213 translated_vlan=sse vlan=368", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "incidi aedictas rumetMa2554.domain unt liq abore [F5@iumdo acl_policy_name=oreeu acl_policy_type=mea acl_rule_name=ssec action=Accept hostname=oluptat6960.www5.test bigip_mgmt_ip=10.211.29.187 context_name=ptat context_type=meaquei date_time=Dec 29 2017 15:15:58 dest_ip=10.228.204.249 dst_geo=eleumi dest_port=4584 device_product=porissus device_vendor=imip device_version=1.7160 drop_reason=ddoe errdefs_msgno=uptateve errdefs_msg_name=ured flow_id=ctetu ip_protocol=tcp severity=low partition_name=uasiarch route_domain=Malor sa_translation_pool=boriosa sa_translation_type=cillumdo source_ip=10.166.142.198 src_geo=oremipsu source_port=465 source_user=tium translated_dest_ip=10.105.120.162 translated_dest_port=2984 translated_ip_protocol=etc translated_route_domain=eturadip translated_source_ip=10.175.181.138 translated_source_port=3787 translated_vlan=tassitas vlan=1495", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "velite maccus nima5813.mail.example iarchit sBonorum moenimi [F5@lor acl_policy_name=auto acl_policy_type=rsinto acl_rule_name=ati action=Established hostname=fugiatnu2498.www.localhost bigip_mgmt_ip=10.182.213.195 context_name=tconse context_type=eumf date_time=Jan 12 2018 22:18:32 dest_ip=10.200.94.145 dst_geo=doconse dest_port=5211 device_product=uis device_vendor=lill device_version=1.6057 drop_reason=imi errdefs_msgno=animi errdefs_msg_name=edutpers flow_id=pisci ip_protocol=tcp severity=very-high partition_name=umto route_domain=xercit sa_translation_pool=lam sa_translation_type=asnu source_ip=10.122.133.162 src_geo=eriam source_port=4838 source_user=aquae translated_dest_ip=10.220.202.102 translated_dest_port=10 translated_ip_protocol=iaturE translated_route_domain=epor translated_source_ip=10.195.139.25 translated_source_port=5566 translated_vlan=tper vlan=4341", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tconsect pariat iutal3376.api.corp isi idexeac ntu [F5@tdolo acl_policy_name=nimve acl_policy_type=duntut acl_rule_name=emporin action=Reject hostname=ptat3230.domain bigip_mgmt_ip=10.156.208.5 context_name=tlaboru context_type=tec date_time=Jan 27 2018 05:21:06 dest_ip=10.9.69.13 dst_geo=uatD dest_port=6508 device_product=antium device_vendor=remaper device_version=1.3297 drop_reason=ntNequ errdefs_msgno=anim errdefs_msg_name=uae flow_id=ata ip_protocol=tcp severity=very-high partition_name=paq route_domain=emipsumq sa_translation_pool=culpaq sa_translation_type=quamq source_ip=10.53.72.161 src_geo=pta source_port=4723 source_user=scip translated_dest_ip=10.33.143.163 translated_dest_port=5404 translated_ip_protocol=iusmodi translated_route_domain=esciun translated_source_ip=10.247.144.9 translated_source_port=2494 translated_vlan=lit vlan=4112", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "oidentsu oditau onsec1632.internal.lan lup aeca isau [F5@giat acl_policy_name=ttenb acl_policy_type=eirure acl_rule_name=boreetd action=Closed hostname=exer447.internal.localhost bigip_mgmt_ip=10.35.190.164 context_name=radipis context_type=lore date_time=Feb 10 2018 12:23:41 dest_ip=10.76.99.144 dst_geo=eufugia dest_port=2345 device_product=pariat device_vendor=nimip device_version=1.2476 drop_reason=usci errdefs_msgno=unturmag errdefs_msg_name=dexeaco flow_id=lupta ip_protocol=ggp severity=very-high partition_name=oreeufug route_domain=Quisa sa_translation_pool=quiav sa_translation_type=ctionofd source_ip=10.21.58.162 src_geo=uisautei source_port=7881 source_user=porin translated_dest_ip=10.241.143.145 translated_dest_port=6151 translated_ip_protocol=ecillum translated_route_domain=olor translated_source_ip=10.113.65.192 translated_source_port=7807 translated_vlan=conseq vlan=6079", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "edutpers ctobeat upta4358.home orem inibus secte [F5@ctobeat acl_policy_name=onsec acl_policy_type=idestl acl_rule_name=litani action=Closed hostname=itanimi1934.home bigip_mgmt_ip=10.19.154.103 context_name=ittenb context_type=tobeatae date_time=Feb 24 2018 19:26:15 dest_ip=10.235.51.61 dst_geo=exe dest_port=1872 device_product=cia device_vendor=idolo device_version=1.768 drop_reason=pitlabo errdefs_msgno=tas errdefs_msg_name=rcitat flow_id=ree ip_protocol=tcp severity=very-high partition_name=quipexea route_domain=orsitv sa_translation_pool=dunt sa_translation_type=int source_ip=10.53.27.253 src_geo=temveleu source_port=3599 source_user=luptat translated_dest_ip=10.75.113.240 translated_dest_port=1874 translated_ip_protocol=ionulam translated_route_domain=auto translated_source_ip=10.129.16.166 translated_source_port=5141 translated_vlan=ntocca vlan=5439", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tvol lup mipsamv161.local ionula pexeaco temaccu [F5@uamqua acl_policy_name=Neq acl_policy_type=runt acl_rule_name=xcep action=Established hostname=pteurs1031.mail.corp bigip_mgmt_ip=10.125.150.220 context_name=lumquid context_type=eturadip date_time=Mar 11 2018 02:28:49 dest_ip=10.241.228.95 dst_geo=equ dest_port=7256 device_product=ssequamn device_vendor=ave device_version=1.5812 drop_reason=edquia errdefs_msgno=ihi errdefs_msg_name=undeomn flow_id=ape ip_protocol=rdp severity=medium partition_name=ari route_domain=umtot sa_translation_pool=onemulla sa_translation_type=atquo source_ip=10.120.50.13 src_geo=issu source_port=4426 source_user=inculpa translated_dest_ip=10.150.153.61 translated_dest_port=2773 translated_ip_protocol=loremagn translated_route_domain=acons translated_source_ip=10.22.213.196 translated_source_port=7230 translated_vlan=emoenimi vlan=1864", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mqu onorume abill5290.lan mini mve tionev [F5@uasiarch acl_policy_name=velites acl_policy_type=uredolor acl_rule_name=epreh action=Accept hostname=edquiaco6562.api.lan bigip_mgmt_ip=10.113.2.13 context_name=rudexerc context_type=nturm date_time=Mar 25 2018 09:31:24 dest_ip=10.182.134.109 dst_geo=dquia dest_port=5334 device_product=bori device_vendor=dipi device_version=1.7232 drop_reason=utf errdefs_msgno=dolor errdefs_msg_name=dexe flow_id=nemul ip_protocol=igmp severity=low partition_name=lupt route_domain=quatur sa_translation_pool=dminim sa_translation_type=ptatevel source_ip=10.85.52.249 src_geo=eirured source_port=3772 source_user=tatiset translated_dest_ip=10.238.171.184 translated_dest_port=2574 translated_ip_protocol=duntutl translated_route_domain=nven translated_source_ip=10.229.155.171 translated_source_port=6978 translated_vlan=asiarch vlan=7121", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "utla deomni tse7542.test nesciu todit utaliqui [F5@emse acl_policy_name=emqui acl_policy_type=cipitla acl_rule_name=tlab action=Accept hostname=tatis7315.mail.home bigip_mgmt_ip=10.249.174.35 context_name=umfu context_type=utla date_time=Apr 08 2018 16:33:58 dest_ip=10.136.53.201 dst_geo=dolo dest_port=6418 device_product=samvol device_vendor=equa device_version=1.536 drop_reason=strumex errdefs_msgno=tessecil errdefs_msg_name=ugia flow_id=reprehe ip_protocol=udp severity=medium partition_name=umq route_domain=sistena sa_translation_pool=qui sa_translation_type=caboN source_ip=10.198.150.185 src_geo=catcupid source_port=3167 source_user=quela translated_dest_ip=10.51.245.225 translated_dest_port=3991 translated_ip_protocol=enimi translated_route_domain=illum translated_source_ip=10.220.1.249 translated_source_port=4200 translated_vlan=Sedut vlan=7832", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "audant obeata uredol2348.www5.host entorev quuntur olup [F5@aeab acl_policy_name=uradipis acl_policy_type=aerat acl_rule_name=les action=Drop hostname=eosqui3723.api.localdomain bigip_mgmt_ip=10.152.157.32 context_name=ali context_type=udexerci date_time=Apr 22 2018 23:36:32 dest_ip=10.76.232.245 dst_geo=osqu dest_port=4859 device_product=aborio device_vendor=rve device_version=1.219 drop_reason=nbyCi errdefs_msgno=runtmoll errdefs_msg_name=busBon flow_id=norumetM ip_protocol=udp severity=low partition_name=usBono route_domain=ameaq sa_translation_pool=Quis sa_translation_type=lupta source_ip=10.251.82.195 src_geo=umiure source_port=5186 source_user=olorese translated_dest_ip=10.190.96.181 translated_dest_port=2153 translated_ip_protocol=culp translated_route_domain=deomn translated_source_ip=10.38.185.31 translated_source_port=1085 translated_vlan=llo vlan=1106", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tla iaconseq sed3235.www5.localhost pidatatn isno luptatev [F5@occaeca acl_policy_name=dan acl_policy_type=pta acl_rule_name=upt action=Drop hostname=itaedict199.mail.corp bigip_mgmt_ip=10.103.102.242 context_name=labore context_type=lorem date_time=May 07 2018 06:39:06 dest_ip=10.68.159.207 dst_geo=eratv dest_port=7206 device_product=estq device_vendor=quasiarc device_version=1.6526 drop_reason=liq errdefs_msgno=xerc errdefs_msg_name=atisetqu flow_id=squir ip_protocol=icmp severity=very-high partition_name=quam route_domain=deriti sa_translation_pool=edictasu sa_translation_type=eturadi source_ip=10.190.247.194 src_geo=mSecti source_port=4210 source_user=tDuisaut translated_dest_ip=10.230.112.179 translated_dest_port=5926 translated_ip_protocol=vol translated_route_domain=ita translated_source_ip=10.211.198.50 translated_source_port=7510 translated_vlan=nibusB vlan=5555", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "amremap oremagna aqu4475.mail.invalid serrorsi tsedquia rsit [F5@quis acl_policy_name=upidatat acl_policy_type=mod acl_rule_name=niamqui action=Closed hostname=xeaco7887.www.localdomain bigip_mgmt_ip=10.47.223.155 context_name=ugitsed context_type=dminimve date_time=May 21 2018 13:41:41 dest_ip=10.111.137.84 dst_geo=uiac dest_port=7838 device_product=tot device_vendor=reme device_version=1.7750 drop_reason=loremi errdefs_msgno=queporro errdefs_msg_name=tur flow_id=eFi ip_protocol=ipv6-icmp severity=medium partition_name=ulapari route_domain=eporroq sa_translation_pool=uunturm sa_translation_type=iatn source_ip=10.219.83.199 src_geo=diduntut source_port=1321 source_user=ectetur translated_dest_ip=10.101.13.122 translated_dest_port=6737 translated_ip_protocol=nibusBo translated_route_domain=volup translated_source_ip=10.251.101.61 translated_source_port=5153 translated_vlan=scipit vlan=6495", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tore isni tamrema736.www5.lan ntiumdol conse aturve [F5@edqui acl_policy_name=tvolu acl_policy_type=psu acl_rule_name=strud action=Closed hostname=saute7421.www.invalid bigip_mgmt_ip=10.21.80.157 context_name=tiumtot context_type=tate date_time=Jun 04 2018 20:44:15 dest_ip=10.13.222.177 dst_geo=inBCSed dest_port=6353 device_product=Loremip device_vendor=taliqui device_version=1.5568 drop_reason=ipsaquae errdefs_msgno=olu errdefs_msg_name=exerci flow_id=isnostru ip_protocol=tcp severity=very-high partition_name=ngelits route_domain=volupt sa_translation_pool=billoi sa_translation_type=reseo source_ip=10.31.86.83 src_geo=pariat source_port=6646 source_user=litsed translated_dest_ip=10.21.30.43 translated_dest_port=4754 translated_ip_protocol=lorem translated_route_domain=iamquisn translated_source_ip=10.83.136.233 translated_source_port=6643 translated_vlan=imadm vlan=3187", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "lumdol edutper utemve6966.mail.local emoen ptate mipsumqu [F5@turad acl_policy_name=dol acl_policy_type=ntutla acl_rule_name=des action=Accept hostname=oluptas1637.home bigip_mgmt_ip=10.195.90.73 context_name=ipisc context_type=iatnulap date_time=Jun 19 2018 03:46:49 dest_ip=10.170.155.137 dst_geo=uine dest_port=1815 device_product=veniamqu device_vendor=iconsequ device_version=1.5445 drop_reason=apa errdefs_msgno=archite errdefs_msg_name=tur flow_id=ddo ip_protocol=ipv6 severity=high partition_name=inBC route_domain=did sa_translation_pool=atcupi sa_translation_type=eriti source_ip=10.45.152.205 src_geo=rema source_port=5107 source_user=datatn translated_dest_ip=10.194.197.107 translated_dest_port=2524 translated_ip_protocol=tur translated_route_domain=itation translated_source_ip=10.27.181.27 translated_source_port=5509 translated_vlan=uredo vlan=2155", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "use catcu quame922.internal.host eursi liquid ulapari [F5@ibus acl_policy_name=isu acl_policy_type=moll acl_rule_name=roinBCS action=Drop hostname=ididu5505.api.localdomain bigip_mgmt_ip=10.43.239.97 context_name=modi context_type=cip date_time=Jul 03 2018 10:49:23 dest_ip=10.60.60.164 dst_geo=iscive dest_port=5527 device_product=incididu device_vendor=yCice device_version=1.508 drop_reason=ionem errdefs_msgno=taevitae errdefs_msg_name=dminimv flow_id=quam ip_protocol=tcp severity=low partition_name=umdol route_domain=rerepr sa_translation_pool=ipiscin sa_translation_type=trudexe source_ip=10.222.2.132 src_geo=umdo source_port=6187 source_user=aedicta translated_dest_ip=10.129.161.18 translated_dest_port=782 translated_ip_protocol=umquiad translated_route_domain=porinc translated_source_ip=10.183.90.25 translated_source_port=5038 translated_vlan=conse vlan=2563", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dolo reeufu umexe5208.local suntex uptatema uteiru [F5@rcitati acl_policy_name=siutali acl_policy_type=uiratio acl_rule_name=ficia action=Closed hostname=mqui1099.api.corp bigip_mgmt_ip=10.231.167.171 context_name=onorumet context_type=illoinve date_time=Jul 17 2018 17:51:58 dest_ip=10.188.254.168 dst_geo=nevolup dest_port=3706 device_product=lor device_vendor=ica device_version=1.4479 drop_reason=sumd errdefs_msgno=elitse errdefs_msg_name=olu flow_id=temqu ip_protocol=rdp severity=very-high partition_name=nesci route_domain=meaquei sa_translation_pool=snisiu sa_translation_type=atem source_ip=10.189.162.131 src_geo=litsed source_port=6019 source_user=sedquia translated_dest_ip=10.67.129.100 translated_dest_port=7106 translated_ip_protocol=mmodicon translated_route_domain=eosquir translated_source_ip=10.248.156.138 translated_source_port=2125 translated_vlan=smodit vlan=3090", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dun xce dol5403.www.localhost asiar eiu maliquam [F5@gnama acl_policy_name=ursintoc acl_policy_type=minimve acl_rule_name=eprehe action=Reject hostname=siuta2155.lan bigip_mgmt_ip=10.63.103.30 context_name=ill context_type=imveniam date_time=Aug 01 2018 00:54:32 dest_ip=10.36.29.127 dst_geo=umqui dest_port=1757 device_product=sci device_vendor=isquames device_version=1.2927 drop_reason=tlabor errdefs_msgno=itecto errdefs_msg_name=loreeuf flow_id=orainci ip_protocol=icmp severity=low partition_name=aev route_domain=uelaudan sa_translation_pool=lab sa_translation_type=sequa source_ip=10.6.146.184 src_geo=rrorsi source_port=7247 source_user=sequu translated_dest_ip=10.185.107.27 translated_dest_port=2257 translated_ip_protocol=mips translated_route_domain=iduntutl translated_source_ip=10.142.106.66 translated_source_port=3790 translated_vlan=quelauda vlan=289", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dolo ulamc doe344.www5.local toreve squirat llum [F5@dol acl_policy_name=niam acl_policy_type=atio acl_rule_name=sno action=Established hostname=tatiset4191.localdomain bigip_mgmt_ip=10.214.93.200 context_name=dtempor context_type=rroquisq date_time=Aug 15 2018 07:57:06 dest_ip=10.215.63.248 dst_geo=uidex dest_port=1203 device_product=lloi device_vendor=nseq device_version=1.4023 drop_reason=isetqua errdefs_msgno=ianonn errdefs_msg_name=oluptas flow_id=doe ip_protocol=udp severity=very-high partition_name=rchitect route_domain=orsitame sa_translation_pool=tasn sa_translation_type=exeaco source_ip=10.93.39.237 src_geo=aincidu source_port=232 source_user=tionofd translated_dest_ip=10.0.202.9 translated_dest_port=7451 translated_ip_protocol=nvolup translated_route_domain=ommodic translated_source_ip=10.119.179.182 translated_source_port=7255 translated_vlan=undeo vlan=7696", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uiinea uianonn eavolupt784.www5.example liquam sinto edi [F5@eumiure acl_policy_name=ore acl_policy_type=adeser acl_rule_name=mSe action=Drop hostname=aute2433.mail.lan bigip_mgmt_ip=10.252.204.162 context_name=tiae context_type=giat date_time=Aug 29 2018 14:59:40 dest_ip=10.115.77.51 dst_geo=mcorpor dest_port=2433 device_product=ostru device_vendor=mea device_version=1.5939 drop_reason=iquipex errdefs_msgno=byCice errdefs_msg_name=deritq flow_id=boreetdo ip_protocol=ipv6-icmp severity=medium partition_name=iin route_domain=nostr sa_translation_pool=luptatem sa_translation_type=tNequepo source_ip=10.28.145.163 src_geo=sper source_port=72 source_user=imadmin translated_dest_ip=10.123.154.140 translated_dest_port=2551 translated_ip_protocol=mSect translated_route_domain=iure translated_source_ip=10.30.189.166 translated_source_port=2749 translated_vlan=aer vlan=3422", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "roquis mremape ude2977.www.corp rmagnido exeaco dqu [F5@ccaec acl_policy_name=repreh acl_policy_type=imven acl_rule_name=usan action=Accept hostname=idolo6535.internal.example bigip_mgmt_ip=10.46.162.198 context_name=snulap context_type=onsequat date_time=Sep 12 2018 22:02:15 dest_ip=10.166.128.248 dst_geo=pariatur dest_port=7435 device_product=tura device_vendor=equuntur device_version=1.6564 drop_reason=uaera errdefs_msgno=mqua errdefs_msg_name=xer flow_id=utlabore ip_protocol=ipv6-icmp severity=very-high partition_name=beataevi route_domain=amquisn sa_translation_pool=itquii sa_translation_type=imaven source_ip=10.145.128.250 src_geo=nder source_port=5641 source_user=eni translated_dest_ip=10.79.49.3 translated_dest_port=7794 translated_ip_protocol=psamvolu translated_route_domain=teturad translated_source_ip=10.29.122.183 translated_source_port=6166 translated_vlan=tla vlan=6146", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "modtempo edict nost3250.internal.localdomain nibu quatur isiutali [F5@mdolo acl_policy_name=nof acl_policy_type=usantiu acl_rule_name=periam action=Closed hostname=one7728.api.localdomain bigip_mgmt_ip=10.177.232.136 context_name=obe context_type=niamqu date_time=Sep 27 2018 05:04:49 dest_ip=10.140.59.161 dst_geo=smoditem dest_port=575 device_product=tev device_vendor=oNemoeni device_version=1.3341 drop_reason=elillumq errdefs_msgno=loremeum errdefs_msg_name=luptatem flow_id=ing ip_protocol=tcp severity=very-high partition_name=riameaqu route_domain=etd sa_translation_pool=omnisi sa_translation_type=dolor source_ip=10.166.169.167 src_geo=ati source_port=1544 source_user=olors translated_dest_ip=10.65.174.196 translated_dest_port=472 translated_ip_protocol=iin translated_route_domain=uteiru translated_source_ip=10.142.235.217 translated_source_port=5846 translated_vlan=orain vlan=2663", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "llu quaUt labor7147.internal.host ten vitae tse [F5@gni acl_policy_name=per acl_policy_type=tione acl_rule_name=nibus action=Established hostname=uptatem4446.internal.localhost bigip_mgmt_ip=10.29.217.44 context_name=eacommod context_type=tali date_time=Oct 11 2018 12:07:23 dest_ip=10.131.223.198 dst_geo=orisnisi dest_port=4342 device_product=eritquii device_vendor=atevelit device_version=1.325 drop_reason=enat errdefs_msgno=ionula errdefs_msg_name=itaed flow_id=invol ip_protocol=rdp severity=low partition_name=cidun route_domain=tassitas sa_translation_pool=nimadmi sa_translation_type=dipisci source_ip=10.215.184.154 src_geo=nor source_port=3306 source_user=iarc translated_dest_ip=10.191.78.86 translated_dest_port=6355 translated_ip_protocol=uiac translated_route_domain=squ translated_source_ip=10.53.188.140 translated_source_port=6455 translated_vlan=ten vlan=2937", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "isciveli ntutlab sitamet452.domain nsequ ing ollita [F5@dipisci acl_policy_name=amnisiu acl_policy_type=ptat acl_rule_name=epr action=Drop hostname=emq2514.api.localhost bigip_mgmt_ip=10.135.77.156 context_name=uraut context_type=non date_time=Oct 25 2018 19:09:57 dest_ip=10.248.182.188 dst_geo=turad dest_port=2537 device_product=nBCSe device_vendor=ollita device_version=1.3567 drop_reason=eni errdefs_msgno=quipe errdefs_msg_name=oluptat flow_id=stenatus ip_protocol=ggp severity=very-high partition_name=iaecon route_domain=ect sa_translation_pool=tquid sa_translation_type=seru source_ip=10.76.148.147 src_geo=remagna source_port=1121 source_user=urve translated_dest_ip=10.46.222.149 translated_dest_port=3304 translated_ip_protocol=squ translated_route_domain=emagnaal translated_source_ip=10.74.74.129 translated_source_port=5904 translated_vlan=itati vlan=3497", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rinc tno meumf4052.invalid pitlabo riamea Malorumw [F5@consect acl_policy_name=issu acl_policy_type=tconsect acl_rule_name=tationem action=Drop hostname=agna5654.www.corp bigip_mgmt_ip=10.96.200.223 context_name=iatisun context_type=cto date_time=Nov 09 2018 02:12:32 dest_ip=10.3.228.220 dst_geo=imadmini dest_port=3791 device_product=oeiusm device_vendor=aUtenim device_version=1.1186 drop_reason=isu errdefs_msgno=ute errdefs_msg_name=tdolore flow_id=madminim ip_protocol=igmp severity=very-high partition_name=prehen route_domain=ate sa_translation_pool=ull sa_translation_type=enimipsa source_ip=10.130.203.37 src_geo=quisnos source_port=2132 source_user=mvele translated_dest_ip=10.11.146.253 translated_dest_port=3581 translated_ip_protocol=remeum translated_route_domain=temseq translated_source_ip=10.145.49.29 translated_source_port=2464 translated_vlan=sedquia vlan=4912", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntmo aliqu iqu4429.www5.lan doconse volupta ptat [F5@oreverit acl_policy_name=nimides acl_policy_type=remipsum acl_rule_name=elit action=Drop hostname=ipi4827.mail.lan bigip_mgmt_ip=10.162.78.48 context_name=lab context_type=sedqui date_time=Nov 23 2018 09:15:06 dest_ip=10.243.157.94 dst_geo=epteu dest_port=5744 device_product=tura device_vendor=mquiavol device_version=1.6845 drop_reason=eabil errdefs_msgno=ibusB errdefs_msg_name=rporis flow_id=etco ip_protocol=ipv6 severity=very-high partition_name=ereprehe route_domain=olu sa_translation_pool=nofdeF sa_translation_type=riaturEx source_ip=10.24.23.209 src_geo=itautfu source_port=1503 source_user=rumwr translated_dest_ip=10.162.2.180 translated_dest_port=3889 translated_ip_protocol=mporain translated_route_domain=ectetur translated_source_ip=10.48.75.140 translated_source_port=1837 translated_vlan=ineavol vlan=5182", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "onproid sitv equam3114.test mcorp uelaud aperiam [F5@ngelit acl_policy_name=quiano acl_policy_type=sund acl_rule_name=iaconse action=Drop hostname=sequatD163.internal.example bigip_mgmt_ip=10.151.206.38 context_name=oloremi context_type=luptate date_time=Dec 07 2018 16:17:40 dest_ip=10.38.57.217 dst_geo=rur dest_port=5543 device_product=imidest device_vendor=oeiusmod device_version=1.419 drop_reason=psumqui errdefs_msgno=eddoeiu errdefs_msg_name=oinvento flow_id=mips ip_protocol=udp severity=medium partition_name=corpor route_domain=amvolu sa_translation_pool=ent sa_translation_type=ionemu source_ip=10.66.92.83 src_geo=orinrep source_port=2549 source_user=nproide translated_dest_ip=10.119.12.186 translated_dest_port=5674 translated_ip_protocol=qui translated_route_domain=nemullam translated_source_ip=10.97.105.115 translated_source_port=3576 translated_vlan=squir vlan=3987", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "umqu umet psaquaea5284.internal.example upt giatquo toccaec [F5@nihilmo acl_policy_name=atquo acl_policy_type=umetMa acl_rule_name=ngelitse action=Accept hostname=itamet1303.invalid bigip_mgmt_ip=10.12.148.73 context_name=eius context_type=evo date_time=Dec 21 2018 23:20:14 dest_ip=10.10.44.34 dst_geo=volupt dest_port=61 device_product=eosqu device_vendor=reetdolo device_version=1.7551 drop_reason=sten errdefs_msgno=enderi errdefs_msg_name=labore flow_id=uasiarch ip_protocol=igmp severity=very-high partition_name=magnama route_domain=reprehe sa_translation_pool=citatio sa_translation_type=dolo source_ip=10.201.132.114 src_geo=eetd source_port=6058 source_user=borisnis translated_dest_ip=10.64.76.142 translated_dest_port=7083 translated_ip_protocol=temse translated_route_domain=samvo translated_source_ip=10.169.139.250 translated_source_port=1374 translated_vlan=nostrume vlan=5035", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tatevel itin tam942.api.host iut leumiur deser [F5@boris acl_policy_name=ris acl_policy_type=nisiuta acl_rule_name=utper action=Drop hostname=epr3512.internal.domain bigip_mgmt_ip=10.9.236.18 context_name=iumdo context_type=exe date_time=Jan 05 2019 06:22:49 dest_ip=10.152.7.48 dst_geo=giatnula dest_port=71 device_product=enimadmi device_vendor=qui device_version=1.5292 drop_reason=aecon errdefs_msgno=sedq errdefs_msg_name=olo flow_id=sperna ip_protocol=udp severity=very-high partition_name=conseq route_domain=upta sa_translation_pool=eturadi sa_translation_type=cinge source_ip=10.111.128.11 src_geo=niamq source_port=5336 source_user=umfug translated_dest_ip=10.35.38.185 translated_dest_port=7077 translated_ip_protocol=labor translated_route_domain=Sec translated_source_ip=10.200.116.191 translated_source_port=3068 translated_vlan=nsecte vlan=5790", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uianonnu por nve894.lan turadip ataev eFinib [F5@atione acl_policy_name=xcepte acl_policy_type=gnaa acl_rule_name=tio action=Reject hostname=uredol2174.home bigip_mgmt_ip=10.191.27.182 context_name=tMalo context_type=urautod date_time=Jan 19 2019 13:25:23 dest_ip=10.114.60.159 dst_geo=rese dest_port=5302 device_product=rissusci device_vendor=quaturve device_version=1.5991 drop_reason=tisunde errdefs_msgno=ende errdefs_msg_name=quidolor flow_id=lloin ip_protocol=igmp severity=high partition_name=proiden route_domain=moenimip sa_translation_pool=tat sa_translation_type=tate source_ip=10.236.67.227 src_geo=ern source_port=881 source_user=tlabo translated_dest_ip=10.134.238.8 translated_dest_port=2976 translated_ip_protocol=aqua translated_route_domain=edquiac translated_source_ip=10.240.62.238 translated_source_port=1251 translated_vlan=olo vlan=5926", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ali Nequepor aUten4127.internal.lan apariatu mnisis onsequa [F5@sunt acl_policy_name=orumSe acl_policy_type=olupta acl_rule_name=emveleum action=Drop hostname=ididunt7607.mail.localhost bigip_mgmt_ip=10.165.66.92 context_name=isq context_type=eacommo date_time=Feb 02 2019 20:27:57 dest_ip=10.244.171.198 dst_geo=nimad dest_port=7814 device_product=asi device_vendor=tobe device_version=1.6837 drop_reason=Lore errdefs_msgno=oin errdefs_msg_name=eritquii flow_id=taliqui ip_protocol=ipv6-icmp severity=very-high partition_name=entoreve route_domain=ion sa_translation_pool=exeaco sa_translation_type=tate source_ip=10.109.14.142 src_geo=sitas source_port=6036 source_user=perna translated_dest_ip=10.65.35.64 translated_dest_port=2748 translated_ip_protocol=irur translated_route_domain=risnisiu translated_source_ip=10.22.231.91 translated_source_port=2652 translated_vlan=equepor vlan=897", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ugiatn utpe hend1170.www5.lan ptateve aliqua officiad [F5@nimadmin acl_policy_name=iavol acl_policy_type=roq acl_rule_name=iumtota action=Reject hostname=inimav5557.www5.test bigip_mgmt_ip=10.71.112.86 context_name=olor context_type=emoenim date_time=Feb 17 2019 03:30:32 dest_ip=10.57.64.102 dst_geo=rume dest_port=7667 device_product=inibusBo device_vendor=tqui device_version=1.99 drop_reason=citat errdefs_msgno=prehende errdefs_msg_name=vitaedic flow_id=remip ip_protocol=ggp severity=high partition_name=rehe route_domain=aper sa_translation_pool=gnaa sa_translation_type=tam source_ip=10.64.161.215 src_geo=modi source_port=4869 source_user=rnatur translated_dest_ip=10.29.230.203 translated_dest_port=6579 translated_ip_protocol=abi translated_route_domain=inimaven translated_source_ip=10.89.221.90 translated_source_port=5835 translated_vlan=entoreve vlan=4612", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "roqu dquia ommod142.www.home ptate oloreeu imipsa [F5@iscinge acl_policy_name=ora acl_policy_type=meumfug acl_rule_name=inimve action=Closed hostname=nonn1650.www.test bigip_mgmt_ip=10.88.226.76 context_name=ptas context_type=iadolo date_time=Mar 03 2019 10:33:06 dest_ip=10.217.197.29 dst_geo=aliquide dest_port=7187 device_product=tinv device_vendor=iar device_version=1.5232 drop_reason=mquela errdefs_msgno=urm errdefs_msg_name=con flow_id=aeabil ip_protocol=udp severity=low partition_name=edicta route_domain=itaspern sa_translation_pool=tau sa_translation_type=rcit source_ip=10.79.208.135 src_geo=rehende source_port=3688 source_user=erspic translated_dest_ip=10.221.199.137 translated_dest_port=6430 translated_ip_protocol=quipe translated_route_domain=evita translated_source_ip=10.140.118.182 translated_source_port=4566 translated_vlan=nia vlan=7548", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "npro boriosa sundeo3076.internal.test Nequepor turQ tod [F5@rsitame acl_policy_name=nsectetu acl_policy_type=untexpli acl_rule_name=smo action=Reject hostname=acons3940.api.lan bigip_mgmt_ip=10.133.48.55 context_name=lab context_type=ela date_time=Mar 17 2019 17:35:40 dest_ip=10.134.141.37 dst_geo=oreve dest_port=2538 device_product=tali device_vendor=quamnih device_version=1.2492 drop_reason=reprehen errdefs_msgno=Exce errdefs_msg_name=tocca flow_id=tinvolu ip_protocol=ipv6 severity=low partition_name=iumt route_domain=mad sa_translation_pool=mpor sa_translation_type=eddoei source_ip=10.35.73.208 src_geo=dolo source_port=6552 source_user=tia translated_dest_ip=10.126.61.230 translated_dest_port=2068 translated_ip_protocol=dolor translated_route_domain=emUteni translated_source_ip=10.189.244.22 translated_source_port=734 translated_vlan=rinre vlan=6425", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ident uatur dquiaco2756.home uiine mve dolorema [F5@ditautf acl_policy_name=uisnostr acl_policy_type=oditautf acl_rule_name=nula action=Established hostname=suscipit587.www.localhost bigip_mgmt_ip=10.81.154.115 context_name=ita context_type=aeratvol date_time=Apr 01 2019 00:38:14 dest_ip=10.194.94.1 dst_geo=ostr dest_port=575 device_product=boreetd device_vendor=ueporro device_version=1.4044 drop_reason=oluptat errdefs_msgno=olors errdefs_msg_name=mSecti flow_id=ius ip_protocol=icmp severity=very-high partition_name=xerci route_domain=qua sa_translation_pool=iaecons sa_translation_type=pteurs source_ip=10.35.65.72 src_geo=veni source_port=3387 source_user=reseo translated_dest_ip=10.239.194.105 translated_dest_port=3629 translated_ip_protocol=isnos translated_route_domain=ntin translated_source_ip=10.240.94.109 translated_source_port=5437 translated_vlan=ono vlan=573", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "consequ ine hend3901.www.localdomain nsecte miurere tat [F5@pitlabor acl_policy_name=upi acl_policy_type=olupta acl_rule_name=ape action=Established hostname=mnisiut6146.internal.local bigip_mgmt_ip=10.52.70.192 context_name=empor context_type=ate date_time=Apr 15 2019 07:40:49 dest_ip=10.234.254.96 dst_geo=obeatae dest_port=2042 device_product=orem device_vendor=dquian device_version=1.2307 drop_reason=uis errdefs_msgno=emagnaal errdefs_msg_name=uunturm flow_id=nonnumq ip_protocol=ggp severity=very-high partition_name=ntocca route_domain=emquelau sa_translation_pool=adolorsi sa_translation_type=lupt source_ip=10.38.253.213 src_geo=ncidu source_port=3369 source_user=ionem translated_dest_ip=10.248.72.104 translated_dest_port=7485 translated_ip_protocol=cusan translated_route_domain=ivelit translated_source_ip=10.150.56.227 translated_source_port=4686 translated_vlan=isnost vlan=4697", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "urQu idol fici312.api.host eri pitlab riosamn [F5@Malo acl_policy_name=onse acl_policy_type=enatuse acl_rule_name=veritat action=Reject hostname=borios1067.www5.home bigip_mgmt_ip=10.218.15.164 context_name=ntNeque context_type=magnidol date_time=Apr 29 2019 14:43:23 dest_ip=10.56.60.3 dst_geo=aaliq dest_port=2143 device_product=gel device_vendor=modt device_version=1.2031 drop_reason=mvolu errdefs_msgno=agn errdefs_msg_name=eritinvo flow_id=aliq ip_protocol=rdp severity=very-high partition_name=uisautei route_domain=labor sa_translation_pool=ihilmol sa_translation_type=scinge source_ip=10.62.218.239 src_geo=yCiceroi source_port=166 source_user=reh translated_dest_ip=10.73.172.186 translated_dest_port=3510 translated_ip_protocol=itte translated_route_domain=niamquis translated_source_ip=10.203.193.134 translated_source_port=6251 translated_vlan=riosa vlan=7445", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ore ptatema poriss2289.localdomain luptat ficiad saquaea [F5@archi acl_policy_name=caboNe acl_policy_type=ptate acl_rule_name=enimips action=Established hostname=msequ323.www.example bigip_mgmt_ip=10.60.20.76 context_name=seq context_type=uae date_time=May 13 2019 21:45:57 dest_ip=10.244.241.67 dst_geo=quaeabi dest_port=5701 device_product=ost device_vendor=mave device_version=1.2555 drop_reason=aev errdefs_msgno=uovolup errdefs_msg_name=tMaloru flow_id=rum ip_protocol=ipv6-icmp severity=very-high partition_name=ptassita route_domain=ionemul sa_translation_pool=orema sa_translation_type=its source_ip=10.10.46.43 src_geo=stiaec source_port=7346 source_user=nev translated_dest_ip=10.136.211.234 translated_dest_port=4126 translated_ip_protocol=lamcor translated_route_domain=rorsitv translated_source_ip=10.131.127.113 translated_source_port=853 translated_vlan=iamqu vlan=1324", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mwrit dminimve madminim5473.mail.example reeuf orinrepr tinvo [F5@oru acl_policy_name=ainc acl_policy_type=aeab acl_rule_name=iat action=Closed hostname=tdolorem813.internal.host bigip_mgmt_ip=10.50.177.151 context_name=rsitam context_type=aliqui date_time=May 28 2019 04:48:31 dest_ip=10.206.65.159 dst_geo=fdeFini dest_port=1295 device_product=eetdolo device_vendor=issuscip device_version=1.3291 drop_reason=tqu errdefs_msgno=rinc errdefs_msg_name=hender flow_id=sBonor ip_protocol=rdp severity=high partition_name=ercitati route_domain=lapa sa_translation_pool=enia sa_translation_type=atis source_ip=10.233.181.250 src_geo=isiuta source_port=2868 source_user=ugiatq translated_dest_ip=10.187.237.220 translated_dest_port=7744 translated_ip_protocol=eumfu translated_route_domain=remap translated_source_ip=10.248.0.74 translated_source_port=6349 translated_vlan=tru vlan=2520", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "isautem eiusm assit1598.www5.invalid archite eruntm iades [F5@mremape acl_policy_name=nimad acl_policy_type=ionemu acl_rule_name=nul action=Established hostname=volupt4626.internal.test bigip_mgmt_ip=10.189.43.11 context_name=asper context_type=eeu date_time=Jun 11 2019 11:51:06 dest_ip=10.193.169.102 dst_geo=olab dest_port=629 device_product=olore device_vendor=mSecti device_version=1.2859 drop_reason=idid errdefs_msgno=ela errdefs_msg_name=fugits flow_id=litseddo ip_protocol=igmp severity=medium partition_name=ptasn route_domain=amrem sa_translation_pool=umdolor sa_translation_type=iamq source_ip=10.248.248.120 src_geo=ationemu source_port=1282 source_user=iatn translated_dest_ip=10.96.223.46 translated_dest_port=3654 translated_ip_protocol=pern translated_route_domain=ptasn translated_source_ip=10.80.129.81 translated_source_port=4827 translated_vlan=tat vlan=5084", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eruntmo lumdolo urmagnid2749.api.host imip taspe siutaliq [F5@turadipi acl_policy_name=tMalo acl_policy_type=veni acl_rule_name=rspi action=Closed hostname=ntium5103.www5.localhost bigip_mgmt_ip=10.66.106.186 context_name=uatD context_type=reh date_time=Jun 25 2019 18:53:40 dest_ip=10.36.14.238 dst_geo=metco dest_port=4740 device_product=ilmoles device_vendor=xeaco device_version=1.1910 drop_reason=ccaecat errdefs_msgno=radip errdefs_msg_name=secil flow_id=totamr ip_protocol=udp severity=very-high partition_name=iciat route_domain=uira sa_translation_pool=orio sa_translation_type=mseq source_ip=10.102.109.199 src_geo=iono source_port=2061 source_user=tNequ translated_dest_ip=10.173.114.63 translated_dest_port=5877 translated_ip_protocol=tatisetq translated_route_domain=eabilloi translated_source_ip=10.91.115.139 translated_source_port=412 translated_vlan=eroi vlan=2077", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "riatur amrema illum2978.internal.home rumetMa entor urere [F5@involu acl_policy_name=qui acl_policy_type=aliqu acl_rule_name=sita action=Drop hostname=orpori3334.www.local bigip_mgmt_ip=10.198.157.122 context_name=ncu context_type=quatu date_time=Jul 10 2019 01:56:14 dest_ip=10.239.90.72 dst_geo=iratio dest_port=7700 device_product=its device_vendor=agn device_version=1.3690 drop_reason=ntmo errdefs_msgno=iur errdefs_msg_name=aboNemo flow_id=tsedquia ip_protocol=udp severity=very-high partition_name=tatiset route_domain=enim sa_translation_pool=gnido sa_translation_type=iamq source_ip=10.159.155.88 src_geo=uisa source_port=7034 source_user=iquipex translated_dest_ip=10.0.175.17 translated_dest_port=5236 translated_ip_protocol=tempori translated_route_domain=sedquian translated_source_ip=10.221.223.127 translated_source_port=2687 translated_vlan=ira vlan=3007", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "idolor umdo sequatu7142.internal.corp ipsaqu asun rsitam [F5@magn acl_policy_name=amcola acl_policy_type=eumiurer acl_rule_name=umf action=Established hostname=equu7361.www5.localdomain bigip_mgmt_ip=10.30.20.187 context_name=rsinto context_type=nonnumqu date_time=Jul 24 2019 08:58:48 dest_ip=10.103.47.100 dst_geo=chitect dest_port=5316 device_product=fug device_vendor=ulpaq device_version=1.6302 drop_reason=piscivel errdefs_msgno=ueporr errdefs_msg_name=udex flow_id=ipexeac ip_protocol=tcp severity=low partition_name=isci route_domain=archi sa_translation_pool=rsitame sa_translation_type=qui source_ip=10.7.212.201 src_geo=ion source_port=949 source_user=ugiat translated_dest_ip=10.252.136.130 translated_dest_port=5601 translated_ip_protocol=expl translated_route_domain=animi translated_source_ip=10.189.70.237 translated_source_port=1457 translated_vlan=tnul vlan=24", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "radip amremap dolorsit64.www.local uredo uamni nisi [F5@onsecte acl_policy_name=iono acl_policy_type=secillum acl_rule_name=sequatD action=Established hostname=tse2979.internal.localhost bigip_mgmt_ip=10.242.121.165 context_name=aut context_type=eriti date_time=Aug 07 2019 16:01:23 dest_ip=10.88.229.78 dst_geo=imadmi dest_port=2642 device_product=tevelite device_vendor=cto device_version=1.2037 drop_reason=mquiado errdefs_msgno=agn errdefs_msg_name=dip flow_id=urmag ip_protocol=tcp severity=high partition_name=laboreet route_domain=tutlabo sa_translation_pool=incid sa_translation_type=der source_ip=10.83.105.69 src_geo=usm source_port=2153 source_user=mni translated_dest_ip=10.102.109.194 translated_dest_port=2324 translated_ip_protocol=nor translated_route_domain=saut translated_source_ip=10.60.224.93 translated_source_port=1508 translated_vlan=deomnis vlan=354", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tla nimve edutpe1255.internal.lan nimadm cepte paquioff [F5@ictasun acl_policy_name=iumto acl_policy_type=ciun acl_rule_name=prehe action=Accept hostname=uisnostr2390.mail.domain bigip_mgmt_ip=10.251.167.219 context_name=eaco context_type=oremeu date_time=Aug 21 2019 23:03:57 dest_ip=10.14.251.18 dst_geo=tenbyCi dest_port=4371 device_product=citation device_vendor=spernatu device_version=1.7314 drop_reason=giatq errdefs_msgno=tion errdefs_msg_name=tNeque flow_id=uidolore ip_protocol=rdp severity=medium partition_name=usB route_domain=magnaali sa_translation_pool=istenatu sa_translation_type=roqui source_ip=10.17.20.93 src_geo=eritqu source_port=4368 source_user=Uteni translated_dest_ip=10.181.134.69 translated_dest_port=551 translated_ip_protocol=norum translated_route_domain=emUten translated_source_ip=10.219.174.45 translated_source_port=4055 translated_vlan=idolo vlan=968", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mmodicon nisis edquia4523.www.host remap ntium veniamqu [F5@equat acl_policy_name=reeu acl_policy_type=atemacc acl_rule_name=rsitvolu action=Accept hostname=luptate4811.mail.example bigip_mgmt_ip=10.30.117.82 context_name=destlabo context_type=fficia date_time=Sep 05 2019 06:06:31 dest_ip=10.245.75.229 dst_geo=elaud dest_port=4916 device_product=eaqueip device_vendor=emUten device_version=1.596 drop_reason=itseddoe errdefs_msgno=iti errdefs_msg_name=evitaedi flow_id=ionulamc ip_protocol=tcp severity=high partition_name=culp route_domain=Ciceroin sa_translation_pool=aeco sa_translation_type=olores source_ip=10.223.99.90 src_geo=adminim source_port=4324 source_user=numqua translated_dest_ip=10.28.233.253 translated_dest_port=1159 translated_ip_protocol=mUten translated_route_domain=eursint translated_source_ip=10.37.14.20 translated_source_port=6531 translated_vlan=teurs vlan=4919", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "aaliq nos uaUteni562.www.test deF dutpe tseddoei [F5@byCi acl_policy_name=odic acl_policy_type=chitecto acl_rule_name=nimadm action=Closed hostname=lites1614.www.corp bigip_mgmt_ip=10.125.20.22 context_name=olu context_type=ectet date_time=Sep 19 2019 13:09:05 dest_ip=10.121.189.113 dst_geo=tess dest_port=4686 device_product=xeacom device_vendor=adminim device_version=1.95 drop_reason=henderi errdefs_msgno=rainc errdefs_msg_name=dminim flow_id=sse ip_protocol=tcp severity=high partition_name=umexe route_domain=Sedu sa_translation_pool=tetur sa_translation_type=ern source_ip=10.50.61.114 src_geo=nvento source_port=649 source_user=qua translated_dest_ip=10.57.85.113 translated_dest_port=1024 translated_ip_protocol=itquii translated_route_domain=psu translated_source_ip=10.8.32.17 translated_source_port=3788 translated_vlan=nem vlan=5883", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sitasper agni ivelit1640.internal.lan iscive prehende volup [F5@nimi acl_policy_name=niamqu acl_policy_type=uioffi acl_rule_name=suntin action=Closed hostname=lorinrep7686.mail.corp bigip_mgmt_ip=10.200.28.55 context_name=ineavol context_type=abor date_time=Oct 03 2019 20:11:40 dest_ip=10.232.122.152 dst_geo=voluptat dest_port=1549 device_product=ipi device_vendor=lamcor device_version=1.3064 drop_reason=litesse errdefs_msgno=tam errdefs_msg_name=uovo flow_id=scivelit ip_protocol=icmp severity=low partition_name=empo route_domain=apa sa_translation_pool=colab sa_translation_type=sistenat source_ip=10.215.224.27 src_geo=Sedutper source_port=6726 source_user=ficiade translated_dest_ip=10.113.78.101 translated_dest_port=2707 translated_ip_protocol=amqua translated_route_domain=nsequatu translated_source_ip=10.181.63.82 translated_source_port=168 translated_vlan=tse vlan=4029", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ueip amvo dolorsi306.www5.local tten erit asiarch [F5@tob acl_policy_name=tiae acl_policy_type=imipsamv acl_rule_name=doeiu action=Established hostname=nderit6272.mail.example bigip_mgmt_ip=10.177.14.106 context_name=natuser context_type=olupt date_time=Oct 18 2019 03:14:14 dest_ip=10.239.142.115 dst_geo=nsec dest_port=6720 device_product=siarchi device_vendor=etq device_version=1.4522 drop_reason=archit errdefs_msgno=nde errdefs_msg_name=tNequepo flow_id=byCicer ip_protocol=ipv6 severity=medium partition_name=ipit route_domain=tdolorem sa_translation_pool=nderitin sa_translation_type=mquiado source_ip=10.169.95.128 src_geo=reeufugi source_port=7737 source_user=ofd translated_dest_ip=10.139.20.223 translated_dest_port=114 translated_ip_protocol=porincid translated_route_domain=tisetqu translated_source_ip=10.243.43.168 translated_source_port=2110 translated_vlan=ehenderi vlan=2215", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ipsu iden oreseo1541.mail.domain boriosam lites col [F5@litsedd acl_policy_name=mnis acl_policy_type=ainci acl_rule_name=aturve action=Established hostname=ntu1279.mail.lan bigip_mgmt_ip=10.92.168.198 context_name=rume context_type=uptate date_time=Nov 01 2019 10:16:48 dest_ip=10.115.225.57 dst_geo=orsit dest_port=3315 device_product=mnis device_vendor=tametco device_version=1.7456 drop_reason=inc errdefs_msgno=rroqui errdefs_msg_name=amr flow_id=mfug ip_protocol=tcp severity=low partition_name=mid route_domain=henderi sa_translation_pool=consec sa_translation_type=dquia source_ip=10.90.93.4 src_geo=rehe source_port=3382 source_user=adminima translated_dest_ip=10.39.100.88 translated_dest_port=5195 translated_ip_protocol=lup translated_route_domain=rsi translated_source_ip=10.18.176.44 translated_source_port=7284 translated_vlan=Utenimad vlan=4305", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Bon amquisno mullam6505.www.localhost siarch oloremi ididu [F5@uov acl_policy_name=ncidid acl_policy_type=audantiu acl_rule_name=lmolest action=Reject hostname=essequam1161.domain bigip_mgmt_ip=10.49.68.8 context_name=temUte context_type=idest date_time=Nov 15 2019 17:19:22 dest_ip=10.8.247.249 dst_geo=enimip dest_port=3957 device_product=ataevit device_vendor=ficiad device_version=1.2909 drop_reason=taspe errdefs_msgno=empori errdefs_msg_name=mipsum flow_id=tium ip_protocol=tcp severity=very-high partition_name=ota route_domain=boriosa sa_translation_pool=eprehen sa_translation_type=rehen source_ip=10.163.203.191 src_geo=exeacom source_port=2599 source_user=tlab translated_dest_ip=10.193.43.135 translated_dest_port=4650 translated_ip_protocol=iaeconse translated_route_domain=onevol translated_source_ip=10.173.13.179 translated_source_port=1211 translated_vlan=ptasn vlan=3791", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ctetur amqui itatise2264.invalid lup cipitla niam [F5@mullamc acl_policy_name=umtota acl_policy_type=ssecil acl_rule_name=xplic action=Closed hostname=cipitl2184.localdomain bigip_mgmt_ip=10.240.47.113 context_name=uisnost context_type=snul date_time=Nov 30 2019 00:21:57 dest_ip=10.191.241.249 dst_geo=Loremips dest_port=4361 device_product=tiset device_vendor=ciade device_version=1.7726 drop_reason=equ errdefs_msgno=rror errdefs_msg_name=Exce flow_id=uae ip_protocol=ggp severity=high partition_name=umdol route_domain=nseq sa_translation_pool=autodita sa_translation_type=loreme source_ip=10.84.64.28 src_geo=par source_port=3938 source_user=ull translated_dest_ip=10.209.226.7 translated_dest_port=7745 translated_ip_protocol=aeabi translated_route_domain=ore translated_source_ip=10.31.147.51 translated_source_port=7780 translated_vlan=ptate vlan=3154", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "fugit dantiu ntutla1447.invalid strude rautodi Loremips [F5@mestqui acl_policy_name=tect acl_policy_type=odtem acl_rule_name=ite action=Closed hostname=item3647.home bigip_mgmt_ip=10.32.20.4 context_name=olupta context_type=dents date_time=Dec 14 2019 07:24:31 dest_ip=10.166.40.137 dst_geo=oremipsu dest_port=5644 device_product=idolor device_vendor=tionem device_version=1.292 drop_reason=oinB errdefs_msgno=tateve errdefs_msg_name=rsitvo flow_id=enatuser ip_protocol=tcp severity=high partition_name=sistena route_domain=reetdolo sa_translation_pool=psam sa_translation_type=litseddo source_ip=10.225.189.229 src_geo=odtem source_port=2287 source_user=odtemp translated_dest_ip=10.86.1.244 translated_dest_port=7101 translated_ip_protocol=rinci translated_route_domain=uamestqu translated_source_ip=10.52.13.192 translated_source_port=4714 translated_vlan=remagna vlan=439", "tags": [ diff --git a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml index 9b29028b322..07d9aaaecca 100644 --- a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Advanced Firewall Manager processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipafm/sample_event.json b/packages/f5/data_stream/bigipafm/sample_event.json index 827d6f57d79..c2fd87966e4 100644 --- a/packages/f5/data_stream/bigipafm/sample_event.json +++ b/packages/f5/data_stream/bigipafm/sample_event.json @@ -23,7 +23,7 @@ "port": 2288 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json index 8d822aa74c8..f0e9ff53977 100644 --- a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2016/01/29 06:09:59 aliqu high equepor[6720]: 01490106: :dolore: sequa: AD module: authentication with 'abo' failed: Preauthentication failed, principal name: squira. success reeufugi", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2016/02/12 13:12:33 billoi medium orev[6153]: 01490504: :tatemU: deF: sist1803.mail.local can not be resolved.", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2016/02/26 20:15:08 aqui low sSMTP[1166]: isetq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2016/03/12 03:17:42 seq high crond[5738]: (ccaecat) veleumi", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2016/03/26 10:20:16 ude very-high veri[5990]: 01490113: :tempo: inv: session.user.clientip is 10.134.175.248", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2016/04/09 17:22:51 lupta low rsitvolu[2044]: 01490128: :pori: occ: Webtop ect assigned", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2016/04/24 00:25:25 aedic high gni: [syslog-ng]", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2016/05/08 07:27:59 labor low isqu: 01490167: :uis: Current snapshot ID: idolore updated inside session db for access profile: onse", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2016/05/22 14:30:33 metcon low emeumfug[6823]: 01490505: :emporinc: untutlab: tem", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2016/06/05 21:33:08 tessec very-high ali[6446]: sSMTP: ", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2016/06/20 04:35:42 riat medium atvol[98]: 014d0044: :uames: tati", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2016/07/04 11:38:16 sinto very-high CSed[2857]: 01490514: :utlabore: ecillu: Access encountered error: success. File: mnisist, Function: deny, Line: icons", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2016/07/18 18:40:50 lum high CROND[1675]: (sitvolup) CMD (cancel)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2016/08/02 01:43:25 uipe very-high siarchi[2289]: 01490500: :aliqu: olupta:mipsumd:eFinib: New session from client IP 10.204.123.107 (ST=saute/CC=ercit/C=usmodt) at VIP 10.225.160.182 Listener mque", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2016/08/16 08:45:59 dol high quiratio[3386]: 01490511: :tisetq: tevelite: Initializing Access profile orporiss with max concurrent user sessions limit: 4739", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2016/08/30 15:48:33 paquioff medium derit[4688]: 01490544: :hende: piscin: Received client info - https://mail.example.com/laboree/tfu.html?liqu=eporr#xeacomm", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2016/09/13 22:51:07 fugiatnu high tobea[2364]: 014d0001: :tateve: ctx: itinvol, SERVER : eavolup", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2016/09/28 05:53:42 remag very-high abor[5983]: 01490103: :tquiin: tse: Retry Username 'tenimad'", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2016/10/12 12:56:16 niamqui low amcol[5625]: 01490113: :ipisci: gitsed: session.server.network.port is 4374", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2016/10/26 19:58:50 nturma low cusant[4946]: 01490106: :etur: itecto: AD module: authentication with 'reetdol' failed: Preauthentication failed, principal name: totamre. success ercita", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2016/11/10 03:01:24 proiden medium mvele[5737]: 014d0044: :aco: tio", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2016/11/24 10:03:59 quaea very-high mvel[1188]: 01490520: :porinc: tetur: xce", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2016/12/08 17:06:33 aincidu very-high uaeab[5960]: 01490008: :licabo: enimadmi: Connectivity resource utaliqu assigned", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2016/12/23 00:09:07 cola high oremi[1485]: 01490128: :ineavol: iosa: Webtop boNemoe assigned", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2017/01/06 07:11:41 Nequepor medium rem[5461]: 01490538: :esseq: adminima: Configuration snapshot deleted by Access.", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2017/01/20 14:14:16 ptateve very-high miurerep: 01490165: :toccaec: Access profile: fugi initialized with configuration snapshot catalog: labo", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2017/02/03 21:16:50 sBono high equ[4808]: 01490005: :amvo: siuta: Following rule urmagn from item dquia to ending temporin", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2017/02/18 04:19:24 iruredol very-high derit[5270]: 01490106: :atquo: cupi: AD module: authentication with 'strude' failed in allow: Preauthentication failed, principal name: dunt. success yCic", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2017/03/04 11:21:59 unte very-high ueipsa[748]: 011f0005: :cti: failure (Client side: vip=https://www5.example.com/olli/rever.html?rsp=oluptat#metco profile=ipv6-icmp pool=edolorin client_ip=10.104.110.134)", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2017/03/18 18:24:33 ptasnula high syslog-ng[2638]: ill", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2017/04/02 01:27:07 caboNem medium laudan[7589]: 01490107: :oconse: mag: AD module: authentication with 'tob' failed: Client 'dolores2519.mail.host' not found in Kerberos database, principal name:deF itempo", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2017/04/16 08:29:41 meaque high mip[5899]: 01490107: :lamc: mvolupta: AD module: authentication with 'Utenima' failed: Clients credentials have been revoked, principal name: iqua@luptat2979.internal.local. unknown cididu", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2017/04/30 15:32:16 atDuis medium nisiut: 01490166: :rumwri: Current snapshot ID: velill retrieved from session db for access profile: ore", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2017/05/14 22:34:50 uptat high amquisno: 0149016b: :uido: Completed snapshot creation: tla for access profile: mquiad", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2017/05/29 05:37:24 atur very-high ditau[4727]: 01490514: :piscivel: hend: Access encountered error: success. File: cepteur, Function: accept, Line: maliqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2017/06/12 12:39:58 acon very-high sun[5971]: 01490501: :labori: porai: umiure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2017/06/26 19:42:33 eufug low uido[4318]: 01490500: :ici: snulap: New session from client IP 10.122.204.151 (ST=writte/CC=sitvo/C=ine) at VIP 10.169.101.161 Listener itessequ", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2017/07/11 02:45:07 udan low essequam[3682]: 01490113: :urQuis: etcon: session.server.network.protocol is onsequu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2017/07/25 09:47:41 gelitse very-high arc[2412]: 01490013: :radip: upta: AD agent: Retrieving AAA server: tetura", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2017/08/08 16:50:15 imavenia low mquido[5899]: 01490517: :rnat: rur: success", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2017/08/22 23:52:50 nonn high met[1580]: 01420002: : AUDIT - pid=2037 user=ptate folder=entsu module=conse status=failure cmd_data=ntut", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2017/09/06 06:55:24 iconsequ high idunt[571]: 01490549: :siuta: atev: Assigned PPP Dynamic IPv4: 10.6.32.7 Tunnel Type: exerci inesciu Resource: quid Client IP: 10.198.70.58 - orem", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2017/09/20 13:57:58 reetdo medium lup[5051]: 01260009: :eos: Connection error:ipitlabo", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2017/10/04 21:00:32 reprehen very-high syslog-ng[6438]: imid", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2017/10/19 04:03:07 sunt very-high aturQu[7083]: 01490128: :tDuis: iqu: Webtop oriosamn assigned", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2017/11/02 11:05:41 iquip very-high sedquian[4212]: 01490004: :etdolore: magnaa: Executed agent 'sumquiad', return value iusmodt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2017/11/16 18:08:15 equam low eaqueip[5207]: 01490538: :aevitaed: byCic: Configuration snapshot deleted by Access.", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2017/12/01 01:10:49 xerc high eturad[1760]: 01490506: :nvol: enimadmi: Received User-Agent header: mobmail android 2.1.3.3150", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2017/12/15 08:13:24 sumdolo medium rors[1935]: 01490538: :oremque: quaU: Configuration snapshot deleted by Access.", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2017/12/29 15:15:58 ioff medium quioff: 0149016a: :iuntN: Initiating snapshot creation: ipis for access profile: itautfu", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2018/01/12 22:18:32 rchit medium roquisqu[5924]: 01490005: :iquid: evo: Following rule mcorpori from item mqu to ending pteursi", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2018/01/27 05:21:06 itessequ low fdeFinib[2580]: 01490128: :sumd: sectetur: Webtop edquian assigned", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2018/02/10 12:23:41 quiav low rit: 0149016a: :eumfu: Initiating snapshot creation: lors for access profile: oluptat", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2018/02/24 19:26:15 oeiusmo very-high cusanti[5019]: 01420002: : AUDIT - pid=4996 user=rem folder=tseddoei module=teursint status=success cmd_data=remagnaa", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2018/03/11 02:28:49 ore low ovolupta: 0149016b: :volup: Completed snapshot creation: macc for access profile: ria", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2018/03/25 09:31:24 uisau high irat[2943]: 01490549: :emsequi: ueporroq: Assigned PPP Dynamic IPv4: 10.142.213.80 Tunnel Type: tationu gnaaliq Resource: olore Client IP: 10.16.181.60 - ameaquei", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2018/04/08 16:33:58 liq low mvolupta: syslog-ng: ", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2018/04/22 23:36:32 exe high illum[2625]: 01490101: :emi: reprehen: Access profile: tvol configuration has been applied. Newly active generation count is: 5959", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2018/05/07 06:39:06 iumt medium nulapari[1973]: 01490500: :tsunt: rnat:oremi:ectobeat: New session from client IP 10.187.64.126 (ST=uasiarch/CC=Malor/C=boriosa) at VIP 10.47.99.72 Listener upt (Reputation=oremipsu)", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2018/05/21 13:41:41 sint low auditd[3376]: ctobeat", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2018/06/04 20:44:15 lorumw high tdolo[3872]: syslog-ng: ", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2018/06/19 03:46:49 namaliqu medium aeca[4543]: 014d0044: :autemv: sciveli", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2018/07/03 10:49:23 piciati medium ntin[4646]: 01260009: :rcitat: Connection error:cinge", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2018/07/17 17:51:58 iqui low litani[3126]: 01490142: :itanimi: onoru: data", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2018/08/01 00:54:32 uptatem high ruredol: 01490079: :iadeseru: loremagn: Access policy 'acons' configuration has changed.Access profile 'nimadmi' configuration changes need to be applied for the new configuration", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2018/08/15 07:57:06 lupt very-high eavolupt: 01490167: :uipe: Current snapshot ID: ipsa updated inside session db for access profile: con", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2018/08/29 14:59:40 nesciu low ssequ[4877]: 01490008: :emse: emqui: Connectivity resource cipitla assigned", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2018/09/12 22:02:15 ionevo high ptate[52]: 01490102: :uira: todita: Access policy result: failure", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2018/09/27 05:04:49 iqu low tatis[7767]: 01490113: :reeufugi: sequines: session.server.network.protocol is minimve", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2018/10/11 12:07:23 aborio low setquas: 014d0002: :nbyCi: runtmoll: SSOv2 Logon failed, config busBon form norumetM", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2018/10/25 19:09:57 billoinv high deomn[904]: 01490113: :mali: roinBCSe: session.server.network.port is 3959", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2018/11/09 02:12:32 rch high sedd: 01490079: :atione: tvolup: Access policy 'oremeu' configuration has changed.Access profile 'lab' configuration changes need to be applied for the new configuration", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2018/11/23 09:15:06 urau medium upt[4762]: 01490538: :itaedict: eroi: Configuration snapshot deleted by Access.", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2018/12/07 16:17:40 reetdo low nidol[4345]: 01490113: :writtenb: atevelit: session.server.listener.name is ugitsed", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2018/12/21 23:20:14 uatDuisa high ano[4054]: 01490102: :uunturm: iatn: Access policy result: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2019/01/05 06:22:49 psum very-high exerci[3923]: 01490113: :lumqu: moen: session.oinvento", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 2019/01/19 13:25:23 volup very-high crond[4071]: (iconsequ) CMD (block)", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2019/02/02 20:27:57 archite high rem[6473]: 01490008: :emp: inBC: Connectivity resource did assigned", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2019/02/17 03:30:32 etconse medium uinesci: 0149016a: :otamr: Initiating snapshot creation: tsed for access profile: rExc", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2019/03/03 10:33:06 omnisis very-high uptatema[7023]: 01490501: :stiaec: Cicero: ven", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 2019/03/17 17:35:40 cons low ine[870]: 011f0005: :amquisn: success (Client side: vip=https://example.net/equamn/scipi.txt?eiu=maliquam#gnama profile=rdp pool=squamest client_ip=10.24.113.101)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2019/04/01 00:38:14 uelaudan low teiru[4918]: 014d0044: :orinrep: pta", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2019/04/15 07:40:49 sis very-high rchite[7405]: 01490521: :rvelill: rors: Session statistics - bytes in:6092, bytes out: 1363", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2019/04/29 14:43:23 Nequepo high CROND[2977]: (emac) CMD (cancel)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2019/05/13 21:45:57 isci high ugiatn: 0149016b: :squa: Completed snapshot creation: deseru for access profile: aquioff", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 2019/05/28 04:48:31 onsequat high giatq[7733]: 01490106: :imad: tura: AD module: authentication with 'equuntur' failed: Preauthentication failed, principal name: rve. success mqua", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2019/06/11 11:51:06 utlabore very-high exea[2867]: 01490008: :amquisn: itquii: Connectivity resource imaven assigned", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 2019/06/25 18:53:40 lloinve low nim[7673]: 01490511: :edquiac: psamvolu: Initializing Access profile teturad with max concurrent user sessions limit: 7783", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2019/07/10 01:56:14 tatemse low vitae[72]: 01490000: :samvolu: dip", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 2019/07/24 08:58:48 Dui medium nostrude[7057]: 01490007: :ione: ecillum: Session variable 'maccu' set to ame", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2019/08/07 16:01:23 reprehe medium enimipsa[2698]: 01490521: :samn: quisnos: Session statistics - bytes in:2132, bytes out: 2552", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2019/08/21 23:03:57 Nequepor low temseq[613]: 01490019: :ostrumex: suscipi: AD agent: Query: query with '(sAMAccountName=xplicabo)' successful", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2019/09/05 06:06:31 ameaquei very-high uelaud[1306]: 01490544: :ameiu: utei: Received client info - https://internal.example.net/lumquid/oluptat.jpg?equepor=iosamn#erspicia", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 2019/09/19 13:09:05 psumqui high ncu: 01490079: :quaturve: ciad: Access policy 'diconseq' configuration has changed.Access profile 'utod' configuration changes need to be applied for the new configuration", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2019/10/03 20:11:40 giatquo low dipisciv[5944]: 01490013: :atquo: umetMa: AD agent: Retrieving AAA server: ngelitse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 2019/10/18 03:14:14 tem very-high giatnula[71]: Rule: enimadmi \u003c\u003cqui\u003e: APM_EVENT=deny | aecon | sedq ***failure***", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2019/11/01 10:16:48 erc low tasnu: [syslog-ng]", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2019/11/15 17:19:22 ationevo very-high datatno[3538]: 01490019: :siar: orisnis: AD agent: Query: query with '(sAMAccountName=texp)' successful", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2019/11/30 00:21:57 pidat very-high sSMTP[6673]: ptateve", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 2019/12/14 07:24:31 olupta medium oremagn[2121]: 01490106: :itseddo: uptatev: AD module: authentication with 'oditem' failed in allow: Preauthentication failed, principal name: inimaven. failure olor", "tags": [ diff --git a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml index 397580f2b26..3bccb5ee92c 100644 --- a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Access Policy Manager processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipapm/sample_event.json b/packages/f5/data_stream/bigipapm/sample_event.json index 2ee0ef10285..de5fbb32a5f 100644 --- a/packages/f5/data_stream/bigipapm/sample_event.json +++ b/packages/f5/data_stream/bigipapm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/docs/README.md b/packages/f5/docs/README.md index fb9d35df822..d15ee714681 100644 --- a/packages/f5/docs/README.md +++ b/packages/f5/docs/README.md @@ -73,7 +73,7 @@ The `bigipapm` dataset collects Big-IP Access Policy Manager logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | @@ -898,7 +898,7 @@ The `bigipafm` dataset collects Big-IP Advanced Firewall Manager logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index 606d25c67f3..2b6bf395b8e 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: "0.13.1" +version: "0.14.0" description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["observability", "load_balancer"] release: experimental From 0cef638ced285ebf9a53ccff3502c2dd672a40c3 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:32 +0530 Subject: [PATCH 039/137] [f5_bigip] - update ECS to 8.7.0 from 8.4.0 This updates the f5_bigip integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.4.0 and using 8.4.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/f5_bigip --- packages/f5_bigip/_dev/build/build.yml | 2 +- packages/f5_bigip/changelog.yml | 5 +++++ .../test-pipeline-bigip-afm.log-expected.json | 4 ++-- .../test-pipeline-bigip-apm.log-expected.json | 6 +++--- .../test-pipeline-bigip-asm.log-expected.json | 6 +++--- .../test-pipeline-bigip-avr.log-expected.json | 12 ++++++------ .../test-pipeline-bigip-ltm.log-expected.json | 4 ++-- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/f5_bigip/data_stream/log/sample_event.json | 2 +- packages/f5_bigip/docs/README.md | 2 +- packages/f5_bigip/manifest.yml | 2 +- 11 files changed, 26 insertions(+), 21 deletions(-) diff --git a/packages/f5_bigip/_dev/build/build.yml b/packages/f5_bigip/_dev/build/build.yml index 8d9e4bf7ac8..9da3f46d46b 100644 --- a/packages/f5_bigip/_dev/build/build.yml +++ b/packages/f5_bigip/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@8.7 diff --git a/packages/f5_bigip/changelog.yml b/packages/f5_bigip/changelog.yml index 47ad3139e80..cafdb3bf311 100644 --- a/packages/f5_bigip/changelog.yml +++ b/packages/f5_bigip/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release F5 BIG-IP as GA. diff --git a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-afm.log-expected.json b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-afm.log-expected.json index 291328aad62..a4326654160 100644 --- a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-afm.log-expected.json +++ b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-afm.log-expected.json @@ -8,7 +8,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "action": "Reject", @@ -153,7 +153,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "action": "Reject", diff --git a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-apm.log-expected.json b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-apm.log-expected.json index ce1baac50fc..f26ee58e29a 100644 --- a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-apm.log-expected.json +++ b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-apm.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-03T22:10:07.783Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -64,7 +64,7 @@ { "@timestamp": "2021-10-01T08:00:03.319Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-asm.log-expected.json b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-asm.log-expected.json index 1fb81640c68..a113d723ebf 100644 --- a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-asm.log-expected.json +++ b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-asm.log-expected.json @@ -10,7 +10,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -173,7 +173,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-avr.log-expected.json b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-avr.log-expected.json index 0a230ec650b..d2c168efe56 100644 --- a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-avr.log-expected.json +++ b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-avr.log-expected.json @@ -10,7 +10,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "ip": "81.2.69.142" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "action": "Legal", @@ -428,7 +428,7 @@ { "@timestamp": "2019-04-30T02:52:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -513,7 +513,7 @@ { "@timestamp": "2019-04-30T02:00:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -595,7 +595,7 @@ { "@timestamp": "2019-04-18T07:22:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-ltm.log-expected.json b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-ltm.log-expected.json index e67c7d72a99..28d89e69408 100644 --- a/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-ltm.log-expected.json +++ b/packages/f5_bigip/data_stream/log/_dev/test/pipeline/test-pipeline-bigip-ltm.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -113,7 +113,7 @@ "ip": "216.160.83.56" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bc9e20ac75b..0e44f7da673 100644 --- a/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing F5 BIGIP logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/f5_bigip/data_stream/log/sample_event.json b/packages/f5_bigip/data_stream/log/sample_event.json index c237fee0dd6..d6b3a0f30c2 100644 --- a/packages/f5_bigip/data_stream/log/sample_event.json +++ b/packages/f5_bigip/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "121c9eba-d12d-4405-9bf4-83bc92e8c764", diff --git a/packages/f5_bigip/docs/README.md b/packages/f5_bigip/docs/README.md index 4b275dbfc02..f996c871a9e 100644 --- a/packages/f5_bigip/docs/README.md +++ b/packages/f5_bigip/docs/README.md @@ -181,7 +181,7 @@ An example event for `log` looks as following: "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "121c9eba-d12d-4405-9bf4-83bc92e8c764", diff --git a/packages/f5_bigip/manifest.yml b/packages/f5_bigip/manifest.yml index 597447ff5b4..3140adc4e4a 100644 --- a/packages/f5_bigip/manifest.yml +++ b/packages/f5_bigip/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: f5_bigip title: F5 BIG-IP -version: 1.0.0 +version: "1.1.0" release: ga description: Collect logs from F5 BIG-IP with Elastic Agent. type: integration From 3af6584b7d0e4c29fc55dea0c47d755a3bed941c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:32 +0530 Subject: [PATCH 040/137] [fim] - update ECS to 8.7.0 from 8.6.0 This updates the fim integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fim --- packages/fim/_dev/build/build.yml | 2 +- packages/fim/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/fim/data_stream/event/sample_event.json | 2 +- packages/fim/docs/README.md | 2 +- packages/fim/manifest.yml | 2 +- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/fim/_dev/build/build.yml b/packages/fim/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/fim/_dev/build/build.yml +++ b/packages/fim/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index ab8da9532e1..ff8d22dae95 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.3" changes: - description: Added categories and/or subcategories. diff --git a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 1591ea49522..d92eedf35cc 100644 --- a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing auditd events processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' on_failure: - set: field: error.message diff --git a/packages/fim/data_stream/event/sample_event.json b/packages/fim/data_stream/event/sample_event.json index e7a88338a0f..aa67745f7a9 100644 --- a/packages/fim/data_stream/event/sample_event.json +++ b/packages/fim/data_stream/event/sample_event.json @@ -8,7 +8,7 @@ "version": "8.3.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "data_stream": { "dataset": "fim.event", diff --git a/packages/fim/docs/README.md b/packages/fim/docs/README.md index 77eabd595a0..1a240b5f702 100644 --- a/packages/fim/docs/README.md +++ b/packages/fim/docs/README.md @@ -34,7 +34,7 @@ An example event for `event` looks as following: "version": "8.3.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "data_stream": { "dataset": "fim.event", diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml index e4aabe8f247..31f240e2808 100644 --- a/packages/fim/manifest.yml +++ b/packages/fim/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fim title: "File Integrity Monitoring" -version: "1.4.3" +version: "1.5.0" license: basic release: ga description: "The File Integrity Monitoring integration reports filesystem changes in real time." From d575408181ce8e0458b29649a7980df1826066b4 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:33 +0530 Subject: [PATCH 041/137] [fireeye] - update ECS to 8.7.0 from 8.6.0 This updates the fireeye integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fireeye --- packages/fireeye/_dev/build/build.yml | 2 +- packages/fireeye/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-nx.log-expected.json | 16 ++++++++-------- .../nx/elasticsearch/ingest_pipeline/default.yml | 2 +- .../fireeye/data_stream/nx/sample_event.json | 2 +- packages/fireeye/docs/README.md | 2 +- packages/fireeye/manifest.yml | 2 +- 7 files changed, 18 insertions(+), 13 deletions(-) diff --git a/packages/fireeye/_dev/build/build.yml b/packages/fireeye/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/fireeye/_dev/build/build.yml +++ b/packages/fireeye/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index e4a0a073bc6..9f8c0625cff 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json index bd91f18bfca..a00bbf0d30e 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json @@ -10,7 +10,7 @@ "port": 10001 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -144,7 +144,7 @@ "port": 10001 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 5938 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -370,7 +370,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -485,7 +485,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -593,7 +593,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml index 532f9231d60..bf8adc16ef4 100644 --- a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing FireEye NX logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: "Fireeye" diff --git a/packages/fireeye/data_stream/nx/sample_event.json b/packages/fireeye/data_stream/nx/sample_event.json index 84ac3b84fcf..5f518bec86d 100644 --- a/packages/fireeye/data_stream/nx/sample_event.json +++ b/packages/fireeye/data_stream/nx/sample_event.json @@ -20,7 +20,7 @@ "port": 10001 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/docs/README.md b/packages/fireeye/docs/README.md index c691adf781b..c77ced94e26 100644 --- a/packages/fireeye/docs/README.md +++ b/packages/fireeye/docs/README.md @@ -194,7 +194,7 @@ An example event for `nx` looks as following: "port": 10001 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index 02cfdd98bca..194915b27e0 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "FireEye Network Security" -version: "1.9.1" +version: "1.10.0" license: basic description: Collect logs from FireEye NX with Elastic Agent. type: integration From 7bbb74952a487a0953a47e0e36ef99cbf3ba06d7 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:34 +0530 Subject: [PATCH 042/137] [forcepoint_web] - update ECS to 8.7.0 from 8.5.0 This updates the forcepoint_web integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/forcepoint_web --- packages/forcepoint_web/_dev/build/build.yml | 2 +- packages/forcepoint_web/changelog.yml | 5 +++++ .../test/pipeline/test-forcepoint-web.json-expected.json | 4 ++-- .../logs/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/forcepoint_web/data_stream/logs/sample_event.json | 2 +- packages/forcepoint_web/docs/README.md | 2 +- packages/forcepoint_web/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/forcepoint_web/_dev/build/build.yml b/packages/forcepoint_web/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/forcepoint_web/_dev/build/build.yml +++ b/packages/forcepoint_web/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/forcepoint_web/changelog.yml b/packages/forcepoint_web/changelog.yml index 92d2bfb6dc8..b45b3bc632a 100644 --- a/packages/forcepoint_web/changelog.yml +++ b/packages/forcepoint_web/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.0.1" changes: - description: Initial draft of the package diff --git a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json index 68c486e9414..e8bfcf7aeb4 100644 --- a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json +++ b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json @@ -23,7 +23,7 @@ "ip": "175.16.199.68" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -108,4 +108,4 @@ } } ] -} +} \ No newline at end of file diff --git a/packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index 46c28010b63..dd9e17f52c8 100644 --- a/packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -46,7 +46,7 @@ processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - rename: if: "ctx?.tags != null && ctx.tags.contains('preserve_original_event')" diff --git a/packages/forcepoint_web/data_stream/logs/sample_event.json b/packages/forcepoint_web/data_stream/logs/sample_event.json index b7c8c959c9c..6591279b24c 100644 --- a/packages/forcepoint_web/data_stream/logs/sample_event.json +++ b/packages/forcepoint_web/data_stream/logs/sample_event.json @@ -16,7 +16,7 @@ "ip": "3.24.198.68" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8cc7367b-4069-4535-8545-a477b8c273af", diff --git a/packages/forcepoint_web/docs/README.md b/packages/forcepoint_web/docs/README.md index 131b2d9198f..5e8b2fd4a0d 100644 --- a/packages/forcepoint_web/docs/README.md +++ b/packages/forcepoint_web/docs/README.md @@ -101,7 +101,7 @@ An example event for `logs` looks as following: "ip": "3.24.198.68" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8cc7367b-4069-4535-8545-a477b8c273af", diff --git a/packages/forcepoint_web/manifest.yml b/packages/forcepoint_web/manifest.yml index a9379b1875e..9d442743fab 100644 --- a/packages/forcepoint_web/manifest.yml +++ b/packages/forcepoint_web/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: forcepoint_web title: "Forcepoint Web Security" -version: 0.0.1 +version: "0.1.0" source: license: "Elastic-2.0" description: "Forcepoint Web Security" From c89d66288fd2915efcb8573847a47a6ddc22a8e3 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:36 +0530 Subject: [PATCH 043/137] [forgerock] - update ECS to 8.7.0 from 8.5.2 This updates the forgerock integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.2 and using 8.5.2 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/forgerock --- packages/forgerock/_dev/build/build.yml | 2 +- packages/forgerock/changelog.yml | 5 +++ .../pipeline/test-am-access.log-expected.json | 28 ++++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/am_access/sample_event.json | 2 +- .../test-am-activity.log-expected.json | 32 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/am_activity/sample_event.json | 2 +- .../test-am-authentication.log-expected.json | 14 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../am_authentication/sample_event.json | 2 +- .../pipeline/test-am-config.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/am_config/sample_event.json | 2 +- .../pipeline/test-am-core.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/am_core/sample_event.json | 2 +- .../test-idm-access.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/idm_access/sample_event.json | 2 +- .../test-idm-activity.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../idm_activity/sample_event.json | 2 +- .../test-idm-authentication.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../idm_authentication/sample_event.json | 2 +- .../test-idm-config.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/idm_config/sample_event.json | 2 +- .../pipeline/test-idm-core.log-expected.json | 14 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/idm_core/sample_event.json | 2 +- .../pipeline/test-idm-sync.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/idm_sync/sample_event.json | 2 +- packages/forgerock/docs/README.md | 22 ++++++------- packages/forgerock/manifest.yml | 2 +- 37 files changed, 112 insertions(+), 107 deletions(-) diff --git a/packages/forgerock/_dev/build/build.yml b/packages/forgerock/_dev/build/build.yml index f8f0055d29a..9da3f46d46b 100644 --- a/packages/forgerock/_dev/build/build.yml +++ b/packages/forgerock/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.2 + reference: git@8.7 diff --git a/packages/forgerock/changelog.yml b/packages/forgerock/changelog.yml index aee056560bb..59000c70a4e 100644 --- a/packages/forgerock/changelog.yml +++ b/packages/forgerock/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Initial draft of the package diff --git a/packages/forgerock/data_stream/am_access/_dev/test/pipeline/test-am-access.log-expected.json b/packages/forgerock/data_stream/am_access/_dev/test/pipeline/test-am-access.log-expected.json index 429dfae5265..f7495d69f92 100644 --- a/packages/forgerock/data_stream/am_access/_dev/test/pipeline/test-am-access.log-expected.json +++ b/packages/forgerock/data_stream/am_access/_dev/test/pipeline/test-am-access.log-expected.json @@ -6,7 +6,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -73,7 +73,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", @@ -156,7 +156,7 @@ "port": 88 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -217,7 +217,7 @@ "port": 88 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", @@ -295,7 +295,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -362,7 +362,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", @@ -445,7 +445,7 @@ "port": 88 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -505,7 +505,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -573,7 +573,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", @@ -651,7 +651,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -721,7 +721,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", @@ -804,7 +804,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -878,7 +878,7 @@ "port": 88 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -939,7 +939,7 @@ "port": 88 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-OUTCOME", diff --git a/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml index 784df78220e..139e1078d97 100644 --- a/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock am-access audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/am_access/sample_event.json b/packages/forgerock/data_stream/am_access/sample_event.json index bc948638d27..6d0f87ef2c1 100644 --- a/packages/forgerock/data_stream/am_access/sample_event.json +++ b/packages/forgerock/data_stream/am_access/sample_event.json @@ -4,7 +4,7 @@ "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", diff --git a/packages/forgerock/data_stream/am_activity/_dev/test/pipeline/test-am-activity.log-expected.json b/packages/forgerock/data_stream/am_activity/_dev/test/pipeline/test-am-activity.log-expected.json index 7fb36846799..aee5b671778 100644 --- a/packages/forgerock/data_stream/am_activity/_dev/test/pipeline/test-am-activity.log-expected.json +++ b/packages/forgerock/data_stream/am_activity/_dev/test/pipeline/test-am-activity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-05T20:55:59.966Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -39,7 +39,7 @@ { "@timestamp": "2022-10-05T21:26:00.043Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-IDLE_TIMED_OUT", @@ -72,7 +72,7 @@ { "@timestamp": "2022-10-05T22:29:20.069Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -108,7 +108,7 @@ { "@timestamp": "2022-10-05T23:21:42.553Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-IDENTITY-CHANGE", @@ -151,7 +151,7 @@ { "@timestamp": "2022-10-05T23:21:55.767Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-IDENTITY-CHANGE", @@ -200,7 +200,7 @@ { "@timestamp": "2022-10-05T23:21:55.776Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -236,7 +236,7 @@ { "@timestamp": "2022-10-05T23:33:01.037Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-IDLE_TIMED_OUT", @@ -269,7 +269,7 @@ { "@timestamp": "2022-10-05T23:54:17.025Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-IDLE_TIMED_OUT", @@ -302,7 +302,7 @@ { "@timestamp": "2022-10-06T15:45:21.439Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -338,7 +338,7 @@ { "@timestamp": "2022-10-06T16:15:21.580Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-IDLE_TIMED_OUT", @@ -371,7 +371,7 @@ { "@timestamp": "2022-10-06T17:03:08.826Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -407,7 +407,7 @@ { "@timestamp": "2022-10-06T17:19:53.832Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -443,7 +443,7 @@ { "@timestamp": "2022-10-06T17:33:04.980Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-IDENTITY-CHANGE", @@ -481,7 +481,7 @@ { "@timestamp": "2022-10-06T17:33:05.188Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -517,7 +517,7 @@ { "@timestamp": "2022-10-06T17:33:08.866Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-IDLE_TIMED_OUT", @@ -550,7 +550,7 @@ { "@timestamp": "2022-10-06T17:33:12.247Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-DESTROYED", diff --git a/packages/forgerock/data_stream/am_activity/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_activity/elasticsearch/ingest_pipeline/default.yml index 9c6be3f8857..917204367e5 100644 --- a/packages/forgerock/data_stream/am_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/am_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock am-activity audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/am_activity/sample_event.json b/packages/forgerock/data_stream/am_activity/sample_event.json index 053b02e0b3d..592525a8bea 100644 --- a/packages/forgerock/data_stream/am_activity/sample_event.json +++ b/packages/forgerock/data_stream/am_activity/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-10-05T20:55:59.966Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", diff --git a/packages/forgerock/data_stream/am_authentication/_dev/test/pipeline/test-am-authentication.log-expected.json b/packages/forgerock/data_stream/am_authentication/_dev/test/pipeline/test-am-authentication.log-expected.json index e9e1eeb86b4..eb227e6eb91 100644 --- a/packages/forgerock/data_stream/am_authentication/_dev/test/pipeline/test-am-authentication.log-expected.json +++ b/packages/forgerock/data_stream/am_authentication/_dev/test/pipeline/test-am-authentication.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", @@ -51,7 +51,7 @@ { "@timestamp": "2022-10-05T18:21:48.450Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-MODULE-COMPLETED", @@ -97,7 +97,7 @@ { "@timestamp": "2022-10-05T18:21:48.451Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", @@ -145,7 +145,7 @@ { "@timestamp": "2022-10-05T18:21:48.863Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-MODULE-COMPLETED", @@ -191,7 +191,7 @@ { "@timestamp": "2022-10-05T18:21:48.864Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", @@ -239,7 +239,7 @@ { "@timestamp": "2022-10-05T18:21:49.058Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-MODULE-COMPLETED", @@ -285,7 +285,7 @@ { "@timestamp": "2022-10-05T18:21:49.059Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", diff --git a/packages/forgerock/data_stream/am_authentication/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_authentication/elasticsearch/ingest_pipeline/default.yml index 45fc4b36f1b..51c6f71e258 100644 --- a/packages/forgerock/data_stream/am_authentication/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/am_authentication/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock am-authentication audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/am_authentication/sample_event.json b/packages/forgerock/data_stream/am_authentication/sample_event.json index cd27de51e5f..479994dd8d5 100644 --- a/packages/forgerock/data_stream/am_authentication/sample_event.json +++ b/packages/forgerock/data_stream/am_authentication/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", diff --git a/packages/forgerock/data_stream/am_config/_dev/test/pipeline/test-am-config.log-expected.json b/packages/forgerock/data_stream/am_config/_dev/test/pipeline/test-am-config.log-expected.json index 6b3b239308f..74956e10b85 100644 --- a/packages/forgerock/data_stream/am_config/_dev/test/pipeline/test-am-config.log-expected.json +++ b/packages/forgerock/data_stream/am_config/_dev/test/pipeline/test-am-config.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-09-20T14:40:10.664Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", @@ -37,7 +37,7 @@ { "@timestamp": "2022-09-20T18:21:24.739Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", @@ -74,7 +74,7 @@ { "@timestamp": "2022-09-20T18:21:24.980Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", @@ -111,7 +111,7 @@ { "@timestamp": "2022-09-20T18:21:28.753Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", diff --git a/packages/forgerock/data_stream/am_config/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_config/elasticsearch/ingest_pipeline/default.yml index 1a9c408c6b4..0e7034ba99f 100644 --- a/packages/forgerock/data_stream/am_config/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/am_config/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock am-confg audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/am_config/sample_event.json b/packages/forgerock/data_stream/am_config/sample_event.json index f9bd69bafbc..2c5acae9cfd 100644 --- a/packages/forgerock/data_stream/am_config/sample_event.json +++ b/packages/forgerock/data_stream/am_config/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-09-20T14:40:10.664Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", diff --git a/packages/forgerock/data_stream/am_core/_dev/test/pipeline/test-am-core.log-expected.json b/packages/forgerock/data_stream/am_core/_dev/test/pipeline/test-am-core.log-expected.json index ae367ee3ea8..66ddfc7107a 100644 --- a/packages/forgerock/data_stream/am_core/_dev/test/pipeline/test-am-core.log-expected.json +++ b/packages/forgerock/data_stream/am_core/_dev/test/pipeline/test-am-core.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-12-05T19:29:20.845Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Connection attempt failed: availableConnections=0, maxPoolSize=10" @@ -25,7 +25,7 @@ { "@timestamp": "2022-12-05T19:29:20.855Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Closing 1 idle pooled sockets: availableConnections=2, maxPoolSize=10" @@ -47,7 +47,7 @@ { "@timestamp": "2022-12-05T19:29:21.767Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "error": { "stack_trace": "java.io.IOException: Enclosing message doesn't have the application/x-www-form-urlencoded Content-Type header\n\tat org.forgerock.http.protocol.Entity.getFormAsync(Entity.java:363)\n\tat org.forgerock.http.protocol.Entity.getForm(Entity.java:343)\n\tat org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:46)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ResponseContext$ResponseContextFilter.filter(ResponseContext.java:53)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$static$1(OpenAMHttpApplication.java:60)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$cacheHeaderFilter$3(OpenAMHttpApplication.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:282)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:764)\n\tat org.forgerock.openam.http.OpenAMHttpFrameworkServlet.service(OpenAMHttpFrameworkServlet.java:47)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:764)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)\n\tat org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:63)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:63)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:106)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:64)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n" @@ -75,7 +75,7 @@ { "@timestamp": "2022-12-05T19:29:21.768Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Readiness health check invoked" @@ -100,7 +100,7 @@ { "@timestamp": "2022-12-05T19:29:22.365Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "error": { "stack_trace": "java.io.IOException: Enclosing message doesn't have the application/x-www-form-urlencoded Content-Type header\n\tat org.forgerock.http.protocol.Entity.getFormAsync(Entity.java:363)\n\tat org.forgerock.http.protocol.Entity.getForm(Entity.java:343)\n\tat org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:46)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ResponseContext$ResponseContextFilter.filter(ResponseContext.java:53)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$static$1(OpenAMHttpApplication.java:60)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$cacheHeaderFilter$3(OpenAMHttpApplication.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:282)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:764)\n\tat org.forgerock.openam.http.OpenAMHttpFrameworkServlet.service(OpenAMHttpFrameworkServlet.java:47)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:764)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)\n\tat org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:63)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:63)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:106)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:64)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n" diff --git a/packages/forgerock/data_stream/am_core/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_core/elasticsearch/ingest_pipeline/default.yml index c5270d4c0bf..75339a60f99 100644 --- a/packages/forgerock/data_stream/am_core/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/am_core/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock am-core debug logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/am_core/sample_event.json b/packages/forgerock/data_stream/am_core/sample_event.json index 9db8e4e383f..1b9e0db312d 100644 --- a/packages/forgerock/data_stream/am_core/sample_event.json +++ b/packages/forgerock/data_stream/am_core/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-12-05T19:29:20.845Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Connection attempt failed: availableConnections=0, maxPoolSize=10" diff --git a/packages/forgerock/data_stream/idm_access/_dev/test/pipeline/test-idm-access.log-expected.json b/packages/forgerock/data_stream/idm_access/_dev/test/pipeline/test-idm-access.log-expected.json index 06f26d4c73f..e5db47e7c64 100644 --- a/packages/forgerock/data_stream/idm_access/_dev/test/pipeline/test-idm-access.log-expected.json +++ b/packages/forgerock/data_stream/idm_access/_dev/test/pipeline/test-idm-access.log-expected.json @@ -7,7 +7,7 @@ "port": 56278 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, @@ -72,7 +72,7 @@ "port": 56286 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, @@ -137,7 +137,7 @@ "port": 44310 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, @@ -202,7 +202,7 @@ "port": 59132 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, diff --git a/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml index 0a4f6bd713e..2cf8f1703b3 100644 --- a/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-access audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_access/sample_event.json b/packages/forgerock/data_stream/idm_access/sample_event.json index f72cab1ca7d..1e67c88261b 100644 --- a/packages/forgerock/data_stream/idm_access/sample_event.json +++ b/packages/forgerock/data_stream/idm_access/sample_event.json @@ -5,7 +5,7 @@ "port": 56278 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, diff --git a/packages/forgerock/data_stream/idm_activity/_dev/test/pipeline/test-idm-activity.log-expected.json b/packages/forgerock/data_stream/idm_activity/_dev/test/pipeline/test-idm-activity.log-expected.json index cc4f037a5e3..bff1c85b26f 100644 --- a/packages/forgerock/data_stream/idm_activity/_dev/test/pipeline/test-idm-activity.log-expected.json +++ b/packages/forgerock/data_stream/idm_activity/_dev/test/pipeline/test-idm-activity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-01T17:55:08.523Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-259113", @@ -35,7 +35,7 @@ { "@timestamp": "2022-11-01T18:02:39.806Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-268903", @@ -68,7 +68,7 @@ { "@timestamp": "2022-11-01T18:02:39.882Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-268906", @@ -101,7 +101,7 @@ { "@timestamp": "2022-11-01T18:07:23.147Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-276027", @@ -133,7 +133,7 @@ { "@timestamp": "2022-11-01T18:07:23.407Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-276057", @@ -165,7 +165,7 @@ { "@timestamp": "2022-11-01T18:07:23.367Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-276055", diff --git a/packages/forgerock/data_stream/idm_activity/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_activity/elasticsearch/ingest_pipeline/default.yml index 46b02ac06a4..c4d13343b7e 100644 --- a/packages/forgerock/data_stream/idm_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-activity audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_activity/sample_event.json b/packages/forgerock/data_stream/idm_activity/sample_event.json index d9abf46872b..489d6257f91 100644 --- a/packages/forgerock/data_stream/idm_activity/sample_event.json +++ b/packages/forgerock/data_stream/idm_activity/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-11-01T17:55:08.523Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-259113", diff --git a/packages/forgerock/data_stream/idm_authentication/_dev/test/pipeline/test-idm-authentication.log-expected.json b/packages/forgerock/data_stream/idm_authentication/_dev/test/pipeline/test-idm-authentication.log-expected.json index fd7a895fff2..32217001172 100644 --- a/packages/forgerock/data_stream/idm_authentication/_dev/test/pipeline/test-idm-authentication.log-expected.json +++ b/packages/forgerock/data_stream/idm_authentication/_dev/test/pipeline/test-idm-authentication.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "authentication", diff --git a/packages/forgerock/data_stream/idm_authentication/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_authentication/elasticsearch/ingest_pipeline/default.yml index a1c13a622fc..d692a12b287 100644 --- a/packages/forgerock/data_stream/idm_authentication/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_authentication/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-authentication audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_authentication/sample_event.json b/packages/forgerock/data_stream/idm_authentication/sample_event.json index 4d61c8e2184..e760753ae0e 100644 --- a/packages/forgerock/data_stream/idm_authentication/sample_event.json +++ b/packages/forgerock/data_stream/idm_authentication/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "authentication", diff --git a/packages/forgerock/data_stream/idm_config/_dev/test/pipeline/test-idm-config.log-expected.json b/packages/forgerock/data_stream/idm_config/_dev/test/pipeline/test-idm-config.log-expected.json index 1a39f9b6458..9ed4015f1bc 100644 --- a/packages/forgerock/data_stream/idm_config/_dev/test/pipeline/test-idm-config.log-expected.json +++ b/packages/forgerock/data_stream/idm_config/_dev/test/pipeline/test-idm-config.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-19T16:12:12.549Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "configuration", @@ -35,7 +35,7 @@ { "@timestamp": "2022-10-19T16:12:55.668Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "configuration", @@ -67,7 +67,7 @@ { "@timestamp": "2022-10-19T16:13:04.862Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "configuration", diff --git a/packages/forgerock/data_stream/idm_config/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_config/elasticsearch/ingest_pipeline/default.yml index e9ca9f08e55..c09d8153389 100644 --- a/packages/forgerock/data_stream/idm_config/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_config/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-config audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_config/sample_event.json b/packages/forgerock/data_stream/idm_config/sample_event.json index 331902b2b49..246a5f57fbe 100644 --- a/packages/forgerock/data_stream/idm_config/sample_event.json +++ b/packages/forgerock/data_stream/idm_config/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-10-19T16:12:12.549Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "configuration", diff --git a/packages/forgerock/data_stream/idm_core/_dev/test/pipeline/test-idm-core.log-expected.json b/packages/forgerock/data_stream/idm_core/_dev/test/pipeline/test-idm-core.log-expected.json index 0c860fbb09b..f61b474d6a0 100644 --- a/packages/forgerock/data_stream/idm_core/_dev/test/pipeline/test-idm-core.log-expected.json +++ b/packages/forgerock/data_stream/idm_core/_dev/test/pipeline/test-idm-core.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" @@ -15,7 +15,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "FINE: Read name=user id=anonymous" @@ -27,7 +27,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" @@ -39,7 +39,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "FINE: Read name=user id=anonymous" @@ -51,7 +51,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" @@ -63,7 +63,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "FINE: Read name=user id=anonymous" @@ -75,7 +75,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" diff --git a/packages/forgerock/data_stream/idm_core/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_core/elasticsearch/ingest_pipeline/default.yml index 7208b696ee2..546d0b231e4 100644 --- a/packages/forgerock/data_stream/idm_core/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_core/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-core debug logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_core/sample_event.json b/packages/forgerock/data_stream/idm_core/sample_event.json index 6b456aa892f..8c41af9f5ce 100644 --- a/packages/forgerock/data_stream/idm_core/sample_event.json +++ b/packages/forgerock/data_stream/idm_core/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" diff --git a/packages/forgerock/data_stream/idm_sync/_dev/test/pipeline/test-idm-sync.log-expected.json b/packages/forgerock/data_stream/idm_sync/_dev/test/pipeline/test-idm-sync.log-expected.json index cbdc7a83154..4524dbfa760 100644 --- a/packages/forgerock/data_stream/idm_sync/_dev/test/pipeline/test-idm-sync.log-expected.json +++ b/packages/forgerock/data_stream/idm_sync/_dev/test/pipeline/test-idm-sync.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-19T16:09:17.900Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130280", @@ -33,7 +33,7 @@ { "@timestamp": "2022-10-19T16:09:18.157Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130294", @@ -63,7 +63,7 @@ { "@timestamp": "2022-10-19T16:09:18.210Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130298", @@ -94,7 +94,7 @@ { "@timestamp": "2022-10-19T16:09:18.289Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130301", @@ -124,7 +124,7 @@ { "@timestamp": "2022-10-19T16:09:18.432Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130303", diff --git a/packages/forgerock/data_stream/idm_sync/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_sync/elasticsearch/ingest_pipeline/default.yml index 129d49b6a6f..ac1469e6561 100644 --- a/packages/forgerock/data_stream/idm_sync/elasticsearch/ingest_pipeline/default.yml +++ b/packages/forgerock/data_stream/idm_sync/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for ForgeRock idm-sync audit logs processors: - set: field: ecs.version - value: '8.5.2' + value: '8.7.0' - set: field: observer.vendor value: ForgeRock Identity Platform diff --git a/packages/forgerock/data_stream/idm_sync/sample_event.json b/packages/forgerock/data_stream/idm_sync/sample_event.json index e0e416f3580..19b07b981c7 100644 --- a/packages/forgerock/data_stream/idm_sync/sample_event.json +++ b/packages/forgerock/data_stream/idm_sync/sample_event.json @@ -1,7 +1,7 @@ { "@timestamp": "2022-10-19T16:09:17.900Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130280", diff --git a/packages/forgerock/docs/README.md b/packages/forgerock/docs/README.md index 456a71e7efc..3e95d1e6d0c 100644 --- a/packages/forgerock/docs/README.md +++ b/packages/forgerock/docs/README.md @@ -21,7 +21,7 @@ An example event for `am_access` looks as following: "ip": "1.128.0.0" }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-ACCESS-ATTEMPT", @@ -165,7 +165,7 @@ An example event for `am_activity` looks as following: { "@timestamp": "2022-10-05T20:55:59.966Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-SESSION-CREATED", @@ -245,7 +245,7 @@ An example event for `am_authentication` looks as following: { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-LOGIN-COMPLETED", @@ -331,7 +331,7 @@ An example event for `am_config` looks as following: { "@timestamp": "2022-09-20T14:40:10.664Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "action": "AM-CONFIG-CHANGE", @@ -405,7 +405,7 @@ An example event for `am_core` looks as following: { "@timestamp": "2022-12-05T19:29:20.845Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Connection attempt failed: availableConnections=0, maxPoolSize=10" @@ -465,7 +465,7 @@ An example event for `idm_access` looks as following: "port": 56278 }, "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "duration": 2000000, @@ -571,7 +571,7 @@ An example event for `idm_activity` looks as following: { "@timestamp": "2022-11-01T17:55:08.523Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-259113", @@ -641,7 +641,7 @@ An example event for `idm_authentication` looks as following: { "@timestamp": "2022-10-05T18:21:48.253Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "authentication", @@ -721,7 +721,7 @@ An example event for `idm_config` looks as following: { "@timestamp": "2022-10-19T16:12:12.549Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "category": "configuration", @@ -788,7 +788,7 @@ An example event for `idm_core` looks as following: { "@timestamp": "2022-12-05T20:01:34.448Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance" @@ -825,7 +825,7 @@ An example event for `idm_sync` looks as following: { "@timestamp": "2022-10-19T16:09:17.900Z", "ecs": { - "version": "8.5.2" + "version": "8.7.0" }, "event": { "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130280", diff --git a/packages/forgerock/manifest.yml b/packages/forgerock/manifest.yml index 56d7555c8b2..236fd86c5d7 100644 --- a/packages/forgerock/manifest.yml +++ b/packages/forgerock/manifest.yml @@ -1,6 +1,6 @@ name: forgerock title: "ForgeRock" -version: 1.0.0 +version: "1.1.0" release: ga license: basic description: Collect audit logs from ForgeRock with Elastic Agent. From 6fb9306171977d5d39df17e8b8bb9410df1f914e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:37 +0530 Subject: [PATCH 044/137] [fortinet_forticlient] - update ECS to 8.7.0 from 8.6.0 This updates the fortinet_forticlient integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fortinet_forticlient --- .../fortinet_forticlient/_dev/build/build.yml | 2 +- packages/fortinet_forticlient/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/fortinet_forticlient/docs/README.md | 4 +- packages/fortinet_forticlient/manifest.yml | 2 +- 7 files changed, 111 insertions(+), 106 deletions(-) diff --git a/packages/fortinet_forticlient/_dev/build/build.yml b/packages/fortinet_forticlient/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/fortinet_forticlient/_dev/build/build.yml +++ b/packages/fortinet_forticlient/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/fortinet_forticlient/changelog.yml b/packages/fortinet_forticlient/changelog.yml index 63c5c835550..b0fafe76dbb 100644 --- a/packages/fortinet_forticlient/changelog.yml +++ b/packages/fortinet_forticlient/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 409ef591adb..db5955d08bb 100644 --- a/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 29 06:09:59 boNemoe4402.www.invalid proto=udp service=http status=deny src=10.150.92.220 dst=10.102.123.34 src_port=7178 dst_port=3994 server_app=reeufugi pid=7880 app_name=enderitq traff_direct=external block_count=5286 logon_user=sumdo@litesse6379.api.domain msg=failure", "observer": { @@ -16,7 +16,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 12 13:12:33 olupt4880.api.home proto=icmp service=https status=deny src=10.33.212.159 dst=10.149.203.46 src_port=2789 dst_port=5861 server_app=vol pid=4539 app_name=uidolor traff_direct=internal block_count=4402 logon_user=mipsumq@gnaali6189.internal.localhost msg=unknown", "observer": { @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 26 20:15:08 aqu1628.internal.domain proto=ipv6-icmp service=smtp status=deny src=10.173.116.41 dst=10.118.175.9 src_port=3710 dst_port=2802 server_app=aer pid=445 app_name=nse traff_direct=unknown block_count=7019 logon_user=uame@quis1130.internal.corp msg=success", "observer": { @@ -44,7 +44,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 12 03:17:42 tinculp2940.internal.local proto=ggp service=https status=deny src=10.134.137.177 dst=10.202.204.154 src_port=7868 dst_port=3587 server_app=amco pid=5712 app_name=psumquia traff_direct=unknown block_count=2458 logon_user=orsitame@reprehe189.internal.home msg=success", "observer": { @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 26 10:20:16 rad2103.api.domain proto=ipv6-icmp service=pop3 status=deny src=10.245.142.250 dst=10.70.0.60 src_port=5408 dst_port=4982 server_app=estqui pid=6557 app_name=magn traff_direct=inbound block_count=2638 logon_user=eos@enimad2283.internal.domain msg=failure", "observer": { @@ -72,7 +72,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 9 17:22:51 enim5316.www5.local proto=ipv6-icmp service=smtp status=deny src=10.202.72.124 dst=10.200.188.142 src_port=4665 dst_port=7143 server_app=omnis pid=2061 app_name=eip traff_direct=external block_count=513 logon_user=iusmodt@doloreeu3553.www5.home msg=unknown", "observer": { @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 24 00:25:25 reetdolo2770.www5.local proto=tcp service=pop3 status=deny src=10.12.44.169 dst=10.214.225.125 src_port=5710 dst_port=2121 server_app=inBCSedu pid=5722 app_name=tanimi traff_direct=outbound block_count=6071 logon_user=erep@iutal13.api.localdomain msg=failure", "observer": { @@ -100,7 +100,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 8 07:27:59 isiu1114.internal.corp proto=icmp service=http status=deny src=10.66.108.11 dst=10.198.136.50 src_port=6875 dst_port=2089 server_app=ipis pid=5037 app_name=ari traff_direct=unknown block_count=3856 logon_user=uptatev@uovol492.www.localhost msg=unknown", "observer": { @@ -114,7 +114,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 22 14:30:33 usmodte1296.www.corp proto=igmp service=ms-wbt-server status=deny src=10.178.244.31 dst=10.69.20.77 src_port=3857 dst_port=7579 server_app=nonnu pid=776 app_name=riat traff_direct=unknown block_count=5575 logon_user=umdolor@osquir6997.corp msg=failure", "observer": { @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 5 21:33:08 tatno4987.www5.localhost proto=ggp service=pop3 status=deny src=10.54.231.100 dst=10.203.5.162 src_port=5616 dst_port=7290 server_app=iam pid=6096 app_name=ciati traff_direct=unknown block_count=3162 logon_user=umdolore@eniam7007.api.invalid msg=success", "observer": { @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 20 04:35:42 tatno6787.internal.localhost proto=icmp service=pop3 status=deny src=10.65.83.160 dst=10.136.252.240 src_port=3592 dst_port=4105 server_app=uradi pid=7307 app_name=essequ traff_direct=outbound block_count=7148 logon_user=ender@snulapar3794.api.domain msg=failure", "observer": { @@ -156,7 +156,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 4 11:38:16 essecill2595.mail.local proto=ggp service=http status=deny src=10.57.40.29 dst=10.210.213.18 src_port=7616 dst_port=3970 server_app=atuse pid=2703 app_name=uis traff_direct=internal block_count=6179 logon_user=onse@liq5883.localdomain msg=unknown", "observer": { @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 18 18:40:50 ali6446.localhost proto=udp service=smtp status=deny src=10.144.82.69 dst=10.200.156.102 src_port=2896 dst_port=6061 server_app=rporis pid=5166 app_name=par traff_direct=outbound block_count=7041 logon_user=rveli@rsint7026.test msg=success", "observer": { @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2 01:43:25 torev7118.internal.domain proto=ipv6 service=smtp status=deny src=10.109.232.112 dst=10.72.58.135 src_port=5160 dst_port=2382 server_app=fugit pid=7668 app_name=rsitamet traff_direct=internal block_count=1112 logon_user=xea@qua2945.www.local msg=failure", "observer": { @@ -198,7 +198,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 16 08:45:59 dolore6103.www5.example proto=udp service=http status=deny src=10.38.22.45 dst=10.72.29.73 src_port=1493 dst_port=203 server_app=piscing pid=1044 app_name=entsu traff_direct=unknown block_count=4979 logon_user=onproide@luptat6494.www.example msg=failure", "observer": { @@ -212,7 +212,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 30 15:48:33 errorsi6996.www.domain proto=tcp service=smtp status=deny src=10.70.95.74 dst=10.76.72.111 src_port=6119 dst_port=7388 server_app=emaperi pid=7183 app_name=sumquiad traff_direct=internal block_count=2362 logon_user=ivelits@moenimi6317.internal.invalid msg=failure", "observer": { @@ -226,7 +226,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 13 22:51:07 lumquido5839.api.corp proto=ipv6 service=https status=deny src=10.19.201.13 dst=10.73.69.75 src_port=5006 dst_port=6218 server_app=nsec pid=6907 app_name=estqu traff_direct=unknown block_count=2655 logon_user=tat@tion1761.home msg=unknown", "observer": { @@ -240,7 +240,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 28 05:53:42 aperia4409.www5.invalid proto=rdp service=ms-wbt-server status=deny src=10.78.151.178 dst=10.84.105.75 src_port=1846 dst_port=98 server_app=uames pid=499 app_name=msequi traff_direct=external block_count=4085 logon_user=iquaUten@santium4235.api.local msg=unknown", "observer": { @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 12 12:56:16 tem2496.api.lan proto=rdp service=ms-wbt-server status=deny src=10.135.233.146 dst=10.25.192.202 src_port=4181 dst_port=6462 server_app=ents pid=1531 app_name=Loremip traff_direct=internal block_count=4610 logon_user=emeumfu@CSed2857.www5.example msg=failure", "observer": { @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 26 19:58:50 eme6710.mail.invalid proto=rdp service=https status=deny src=10.121.219.204 dst=10.104.134.200 src_port=3611 dst_port=2508 server_app=reetd pid=6051 app_name=quae traff_direct=outbound block_count=7084 logon_user=uptat@equep5085.mail.domain msg=failure", "observer": { @@ -282,7 +282,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 10 03:01:24 ihilm1669.mail.invalid proto=tcp service=https status=deny src=10.191.105.82 dst=10.225.160.182 src_port=3361 dst_port=4810 server_app=uovolup pid=6994 app_name=llu traff_direct=external block_count=3936 logon_user=eirure@conseq557.mail.lan msg=unknown", "observer": { @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 24 10:03:59 umexerci1284.internal.localdomain proto=rdp service=smtp status=deny src=10.141.44.153 dst=10.161.57.8 src_port=3750 dst_port=2716 server_app=oei pid=5200 app_name=snostrud traff_direct=inbound block_count=3333 logon_user=quisnos@ite2026.www.invalid msg=failure", "observer": { @@ -310,7 +310,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 8 17:06:33 adol485.example proto=udp service=https status=deny src=10.153.111.103 dst=10.6.167.7 src_port=4977 dst_port=2022 server_app=taevit pid=3365 app_name=nsecte traff_direct=internal block_count=7424 logon_user=eumfug@lit5929.test msg=success", "observer": { @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 23 00:09:07 evita5008.www.localdomain proto=ggp service=pop3 status=deny src=10.248.204.182 dst=10.134.148.219 src_port=1331 dst_port=4430 server_app=tmo pid=1835 app_name=abi traff_direct=inbound block_count=4168 logon_user=uioffi@oru6938.invalid msg=success", "observer": { @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 6 07:11:41 tsedqu2456.www5.invalid proto=ipv6 service=smtp status=deny src=10.178.77.231 dst=10.163.5.243 src_port=5294 dst_port=4129 server_app=xerc pid=2019 app_name=hitecto traff_direct=unknown block_count=1123 logon_user=liquide@etdol5473.local msg=success", "observer": { @@ -352,7 +352,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 20 14:14:16 ris3314.mail.invalid proto=ggp service=smtp status=deny src=10.177.194.18 dst=10.221.89.228 src_port=766 dst_port=2447 server_app=uamei pid=2493 app_name=aera traff_direct=outbound block_count=1747 logon_user=aliquam@nimid893.mail.corp msg=success", "observer": { @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 3 21:16:50 reme622.mail.example proto=icmp service=ms-wbt-server status=deny src=10.241.65.49 dst=10.32.239.1 src_port=3027 dst_port=3128 server_app=dictasu pid=3022 app_name=catc traff_direct=unknown block_count=3522 logon_user=idata@rumwritt6003.host msg=failure", "observer": { @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 18 04:19:24 non3341.mail.invalid proto=ggp service=http status=deny src=10.168.90.81 dst=10.101.57.120 src_port=6866 dst_port=6501 server_app=laboree pid=2328 app_name=intocc traff_direct=internal block_count=5516 logon_user=eporr@xeacomm6855.api.corp msg=success", "observer": { @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 4 11:21:59 ris727.api.local proto=tcp service=ms-wbt-server status=deny src=10.14.211.43 dst=10.130.14.60 src_port=4456 dst_port=2051 server_app=autfu pid=1156 app_name=tessec traff_direct=external block_count=7200 logon_user=litse@icabo4125.mail.domain msg=unknown", "observer": { @@ -408,7 +408,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 18 18:24:33 stquido5705.api.host proto=icmp service=http status=deny src=10.60.129.15 dst=10.248.101.25 src_port=106 dst_port=5740 server_app=Nequepo pid=6003 app_name=pora traff_direct=unknown block_count=6437 logon_user=evolup@ionofdeF5643.www.localhost msg=success", "observer": { @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2 01:27:07 etcons7378.api.lan proto=tcp service=https status=deny src=10.72.93.28 dst=10.111.187.12 src_port=3577 dst_port=3994 server_app=aper pid=5651 app_name=tur traff_direct=inbound block_count=3427 logon_user=niamqui@orem6702.invalid msg=failure", "observer": { @@ -436,7 +436,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 16 08:29:41 vita2681.www5.local proto=icmp service=ms-wbt-server status=deny src=10.27.14.168 dst=10.66.2.232 src_port=2224 dst_port=5764 server_app=fugiatn pid=3470 app_name=ipsumd traff_direct=outbound block_count=6708 logon_user=uirati@oin6780.mail.domain msg=unknown", "observer": { @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 30 15:32:16 tnulapa7592.www.local proto=ggp service=ms-wbt-server status=deny src=10.75.99.127 dst=10.195.2.130 src_port=1766 dst_port=202 server_app=mporin pid=6932 app_name=nisiuta traff_direct=internal block_count=3828 logon_user=inibusB@eprehen3224.www5.localdomain msg=failure", "observer": { @@ -464,7 +464,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 14 22:34:50 lup2134.www.localhost proto=ipv6 service=pop3 status=deny src=10.201.238.90 dst=10.245.104.182 src_port=3759 dst_port=55 server_app=ccaecat pid=6945 app_name=onsequ traff_direct=outbound block_count=4198 logon_user=ovol@ptasn6599.www.localhost msg=success", "observer": { @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 29 05:37:24 tanimid3337.mail.corp proto=ipv6-icmp service=http status=deny src=10.217.150.196 dst=10.105.91.31 src_port=2056 dst_port=5987 server_app=loreme pid=853 app_name=psumquia traff_direct=external block_count=4444 logon_user=con@nisist2752.home msg=unknown", "observer": { @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 12 12:39:58 eumiu765.api.lan proto=ipv6-icmp service=https status=deny src=10.4.157.1 dst=10.184.18.202 src_port=52 dst_port=205 server_app=ofdeFini pid=4153 app_name=molli traff_direct=outbound block_count=725 logon_user=oditem@gitsedqu2649.mail.lan msg=unknown", "observer": { @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 26 19:42:33 mquelau5326.mail.lan proto=icmp service=https status=deny src=10.255.39.252 dst=10.113.95.59 src_port=863 dst_port=4367 server_app=fugitsed pid=1693 app_name=idolo traff_direct=internal block_count=3147 logon_user=persp@entsunt3962.www.example msg=success", "observer": { @@ -520,7 +520,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 11 02:45:07 idestlab2631.www.lan proto=tcp service=http status=deny src=10.27.16.118 dst=10.83.177.2 src_port=18 dst_port=1827 server_app=iat pid=337 app_name=rinre traff_direct=internal block_count=1300 logon_user=borios@tut2703.www.host msg=success", "observer": { @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 25 09:47:41 inesci6789.test proto=udp service=http status=deny src=10.38.54.72 dst=10.167.227.44 src_port=6595 dst_port=5736 server_app=lillum pid=7041 app_name=its traff_direct=outbound block_count=7644 logon_user=riamea@entorev160.test msg=failure", "observer": { @@ -548,7 +548,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 8 16:50:15 ccaeca7077.internal.corp proto=tcp service=http status=deny src=10.216.54.184 dst=10.215.205.216 src_port=1495 dst_port=647 server_app=riat pid=3854 app_name=psaquaea traff_direct=external block_count=7536 logon_user=ameiusm@proide3714.mail.localdomain msg=unknown", "observer": { @@ -562,7 +562,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 22 23:52:50 ima2031.api.corp proto=igmp service=smtp status=deny src=10.9.12.248 dst=10.9.18.237 src_port=765 dst_port=2486 server_app=tpersp pid=55 app_name=seosqui traff_direct=internal block_count=6379 logon_user=uradi@tot5313.mail.invalid msg=success", "observer": { @@ -576,7 +576,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 6 06:55:24 ian867.internal.corp proto=rdp service=https status=deny src=10.83.130.226 dst=10.41.123.102 src_port=1542 dst_port=2300 server_app=odoconse pid=228 app_name=quatu traff_direct=external block_count=7661 logon_user=tenim@rumet3801.internal.domain msg=unknown", "observer": { @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 20 13:57:58 lorin4249.corp proto=tcp service=pop3 status=deny src=10.175.112.197 dst=10.80.152.108 src_port=1749 dst_port=2742 server_app=exeacom pid=4253 app_name=rita traff_direct=outbound block_count=6984 logon_user=tametcon@liqua2834.www5.lan msg=failure", "observer": { @@ -604,7 +604,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 4 21:00:32 gnaaliqu3935.api.test proto=udp service=smtp status=deny src=10.134.18.114 dst=10.142.25.100 src_port=2761 dst_port=5770 server_app=mdol pid=2200 app_name=nby traff_direct=internal block_count=624 logon_user=osqui@sequat7273.api.host msg=failure", "observer": { @@ -618,7 +618,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 19 04:03:07 nsequat1859.internal.localhost proto=udp service=http status=deny src=10.28.118.160 dst=10.223.119.218 src_port=6247 dst_port=300 server_app=umexerc pid=5717 app_name=intocc traff_direct=internal block_count=4387 logon_user=ntsunt@uidol4575.localhost msg=failure", "observer": { @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2 11:05:41 ritin2495.api.corp proto=ggp service=https status=deny src=10.110.114.175 dst=10.47.28.48 src_port=4986 dst_port=3032 server_app=tatem pid=4469 app_name=luptat traff_direct=unknown block_count=4488 logon_user=plicab@oremq2000.api.corp msg=unknown", "observer": { @@ -646,7 +646,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 16 18:08:15 tetur2694.mail.local proto=ggp service=pop3 status=deny src=10.40.251.202 dst=10.90.33.138 src_port=5733 dst_port=7876 server_app=enimadmi pid=5524 app_name=lupta traff_direct=external block_count=6847 logon_user=nvolupt@oremi1485.api.localhost msg=success", "observer": { @@ -660,7 +660,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 1 01:10:49 rem7043.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.65.2.106 dst=10.227.173.252 src_port=5410 dst_port=5337 server_app=nisiut pid=3624 app_name=teturad traff_direct=external block_count=7576 logon_user=itation@sequatD5469.www5.lan msg=unknown", "observer": { @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 15 08:13:24 emqu2846.internal.home proto=udp service=https status=deny src=10.193.233.229 dst=10.28.84.106 src_port=2859 dst_port=4844 server_app=eaqu pid=1609 app_name=uptatemU traff_direct=inbound block_count=3096 logon_user=tla@item2738.test msg=success", "observer": { @@ -688,7 +688,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 29 15:15:58 dqu6144.api.localhost proto=ggp service=ms-wbt-server status=deny src=10.150.245.88 dst=10.210.89.183 src_port=3642 dst_port=2589 server_app=ulpa pid=6248 app_name=iusmodte traff_direct=external block_count=2700 logon_user=sequa@iosamnis1047.internal.localdomain msg=success", "observer": { @@ -702,7 +702,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 12 22:18:32 giatquov1918.internal.example proto=udp service=ms-wbt-server status=deny src=10.180.195.43 dst=10.85.185.13 src_port=4540 dst_port=7793 server_app=gnaal pid=7224 app_name=proident traff_direct=outbound block_count=1867 logon_user=voluptas@orroq6677.internal.example msg=failure", "observer": { @@ -716,7 +716,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 27 05:21:06 estl5804.internal.local proto=udp service=ms-wbt-server status=deny src=10.207.211.230 dst=10.210.28.247 src_port=3449 dst_port=7257 server_app=ssecil pid=430 app_name=iuntNe traff_direct=unknown block_count=7672 logon_user=tate@onevo4326.internal.local msg=failure", "observer": { @@ -730,7 +730,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 10 12:23:41 Sedut1775.www.domain proto=rdp service=ms-wbt-server status=deny src=10.86.11.48 dst=10.248.165.185 src_port=3436 dst_port=5460 server_app=olorsi pid=3589 app_name=exeaco traff_direct=external block_count=4801 logon_user=dquiac@itaedict7233.mail.localdomain msg=unknown", "observer": { @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 24 19:26:15 mac7484.www5.test proto=ipv6-icmp service=http status=deny src=10.118.6.177 dst=10.47.125.38 src_port=6977 dst_port=3896 server_app=isn pid=4814 app_name=omm traff_direct=outbound block_count=1844 logon_user=quunt@numquam5869.internal.example msg=unknown", "observer": { @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 11 02:28:49 oin1140.mail.localhost proto=icmp service=pop3 status=deny src=10.50.233.155 dst=10.60.142.127 src_port=1081 dst_port=5112 server_app=urExce pid=276 app_name=nturm traff_direct=outbound block_count=2241 logon_user=atv@onu6137.api.home msg=success", "observer": { @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 25 09:31:24 naaliq3710.api.local proto=rdp service=http status=deny src=10.28.82.189 dst=10.120.10.211 src_port=3916 dst_port=7661 server_app=odt pid=2452 app_name=inv traff_direct=internal block_count=7705 logon_user=rcit@aecatcup2241.www5.test msg=failure", "observer": { @@ -786,7 +786,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 8 16:33:58 volupta3552.internal.localhost proto=ipv6 service=pop3 status=deny src=10.31.237.225 dst=10.6.38.163 src_port=6153 dst_port=4059 server_app=oreveri pid=3453 app_name=avolu traff_direct=inbound block_count=2820 logon_user=olup@labor6360.mail.local msg=failure", "observer": { @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 22 23:36:32 onse380.internal.localdomain proto=ggp service=https status=deny src=10.226.5.189 dst=10.125.165.144 src_port=3371 dst_port=7889 server_app=dexerc pid=2302 app_name=tatem traff_direct=inbound block_count=5407 logon_user=mvolu@mveleum4322.www5.host msg=success", "observer": { @@ -814,7 +814,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 7 06:39:06 queips4947.mail.example proto=udp service=smtp status=deny src=10.97.149.97 dst=10.46.56.204 src_port=2463 dst_port=5070 server_app=uela pid=7079 app_name=umf traff_direct=unknown block_count=2441 logon_user=dolorsit@archite1843.mail.home msg=unknown", "observer": { @@ -828,7 +828,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 21 13:41:41 oloreseo5039.test proto=ggp service=https status=deny src=10.218.0.197 dst=10.28.105.124 src_port=7581 dst_port=4797 server_app=eritin pid=5773 app_name=litsedq traff_direct=outbound block_count=5749 logon_user=ntNe@itanim4024.api.example msg=success", "observer": { @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 4 20:44:15 minim459.mail.local proto=rdp service=https status=deny src=10.123.199.198 dst=10.17.87.79 src_port=6332 dst_port=3414 server_app=tionula pid=1586 app_name=ate traff_direct=outbound block_count=5006 logon_user=ratvolu@nreprehe715.api.home msg=unknown", "observer": { @@ -856,7 +856,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 19 03:46:49 eratv211.api.host proto=rdp service=https status=deny src=10.38.86.177 dst=10.115.68.40 src_port=5768 dst_port=5483 server_app=boNem pid=5137 app_name=ssusci traff_direct=internal block_count=2841 logon_user=mpo@unte893.internal.host msg=success", "observer": { @@ -870,7 +870,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 3 10:49:23 aparia1179.www.localdomain proto=tcp service=https status=deny src=10.193.118.163 dst=10.115.174.107 src_port=548 dst_port=5597 server_app=acom pid=5704 app_name=dolorem traff_direct=internal block_count=10 logon_user=exeacomm@aspe951.mail.domain msg=success", "observer": { @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 17 17:51:58 iatqu6203.mail.corp proto=icmp service=http status=deny src=10.37.128.49 dst=10.77.77.208 src_port=625 dst_port=1101 server_app=esci pid=2310 app_name=essecill traff_direct=external block_count=2653 logon_user=moles@dipiscin4957.www.home msg=unknown", "observer": { @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 1 00:54:32 ptasnula6576.api.invalid proto=tcp service=ms-wbt-server status=deny src=10.54.73.158 dst=10.1.96.93 src_port=5752 dst_port=428 server_app=docon pid=5398 app_name=ntium traff_direct=internal block_count=4392 logon_user=lloinven@econs2687.internal.localdomain msg=unknown", "observer": { @@ -912,7 +912,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 15 07:57:06 mag1506.internal.domain proto=igmp service=smtp status=deny src=10.131.126.109 dst=10.182.152.242 src_port=1877 dst_port=6998 server_app=rcitat pid=2465 app_name=ecillum traff_direct=inbound block_count=3208 logon_user=dolor@tiumto5834.api.lan msg=success", "observer": { @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 29 14:59:40 fugits1163.host proto=icmp service=http status=deny src=10.181.247.224 dst=10.77.229.168 src_port=260 dst_port=3777 server_app=atatnon pid=6064 app_name=abor traff_direct=external block_count=329 logon_user=adol@iutal6032.www.test msg=failure", "observer": { @@ -940,7 +940,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 12 22:02:15 gitse2463.www5.invalid proto=ipv6-icmp service=http status=deny src=10.235.116.121 dst=10.72.162.6 src_port=1 dst_port=5516 server_app=emp pid=2861 app_name=luptas traff_direct=outbound block_count=1444 logon_user=oinv@inculp2078.host msg=unknown", "observer": { @@ -954,7 +954,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 27 05:04:49 temse6953.www.example proto=ipv6-icmp service=https status=deny src=10.149.193.117 dst=10.28.124.236 src_port=5343 dst_port=3434 server_app=atcupi pid=3559 app_name=edquia traff_direct=internal block_count=3176 logon_user=mullam@mexerc2757.internal.home msg=failure", "observer": { @@ -968,7 +968,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 11 12:07:23 deriti6952.mail.domain proto=ipv6-icmp service=http status=deny src=10.34.131.224 dst=10.196.96.162 src_port=649 dst_port=6378 server_app=equatDu pid=1710 app_name=aconse traff_direct=outbound block_count=7174 logon_user=tnonproi@squira4455.api.domain msg=failure", "observer": { @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 25 19:09:57 abor1370.www.domain proto=ipv6-icmp service=https status=deny src=10.97.236.123 dst=10.77.78.180 src_port=5159 dst_port=5380 server_app=reetdol pid=4984 app_name=ugi traff_direct=inbound block_count=4782 logon_user=nisi@emveleum3661.localhost msg=unknown", "observer": { @@ -996,7 +996,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 9 02:12:32 emullamc5418.mail.test proto=ipv6 service=ms-wbt-server status=deny src=10.82.133.66 dst=10.45.54.107 src_port=7229 dst_port=3593 server_app=nse pid=3421 app_name=quira traff_direct=unknown block_count=5362 logon_user=olorem@sedquiac6517.internal.localhost msg=failure", "observer": { @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 23 09:15:06 squirati7050.www5.lan proto=rdp service=pop3 status=deny src=10.180.180.230 dst=10.170.252.219 src_port=4147 dst_port=2454 server_app=tesseci pid=4020 app_name=radipis traff_direct=external block_count=7020 logon_user=nse@veniam3148.www5.home msg=failure", "observer": { @@ -1024,7 +1024,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 7 16:17:40 venia2079.mail.example proto=rdp service=http status=deny src=10.5.11.205 dst=10.65.144.51 src_port=4901 dst_port=2283 server_app=lumqu pid=617 app_name=autf traff_direct=outbound block_count=5050 logon_user=uptat@unt3559.www.home msg=failure", "observer": { @@ -1038,7 +1038,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 21 23:20:14 snostrum3450.www5.localhost proto=udp service=smtp status=deny src=10.195.223.82 dst=10.76.122.196 src_port=3128 dst_port=5325 server_app=atu pid=487 app_name=iame traff_direct=external block_count=593 logon_user=umiurer@rere5274.mail.domain msg=success", "observer": { @@ -1052,7 +1052,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 5 06:22:49 gelitsed3249.corp proto=icmp service=ms-wbt-server status=deny src=10.138.210.116 dst=10.225.255.211 src_port=5595 dst_port=3369 server_app=rum pid=2442 app_name=eursinto traff_direct=external block_count=956 logon_user=fugiatn@uaeabi3728.www5.invalid msg=failure", "observer": { @@ -1066,7 +1066,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 19 13:25:23 dolor7082.internal.localhost proto=icmp service=smtp status=deny src=10.250.81.189 dst=10.219.1.151 src_port=5404 dst_port=4323 server_app=redo pid=6311 app_name=ditautf traff_direct=external block_count=3262 logon_user=ori@uamqu2804.test msg=unknown", "observer": { @@ -1080,7 +1080,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2 20:27:57 totam6886.api.localhost proto=ggp service=https status=deny src=10.54.23.133 dst=10.76.125.70 src_port=3258 dst_port=756 server_app=oluptat pid=7128 app_name=eseruntm traff_direct=internal block_count=1916 logon_user=oloreeu@olor5201.host msg=unknown", "observer": { @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 17 03:30:32 laborum5749.www.example proto=igmp service=http status=deny src=10.36.110.69 dst=10.189.42.62 src_port=4187 dst_port=4262 server_app=duntut pid=2780 app_name=ullamc traff_direct=unknown block_count=170 logon_user=eque@eufug3348.www.lan msg=success", "observer": { @@ -1108,7 +1108,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 3 10:33:06 lup3313.api.home proto=tcp service=https status=deny src=10.47.179.68 dst=10.183.202.82 src_port=5107 dst_port=2208 server_app=usmod pid=3284 app_name=amni traff_direct=unknown block_count=2645 logon_user=umfugi@stquidol239.www5.invalid msg=failure", "observer": { @@ -1122,7 +1122,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 17 17:35:40 edq5397.www.test proto=ipv6-icmp service=pop3 status=deny src=10.73.28.165 dst=10.221.206.74 src_port=3668 dst_port=1480 server_app=ihilmole pid=2314 app_name=litanim traff_direct=inbound block_count=5572 logon_user=quas@gia6531.mail.invalid msg=success", "observer": { @@ -1136,7 +1136,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 1 00:38:14 udan6536.www5.test proto=ipv6 service=ms-wbt-server status=deny src=10.85.104.146 dst=10.14.204.36 src_port=3442 dst_port=4887 server_app=qua pid=5284 app_name=ents traff_direct=inbound block_count=973 logon_user=emp@lamcola4879.www5.localdomain msg=success", "observer": { @@ -1150,7 +1150,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 15 07:40:49 rumet6923.www5.lan proto=rdp service=https status=deny src=10.208.18.210 dst=10.30.246.132 src_port=3601 dst_port=388 server_app=texplica pid=3990 app_name=ore traff_direct=outbound block_count=5624 logon_user=veniam@edquian330.mail.local msg=unknown", "observer": { @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 29 14:43:23 itse522.internal.localdomain proto=udp service=pop3 status=deny src=10.106.249.91 dst=10.19.119.17 src_port=1732 dst_port=3822 server_app=veleumi pid=4337 app_name=tvol traff_direct=unknown block_count=2783 logon_user=lit@santi837.api.domain msg=success", "observer": { @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 13 21:45:57 amc3059.local proto=igmp service=http status=deny src=10.29.109.126 dst=10.181.41.154 src_port=6261 dst_port=866 server_app=itseddo pid=5275 app_name=seos traff_direct=unknown block_count=6721 logon_user=labo@lpaquiof804.internal.invalid msg=failure", "observer": { @@ -1192,7 +1192,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 28 04:48:31 enbyCi3813.api.domain proto=ipv6-icmp service=https status=deny src=10.164.207.42 dst=10.164.120.197 src_port=1901 dst_port=2304 server_app=itametco pid=2286 app_name=remip traff_direct=external block_count=3116 logon_user=pta@nonn4478.host msg=unknown", "observer": { @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 11 11:51:06 liquipex1155.mail.corp proto=ipv6-icmp service=smtp status=deny src=10.183.189.133 dst=10.154.191.225 src_port=5347 dst_port=7856 server_app=Loremip pid=2990 app_name=tur traff_direct=unknown block_count=6105 logon_user=ita@amquaer3985.www5.example msg=success", "observer": { @@ -1220,7 +1220,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 25 18:53:40 isn3991.local proto=igmp service=smtp status=deny src=10.29.120.226 dst=10.103.189.199 src_port=1296 dst_port=767 server_app=exerci pid=226 app_name=eserun traff_direct=outbound block_count=5452 logon_user=emu@orem6317.local msg=failure", "observer": { @@ -1234,7 +1234,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 10 01:56:14 iumtotam1010.www5.corp proto=icmp service=https status=deny src=10.133.254.23 dst=10.210.153.7 src_port=6251 dst_port=7030 server_app=nofdeFi pid=4691 app_name=sautei traff_direct=external block_count=2088 logon_user=voluptas@velill3230.www.corp msg=success", "observer": { @@ -1248,7 +1248,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 24 08:58:48 onsecte91.www5.localdomain proto=tcp service=pop3 status=deny src=10.126.245.73 dst=10.91.2.135 src_port=180 dst_port=2141 server_app=ender pid=5647 app_name=rumSecti traff_direct=outbound block_count=4680 logon_user=olore@orumS757.www5.corp msg=success", "observer": { @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 7 16:01:23 abori7686.internal.host proto=rdp service=https status=deny src=10.183.243.246 dst=10.137.85.123 src_port=218 dst_port=7073 server_app=ntsunti pid=2313 app_name=magnam traff_direct=internal block_count=6402 logon_user=cid@emi4534.www.localdomain msg=failure", "observer": { @@ -1276,7 +1276,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 21 23:03:57 reprehen3513.test proto=ipv6 service=smtp status=deny src=10.61.225.196 dst=10.10.86.55 src_port=4720 dst_port=5132 server_app=isiu pid=1585 app_name=mmodi traff_direct=external block_count=3034 logon_user=eniamqu@inimav1576.mail.example msg=failure", "observer": { @@ -1290,7 +1290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 5 06:06:31 orroquis284.api.domain proto=udp service=http status=deny src=10.125.143.153 dst=10.79.73.195 src_port=2657 dst_port=457 server_app=umf pid=3141 app_name=moll traff_direct=outbound block_count=7645 logon_user=emip@aturQu7083.mail.host msg=failure", "observer": { @@ -1304,7 +1304,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 19 13:09:05 tionula2060.www5.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.240.216.85 dst=10.64.139.17 src_port=2046 dst_port=2438 server_app=ice pid=6331 app_name=aal traff_direct=external block_count=4982 logon_user=nimadmin@lumqui7769.mail.local msg=unknown", "observer": { @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 3 20:11:40 rumSecti111.www5.domain proto=ipv6 service=ms-wbt-server status=deny src=10.87.90.49 dst=10.222.245.80 src_port=1486 dst_port=4017 server_app=itaedict pid=4474 app_name=byCic traff_direct=inbound block_count=3380 logon_user=ptatemse@siarc6339.internal.corp msg=success", "observer": { @@ -1332,7 +1332,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 18 03:14:14 olores7881.local proto=udp service=pop3 status=deny src=10.143.53.214 dst=10.87.144.208 src_port=3310 dst_port=2440 server_app=ipsumq pid=4855 app_name=psaquaea traff_direct=unknown block_count=5772 logon_user=psumq@ptatev6552.www.test msg=success", "observer": { @@ -1346,7 +1346,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 1 10:16:48 tDuis3281.www5.localdomain proto=ipv6-icmp service=pop3 status=deny src=10.204.178.19 dst=10.105.97.134 src_port=616 dst_port=1935 server_app=oremque pid=1729 app_name=inimve traff_direct=unknown block_count=6564 logon_user=mexercit@byC5766.internal.home msg=success", "observer": { @@ -1360,7 +1360,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 15 17:19:22 uptasnul2751.www5.corp proto=rdp service=smtp status=deny src=10.161.64.168 dst=10.194.67.223 src_port=7154 dst_port=5767 server_app=tatemse pid=4493 app_name=amqui traff_direct=inbound block_count=3673 logon_user=tion@hender6628.local msg=unknown", "observer": { @@ -1374,7 +1374,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 30 00:21:57 upt6017.api.localdomain proto=tcp service=smtp status=deny src=10.100.154.220 dst=10.120.148.241 src_port=5535 dst_port=1655 server_app=eeufug pid=6094 app_name=modt traff_direct=external block_count=5150 logon_user=rsitam@xercit7649.www5.home msg=failure", "observer": { @@ -1388,7 +1388,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 14 07:24:31 tpers2217.internal.lan proto=udp service=ms-wbt-server status=deny src=10.116.153.19 dst=10.180.90.112 src_port=6610 dst_port=1936 server_app=olu pid=5012 app_name=dexercit traff_direct=outbound block_count=2216 logon_user=itessequ@porissu1470.domain msg=success", "observer": { diff --git a/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3e7093a772f..8442c77a7f3 100644 --- a/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiClient Endpoint Security processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_forticlient/data_stream/log/sample_event.json b/packages/fortinet_forticlient/data_stream/log/sample_event.json index 30b3e6e7284..9a434535783 100644 --- a/packages/fortinet_forticlient/data_stream/log/sample_event.json +++ b/packages/fortinet_forticlient/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "port": 3994 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet_forticlient/docs/README.md b/packages/fortinet_forticlient/docs/README.md index 6cbc502ad1c..ba458c90b93 100644 --- a/packages/fortinet_forticlient/docs/README.md +++ b/packages/fortinet_forticlient/docs/README.md @@ -34,7 +34,7 @@ An example event for `log` looks as following: "port": 3994 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -220,7 +220,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/fortinet_forticlient/manifest.yml b/packages/fortinet_forticlient/manifest.yml index 4ba6d3257ab..8f9b2ce7fc0 100644 --- a/packages/fortinet_forticlient/manifest.yml +++ b/packages/fortinet_forticlient/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_forticlient title: Fortinet FortiClient Logs -version: "1.3.1" +version: "1.4.0" release: ga description: Collect logs from Fortinet FortiClient instances with Elastic Agent. type: integration From a3d97f334aeb3313c94fb1e92cdbd00a274250a0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:38 +0530 Subject: [PATCH 045/137] [fortinet_fortiedr] - update ECS to 8.7.0 from 8.6.0 This updates the fortinet_fortiedr integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fortinet_fortiedr --- packages/fortinet_fortiedr/_dev/build/build.yml | 2 +- packages/fortinet_fortiedr/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-generated.log-expected.json | 4 ++-- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/fortinet_fortiedr/data_stream/log/sample_event.json | 2 +- packages/fortinet_fortiedr/docs/README.md | 2 +- packages/fortinet_fortiedr/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/fortinet_fortiedr/_dev/build/build.yml b/packages/fortinet_fortiedr/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/fortinet_fortiedr/_dev/build/build.yml +++ b/packages/fortinet_fortiedr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/fortinet_fortiedr/changelog.yml b/packages/fortinet_fortiedr/changelog.yml index 1f3c328462b..24cc49825fc 100644 --- a/packages/fortinet_fortiedr/changelog.yml +++ b/packages/fortinet_fortiedr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index da80ed23d1b..20de3cfb26c 100644 --- a/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-18T06:42:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -92,7 +92,7 @@ { "@timestamp": "2019-09-18T07:42:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8ab87f58cf2..aeacbea690e 100644 --- a/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiEDR Endpoint Detection and Response processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_fortiedr/data_stream/log/sample_event.json b/packages/fortinet_fortiedr/data_stream/log/sample_event.json index e335b5615ef..30253134500 100644 --- a/packages/fortinet_fortiedr/data_stream/log/sample_event.json +++ b/packages/fortinet_fortiedr/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124", diff --git a/packages/fortinet_fortiedr/docs/README.md b/packages/fortinet_fortiedr/docs/README.md index 7e5010404a3..d050f82be13 100644 --- a/packages/fortinet_fortiedr/docs/README.md +++ b/packages/fortinet_fortiedr/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124", diff --git a/packages/fortinet_fortiedr/manifest.yml b/packages/fortinet_fortiedr/manifest.yml index f640f70b2ae..14c329d001b 100644 --- a/packages/fortinet_fortiedr/manifest.yml +++ b/packages/fortinet_fortiedr/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortiedr title: Fortinet FortiEDR Logs -version: "1.4.1" +version: "1.5.0" release: ga description: Collect logs from Fortinet FortiEDR instances with Elastic Agent. type: integration From a52e47a97a9c90c556dde5331a1e05d09c311bae Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:39 +0530 Subject: [PATCH 046/137] [fortinet_fortigate] - update ECS to 8.7.0 from 8.6.0 This updates the fortinet_fortigate integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fortinet_fortigate --- .../fortinet_fortigate/_dev/build/build.yml | 2 +- packages/fortinet_fortigate/changelog.yml | 5 ++ .../pipeline/test-fortinet.log-expected.json | 90 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/fortinet_fortigate/docs/README.md | 2 +- packages/fortinet_fortigate/manifest.yml | 2 +- 7 files changed, 55 insertions(+), 50 deletions(-) diff --git a/packages/fortinet_fortigate/_dev/build/build.yml b/packages/fortinet_fortigate/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/fortinet_fortigate/_dev/build/build.yml +++ b/packages/fortinet_fortigate/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/fortinet_fortigate/changelog.yml b/packages/fortinet_fortigate/changelog.yml index 92aa9fa299b..3b837d4100f 100644 --- a/packages/fortinet_fortigate/changelog.yml +++ b/packages/fortinet_fortigate/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.0" changes: - description: Add user.name, host.name and dns.question.registered_domain diff --git a/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json b/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json index 862d79a0ec5..a56aba7a376 100644 --- a/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json +++ b/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json @@ -20,7 +20,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ftgd_blk", @@ -142,7 +142,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -253,7 +253,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ftgd_allow", @@ -374,7 +374,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "signature", @@ -503,7 +503,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "signature", @@ -646,7 +646,7 @@ ] }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-response", @@ -767,7 +767,7 @@ ] }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-response", @@ -873,7 +873,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "signature", @@ -1006,7 +1006,7 @@ ] }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-response", @@ -1122,7 +1122,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1222,7 +1222,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ssl-anomalies", @@ -1316,7 +1316,7 @@ { "@timestamp": "2020-04-23T12:32:48.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1402,7 +1402,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1498,7 +1498,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1585,7 +1585,7 @@ { "@timestamp": "2020-04-23T14:32:09.000-03:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1648,7 +1648,7 @@ { "@timestamp": "2020-04-23T12:32:09.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1735,7 +1735,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1823,7 +1823,7 @@ { "@timestamp": "2020-04-23T14:24:13.000-03:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0100041006", @@ -1870,7 +1870,7 @@ { "@timestamp": "2020-04-23T12:23:47.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0107045057", @@ -1953,7 +1953,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2028,7 +2028,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2102,7 +2102,7 @@ { "@timestamp": "2020-04-23T14:16:42.000-03:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2172,7 +2172,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0100022915", @@ -2220,7 +2220,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0100022913", @@ -2285,7 +2285,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns", @@ -2396,7 +2396,7 @@ "port": 6000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -2528,7 +2528,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -2647,7 +2647,7 @@ "packets": 40 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -2758,7 +2758,7 @@ "port": 1235 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-conn", @@ -2876,7 +2876,7 @@ "port": 442 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "close", @@ -3034,7 +3034,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "app-ctrl-all", @@ -3154,7 +3154,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3228,7 +3228,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3276,7 +3276,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3324,7 +3324,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3372,7 +3372,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3420,7 +3420,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3468,7 +3468,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3516,7 +3516,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3564,7 +3564,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3616,7 +3616,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -3710,7 +3710,7 @@ { "@timestamp": "2022-07-29T14:17:14.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0112053203", @@ -3757,7 +3757,7 @@ { "@timestamp": "2022-07-29T14:17:14.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0110052005", @@ -3831,7 +3831,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -3960,7 +3960,7 @@ "port": 12530 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "signature", diff --git a/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 2d94c6a2fc2..7c727597369 100644 --- a/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing fortinet firewall logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/fortinet_fortigate/data_stream/log/sample_event.json b/packages/fortinet_fortigate/data_stream/log/sample_event.json index 96d255d9ebf..8640082efc1 100644 --- a/packages/fortinet_fortigate/data_stream/log/sample_event.json +++ b/packages/fortinet_fortigate/data_stream/log/sample_event.json @@ -29,7 +29,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8d776033-da2a-4f4a-9f01-282a4261006b", diff --git a/packages/fortinet_fortigate/docs/README.md b/packages/fortinet_fortigate/docs/README.md index b1c01fa275f..95e0a711ba6 100644 --- a/packages/fortinet_fortigate/docs/README.md +++ b/packages/fortinet_fortigate/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8d776033-da2a-4f4a-9f01-282a4261006b", diff --git a/packages/fortinet_fortigate/manifest.yml b/packages/fortinet_fortigate/manifest.yml index 5d117ec6a0d..8321c4a9960 100644 --- a/packages/fortinet_fortigate/manifest.yml +++ b/packages/fortinet_fortigate/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortigate title: Fortinet FortiGate Firewall Logs -version: "1.9.0" +version: "1.10.0" release: ga description: Collect logs from Fortinet FortiGate firewalls with Elastic Agent. type: integration From 629a02ddba4df7dc5244ae47c795893df4c7804b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:40 +0530 Subject: [PATCH 047/137] [fortinet_fortimail] - update ECS to 8.7.0 from 8.6.0 This updates the fortinet_fortimail integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fortinet_fortimail --- .../fortinet_fortimail/_dev/build/build.yml | 2 +- packages/fortinet_fortimail/changelog.yml | 5 +++ .../pipeline/test-antispam.log-expected.json | 2 +- .../pipeline/test-antivirus.log-expected.json | 2 +- .../test-encryption.log-expected.json | 4 +- .../pipeline/test-history.log-expected.json | 4 +- .../test/pipeline/test-mail.log-expected.json | 12 +++--- .../pipeline/test-system.log-expected.json | 38 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/fortinet_fortimail/docs/README.md | 2 +- packages/fortinet_fortimail/manifest.yml | 2 +- 12 files changed, 41 insertions(+), 36 deletions(-) diff --git a/packages/fortinet_fortimail/_dev/build/build.yml b/packages/fortinet_fortimail/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/fortinet_fortimail/_dev/build/build.yml +++ b/packages/fortinet_fortimail/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/fortinet_fortimail/changelog.yml b/packages/fortinet_fortimail/changelog.yml index 22116d278df..052af26840c 100644 --- a/packages/fortinet_fortimail/changelog.yml +++ b/packages/fortinet_fortimail/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.0.0" changes: - description: Replace RSA2ELK with Syslog integration. diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antispam.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antispam.log-expected.json index 6848eb39289..b5d1f26145d 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antispam.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antispam.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.50.2.225" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antivirus.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antivirus.log-expected.json index 9139b82ba56..7376b2e53f0 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antivirus.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-antivirus.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-30T16:09:15.246Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-encryption.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-encryption.log-expected.json index d3fdd2ed796..7d1ed6a7d17 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-encryption.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-encryption.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-30T16:09:15.246Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0400003064", @@ -50,7 +50,7 @@ { "@timestamp": "2023-01-30T16:09:15.246Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-history.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-history.log-expected.json index 26ea4d98e11..07b5e4cb640 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-history.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-history.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.194" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "unknown", @@ -105,7 +105,7 @@ "ip": "81.2.69.192" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "in", diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-mail.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-mail.log-expected.json index 887e7f71d41..8c0f36f6ad6 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-mail.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-mail.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-02-06T18:06:10.119Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -74,7 +74,7 @@ { "@timestamp": "2023-02-06T18:28:49.954Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -145,7 +145,7 @@ { "@timestamp": "2023-02-01T14:42:35.521Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -225,7 +225,7 @@ { "@timestamp": "2023-01-30T16:06:24.345Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NONE", @@ -296,7 +296,7 @@ { "@timestamp": "2023-03-02T12:55:12.771Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", @@ -376,7 +376,7 @@ { "@timestamp": "2023-03-02T12:51:59.968Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unknown", diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-system.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-system.log-expected.json index dde2adb7728..2129d309d8a 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-system.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-system.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-02-06T19:10:00.391Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -84,7 +84,7 @@ { "@timestamp": "2023-02-07T09:01:43.129Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ { "@timestamp": "2023-02-07T09:05:02.414Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ { "@timestamp": "2023-02-07T09:08:21.402Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2023-02-07T09:09:17.129Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -408,7 +408,7 @@ { "@timestamp": "2023-02-14T10:54:07.089Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -501,7 +501,7 @@ { "@timestamp": "2023-02-14T10:55:31.392Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -594,7 +594,7 @@ { "@timestamp": "2023-02-08T15:20:16.506Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -687,7 +687,7 @@ { "@timestamp": "2023-02-07T12:34:55.214Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -776,7 +776,7 @@ { "@timestamp": "2023-02-06T18:05:49.266Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logout", @@ -866,7 +866,7 @@ { "@timestamp": "2023-02-06T18:49:59.807Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login", @@ -947,7 +947,7 @@ { "@timestamp": "2023-02-06T19:00:25.566Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -1001,7 +1001,7 @@ { "@timestamp": "2023-02-08T23:28:33.214Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -1072,7 +1072,7 @@ { "@timestamp": "2023-02-07T09:27:19.984Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -1143,7 +1143,7 @@ { "@timestamp": "2023-02-07T15:24:50.526Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -1197,7 +1197,7 @@ { "@timestamp": "2023-02-08T15:20:16.509Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "none", @@ -1251,7 +1251,7 @@ { "@timestamp": "2023-02-06T19:35:20.062Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "0704003868", @@ -1299,7 +1299,7 @@ { "@timestamp": "2023-02-06T19:35:20.068Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1353,7 +1353,7 @@ { "@timestamp": "2023-02-07T14:38:16.642Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b8c994c00d6..3a91bb743db 100644 --- a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Fortinet FortiMail logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_fortimail/data_stream/log/sample_event.json b/packages/fortinet_fortimail/data_stream/log/sample_event.json index 5c9918ad5cb..0de1245fc64 100644 --- a/packages/fortinet_fortimail/data_stream/log/sample_event.json +++ b/packages/fortinet_fortimail/data_stream/log/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.194" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5fcd6016-3c0e-45e7-b624-cc2a254f1769", diff --git a/packages/fortinet_fortimail/docs/README.md b/packages/fortinet_fortimail/docs/README.md index 05ce2a8ce48..d2bbd21352c 100644 --- a/packages/fortinet_fortimail/docs/README.md +++ b/packages/fortinet_fortimail/docs/README.md @@ -71,7 +71,7 @@ An example event for `log` looks as following: "ip": "81.2.69.194" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5fcd6016-3c0e-45e7-b624-cc2a254f1769", diff --git a/packages/fortinet_fortimail/manifest.yml b/packages/fortinet_fortimail/manifest.yml index 2a5b7f43496..74817f54651 100644 --- a/packages/fortinet_fortimail/manifest.yml +++ b/packages/fortinet_fortimail/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortimail title: Fortinet FortiMail -version: "2.0.0" +version: "2.1.0" description: Collect logs from Fortinet FortiMail instances with Elastic Agent. type: integration format_version: 2.3.0 From 8ae1e662ee060b5856499ce23fb55b66342c709e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:41 +0530 Subject: [PATCH 048/137] [fortinet_fortimanager] - update ECS to 8.7.0 from 8.6.0 This updates the fortinet_fortimanager integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/fortinet_fortimanager --- .../_dev/build/build.yml | 2 +- packages/fortinet_fortimanager/changelog.yml | 5 ++ .../test-fortimanager.log-expected.json | 52 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/fortinet_fortimanager/docs/README.md | 2 +- packages/fortinet_fortimanager/manifest.yml | 2 +- 7 files changed, 36 insertions(+), 31 deletions(-) diff --git a/packages/fortinet_fortimanager/_dev/build/build.yml b/packages/fortinet_fortimanager/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/fortinet_fortimanager/_dev/build/build.yml +++ b/packages/fortinet_fortimanager/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/fortinet_fortimanager/changelog.yml b/packages/fortinet_fortimanager/changelog.yml index d950caa288b..4320d04df6e 100644 --- a/packages/fortinet_fortimanager/changelog.yml +++ b/packages/fortinet_fortimanager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.0.0" changes: - description: Replace RSA2ELK with Syslog integration. diff --git a/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-fortimanager.log-expected.json b/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-fortimanager.log-expected.json index 3e3ce0d1644..a00e8a0b261 100644 --- a/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-fortimanager.log-expected.json +++ b/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-fortimanager.log-expected.json @@ -6,7 +6,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -73,7 +73,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -139,7 +139,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -202,7 +202,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -274,7 +274,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", @@ -343,7 +343,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -408,7 +408,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -470,7 +470,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "run", @@ -534,7 +534,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diagnose", @@ -602,7 +602,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "roll", @@ -665,7 +665,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -730,7 +730,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -797,7 +797,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -863,7 +863,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -926,7 +926,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", @@ -995,7 +995,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1060,7 +1060,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1122,7 +1122,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "run", @@ -1186,7 +1186,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diagnose", @@ -1254,7 +1254,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "roll", @@ -1317,7 +1317,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1379,7 +1379,7 @@ { "@timestamp": "2023-02-23T17:49:29.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1455,7 +1455,7 @@ { "@timestamp": "2023-02-22T22:10:49.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1517,7 +1517,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1579,7 +1579,7 @@ { "@timestamp": "2023-02-23T16:22:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1652,7 +1652,7 @@ { "@timestamp": "2023-02-22T22:51:42.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c9b436d7526..f221489aa3b 100644 --- a/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiManager. processors: - set: field: ecs.version - value: 8.6.0 + value: 8.7.0 - set: field: event.kind value: event diff --git a/packages/fortinet_fortimanager/data_stream/log/sample_event.json b/packages/fortinet_fortimanager/data_stream/log/sample_event.json index e483138db14..06bfacf8c96 100644 --- a/packages/fortinet_fortimanager/data_stream/log/sample_event.json +++ b/packages/fortinet_fortimanager/data_stream/log/sample_event.json @@ -16,7 +16,7 @@ "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "207d005f-24c8-4c18-9523-e040132174ee", diff --git a/packages/fortinet_fortimanager/docs/README.md b/packages/fortinet_fortimanager/docs/README.md index 8c68e44d4aa..f984a56d456 100644 --- a/packages/fortinet_fortimanager/docs/README.md +++ b/packages/fortinet_fortimanager/docs/README.md @@ -65,7 +65,7 @@ An example event for `log` looks as following: "id": "FMGVMSTM23000100" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "207d005f-24c8-4c18-9523-e040132174ee", diff --git a/packages/fortinet_fortimanager/manifest.yml b/packages/fortinet_fortimanager/manifest.yml index 123080ca7f7..7cced2db45d 100644 --- a/packages/fortinet_fortimanager/manifest.yml +++ b/packages/fortinet_fortimanager/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: fortinet_fortimanager title: Fortinet FortiManager Logs -version: "2.0.0" +version: "2.1.0" description: Collect logs from Fortinet FortiManager instances with Elastic Agent. type: integration categories: ["security", "network", "firewall_security"] From a0cdc75253b7218e4af4ce0dd9f067d9652bbf69 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:45 +0530 Subject: [PATCH 049/137] [gcp] - update ECS to 8.7.0 from 8.6.0 This updates the gcp integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/gcp --- packages/gcp/_dev/build/build.yml | 2 +- packages/gcp/changelog.yml | 5 + .../pipeline/test-audit.log-expected.json | 36 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../gcp/data_stream/audit/sample_event.json | 2 +- .../test/pipeline/test-dns.log-expected.json | 42 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../gcp/data_stream/dns/sample_event.json | 2 +- .../pipeline/test-firewall.log-expected.json | 44 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/firewall/sample_event.json | 2 +- .../test-load-balancer.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../loadbalancing_logs/sample_event.json | 2 +- .../pipeline/test-vpcflow.log-expected.json | 592 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../gcp/data_stream/vpcflow/sample_event.json | 2 +- packages/gcp/docs/README.md | 10 +- packages/gcp/docs/audit.md | 2 +- packages/gcp/docs/dns.md | 2 +- packages/gcp/docs/firewall.md | 2 +- packages/gcp/docs/loadbalancing.md | 2 +- packages/gcp/docs/vpcflow.md | 2 +- packages/gcp/manifest.yml | 2 +- 24 files changed, 387 insertions(+), 382 deletions(-) diff --git a/packages/gcp/_dev/build/build.yml b/packages/gcp/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/gcp/_dev/build/build.yml +++ b/packages/gcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 6bea655de56..559491e9f33 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.20.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.19.1" changes: - description: Migrate compute dashboard to lens and add datastream filter. diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 84738c91f5e..b9b10987ff9 100644 --- a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -14,7 +14,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GetResourceBillingInfo", @@ -77,7 +77,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "beta.compute.machineTypes.aggregatedList", @@ -162,7 +162,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -259,7 +259,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -343,7 +343,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -471,7 +471,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "v1.compute.images.insert", @@ -603,7 +603,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "beta.compute.instances.stop", @@ -684,7 +684,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.core.v1.nodes.list", @@ -761,7 +761,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.extensions.v1beta1.ingresses.list", @@ -841,7 +841,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.get", @@ -918,7 +918,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.get", @@ -997,7 +997,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "google.iam.admin.v1.ListServiceAccounts", @@ -1065,7 +1065,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -1215,7 +1215,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "io.k8s.apps.v1.deployments.patch", @@ -1586,7 +1586,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "google.container.v1.ClusterManager.GetCluster", @@ -1665,7 +1665,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "storage.objects.get", @@ -1734,7 +1734,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "google.container.v1.ClusterManager.GetCluster", @@ -1815,7 +1815,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "google.iam.admin.v1.ListServiceAccounts", diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 14dd945d88a..95ea4a315e1 100644 --- a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/audit/sample_event.json b/packages/gcp/data_stream/audit/sample_event.json index 1b8608ec49e..b5efc2a75e5 100644 --- a/packages/gcp/data_stream/audit/sample_event.json +++ b/packages/gcp/data_stream/audit/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index a2b91233f2b..ba0c06bb603 100644 --- a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -36,7 +36,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -127,7 +127,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -243,7 +243,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -356,7 +356,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -450,7 +450,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -540,7 +540,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -609,7 +609,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -689,7 +689,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -758,7 +758,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -826,7 +826,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -924,7 +924,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1001,7 +1001,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1078,7 +1078,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1155,7 +1155,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1232,7 +1232,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1309,7 +1309,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1377,7 +1377,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1445,7 +1445,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1532,7 +1532,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1614,7 +1614,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", @@ -1695,7 +1695,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-query", diff --git a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index d651c37c111..af2e5f627ef 100644 --- a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/dns/sample_event.json b/packages/gcp/data_stream/dns/sample_event.json index 7dd190a9c08..0ce5646e5b2 100644 --- a/packages/gcp/data_stream/dns/sample_event.json +++ b/packages/gcp/data_stream/dns/sample_event.json @@ -46,7 +46,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index 167705a0b02..f492bfe6bdf 100644 --- a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -17,7 +17,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -122,7 +122,7 @@ "port": 57794 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -327,7 +327,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -422,7 +422,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -520,7 +520,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -616,7 +616,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -712,7 +712,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -810,7 +810,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -908,7 +908,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1006,7 +1006,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1104,7 +1104,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1300,7 +1300,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1409,7 +1409,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1509,7 +1509,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1598,7 +1598,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1706,7 +1706,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1814,7 +1814,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -1911,7 +1911,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2019,7 +2019,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", @@ -2127,7 +2127,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "firewall-rule", diff --git a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index bd1ea576c6f..9d7182e464c 100644 --- a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud Firewall Logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/firewall/sample_event.json b/packages/gcp/data_stream/firewall/sample_event.json index 914ed822f8d..e14e934b425 100644 --- a/packages/gcp/data_stream/firewall/sample_event.json +++ b/packages/gcp/data_stream/firewall/sample_event.json @@ -27,7 +27,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json b/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json index 403fe0d9585..2b49717fbcb 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json +++ b/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -114,7 +114,7 @@ "domain": "pictures.example.com" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -221,7 +221,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml index a3d3846f8f3..cfb1f83ffce 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/loadbalancing_logs/sample_event.json b/packages/gcp/data_stream/loadbalancing_logs/sample_event.json index 56ea132d764..11af721753b 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/sample_event.json +++ b/packages/gcp/data_stream/loadbalancing_logs/sample_event.json @@ -28,7 +28,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json index f23f7a2cffa..78bb374ba45 100644 --- a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json @@ -23,7 +23,7 @@ "port": 33478 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ "port": 33970 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -216,7 +216,7 @@ "port": 33576 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -310,7 +310,7 @@ "port": 59679 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -386,7 +386,7 @@ "port": 50646 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -543,7 +543,7 @@ "port": 33692 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -658,7 +658,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -749,7 +749,7 @@ "port": 33554 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -852,7 +852,7 @@ "port": 33880 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -950,7 +950,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1033,7 +1033,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1136,7 +1136,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1251,7 +1251,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1354,7 +1354,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1457,7 +1457,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1543,7 +1543,7 @@ "port": 46864 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1627,7 +1627,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1728,7 +1728,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1825,7 +1825,7 @@ "port": 65320 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1915,7 +1915,7 @@ "port": 33562 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2012,7 +2012,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2085,7 +2085,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2186,7 +2186,7 @@ "port": 33548 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2272,7 +2272,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2361,7 +2361,7 @@ "port": 33542 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2464,7 +2464,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2573,7 +2573,7 @@ "port": 34836 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2646,7 +2646,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2744,7 +2744,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2830,7 +2830,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -2931,7 +2931,7 @@ "port": 33534 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3034,7 +3034,7 @@ "port": 33694 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3131,7 +3131,7 @@ "port": 65263 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3209,7 +3209,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3324,7 +3324,7 @@ "port": 49680 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3416,7 +3416,7 @@ "port": 33862 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3500,7 +3500,7 @@ "port": 65321 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3578,7 +3578,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3688,7 +3688,7 @@ "port": 60112 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3779,7 +3779,7 @@ "port": 33552 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3894,7 +3894,7 @@ "port": 33524 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -3985,7 +3985,7 @@ "port": 33548 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4088,7 +4088,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4197,7 +4197,7 @@ "port": 33924 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4281,7 +4281,7 @@ "port": 65271 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4354,7 +4354,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4433,7 +4433,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4528,7 +4528,7 @@ "port": 65316 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4606,7 +4606,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4709,7 +4709,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4819,7 +4819,7 @@ "port": 33558 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4905,7 +4905,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -4989,7 +4989,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5073,7 +5073,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5158,7 +5158,7 @@ "port": 50438 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5239,7 +5239,7 @@ "port": 59623 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5317,7 +5317,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5432,7 +5432,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5518,7 +5518,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5602,7 +5602,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5686,7 +5686,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5775,7 +5775,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5884,7 +5884,7 @@ "port": 33602 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -5957,7 +5957,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6046,7 +6046,7 @@ "port": 33534 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6155,7 +6155,7 @@ "port": 52260 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6245,7 +6245,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6348,7 +6348,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6439,7 +6439,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6554,7 +6554,7 @@ "port": 33554 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6651,7 +6651,7 @@ "port": 53706 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6729,7 +6729,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6827,7 +6827,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -6916,7 +6916,7 @@ "port": 33556 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7014,7 +7014,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7098,7 +7098,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7193,7 +7193,7 @@ "port": 34090 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7277,7 +7277,7 @@ "port": 34178 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7361,7 +7361,7 @@ "port": 33064 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7434,7 +7434,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7529,7 +7529,7 @@ "port": 58216 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7619,7 +7619,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7722,7 +7722,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7808,7 +7808,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -7897,7 +7897,7 @@ "port": 33510 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8006,7 +8006,7 @@ "port": 34906 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8090,7 +8090,7 @@ "port": 52454 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8163,7 +8163,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8252,7 +8252,7 @@ "port": 33530 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8367,7 +8367,7 @@ "port": 33570 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8470,7 +8470,7 @@ "port": 33858 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8573,7 +8573,7 @@ "port": 33590 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8671,7 +8671,7 @@ "port": 60108 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8774,7 +8774,7 @@ "port": 33536 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8865,7 +8865,7 @@ "port": 33560 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -8968,7 +8968,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9078,7 +9078,7 @@ "port": 33874 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9169,7 +9169,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9272,7 +9272,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9375,7 +9375,7 @@ "port": 33538 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9490,7 +9490,7 @@ "port": 33690 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9581,7 +9581,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9696,7 +9696,7 @@ "port": 33572 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9799,7 +9799,7 @@ "port": 33968 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9890,7 +9890,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -9999,7 +9999,7 @@ "port": 57300 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10072,7 +10072,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10173,7 +10173,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10276,7 +10276,7 @@ "port": 33880 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10367,7 +10367,7 @@ "port": 33574 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10476,7 +10476,7 @@ "port": 65315 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10566,7 +10566,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10652,7 +10652,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10747,7 +10747,7 @@ "port": 54662 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10825,7 +10825,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -10928,7 +10928,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11043,7 +11043,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11129,7 +11129,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11230,7 +11230,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11321,7 +11321,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11424,7 +11424,7 @@ "port": 33576 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11539,7 +11539,7 @@ "port": 33540 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11630,7 +11630,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11745,7 +11745,7 @@ "port": 33538 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11831,7 +11831,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11915,7 +11915,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -11999,7 +11999,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12083,7 +12083,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12178,7 +12178,7 @@ "port": 65317 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12256,7 +12256,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12354,7 +12354,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12446,7 +12446,7 @@ "port": 52328 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12524,7 +12524,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12633,7 +12633,7 @@ "port": 37292 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12711,7 +12711,7 @@ "port": 33876 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12806,7 +12806,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12901,7 +12901,7 @@ "port": 59790 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -12991,7 +12991,7 @@ "port": 33552 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13094,7 +13094,7 @@ "port": 33556 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13191,7 +13191,7 @@ "port": 65257 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13269,7 +13269,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13384,7 +13384,7 @@ "port": 33692 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13481,7 +13481,7 @@ "port": 65262 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13556,7 +13556,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13671,7 +13671,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13754,7 +13754,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13855,7 +13855,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -13938,7 +13938,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14033,7 +14033,7 @@ "port": 65322 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14111,7 +14111,7 @@ "port": 33568 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14226,7 +14226,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14312,7 +14312,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14396,7 +14396,7 @@ "port": 33564 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14491,7 +14491,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14587,7 +14587,7 @@ "port": 60126 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14684,7 +14684,7 @@ "port": 32882 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14757,7 +14757,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14852,7 +14852,7 @@ "port": 39568 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -14931,7 +14931,7 @@ "port": 58026 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15021,7 +15021,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15124,7 +15124,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15212,7 +15212,7 @@ "port": 33874 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15310,7 +15310,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15405,7 +15405,7 @@ "port": 41818 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15489,7 +15489,7 @@ "port": 60640 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15567,7 +15567,7 @@ "port": 33966 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15667,7 +15667,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15782,7 +15782,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15870,7 +15870,7 @@ "port": 33524 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -15970,7 +15970,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16080,7 +16080,7 @@ "port": 53104 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16166,7 +16166,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16250,7 +16250,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16332,7 +16332,7 @@ "port": 58100 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16413,7 +16413,7 @@ "port": 60756 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16486,7 +16486,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16578,7 +16578,7 @@ "port": 60122 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16662,7 +16662,7 @@ "port": 53972 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16740,7 +16740,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16838,7 +16838,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -16922,7 +16922,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17006,7 +17006,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17101,7 +17101,7 @@ "port": 65274 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17174,7 +17174,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17275,7 +17275,7 @@ "port": 33530 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17372,7 +17372,7 @@ "port": 65275 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17456,7 +17456,7 @@ "port": 34450 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17529,7 +17529,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17624,7 +17624,7 @@ "port": 53879 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17708,7 +17708,7 @@ "port": 60968 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17781,7 +17781,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17865,7 +17865,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -17960,7 +17960,7 @@ "port": 14236 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18035,7 +18035,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18138,7 +18138,7 @@ "port": 33690 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18241,7 +18241,7 @@ "port": 33562 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18339,7 +18339,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18440,7 +18440,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18531,7 +18531,7 @@ "port": 33590 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18646,7 +18646,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18749,7 +18749,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18835,7 +18835,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -18936,7 +18936,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19027,7 +19027,7 @@ "port": 33968 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19125,7 +19125,7 @@ "port": 52780 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19209,7 +19209,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19296,7 +19296,7 @@ "port": 44128 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19383,7 +19383,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19480,7 +19480,7 @@ "port": 54812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19570,7 +19570,7 @@ "port": 33564 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19667,7 +19667,7 @@ "port": 49438 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19745,7 +19745,7 @@ "port": 33550 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19855,7 +19855,7 @@ "port": 60110 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -19947,7 +19947,7 @@ "port": 51348 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20037,7 +20037,7 @@ "port": 33560 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20140,7 +20140,7 @@ "port": 33510 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20231,7 +20231,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20334,7 +20334,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20443,7 +20443,7 @@ "port": 41822 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20533,7 +20533,7 @@ "port": 33532 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20636,7 +20636,7 @@ "port": 33568 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20739,7 +20739,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20842,7 +20842,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -20945,7 +20945,7 @@ "port": 53106 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21042,7 +21042,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21120,7 +21120,7 @@ "port": 33532 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21223,7 +21223,7 @@ "port": 33858 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21326,7 +21326,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21429,7 +21429,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21532,7 +21532,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21647,7 +21647,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21738,7 +21738,7 @@ "port": 33558 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21836,7 +21836,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -21931,7 +21931,7 @@ "port": 33542 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22022,7 +22022,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22125,7 +22125,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22228,7 +22228,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22338,7 +22338,7 @@ "port": 33550 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22424,7 +22424,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22525,7 +22525,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22628,7 +22628,7 @@ "port": 33970 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22719,7 +22719,7 @@ "port": 33536 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22834,7 +22834,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -22931,7 +22931,7 @@ "port": 65319 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23021,7 +23021,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23112,7 +23112,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23227,7 +23227,7 @@ "port": 33966 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23330,7 +23330,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23416,7 +23416,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23500,7 +23500,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23584,7 +23584,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23679,7 +23679,7 @@ "port": 50364 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23752,7 +23752,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23836,7 +23836,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -23931,7 +23931,7 @@ "port": 53096 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24009,7 +24009,7 @@ "port": 33570 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24118,7 +24118,7 @@ "port": 33126 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24191,7 +24191,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24292,7 +24292,7 @@ "port": 52430 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24389,7 +24389,7 @@ "port": 34536 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24467,7 +24467,7 @@ "port": 33572 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24570,7 +24570,7 @@ "port": 33540 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24673,7 +24673,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24788,7 +24788,7 @@ "port": 53096 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24879,7 +24879,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -24988,7 +24988,7 @@ "port": 65318 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25061,7 +25061,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25156,7 +25156,7 @@ "port": 56478 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25246,7 +25246,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25332,7 +25332,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25421,7 +25421,7 @@ "port": 33694 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25530,7 +25530,7 @@ "port": 65276 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25608,7 +25608,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25717,7 +25717,7 @@ "port": 56410 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25796,7 +25796,7 @@ "port": 51950 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25886,7 +25886,7 @@ "port": 33876 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -25972,7 +25972,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26057,7 +26057,7 @@ "port": 58658 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26130,7 +26130,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26214,7 +26214,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26304,7 +26304,7 @@ "port": 65272 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26377,7 +26377,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26469,7 +26469,7 @@ "port": 45224 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26542,7 +26542,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26637,7 +26637,7 @@ "port": 65277 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26710,7 +26710,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26805,7 +26805,7 @@ "port": 59924 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26889,7 +26889,7 @@ "port": 65273 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -26962,7 +26962,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27043,7 +27043,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27138,7 +27138,7 @@ "port": 34646 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27208,7 +27208,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27294,7 +27294,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27397,7 +27397,7 @@ "port": 9200 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -27512,7 +27512,7 @@ "port": 33574 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml index 54b3f8cc629..53bbebfa03b 100644 --- a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud VPC Flow Logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/vpcflow/sample_event.json b/packages/gcp/data_stream/vpcflow/sample_event.json index 5d7b23cb3e3..64f2d456a2c 100644 --- a/packages/gcp/data_stream/vpcflow/sample_event.json +++ b/packages/gcp/data_stream/vpcflow/sample_event.json @@ -22,7 +22,7 @@ "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md index 35a6a0ed986..d895b92740e 100644 --- a/packages/gcp/docs/README.md +++ b/packages/gcp/docs/README.md @@ -381,7 +381,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -637,7 +637,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -880,7 +880,7 @@ An example event for `vpcflow` looks as following: "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -1109,7 +1109,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -1308,7 +1308,7 @@ An example event for `loadbalancing` looks as following: "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/audit.md b/packages/gcp/docs/audit.md index 6cccc325597..89e56cd06bb 100644 --- a/packages/gcp/docs/audit.md +++ b/packages/gcp/docs/audit.md @@ -170,7 +170,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/dns.md b/packages/gcp/docs/dns.md index ecba8002f58..24c065abb4a 100644 --- a/packages/gcp/docs/dns.md +++ b/packages/gcp/docs/dns.md @@ -148,7 +148,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/firewall.md b/packages/gcp/docs/firewall.md index a788b7ee214..f80aa34a6ae 100644 --- a/packages/gcp/docs/firewall.md +++ b/packages/gcp/docs/firewall.md @@ -159,7 +159,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/loadbalancing.md b/packages/gcp/docs/loadbalancing.md index 208fb15de94..c1d8a0256e4 100644 --- a/packages/gcp/docs/loadbalancing.md +++ b/packages/gcp/docs/loadbalancing.md @@ -37,7 +37,7 @@ An example event for `loadbalancing` looks as following: "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/docs/vpcflow.md b/packages/gcp/docs/vpcflow.md index 34d6fe65418..d17c51354aa 100644 --- a/packages/gcp/docs/vpcflow.md +++ b/packages/gcp/docs/vpcflow.md @@ -151,7 +151,7 @@ An example event for `vpcflow` looks as following: "port": 5601 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index a0ed48e2f1b..bf3bdc6a9b2 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.19.1" +version: "2.20.0" release: ga description: Collect logs and metrics from Google Cloud Platform with Elastic Agent. type: integration From f975a7e8bf6929e1d2e0cb90921fdce41e9b04be Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:45 +0530 Subject: [PATCH 050/137] [gcp_pubsub] - update ECS to 8.7.0 This updates the gcp_pubsub integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/gcp_pubsub --- packages/gcp_pubsub/_dev/build/build.yml | 2 +- packages/gcp_pubsub/changelog.yml | 5 +++++ packages/gcp_pubsub/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/gcp_pubsub/_dev/build/build.yml b/packages/gcp_pubsub/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/gcp_pubsub/_dev/build/build.yml +++ b/packages/gcp_pubsub/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/gcp_pubsub/changelog.yml b/packages/gcp_pubsub/changelog.yml index ae204128bbf..4a7cead43a1 100644 --- a/packages/gcp_pubsub/changelog.yml +++ b/packages/gcp_pubsub/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/gcp_pubsub/manifest.yml b/packages/gcp_pubsub/manifest.yml index d5a2be84a43..f9bbcc85200 100644 --- a/packages/gcp_pubsub/manifest.yml +++ b/packages/gcp_pubsub/manifest.yml @@ -1,6 +1,6 @@ name: gcp_pubsub title: Custom Google Pub/Sub Logs -version: "1.4.1" +version: "1.5.0" release: ga description: Collect Logs from Google Pub/Sub topics type: integration From f9366d3d28413ca5916fc0063c77fa8f885bc39b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:47 +0530 Subject: [PATCH 051/137] [github] - update ECS to 8.7.0 from 8.6.0 This updates the github integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/github --- packages/github/_dev/build/build.yml | 2 +- packages/github/changelog.yml | 5 + .../test-audit-json.log-expected.json | 378 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- ...-ghas-code-scanning-json.log-expected.json | 18 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../code_scanning/sample_event.json | 2 +- ...est-ghas-dependabot-json.log-expected.json | 16 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dependabot/sample_event.json | 2 +- .../test-github-issues-json.log-expected.json | 10 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/issues/sample_event.json | 2 +- ...has-secret-scanning-json.log-expected.json | 18 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../secret_scanning/sample_event.json | 2 +- packages/github/docs/README.md | 8 +- packages/github/manifest.yml | 2 +- 19 files changed, 241 insertions(+), 236 deletions(-) diff --git a/packages/github/_dev/build/build.yml b/packages/github/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/github/_dev/build/build.yml +++ b/packages/github/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index d82b4e8b35e..de5a6f52e45 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.0" changes: - description: Release Github datastreams as GA. diff --git a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json index e91f19c955a..9d48276ec0e 100644 --- a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json +++ b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-03-04T23:24:11.067Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -36,7 +36,7 @@ { "@timestamp": "2020-03-04T23:24:11.273Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -69,7 +69,7 @@ { "@timestamp": "2020-03-04T23:24:11.179Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -152,7 +152,7 @@ { "@timestamp": "2020-03-04T23:24:11.101Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -185,7 +185,7 @@ { "@timestamp": "2020-03-04T23:24:11.214Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -218,7 +218,7 @@ { "@timestamp": "2020-03-04T23:24:11.364Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -301,7 +301,7 @@ { "@timestamp": "2020-03-04T23:42:30.878Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -347,7 +347,7 @@ { "@timestamp": "2020-03-04T23:24:11.144Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -380,7 +380,7 @@ { "@timestamp": "2020-03-04T23:24:11.325Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -413,7 +413,7 @@ { "@timestamp": "2020-03-05T02:45:22.166Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -464,7 +464,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.create", @@ -498,7 +498,7 @@ { "@timestamp": "2020-03-04T23:24:11.399Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "organization_default_label.create", @@ -531,7 +531,7 @@ { "@timestamp": "2020-03-04T23:24:08.566Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -582,7 +582,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.oauth_app_access_approved", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.create", @@ -670,7 +670,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -774,7 +774,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -863,7 +863,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.create", @@ -1012,7 +1012,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -1062,7 +1062,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1101,7 +1101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -1153,7 +1153,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-01-25T22:02:24.633Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1288,7 +1288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -1340,7 +1340,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1425,7 +1425,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -1472,7 +1472,7 @@ { "@timestamp": "2021-01-26T01:10:57.848Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.actions_enabled", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -1549,7 +1549,7 @@ { "@timestamp": "2021-01-25T21:57:02.014Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -1600,7 +1600,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1685,7 +1685,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "integration_installation.create", @@ -1770,7 +1770,7 @@ { "@timestamp": "2021-01-25T21:57:36.834Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -1821,7 +1821,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.create", @@ -1860,7 +1860,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.invite_member", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.create", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -2000,7 +2000,7 @@ { "@timestamp": "2021-01-25T22:00:13.018Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.add_member", @@ -2051,7 +2051,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -2103,7 +2103,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -2142,7 +2142,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2181,7 +2181,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2220,7 +2220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2259,7 +2259,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2298,7 +2298,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2337,7 +2337,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2376,7 +2376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2454,7 +2454,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2493,7 +2493,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.add_member", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -2573,7 +2573,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2612,7 +2612,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -2649,7 +2649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.transfer", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2732,7 +2732,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2771,7 +2771,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -2808,7 +2808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2847,7 +2847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -2893,7 +2893,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2932,7 +2932,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3006,7 +3006,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -3091,7 +3091,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -3128,7 +3128,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3165,7 +3165,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3239,7 +3239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3276,7 +3276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -3313,7 +3313,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -3350,7 +3350,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3387,7 +3387,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3424,7 +3424,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3461,7 +3461,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3535,7 +3535,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3572,7 +3572,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3609,7 +3609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3646,7 +3646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3683,7 +3683,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3757,7 +3757,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -3794,7 +3794,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -3831,7 +3831,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3870,7 +3870,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", @@ -3944,7 +3944,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -3981,7 +3981,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -4057,7 +4057,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.create", @@ -4096,7 +4096,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.add_member", @@ -4134,7 +4134,7 @@ { "@timestamp": "2021-07-03T03:33:42.495Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.update_default_branch", @@ -4173,7 +4173,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.remove_member", @@ -4225,7 +4225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -4277,7 +4277,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.add_member", @@ -4320,7 +4320,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.remove_member", @@ -4372,7 +4372,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.create", @@ -4411,7 +4411,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.remove_member", @@ -4463,7 +4463,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.update_repository_permission", @@ -4508,7 +4508,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.remove_member", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -4606,7 +4606,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.destroy", @@ -4645,7 +4645,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.remove_member", @@ -4697,7 +4697,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "project.create", @@ -4731,7 +4731,7 @@ { "@timestamp": "2021-09-20T13:54:28.095Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.actions_enabled", @@ -4770,7 +4770,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -4809,7 +4809,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -4848,7 +4848,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -4887,7 +4887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -4926,7 +4926,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -4965,7 +4965,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review.submit", @@ -5002,7 +5002,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5041,7 +5041,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -5080,7 +5080,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -5119,7 +5119,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -5171,7 +5171,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "required_status_check.create", @@ -5210,7 +5210,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5249,7 +5249,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5288,7 +5288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -5327,7 +5327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5405,7 +5405,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.create", @@ -5448,7 +5448,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5487,7 +5487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -5533,7 +5533,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -5579,7 +5579,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.create", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -5657,7 +5657,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -5696,7 +5696,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5735,7 +5735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -5774,7 +5774,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -5808,7 +5808,7 @@ { "@timestamp": "2021-09-17T16:59:20.413Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.actions_enabled", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -5886,7 +5886,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.create", @@ -5929,7 +5929,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -5968,7 +5968,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "required_status_check.create", @@ -6007,7 +6007,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.rename", @@ -6046,7 +6046,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6085,7 +6085,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6124,7 +6124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -6163,7 +6163,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.access", @@ -6241,7 +6241,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6280,7 +6280,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -6319,7 +6319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -6358,7 +6358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -6397,7 +6397,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6436,7 +6436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -6475,7 +6475,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6514,7 +6514,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "project.create", @@ -6553,7 +6553,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.audit_log_export", @@ -6596,7 +6596,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_member", @@ -6648,7 +6648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6687,7 +6687,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6726,7 +6726,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.merge", @@ -6765,7 +6765,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -6843,7 +6843,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -6882,7 +6882,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request_review_comment.create", @@ -6919,7 +6919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -6962,7 +6962,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -7008,7 +7008,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -7047,7 +7047,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -7086,7 +7086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.create", @@ -7131,7 +7131,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "team.add_repository", @@ -7177,7 +7177,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -7216,7 +7216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -7255,7 +7255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -7294,7 +7294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_pull_request_reviews_enforcement_level", @@ -7333,7 +7333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -7372,7 +7372,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -7411,7 +7411,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "repo.change_merge_setting", @@ -7450,7 +7450,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create", @@ -7489,7 +7489,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "protected_branch.policy_override", @@ -7528,7 +7528,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.ready_for_review", @@ -7567,7 +7567,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.audit_log_git_event_export", @@ -7610,7 +7610,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "git.clone", @@ -7649,7 +7649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "hook.create", @@ -7688,7 +7688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pull_request.create_review_request", diff --git a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 5a694c817f8..f986b30ed0d 100644 --- a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: diff --git a/packages/github/data_stream/audit/sample_event.json b/packages/github/data_stream/audit/sample_event.json index 1d4f545b2c5..ec774c78d33 100644 --- a/packages/github/data_stream/audit/sample_event.json +++ b/packages/github/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json index 20fa5403238..5dc5cfff2c6 100644 --- a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json +++ b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-13T12:29:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -80,7 +80,7 @@ { "@timestamp": "2020-02-13T12:29:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -168,7 +168,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -236,7 +236,7 @@ { "@timestamp": "2022-07-07T17:10:47.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -317,7 +317,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -385,7 +385,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -453,7 +453,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -520,7 +520,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", @@ -601,7 +601,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "code_scanning", diff --git a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml index 983fd676904..7e2b71ede75 100644 --- a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.action value: "code_scanning" diff --git a/packages/github/data_stream/code_scanning/sample_event.json b/packages/github/data_stream/code_scanning/sample_event.json index 20fc4fcbf3a..f786172885c 100644 --- a/packages/github/data_stream/code_scanning/sample_event.json +++ b/packages/github/data_stream/code_scanning/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json index 232174ae751..d892e6f038f 100644 --- a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json +++ b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -110,7 +110,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -218,7 +218,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -330,7 +330,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -438,7 +438,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -527,7 +527,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -636,7 +636,7 @@ { "@timestamp": "2022-07-12T03:02:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", @@ -753,7 +753,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dependabot", diff --git a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml index e1249eaa5e2..6cc2ce39876 100644 --- a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - set: field: event.action value: "dependabot" diff --git a/packages/github/data_stream/dependabot/sample_event.json b/packages/github/data_stream/dependabot/sample_event.json index 00e9d65f4fe..49620caec93 100644 --- a/packages/github/data_stream/dependabot/sample_event.json +++ b/packages/github/data_stream/dependabot/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json b/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json index e3e7c54bc22..9fc5415bb7d 100644 --- a/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json +++ b/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-04-22T13:33:48.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "event", @@ -110,7 +110,7 @@ { "@timestamp": "2022-11-23T15:06:34.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "event", @@ -203,7 +203,7 @@ { "@timestamp": "2022-11-23T13:03:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "event", @@ -277,7 +277,7 @@ { "@timestamp": "2022-11-23T10:57:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "event", @@ -363,7 +363,7 @@ { "@timestamp": "2022-11-23T10:44:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "event", diff --git a/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml index 20a7a520fbe..687ad111ee4 100644 --- a/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.action value: "event" diff --git a/packages/github/data_stream/issues/sample_event.json b/packages/github/data_stream/issues/sample_event.json index 13bff3b3cde..d1808a961f5 100644 --- a/packages/github/data_stream/issues/sample_event.json +++ b/packages/github/data_stream/issues/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json index f3bb3568d39..98431e4e36e 100644 --- a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json +++ b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-07T02:47:13.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -65,7 +65,7 @@ { "@timestamp": "2020-11-06T18:18:30.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -103,7 +103,7 @@ { "@timestamp": "2022-07-07T12:56:24.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -152,7 +152,7 @@ { "@timestamp": "2022-07-07T12:54:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -191,7 +191,7 @@ { "@timestamp": "2022-07-07T12:48:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -230,7 +230,7 @@ { "@timestamp": "2022-07-07T10:52:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -269,7 +269,7 @@ { "@timestamp": "2022-07-07T12:45:43.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -322,7 +322,7 @@ { "@timestamp": "2022-07-07T09:47:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", @@ -361,7 +361,7 @@ { "@timestamp": "2022-07-07T10:13:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret_scanning", diff --git a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml index 83d5923339d..c11413ae0a1 100644 --- a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.action value: "secret_scanning" diff --git a/packages/github/data_stream/secret_scanning/sample_event.json b/packages/github/data_stream/secret_scanning/sample_event.json index 38c7dc27476..14575e00b90 100644 --- a/packages/github/data_stream/secret_scanning/sample_event.json +++ b/packages/github/data_stream/secret_scanning/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/docs/README.md b/packages/github/docs/README.md index ffee16fbe46..b8798de7423 100644 --- a/packages/github/docs/README.md +++ b/packages/github/docs/README.md @@ -85,7 +85,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", @@ -255,7 +255,7 @@ An example event for `code_scanning` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", @@ -432,7 +432,7 @@ An example event for `secret_scanning` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", @@ -620,7 +620,7 @@ An example event for `dependabot` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a16136da-2b7a-4bd4-b3bf-996e86e74a2e", diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index bc2675bd858..4f219850b8d 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: "1.9.0" +version: "1.10.0" release: ga description: Collect logs from GitHub with Elastic Agent. type: integration From 0a3d0b495742a520a9816bdbb76d6a8dfff040a6 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:47 +0530 Subject: [PATCH 052/137] [google_cloud_storage] - update ECS to 8.7.0 This updates the google_cloud_storage integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/google_cloud_storage --- packages/google_cloud_storage/_dev/build/build.yml | 2 +- packages/google_cloud_storage/changelog.yml | 5 +++++ packages/google_cloud_storage/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/google_cloud_storage/_dev/build/build.yml b/packages/google_cloud_storage/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/google_cloud_storage/_dev/build/build.yml +++ b/packages/google_cloud_storage/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/google_cloud_storage/changelog.yml b/packages/google_cloud_storage/changelog.yml index a8304a72ee4..163016767ae 100644 --- a/packages/google_cloud_storage/changelog.yml +++ b/packages/google_cloud_storage/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.1.0" changes: - description: Initial Release diff --git a/packages/google_cloud_storage/manifest.yml b/packages/google_cloud_storage/manifest.yml index adee0db1a89..95d8285f1a8 100644 --- a/packages/google_cloud_storage/manifest.yml +++ b/packages/google_cloud_storage/manifest.yml @@ -3,7 +3,7 @@ name: google_cloud_storage title: Custom GCS (Google Cloud Storage) Input description: Collect JSON data from configured GCS Bucket with Elastic Agent. type: integration -version: "0.1.0" +version: "0.2.0" conditions: kibana.version: "^8.6.2" categories: From 80f1f2af0bf3e05b6bdb82277d9f8ab95a59ca05 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:53 +0530 Subject: [PATCH 053/137] [google_workspace] - update ECS to 8.7.0 from 8.6.0 This updates the google_workspace integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/google_workspace --- .../google_workspace/_dev/build/build.yml | 2 +- packages/google_workspace/changelog.yml | 5 + ...test-access-transparency.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../access_transparency/sample_event.json | 2 +- .../test-admin-application.log-expected.json | 18 +- .../test-admin-calendar.log-expected.json | 26 +-- .../test-admin-chat.log-expected.json | 8 +- .../test-admin-chromeos.log-expected.json | 42 ++--- .../test-admin-contacts.log-expected.json | 2 +- ...est-admin-delegatedadmin.log-expected.json | 16 +- .../test-admin-docs.log-expected.json | 6 +- .../test-admin-domain.log-expected.json | 170 +++++++++--------- .../test-admin-gmail.log-expected.json | 20 +-- .../test-admin-groups.log-expected.json | 28 +-- .../test-admin-licenses.log-expected.json | 16 +- .../test-admin-mobile.log-expected.json | 62 +++---- .../pipeline/test-admin-org.log-expected.json | 34 ++-- .../test-admin-security.log-expected.json | 48 ++--- .../test-admin-sites.log-expected.json | 10 +- .../test-admin-user.log-expected.json | 148 +++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/admin/sample_event.json | 2 +- .../pipeline/test-alert.log-expected.json | 28 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alert/sample_event.json | 2 +- ...est-context-aware-access.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../context_aware_access/sample_event.json | 2 +- .../pipeline/test-device.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/device/sample_event.json | 2 +- .../pipeline/test-drive.log-expected.json | 56 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/drive/sample_event.json | 2 +- .../test/pipeline/test-gcp.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/gcp/sample_event.json | 2 +- .../test-group-enterprise.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../group_enterprise/sample_event.json | 2 +- .../pipeline/test-groups.log-expected.json | 50 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/groups/sample_event.json | 2 +- .../pipeline/test-login.log-expected.json | 28 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/login/sample_event.json | 2 +- .../pipeline/test-rules.log-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/rules/sample_event.json | 2 +- .../test/pipeline/test-saml.log-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/saml/sample_event.json | 2 +- .../pipeline/test-token.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/token/sample_event.json | 2 +- .../test-user-accounts.log-expected.json | 18 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../user_accounts/sample_event.json | 2 +- packages/google_workspace/docs/README.md | 28 +-- packages/google_workspace/manifest.yml | 2 +- 61 files changed, 476 insertions(+), 471 deletions(-) diff --git a/packages/google_workspace/_dev/build/build.yml b/packages/google_workspace/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/google_workspace/_dev/build/build.yml +++ b/packages/google_workspace/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 6d0fa3a56d9..4c5aeeef892 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.4.0" changes: - description: Add support for new Access Transparency, Context Aware Access, Device, GCP, Group Enterprise and Token Data Streams. diff --git a/packages/google_workspace/data_stream/access_transparency/_dev/test/pipeline/test-access-transparency.log-expected.json b/packages/google_workspace/data_stream/access_transparency/_dev/test/pipeline/test-access-transparency.log-expected.json index f60b75ba8fd..4a4d8ae0be1 100644 --- a/packages/google_workspace/data_stream/access_transparency/_dev/test/pipeline/test-access-transparency.log-expected.json +++ b/packages/google_workspace/data_stream/access_transparency/_dev/test/pipeline/test-access-transparency.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-01T06:24:42.442Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACCESS", diff --git a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml index fbb88e18a85..1ee2df2d3d4 100644 --- a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace access transparency logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/access_transparency/sample_event.json b/packages/google_workspace/data_stream/access_transparency/sample_event.json index 9452bd271cd..0b53c2a3299 100644 --- a/packages/google_workspace/data_stream/access_transparency/sample_event.json +++ b/packages/google_workspace/data_stream/access_transparency/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json index 5a6ced98e83..fbd33ad6b6e 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_APPLICATION_SETTING", @@ -103,7 +103,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_APPLICATION_SETTING", @@ -202,7 +202,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_APPLICATION_SETTING", @@ -301,7 +301,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -388,7 +388,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GPLUS_PREMIUM_FEATURES", @@ -467,7 +467,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_MANAGED_CONFIGURATION", @@ -545,7 +545,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_MANAGED_CONFIGURATION", @@ -623,7 +623,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_MANAGED_CONFIGURATION", @@ -702,7 +702,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json index 49c74afe751..7aafb7d9a74 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_BUILDING", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_BUILDING", @@ -159,7 +159,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_BUILDING", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE", @@ -320,7 +320,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE", @@ -398,7 +398,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -476,7 +476,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -554,7 +554,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -638,7 +638,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME_CALENDAR_RESOURCE", @@ -717,7 +717,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE", @@ -800,7 +800,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CALENDAR_SETTING", @@ -899,7 +899,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CANCEL_CALENDAR_EVENTS", @@ -982,7 +982,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RELEASE_CALENDAR_RESOURCES", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json index 0a56a018c12..35b9e053d7a 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MEET_INTEROP_CREATE_GATEWAY", @@ -80,7 +80,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MEET_INTEROP_DELETE_GATEWAY", @@ -157,7 +157,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -235,7 +235,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHAT_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json index ac7f897f799..7f5c766a91c 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING", @@ -105,7 +105,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DEVICE_STATE", @@ -185,7 +185,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -287,7 +287,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -365,7 +365,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -442,7 +442,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -525,7 +525,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -607,7 +607,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -690,7 +690,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -767,7 +767,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -844,7 +844,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -923,7 +923,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INSERT_CHROME_OS_PRINTER", @@ -1000,7 +1000,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_CHROME_OS_PRINTER", @@ -1077,7 +1077,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINTER", @@ -1156,7 +1156,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_SETTING", @@ -1239,7 +1239,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CHROME_OS_USER_SETTING", @@ -1322,7 +1322,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ISSUE_DEVICE_COMMAND", @@ -1404,7 +1404,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -1484,7 +1484,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -1561,7 +1561,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_DEVICE", @@ -1639,7 +1639,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json index 38bfa2611ae..d66b7b835a7 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json index 616cbf89e9c..541ac96d26b 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ASSIGN_ROLE", @@ -92,7 +92,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_ROLE", @@ -170,7 +170,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_ROLE", @@ -248,7 +248,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_PRIVILEGE", @@ -329,7 +329,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_PRIVILEGE", @@ -410,7 +410,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME_ROLE", @@ -488,7 +488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_ROLE", @@ -566,7 +566,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNASSIGN_ROLE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json index 3678b950e28..0330d71b088 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TRANSFER_DOCUMENT_OWNERSHIP", @@ -90,7 +90,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DRIVE_DATA_RESTORE", @@ -176,7 +176,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DOCS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json index 48ab9037eb7..4188ad2df56 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ACCOUNT_AUTO_RENEWAL", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_APPLICATION", @@ -160,7 +160,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_APPLICATION_TO_WHITELIST", @@ -238,7 +238,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ADVERTISEMENT_OPTION", @@ -317,7 +317,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_ALERT", @@ -394,7 +394,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ALERT_CRITERIA", @@ -471,7 +471,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_ALERT", @@ -548,7 +548,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ALERT_RECEIVERS_CHANGED", @@ -627,7 +627,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME_ALERT", @@ -703,7 +703,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ALERT_STATUS_CHANGED", @@ -782,7 +782,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_DOMAIN_ALIAS", @@ -860,7 +860,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_DOMAIN_ALIAS", @@ -938,7 +938,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SKIP_DOMAIN_ALIAS_MX", @@ -1016,7 +1016,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS_MX", @@ -1094,7 +1094,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS", @@ -1173,7 +1173,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -1252,7 +1252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -1331,7 +1331,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_API_ACCESS", @@ -1411,7 +1411,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -1497,7 +1497,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_API_CLIENT_ACCESS", @@ -1579,7 +1579,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_LICENSES_REDEEMED", @@ -1658,7 +1658,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1736,7 +1736,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_PRIMARY_DOMAIN", @@ -1814,7 +1814,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_WHITELIST_SETTING", @@ -1894,7 +1894,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1977,7 +1977,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -2056,7 +2056,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_FEEDBACK_SOLICITATION", @@ -2136,7 +2136,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_CONTACT_SHARING", @@ -2215,7 +2215,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -2292,7 +2292,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_USE_CUSTOM_LOGO", @@ -2371,7 +2371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CUSTOM_LOGO", @@ -2448,7 +2448,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -2527,7 +2527,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -2607,7 +2607,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -2684,7 +2684,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -2761,7 +2761,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VIEW_DNS_LOGIN_DETAILS", @@ -2838,7 +2838,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -2917,7 +2917,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -2996,7 +2996,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DOMAIN_NAME", @@ -3074,7 +3074,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -3152,7 +3152,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -3231,7 +3231,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_TRUSTED_DOMAINS", @@ -3308,7 +3308,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_TRUSTED_DOMAINS", @@ -3385,7 +3385,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_EDU_TYPE", @@ -3464,7 +3464,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -3543,7 +3543,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_SSO_ENABLED", @@ -3622,7 +3622,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_SSL", @@ -3701,7 +3701,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -3778,7 +3778,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GENERATE_TRANSFER_TOKEN", @@ -3850,7 +3850,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -3929,7 +3929,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_LOGIN_BORDER_COLOR", @@ -4008,7 +4008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -4087,7 +4087,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PLAY_FOR_WORK_ENROLL", @@ -4165,7 +4165,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PLAY_FOR_WORK_UNENROLL", @@ -4242,7 +4242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MX_RECORD_VERIFICATION_CLAIM", @@ -4328,7 +4328,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_NEW_APP_FEATURES", @@ -4407,7 +4407,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -4486,7 +4486,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPLOAD_OAUTH_CERTIFICATE", @@ -4563,7 +4563,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -4640,7 +4640,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_OPEN_ID_ENABLED", @@ -4719,7 +4719,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ORGANIZATION_NAME", @@ -4798,7 +4798,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_OUTBOUND_RELAY", @@ -4881,7 +4881,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -4960,7 +4960,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -5039,7 +5039,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -5118,7 +5118,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -5198,7 +5198,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_APPLICATION", @@ -5276,7 +5276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -5354,7 +5354,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -5433,7 +5433,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_RESELLER_ACCESS", @@ -5509,7 +5509,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RULE_ACTIONS_CHANGED", @@ -5586,7 +5586,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_RULE", @@ -5663,7 +5663,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_RULE_CRITERIA", @@ -5740,7 +5740,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_RULE", @@ -5817,7 +5817,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME_RULE", @@ -5893,7 +5893,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RULE_STATUS_CHANGED", @@ -5972,7 +5972,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_SECONDARY_DOMAIN", @@ -6050,7 +6050,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_SECONDARY_DOMAIN", @@ -6128,7 +6128,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SKIP_SECONDARY_DOMAIN_MX", @@ -6206,7 +6206,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -6284,7 +6284,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN", @@ -6362,7 +6362,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -6441,7 +6441,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_SSO_SETTINGS", @@ -6519,7 +6519,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GENERATE_PIN", @@ -6591,7 +6591,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_RULE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json index 933e9346bd0..3c50c417f26 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DROP_FROM_QUARANTINE", @@ -83,7 +83,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EMAIL_LOG_SEARCH", @@ -172,7 +172,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EMAIL_UNDELETE", @@ -258,7 +258,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_EMAIL_SETTING", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_GMAIL_SETTING", @@ -442,7 +442,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_GMAIL_SETTING", @@ -527,7 +527,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_GMAIL_SETTING", @@ -612,7 +612,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REJECT_FROM_QUARANTINE", @@ -692,7 +692,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RELEASE_FROM_QUARANTINE", @@ -772,7 +772,7 @@ { "@timestamp": "2022-03-07T04:48:46.816Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EMAIL_LOG_SEARCH", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json index e2da354b016..12a1200ca72 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_GROUP", @@ -90,7 +90,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_GROUP", @@ -177,7 +177,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_GROUP_DESCRIPTION", @@ -265,7 +265,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_LIST_DOWNLOAD", @@ -338,7 +338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_GROUP_MEMBER", @@ -433,7 +433,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_GROUP_MEMBER", @@ -528,7 +528,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_GROUP_MEMBER", @@ -625,7 +625,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -722,7 +722,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -819,7 +819,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_MEMBER_BULK_UPLOAD", @@ -898,7 +898,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GROUP_MEMBERS_DOWNLOAD", @@ -971,7 +971,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_GROUP_NAME", @@ -1060,7 +1060,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_GROUP_SETTING", @@ -1153,7 +1153,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "WHITELISTED_GROUPS_UPDATED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json index cf62e089f96..6f90249a75c 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ORG_USERS_LICENSE_ASSIGNMENT", @@ -84,7 +84,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -165,7 +165,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_LICENSE_ASSIGNMENT", @@ -252,7 +252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -331,7 +331,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_LICENSE_REASSIGNMENT", @@ -419,7 +419,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ORG_LICENSE_REVOKE", @@ -500,7 +500,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_LICENSE_REVOKE", @@ -587,7 +587,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_DYNAMIC_LICENSE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json index 7a220bab3cf..e2178fe9ba0 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_CANCELLED", @@ -97,7 +97,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACTION_REQUESTED", @@ -191,7 +191,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_MOBILE_CERTIFICATE", @@ -276,7 +276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMPANY_DEVICES_BULK_CREATION", @@ -353,7 +353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -431,7 +431,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMPANY_DEVICE_DELETION", @@ -509,7 +509,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -587,7 +587,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_WIPED", @@ -665,7 +665,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -756,7 +756,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -836,7 +836,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -922,7 +922,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -1014,7 +1014,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -1100,7 +1100,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_APPROVE", @@ -1188,7 +1188,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_BLOCK", @@ -1276,7 +1276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_DELETE", @@ -1364,7 +1364,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_WIPE", @@ -1452,7 +1452,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_SETTING", @@ -1538,7 +1538,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -1618,7 +1618,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1701,7 +1701,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1784,7 +1784,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1867,7 +1867,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1950,7 +1950,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_MOBILE_CERTIFICATE", @@ -2035,7 +2035,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -2107,7 +2107,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -2179,7 +2179,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -2251,7 +2251,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -2323,7 +2323,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_ACCOUNT_WIPE", @@ -2411,7 +2411,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -2499,7 +2499,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json index a86f2069a42..da12032c4b6 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_LICENSES_ENABLED", @@ -86,7 +86,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -170,7 +170,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -253,7 +253,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -338,7 +338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -415,7 +415,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ASSIGN_CUSTOM_LOGO", @@ -492,7 +492,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNASSIGN_CUSTOM_LOGO", @@ -569,7 +569,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_ENROLLMENT_TOKEN", @@ -646,7 +646,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_ENROLLMENT_TOKEN", @@ -723,7 +723,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHROME_LICENSES_ALLOWED", @@ -806,7 +806,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_ORG_UNIT", @@ -883,7 +883,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_ORG_UNIT", @@ -960,7 +960,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -1037,7 +1037,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOVE_ORG_UNIT", @@ -1115,7 +1115,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EDIT_ORG_UNIT_NAME", @@ -1193,7 +1193,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -1270,7 +1270,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_SERVICE_ENABLED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json index ae014a306e4..57c5ccf8259 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ALLOW_STRONG_AUTHENTICATION", @@ -83,7 +83,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -249,7 +249,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -335,7 +335,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -419,7 +419,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -503,7 +503,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BLOCK_ON_DEVICE_ACCESS", @@ -585,7 +585,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -678,7 +678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -771,7 +771,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -864,7 +864,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -957,7 +957,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -1049,7 +1049,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_CAA_ENABLEMENT", @@ -1124,7 +1124,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CAA_ERROR_MESSAGE", @@ -1202,7 +1202,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -1292,7 +1292,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1369,7 +1369,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1446,7 +1446,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -1539,7 +1539,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENFORCE_STRONG_AUTHENTICATION", @@ -1638,7 +1638,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1718,7 +1718,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1811,7 +1811,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1894,7 +1894,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_SESSION_LENGTH", @@ -1971,7 +1971,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNBLOCK_ON_DEVICE_ACCESS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json index 401a423f72a..de7579d4754 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_WEB_ADDRESS", @@ -91,7 +91,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_WEB_ADDRESS", @@ -179,7 +179,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_SITES_SETTING", @@ -265,7 +265,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -349,7 +349,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VIEW_SITE_DETAILS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json index eb96d8fe977..5f9fadfdbdb 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_2SV_SCRATCH_CODES", @@ -87,7 +87,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GENERATE_2SV_SCRATCH_CODES", @@ -171,7 +171,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_3LO_DEVICE_TOKENS", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_3LO_TOKEN", @@ -346,7 +346,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_RECOVERY_EMAIL", @@ -430,7 +430,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_RECOVERY_PHONE", @@ -514,7 +514,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GRANT_ADMIN_PRIVILEGE", @@ -598,7 +598,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_ADMIN_PRIVILEGE", @@ -682,7 +682,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_ASP", @@ -769,7 +769,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -854,7 +854,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BULK_UPLOAD", @@ -935,7 +935,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -1022,7 +1022,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CANCEL_USER_INVITE", @@ -1109,7 +1109,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_CUSTOM_FIELD", @@ -1198,7 +1198,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_EXTERNAL_ID", @@ -1284,7 +1284,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_GENDER", @@ -1370,7 +1370,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_IM", @@ -1456,7 +1456,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ENABLE_USER_IP_WHITELIST", @@ -1542,7 +1542,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_KEYWORD", @@ -1628,7 +1628,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_LANGUAGE", @@ -1714,7 +1714,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_LOCATION", @@ -1800,7 +1800,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_ORGANIZATION", @@ -1886,7 +1886,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_PHONE_NUMBER", @@ -1972,7 +1972,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_RECOVERY_EMAIL", @@ -2056,7 +2056,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_RECOVERY_PHONE", @@ -2140,7 +2140,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_RELATION", @@ -2226,7 +2226,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_USER_ADDRESS", @@ -2312,7 +2312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_EMAIL_MONITOR", @@ -2408,7 +2408,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_DATA_TRANSFER_REQUEST", @@ -2496,7 +2496,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -2581,7 +2581,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_ACCOUNT_INFO_DUMP", @@ -2668,7 +2668,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_EMAIL_MONITOR", @@ -2755,7 +2755,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_MAILBOX_DUMP", @@ -2842,7 +2842,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_FIRST_NAME", @@ -2928,7 +2928,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GMAIL_RESET_USER", @@ -3013,7 +3013,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_LAST_NAME", @@ -3099,7 +3099,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -3184,7 +3184,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -3269,7 +3269,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ADD_NICKNAME", @@ -3354,7 +3354,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_NICKNAME", @@ -3439,7 +3439,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_PASSWORD", @@ -3523,7 +3523,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -3609,7 +3609,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -3681,7 +3681,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_RECOVERY_EMAIL", @@ -3765,7 +3765,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REMOVE_RECOVERY_PHONE", @@ -3849,7 +3849,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REQUEST_ACCOUNT_INFO", @@ -3933,7 +3933,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REQUEST_MAILBOX_DUMP", @@ -4025,7 +4025,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RESEND_USER_INVITE", @@ -4112,7 +4112,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RESET_SIGNIN_COOKIES", @@ -4196,7 +4196,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -4280,7 +4280,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REVOKE_SECURITY_KEY", @@ -4364,7 +4364,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_INVITE", @@ -4451,7 +4451,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "VIEW_TEMP_PASSWORD", @@ -4538,7 +4538,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TURN_OFF_2_STEP_VERIFICATION", @@ -4622,7 +4622,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNBLOCK_USER_SESSION", @@ -4706,7 +4706,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNENROLL_USER_FROM_TITANIUM", @@ -4790,7 +4790,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ARCHIVE_USER", @@ -4874,7 +4874,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE_BIRTHDATE", @@ -4959,7 +4959,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE_USER", @@ -5043,7 +5043,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE_USER", @@ -5127,7 +5127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DOWNGRADE_USER_FROM_GPLUS", @@ -5211,7 +5211,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -5295,7 +5295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DOWNLOAD_USERLIST_CSV", @@ -5367,7 +5367,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "MOVE_USER_TO_ORG_UNIT", @@ -5455,7 +5455,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -5540,7 +5540,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RENAME_USER", @@ -5625,7 +5625,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -5709,7 +5709,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SUSPEND_USER", @@ -5793,7 +5793,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNARCHIVE_USER", @@ -5877,7 +5877,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNDELETE_USER", @@ -5961,7 +5961,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UNSUSPEND_USER", @@ -6045,7 +6045,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPGRADE_USER_TO_GPLUS", @@ -6129,7 +6129,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USERS_BULK_UPLOAD", @@ -6207,7 +6207,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index ac19b335ff1..903d838d1dd 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/admin/sample_event.json b/packages/google_workspace/data_stream/admin/sample_event.json index 94a366f526d..275bcd60107 100644 --- a/packages/google_workspace/data_stream/admin/sample_event.json +++ b/packages/google_workspace/data_stream/admin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/google_workspace/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index bf43a519118..cbaa85b343e 100644 --- a/packages/google_workspace/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/google_workspace/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-10T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -159,7 +159,7 @@ { "@timestamp": "2022-07-11T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Domain wide takeout", @@ -232,7 +232,7 @@ { "@timestamp": "2022-07-12T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -376,7 +376,7 @@ { "@timestamp": "2022-07-13T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Google identity", @@ -453,7 +453,7 @@ { "@timestamp": "2022-07-14T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Google Operations", @@ -546,7 +546,7 @@ { "@timestamp": "2022-07-15T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "State Sponsored Attack", @@ -613,7 +613,7 @@ { "@timestamp": "2022-07-16T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "State Sponsored Attack", @@ -703,7 +703,7 @@ { "@timestamp": "2022-07-17T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AppMaker Editor", @@ -782,7 +782,7 @@ { "@timestamp": "2022-07-18T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Security Center rules", @@ -874,7 +874,7 @@ { "@timestamp": "2022-07-19T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Data Loss Prevention", @@ -1009,7 +1009,7 @@ { "@timestamp": "2022-07-20T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Apps outage", @@ -1095,7 +1095,7 @@ { "@timestamp": "2022-07-21T10:49:29.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Sensitive Admin Action", @@ -1207,7 +1207,7 @@ { "@timestamp": "2021-08-10T14:06:29.101Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Google identity", @@ -1272,7 +1272,7 @@ { "@timestamp": "2022-07-27T03:31:28.440Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Reporting Rule", diff --git a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 1f7de9636d2..0f463915920 100644 --- a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Google Workspace Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/alert/sample_event.json b/packages/google_workspace/data_stream/alert/sample_event.json index eb35b8e663f..86112f3791e 100644 --- a/packages/google_workspace/data_stream/alert/sample_event.json +++ b/packages/google_workspace/data_stream/alert/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/data_stream/context_aware_access/_dev/test/pipeline/test-context-aware-access.log-expected.json b/packages/google_workspace/data_stream/context_aware_access/_dev/test/pipeline/test-context-aware-access.log-expected.json index 0460af3a883..95cd0b9deef 100644 --- a/packages/google_workspace/data_stream/context_aware_access/_dev/test/pipeline/test-context-aware-access.log-expected.json +++ b/packages/google_workspace/data_stream/context_aware_access/_dev/test/pipeline/test-context-aware-access.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-01T06:24:42.442Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ACCESS_DENY_EVENT", diff --git a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml index 779c0c32ea8..f5a972b41b2 100644 --- a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace context aware access logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/context_aware_access/sample_event.json b/packages/google_workspace/data_stream/context_aware_access/sample_event.json index a180b0d9f49..cf39c3d9592 100644 --- a/packages/google_workspace/data_stream/context_aware_access/sample_event.json +++ b/packages/google_workspace/data_stream/context_aware_access/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/device/_dev/test/pipeline/test-device.log-expected.json b/packages/google_workspace/data_stream/device/_dev/test/pipeline/test-device.log-expected.json index 3e38ff3877e..b3cd8a483be 100644 --- a/packages/google_workspace/data_stream/device/_dev/test/pipeline/test-device.log-expected.json +++ b/packages/google_workspace/data_stream/device/_dev/test/pipeline/test-device.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "APPLICATION_EVENT", diff --git a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml index 10570676f2f..34d520c1333 100644 --- a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace device logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/device/sample_event.json b/packages/google_workspace/data_stream/device/sample_event.json index 55c951c7c45..e398b265fd4 100644 --- a/packages/google_workspace/data_stream/device/sample_event.json +++ b/packages/google_workspace/data_stream/device/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json index ad83fbe4a5d..5be9b7b258c 100644 --- a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json +++ b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add_to_folder", @@ -97,7 +97,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "approval_canceled", @@ -191,7 +191,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "approval_comment_added", @@ -285,7 +285,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "approval_requested", @@ -379,7 +379,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "approval_reviewer_responded", @@ -473,7 +473,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -565,7 +565,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", @@ -657,7 +657,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "download", @@ -749,7 +749,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "edit", @@ -841,7 +841,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add_lock", @@ -933,7 +933,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move", @@ -1029,7 +1029,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "preview", @@ -1121,7 +1121,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "print", @@ -1213,7 +1213,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove_from_folder", @@ -1307,7 +1307,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rename", @@ -1401,7 +1401,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "untrash", @@ -1493,7 +1493,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sheets_import_range", @@ -1585,7 +1585,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "trash", @@ -1677,7 +1677,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove_lock", @@ -1769,7 +1769,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "upload", @@ -1861,7 +1861,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "view", @@ -1954,7 +1954,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_acl_editors", @@ -2052,7 +2052,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_document_access_scope", @@ -2151,7 +2151,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_document_visibility", @@ -2250,7 +2250,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "shared_drive_membership_change", @@ -2349,7 +2349,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "shared_drive_settings_change", @@ -2448,7 +2448,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sheets_import_range_access_change", @@ -2542,7 +2542,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_user_access", diff --git a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml index 2f75bfe6225..2122f9b249c 100644 --- a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: file diff --git a/packages/google_workspace/data_stream/drive/sample_event.json b/packages/google_workspace/data_stream/drive/sample_event.json index 51d58ee877d..65fb68e1e04 100644 --- a/packages/google_workspace/data_stream/drive/sample_event.json +++ b/packages/google_workspace/data_stream/drive/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/data_stream/gcp/_dev/test/pipeline/test-gcp.log-expected.json b/packages/google_workspace/data_stream/gcp/_dev/test/pipeline/test-gcp.log-expected.json index 5654c1798f1..58d3572272b 100644 --- a/packages/google_workspace/data_stream/gcp/_dev/test/pipeline/test-gcp.log-expected.json +++ b/packages/google_workspace/data_stream/gcp/_dev/test/pipeline/test-gcp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-01T06:24:42.442Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "IMPORT_SSH_PUBLIC_KEY", diff --git a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml index 550f856d58b..7a5ed95bf98 100644 --- a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace GCP logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/gcp/sample_event.json b/packages/google_workspace/data_stream/gcp/sample_event.json index 1263a965446..a61190e5232 100644 --- a/packages/google_workspace/data_stream/gcp/sample_event.json +++ b/packages/google_workspace/data_stream/gcp/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/group_enterprise/_dev/test/pipeline/test-group-enterprise.log-expected.json b/packages/google_workspace/data_stream/group_enterprise/_dev/test/pipeline/test-group-enterprise.log-expected.json index 1b944f5d0b1..b2097154bbe 100644 --- a/packages/google_workspace/data_stream/group_enterprise/_dev/test/pipeline/test-group-enterprise.log-expected.json +++ b/packages/google_workspace/data_stream/group_enterprise/_dev/test/pipeline/test-group-enterprise.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add_info_setting", diff --git a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml index d4040e029a4..51dcfc27f5f 100644 --- a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace group enterprise logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/group_enterprise/sample_event.json b/packages/google_workspace/data_stream/group_enterprise/sample_event.json index d9903fcf2b9..ee66c24842b 100644 --- a/packages/google_workspace/data_stream/group_enterprise/sample_event.json +++ b/packages/google_workspace/data_stream/group_enterprise/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json index 7b545ad2dad..9d8f7ad6fe7 100644 --- a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json +++ b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_acl_permission", @@ -97,7 +97,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept_invitation", @@ -184,7 +184,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "approve_join_request", @@ -278,7 +278,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "join", @@ -365,7 +365,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "request_to_join", @@ -452,7 +452,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_basic_setting", @@ -542,7 +542,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create_group", @@ -628,7 +628,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete_group", @@ -714,7 +714,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_identity_setting", @@ -804,7 +804,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add_info_setting", @@ -893,7 +893,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_info_setting", @@ -983,7 +983,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove_info_setting", @@ -1072,7 +1072,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_new_members_restrictions_setting", @@ -1162,7 +1162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_post_replies_setting", @@ -1252,7 +1252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_spam_moderation_setting", @@ -1342,7 +1342,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "change_topic_setting", @@ -1432,7 +1432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "moderate_message", @@ -1523,7 +1523,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "always_post_from_user", @@ -1617,7 +1617,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add_user", @@ -1712,7 +1712,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ban_user_with_moderation", @@ -1807,7 +1807,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "revoke_invitation", @@ -1901,7 +1901,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "invite_user", @@ -1995,7 +1995,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reject_join_request", @@ -2089,7 +2089,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reinvite_user", @@ -2183,7 +2183,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove_user", diff --git a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml index 0a4fe6e9296..382eb70ac88 100644 --- a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/groups/sample_event.json b/packages/google_workspace/data_stream/groups/sample_event.json index 4893c90d0c3..018078bff87 100644 --- a/packages/google_workspace/data_stream/groups/sample_event.json +++ b/packages/google_workspace/data_stream/groups/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json index 1f0b9a720eb..32539b67fc3 100644 --- a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json +++ b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account_disabled_password_leak", @@ -84,7 +84,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "suspicious_login", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "suspicious_login_less_secure_app", @@ -248,7 +248,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "suspicious_programmatic_login", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account_disabled_generic", @@ -411,7 +411,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account_disabled_spamming_through_relay", @@ -492,7 +492,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account_disabled_spamming", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account_disabled_hijacked", @@ -656,7 +656,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "gov_attack_warning", @@ -728,7 +728,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_failure", @@ -807,7 +807,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_challenge", @@ -885,7 +885,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_verification", @@ -963,7 +963,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logout", @@ -1039,7 +1039,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml index 21b46e7347d..c00a6d4ae2e 100644 --- a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/login/sample_event.json b/packages/google_workspace/data_stream/login/sample_event.json index 8db90ffa73b..bfaa8016c7a 100644 --- a/packages/google_workspace/data_stream/login/sample_event.json +++ b/packages/google_workspace/data_stream/login/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b6313eb2-d3c3-4571-922c-38ad512d6f81", diff --git a/packages/google_workspace/data_stream/rules/_dev/test/pipeline/test-rules.log-expected.json b/packages/google_workspace/data_stream/rules/_dev/test/pipeline/test-rules.log-expected.json index 6a13555fa1f..c3dd7a482d2 100644 --- a/packages/google_workspace/data_stream/rules/_dev/test/pipeline/test-rules.log-expected.json +++ b/packages/google_workspace/data_stream/rules/_dev/test/pipeline/test-rules.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rule_match", @@ -117,7 +117,7 @@ { "@timestamp": "2020-11-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rule_match", diff --git a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml index f3b6140dd22..50735f26c5c 100644 --- a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace rules logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/rules/sample_event.json b/packages/google_workspace/data_stream/rules/sample_event.json index 237f0d57c2a..00fbab4b234 100644 --- a/packages/google_workspace/data_stream/rules/sample_event.json +++ b/packages/google_workspace/data_stream/rules/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json index d29d238685b..9c5a9644ace 100644 --- a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json +++ b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_failure", @@ -85,7 +85,7 @@ { "@timestamp": "2020-10-02T15:00:01.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml index 143b50a8bef..131ed454eec 100644 --- a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/google_workspace/data_stream/saml/sample_event.json b/packages/google_workspace/data_stream/saml/sample_event.json index 31c52309bdb..373d3341d30 100644 --- a/packages/google_workspace/data_stream/saml/sample_event.json +++ b/packages/google_workspace/data_stream/saml/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/data_stream/token/_dev/test/pipeline/test-token.log-expected.json b/packages/google_workspace/data_stream/token/_dev/test/pipeline/test-token.log-expected.json index f78bd8df829..e21c39696ac 100644 --- a/packages/google_workspace/data_stream/token/_dev/test/pipeline/test-token.log-expected.json +++ b/packages/google_workspace/data_stream/token/_dev/test/pipeline/test-token.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-01-01T06:24:42.442Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize", diff --git a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml index c5bb3b7571f..e9649c9d73b 100644 --- a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace token logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/google_workspace/data_stream/token/sample_event.json b/packages/google_workspace/data_stream/token/sample_event.json index 5e750b9d647..d57da65a072 100644 --- a/packages/google_workspace/data_stream/token/sample_event.json +++ b/packages/google_workspace/data_stream/token/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json index 5397e01756b..c8a1d42c872 100644 --- a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json +++ b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "2sv_disable", @@ -76,7 +76,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "2sv_enroll", @@ -149,7 +149,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password_edit", @@ -222,7 +222,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recovery_email_edit", @@ -295,7 +295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recovery_phone_edit", @@ -368,7 +368,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recovery_secret_qa_edit", @@ -441,7 +441,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "titanium_enroll", @@ -514,7 +514,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "titanium_unenroll", @@ -587,7 +587,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "email_forwarding_out_of_domain", diff --git a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml index 485bacc6185..4624ec4c6d2 100644 --- a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/google_workspace/data_stream/user_accounts/sample_event.json b/packages/google_workspace/data_stream/user_accounts/sample_event.json index c35fb2e625d..96dab985036 100644 --- a/packages/google_workspace/data_stream/user_accounts/sample_event.json +++ b/packages/google_workspace/data_stream/user_accounts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", diff --git a/packages/google_workspace/docs/README.md b/packages/google_workspace/docs/README.md index bf7fa114d59..e3d14351432 100644 --- a/packages/google_workspace/docs/README.md +++ b/packages/google_workspace/docs/README.md @@ -153,7 +153,7 @@ An example event for `saml` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -288,7 +288,7 @@ An example event for `user_accounts` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -409,7 +409,7 @@ An example event for `login` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b6313eb2-d3c3-4571-922c-38ad512d6f81", @@ -545,7 +545,7 @@ An example event for `rules` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -751,7 +751,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -980,7 +980,7 @@ An example event for `drive` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -1145,7 +1145,7 @@ An example event for `groups` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -1297,7 +1297,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "82201d77-903f-45f1-beeb-078f493497c5", @@ -1612,7 +1612,7 @@ An example event for `device` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -1871,7 +1871,7 @@ An example event for `group_enterprise` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -2049,7 +2049,7 @@ An example event for `token` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -2249,7 +2249,7 @@ An example event for `access_transparency` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -2419,7 +2419,7 @@ An example event for `context_aware_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", @@ -2578,7 +2578,7 @@ An example event for `gcp` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "63e521db-2c15-4ef6-8ded-c7365b0cb8bd", diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 03fecc7d7cc..4d5670bff67 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace -version: 2.4.0 +version: "2.5.0" source: license: Elastic-2.0 description: Collect logs from Google Workspace with Elastic Agent. From a63ed7ae8141e1c73fc894004ae3f7c7ba8e3b29 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:54 +0530 Subject: [PATCH 054/137] [hashicorp_vault] - update ECS to 8.7.0 from 8.6.0 This updates the hashicorp_vault integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/hashicorp_vault --- packages/hashicorp_vault/_dev/build/build.yml | 2 +- packages/hashicorp_vault/changelog.yml | 5 ++++ .../pipeline/test-audit.log-expected.json | 18 +++++++------- .../test-faked-all-fields.log-expected.json | 8 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../test/pipeline/test-log.log-expected.json | 24 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/metrics/sample_event.json | 2 +- packages/hashicorp_vault/docs/README.md | 4 ++-- packages/hashicorp_vault/manifest.yml | 2 +- 13 files changed, 40 insertions(+), 35 deletions(-) diff --git a/packages/hashicorp_vault/_dev/build/build.yml b/packages/hashicorp_vault/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/hashicorp_vault/_dev/build/build.yml +++ b/packages/hashicorp_vault/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index b0718aaa3d4..60aa7b658b6 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 8a6c08391b2..5c0211f9e5b 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-01T20:29:04.356Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -93,7 +93,7 @@ { "@timestamp": "2020-12-01T20:29:04.360Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -202,7 +202,7 @@ { "@timestamp": "2021-07-19T17:19:00.673Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -260,7 +260,7 @@ { "@timestamp": "2021-07-19T17:19:00.674Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -324,7 +324,7 @@ { "@timestamp": "2021-06-29T17:26:11.402Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -407,7 +407,7 @@ { "@timestamp": "2021-06-29T17:26:11.409Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -504,7 +504,7 @@ { "@timestamp": "2021-06-29T18:01:29.545Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -585,7 +585,7 @@ { "@timestamp": "2021-06-29T18:01:29.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -710,7 +710,7 @@ { "@timestamp": "2021-12-30T17:11:12.468Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "help", diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json index 0365974f00a..b2a0811f431 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-04-09T21:04:29.640Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -69,7 +69,7 @@ { "@timestamp": "2018-04-09T21:04:29.642Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -163,7 +163,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -252,7 +252,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", diff --git a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b23ff4c25b3..370ef59c44d 100644 --- a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/hashicorp_vault/data_stream/audit/sample_event.json b/packages/hashicorp_vault/data_stream/audit/sample_event.json index 6207c35f243..4d828f98cd9 100644 --- a/packages/hashicorp_vault/data_stream/audit/sample_event.json +++ b/packages/hashicorp_vault/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "03109bfa-7015-46bd-9433-3879357210cd", diff --git a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 79cf1f3840e..fd318a595de 100644 --- a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-16T06:30:48.194Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -27,7 +27,7 @@ { "@timestamp": "2021-07-16T06:33:08.867Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -50,7 +50,7 @@ { "@timestamp": "2021-07-09T17:20:27.184Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -77,7 +77,7 @@ { "@timestamp": "2021-07-09T17:20:27.190Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -100,7 +100,7 @@ { "@timestamp": "2021-07-09T17:20:27.182Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -127,7 +127,7 @@ { "@timestamp": "2021-07-09T17:20:27.212Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -151,7 +151,7 @@ { "@timestamp": "2021-07-09T17:04:06.945Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -175,7 +175,7 @@ { "@timestamp": "2021-07-16T19:05:02.795Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -198,7 +198,7 @@ { "@timestamp": "2021-07-09T17:01:42.203Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -222,7 +222,7 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -245,7 +245,7 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -272,7 +272,7 @@ { "@timestamp": "2021-07-22T17:33:20.691Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 16ff69fa674..1a91e0e7ca0 100644 --- a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault operational logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/hashicorp_vault/data_stream/log/sample_event.json b/packages/hashicorp_vault/data_stream/log/sample_event.json index 6484ecfc512..b1427cf6598 100644 --- a/packages/hashicorp_vault/data_stream/log/sample_event.json +++ b/packages/hashicorp_vault/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml index 2aada25b2de..b623c1e560e 100644 --- a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml @@ -11,7 +11,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: service.type value: hashicorp_vault diff --git a/packages/hashicorp_vault/data_stream/metrics/sample_event.json b/packages/hashicorp_vault/data_stream/metrics/sample_event.json index d0c8f349323..c125047ca42 100644 --- a/packages/hashicorp_vault/data_stream/metrics/sample_event.json +++ b/packages/hashicorp_vault/data_stream/metrics/sample_event.json @@ -13,7 +13,7 @@ "type": "metrics" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/docs/README.md b/packages/hashicorp_vault/docs/README.md index b29d4ea865b..062cb93359a 100644 --- a/packages/hashicorp_vault/docs/README.md +++ b/packages/hashicorp_vault/docs/README.md @@ -97,7 +97,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "03109bfa-7015-46bd-9433-3879357210cd", @@ -331,7 +331,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 99b2e0a61c4..75b890293c2 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: "1.9.1" +version: "1.10.0" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration From 49734ed0de3e509ad95f644802a94c1c4211d6d7 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:55 +0530 Subject: [PATCH 055/137] [hid_bravura_monitor] - update ECS to 8.7.0 from 8.6.0 This updates the hid_bravura_monitor integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/hid_bravura_monitor --- .../hid_bravura_monitor/_dev/build/build.yml | 2 +- packages/hid_bravura_monitor/changelog.yml | 5 ++ ...test-hid-bravura-monitor.log-expected.json | 64 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- ...-bravura-monitor-events.json-expected.json | 12 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/winlog/sample_event.json | 2 +- packages/hid_bravura_monitor/docs/README.md | 6 +- packages/hid_bravura_monitor/manifest.yml | 2 +- 10 files changed, 52 insertions(+), 47 deletions(-) diff --git a/packages/hid_bravura_monitor/_dev/build/build.yml b/packages/hid_bravura_monitor/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/hid_bravura_monitor/_dev/build/build.yml +++ b/packages/hid_bravura_monitor/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index 8d0c4eb079c..f0594d185b9 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json index 0c6ab678efe..f28e813dfee 100644 --- a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json +++ b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json @@ -3,10 +3,10 @@ { "@timestamp": "2021-01-16T00:38:18.515Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442610080Z", + "ingested": "2023-03-31T13:28:55.140316543Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -33,10 +33,10 @@ { "@timestamp": "2021-01-16T00:35:25.258Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442622700Z", + "ingested": "2023-03-31T13:28:55.140327793Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -63,10 +63,10 @@ { "@timestamp": "2021-01-27T00:31:24.499Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442624348Z", + "ingested": "2023-03-31T13:28:55.140328543Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -93,10 +93,10 @@ { "@timestamp": "2021-01-16T00:35:34.317Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442625507Z", + "ingested": "2023-03-31T13:28:55.140329126Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -123,10 +123,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442626503Z", + "ingested": "2023-03-31T13:28:55.140329626Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -160,10 +160,10 @@ { "@timestamp": "2021-01-16T11:54:34.234Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442627455Z", + "ingested": "2023-03-31T13:28:55.140330251Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -197,10 +197,10 @@ { "@timestamp": "2021-10-21T19:13:31.679Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442628370Z", + "ingested": "2023-03-31T13:28:55.140330793Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -227,10 +227,10 @@ { "@timestamp": "2021-01-16T00:35:32.941Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442629428Z", + "ingested": "2023-03-31T13:28:55.140331293Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -269,10 +269,10 @@ { "@timestamp": "2021-01-16T11:54:18.663Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442630367Z", + "ingested": "2023-03-31T13:28:55.140331751Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -308,10 +308,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442631301Z", + "ingested": "2023-03-31T13:28:55.140332293Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -345,10 +345,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442632237Z", + "ingested": "2023-03-31T13:28:55.140332793Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -380,10 +380,10 @@ { "@timestamp": "2021-02-05T08:43:13.839Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442633441Z", + "ingested": "2023-03-31T13:28:55.140333585Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -416,10 +416,10 @@ { "@timestamp": "2021-01-16T11:54:25.839Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442634378Z", + "ingested": "2023-03-31T13:28:55.140334335Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -452,10 +452,10 @@ { "@timestamp": "2021-01-27T14:36:47.026Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442635345Z", + "ingested": "2023-03-31T13:28:55.140334918Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -489,10 +489,10 @@ { "@timestamp": "2021-02-04T18:03:38.605Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442636269Z", + "ingested": "2023-03-31T13:28:55.140335418Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -527,10 +527,10 @@ { "@timestamp": "2021-01-16T00:35:32.958Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { - "ingested": "2022-11-07T14:25:40.442637228Z", + "ingested": "2023-03-31T13:28:55.140335876Z", "timezone": "UTC" }, "hid_bravura_monitor": { diff --git a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e97261b518b..2b223cd734a 100644 --- a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing hid_bravura_monitor logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' description: Set ecs.version to 1.12.0 - set: field: event.ingested diff --git a/packages/hid_bravura_monitor/data_stream/log/sample_event.json b/packages/hid_bravura_monitor/data_stream/log/sample_event.json index 57bdfe7d4fa..107f18a7893 100644 --- a/packages/hid_bravura_monitor/data_stream/log/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "02ab444e-ca97-437b-85dc-d580f055047c", diff --git a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json index f3eef1b2be6..d3c263aeec2 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json @@ -3,11 +3,11 @@ { "@timestamp": "2020-05-13T09:04:04.755Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "118", - "ingested": "2022-11-07T14:25:40.641255632Z", + "ingested": "2023-03-31T13:28:55.286290210Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, @@ -46,11 +46,11 @@ { "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "64", - "ingested": "2022-11-07T14:25:40.641265874Z", + "ingested": "2023-03-31T13:28:55.286298876Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, @@ -92,11 +92,11 @@ { "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "94", - "ingested": "2022-11-07T14:25:40.641267441Z", + "ingested": "2023-03-31T13:28:55.286299835Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, diff --git a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml index fec8b2cd9cc..7a054895093 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml @@ -356,7 +356,7 @@ processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: log.level diff --git a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json index 8edfd40cf19..cef25107919 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json @@ -85,6 +85,6 @@ "type": "filebeat" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" } } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index 7321e43cbd2..f8c6c29b411 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -167,7 +167,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "02ab444e-ca97-437b-85dc-d580f055047c", @@ -523,7 +523,7 @@ An example event for `winlog` looks as following: "type": "filebeat" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" } } ``` @@ -572,7 +572,7 @@ An example event for `winlog` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index 5408bc472e1..14e8231a43f 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Bravura Monitor -version: "1.5.1" +version: "1.6.0" categories: ["security", "iam"] release: ga description: Collect logs from Bravura Security Fabric with Elastic Agent. From 82a03d0096c8dc025ab8f0f2ea088967ffe07a64 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:55 +0530 Subject: [PATCH 056/137] [http_endpoint] - update ECS to 8.7.0 This updates the http_endpoint integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/http_endpoint --- packages/http_endpoint/_dev/build/build.yml | 2 +- packages/http_endpoint/changelog.yml | 5 +++++ packages/http_endpoint/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/http_endpoint/_dev/build/build.yml b/packages/http_endpoint/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/http_endpoint/_dev/build/build.yml +++ b/packages/http_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/http_endpoint/changelog.yml b/packages/http_endpoint/changelog.yml index 0090108065b..54f1482ddbb 100644 --- a/packages/http_endpoint/changelog.yml +++ b/packages/http_endpoint/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/http_endpoint/manifest.yml b/packages/http_endpoint/manifest.yml index 3100adea0ae..91db505541c 100644 --- a/packages/http_endpoint/manifest.yml +++ b/packages/http_endpoint/manifest.yml @@ -3,7 +3,7 @@ name: http_endpoint title: Custom HTTP Endpoint Logs description: Collect JSON data from listening HTTP port with Elastic Agent. type: integration -version: "1.6.1" +version: "1.7.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" From 2cc24a2b0a476af6a8644d2c1c27a57796df940e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:56 +0530 Subject: [PATCH 057/137] [httpjson] - update ECS to 8.7.0 This updates the httpjson integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/httpjson --- packages/httpjson/_dev/build/build.yml | 2 +- packages/httpjson/changelog.yml | 5 +++++ packages/httpjson/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/httpjson/_dev/build/build.yml b/packages/httpjson/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/httpjson/_dev/build/build.yml +++ b/packages/httpjson/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml index d02d19310ba..f7b72c62b73 100644 --- a/packages/httpjson/changelog.yml +++ b/packages/httpjson/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/httpjson/manifest.yml b/packages/httpjson/manifest.yml index bf1ddaf67a3..7c217cab644 100644 --- a/packages/httpjson/manifest.yml +++ b/packages/httpjson/manifest.yml @@ -3,7 +3,7 @@ name: httpjson title: Custom API description: Collect custom events from an API endpoint with Elastic agent type: integration -version: "1.7.1" +version: "1.8.0" release: ga conditions: kibana.version: "^8.4.0" From c2dae5e2d8440ac55f0e9f7d70f176693f3d2cc2 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:57 +0530 Subject: [PATCH 058/137] [imperva] - update ECS to 8.7.0 from 8.6.0 This updates the imperva integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/imperva --- packages/imperva/_dev/build/build.yml | 2 +- packages/imperva/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../securesphere/sample_event.json | 2 +- packages/imperva/docs/README.md | 2 +- packages/imperva/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/imperva/_dev/build/build.yml b/packages/imperva/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/imperva/_dev/build/build.yml +++ b/packages/imperva/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index e42f98e8b00..783f4920258 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.12.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json index 952c29bfceb..1ddefaf7250 100644 --- a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.70.155.35,dstPort=892,dbUsername=tatno,srcIP=10.81.122.126,srcPort=4141,creatTime=29 January 2016 06:09:59,srvGroup=uam,service=untutl,appName=rad,event#=taliqu,eventType=Login,usrGroup=ommod,usrAuth=True,application=\"scivel\",osUsername=aqui,srcHost=radipis5408.mail.local,dbName=enatuse,schemaName=magn,bindVar=equuntu,sqlError=failure,respSize=5910,respTime=10.347000,affRows=sum,action=\"cancel\",rawQuery=\"sit\"", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=nimadmin,createTime=2016-02-12 13:12:33,eventType=erep,eventSev=low,username=temq,subsystem=ugiatqu,message=\"eacomm\"", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.58.116.231,dstPort=996,dbUsername=qua,srcIP=10.159.182.171,srcPort=3947,creatTime=2016-02-26 20:15:08,srvGroup=apariat,service=mol,appName=pteursi,event#=onse,eventType=rumet,usrGroup=oll,usrAuth=erc,application=\"taliqu\",osUsername=temUten,srcHost=ccusan7572.api.home,dbName=aveniam,schemaName=uradi,bindVar=nimadmin,sqlError=failure,respSize=3626,respTime=79.328000,affRows=ender,action=\"accept\",rawQuery=\"ehenderi\"", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.232.27.250,dstPort=7838,dbUsername=mquidol,srcIP=10.18.124.28,srcPort=7668,creatTime=12 March 2016 03:17:42,srvGroup=rsitamet,service=lupt,appName=xea,event#=qua,eventType=Login,usrGroup=luptatev,usrAuth=False,application=\"admi\",osUsername=modocons,srcHost=elaudant5931.internal.invalid,dbName=lores,schemaName=lapariat,bindVar=eddoei,sqlError=failure,respSize=6564,respTime=87.496000,affRows=nimadmin,action=\"cancel\",rawQuery=\"xercitat\"", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=ationemu,event#=ice,createTime=2016-03-26 10:20:16,updateTime=estiae,alertSev=high,group=laborum,ruleName=\"tionof\",evntDesc=\"snostrud\",category=nama,disposition=quisnos,eventType=ite,proto=icmp,srcPort=2707,srcIP=10.6.137.200,dstPort=5697,dstIP=10.197.250.10,policyName=\"bor\",occurrences=7243,httpHost=hitect,webMethod=dol,url=\"https://internal.example.net/namali/taevit.html?nsecte=itame#eumfug\",webQuery=\"lit\",soapAction=asun,resultCode=estia,sessionID=eaq,username=occae,addUsername=ctetura,responseTime=labore,responseSize=texp,direction=external,dbUsername=adeseru,queryGroup=emoe,application=\"eaq\",srcHost=amest4147.mail.host,osUsername=intoc,schemaName=oluptas,dbName=tNequepo,hdrName=lup,action=cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=sperna,event#=eabilloi,createTime=2016-04-09 17:22:51,updateTime=estia,alertSev=medium,group=tlab,ruleName=\"volupt\",evntDesc=\"osqui\",category=xerc,disposition=iutali,eventType=fdeFi,proto=igmp,srcPort=1696,srcIP=10.179.124.125,dstPort=5473,dstIP=10.36.194.106,policyName=\"eprehend\",occurrences=2462,httpHost=dutper,webMethod=lamcolab,url=\"https://example.net/tlabo/uames.gif?mpo=offi#giatnu\",webQuery=\"ulapa\",soapAction=liqui,resultCode=quioffi,sessionID=uptate,username=ncidid,addUsername=quaturve,responseTime=sequa,responseSize=aera,direction=outbound,dbUsername=rvel,queryGroup=uid,application=\"onsecte\",srcHost=eratv6205.internal.lan,osUsername=reme,schemaName=acommod,dbName=uaUteni,hdrName=udantium,action=accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.149.43,dstPort=3304,dbUsername=eveli,srcIP=10.211.105.204,srcPort=2742,creatTime=2016-04-24 00:25:25,srvGroup=aliquide,service=ofde,appName=equat,event#=derit,eventType=Logout,usrGroup=dexea,usrAuth=True,application=\"atcu\",osUsername=labor,srcHost=didunt1355.corp,dbName=udan,schemaName=orema,bindVar=invento,sqlError=failure,respSize=6855,respTime=74.098000,affRows=nofdeFin,action=\"accept\",rawQuery=\"rau\"", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.191.180,dstPort=5848,dbUsername=ipsumdol,srcIP=10.112.250.193,srcPort=5705,creatTime=2016-05-08 07:27:59,srvGroup=urerepr,service=ese,appName=isaute,event#=ptatemq,eventType=Logout,usrGroup=luptatev,usrAuth=False,application=\"tlabore\",osUsername=Exc,srcHost=pora6854.www5.home,dbName=nevo,schemaName=ide,bindVar=aali,sqlError=success,respSize=6852,respTime=49.573000,affRows=etcons,action=\"cancel\",rawQuery=\"tenbyCi\"", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.251.20.13,dstPort=264,dbUsername=iquipe,srcIP=10.192.34.76,srcPort=1450,creatTime=2016-05-22 14:30:33,srvGroup=upida,service=tvolupt,appName=eufugi,event#=pici,eventType=abor,usrGroup=utpe,usrAuth=onsequ,application=\"temqu\",osUsername=ovol,srcHost=ptasn6599.www.localhost,dbName=lore,schemaName=tnonpro,bindVar=ionemu,sqlError=success,respSize=3645,respTime=20.909000,affRows=tanimid,action=\"deny\",rawQuery=\"uamni\"", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.74.105.218,dstPort=2438,dbUsername=archite,srcIP=10.59.138.212,srcPort=7829,creatTime=2016-06-05 21:33:08,srvGroup=asi,service=datatno,appName=siutali,event#=amnih,eventType=Logout,usrGroup=ium,usrAuth=True,application=\"esciuntN\",osUsername=idunt,srcHost=ptasnu6684.mail.lan,dbName=orumSe,schemaName=boree,bindVar=intoc,sqlError=success,respSize=248,respTime=158.450000,affRows=eeufugia,action=\"block\",rawQuery=\"ofdeFini\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.168.159.13,dstPort=3319,dbUsername=inci,srcIP=10.230.173.4,srcPort=2631,creatTime=2016-06-20 04:35:42,srvGroup=avol,service=icero,appName=xer,event#=emipsumd,eventType=Logout,usrGroup=isisten,usrAuth=False,application=\"cusant\",osUsername=atemq,srcHost=rinre2977.api.corp,dbName=totamre,schemaName=isnostr,bindVar=umqu,sqlError=success,respSize=6135,respTime=86.668000,affRows=inesci,action=\"accept\",rawQuery=\"uia\"", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.49.167.57,dstPort=2119,dbUsername=tali,srcIP=10.41.21.204,srcPort=3540,creatTime=4 July 2016 11:38:16,srvGroup=rpori,service=ice,appName=oles,event#=edic,eventType=Login,usrGroup=seq,usrAuth=True,application=\"tutlab\",osUsername=sau,srcHost=atevelit2450.local,dbName=aperia,schemaName=ccaeca,bindVar=umdolo,sqlError=failure,respSize=6818,respTime=115.224000,affRows=stenatu,action=\"block\",rawQuery=\"orumSe\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=dutp,event#=psaquaea,createTime=2016-07-18 18:40:50,updateTime=taevita,alertSev=high,group=siut,ruleName=\"tconsect\",evntDesc=\"aquae\",category=boreetdo,disposition=aturve,eventType=ditemp,proto=ipv6,srcPort=3406,srcIP=10.216.125.252,dstPort=5592,dstIP=10.62.147.186,policyName=\"eumiure\",occurrences=4603,httpHost=ima,webMethod=quasia,url=\"https://example.org/umwrit/uptate.html?ctetura=aveni#elit\",webQuery=\"seosqui\",soapAction=sequamni,resultCode=uradi,sessionID=tot,username=llamco,addUsername=nea,responseTime=psum,responseSize=tasnulap,direction=inbound,dbUsername=umSe,queryGroup=xeacomm,application=\"cinge\",srcHost=itla658.api.localhost,osUsername=lorsita,schemaName=dolore,dbName=uptate,hdrName=quidexea,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=ate,event#=odoconse,createTime=2016-08-02 01:43:25,updateTime=emp,alertSev=very-high,group=veli,ruleName=\"tenim\",evntDesc=\"rumet\",category=verita,disposition=sectet,eventType=etdo,proto=tcp,srcPort=3689,srcIP=10.52.125.9,dstPort=2538,dstIP=10.204.128.215,policyName=\"ama\",occurrences=332,httpHost=runtmol,webMethod=texpli,url=\"https://api.example.org/roidents/tem.txt?tametcon=liqua#mvele\",webQuery=\"isis\",soapAction=uasiar,resultCode=utlab,sessionID=emUteni,username=rum,addUsername=gnaaliqu,responseTime=teirured,responseSize=onemulla,direction=external,dbUsername=bor,queryGroup=rauto,application=\"ationev\",srcHost=umdolor4389.api.home,osUsername=paquioff,schemaName=nci,dbName=isau,hdrName=rautodi,action=deny", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.68.129,dstPort=2558,dbUsername=icabo,srcIP=10.34.148.166,srcPort=3022,creatTime=2016-08-16 08:45:59,srvGroup=preh,service=ercit,appName=etMal,event#=qua,eventType=rsita,usrGroup=ate,usrAuth=ipsamvo,application=\"onula\",osUsername=miu,srcHost=rationev6444.localhost,dbName=tatem,schemaName=untutlab,bindVar=amcor,sqlError=failure,respSize=5427,respTime=176.685000,affRows=oremq,action=\"block\",rawQuery=\"uisaute\"", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.226.101.180,dstPort=1000,dbUsername=siu,srcIP=10.134.5.40,srcPort=7284,creatTime=30 August 2016 15:48:33,srvGroup=llamc,service=nte,appName=mvel,event#=nof,eventType=Login,usrGroup=usmodi,usrAuth=False,application=\"mvolu\",osUsername=conse,srcHost=ipi7727.www5.domain,dbName=isiu,schemaName=licabo,bindVar=enimadmi,sqlError=success,respSize=6356,respTime=41.238000,affRows=xeaco,action=\"deny\",rawQuery=\"amcor\"", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.126.26.131,dstPort=2595,dbUsername=velite,srcIP=10.30.98.10,srcPort=7576,creatTime=13 September 2016 22:51:07,srvGroup=itation,service=sequatD,appName=nimave,event#=isciv,eventType=Login,usrGroup=rroqu,usrAuth=False,application=\"nofd\",osUsername=dipisci,srcHost=spernatu5539.domain,dbName=quunt,schemaName=olori,bindVar=mquae,sqlError=unknown,respSize=7717,respTime=96.729000,affRows=cidunt,action=\"accept\",rawQuery=\"borisnis\"", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.190.10.219,dstPort=5530,dbUsername=accusant,srcIP=10.233.120.207,srcPort=136,creatTime=2016-09-28 05:53:42,srvGroup=stenatu,service=inibu,appName=est,event#=uptatemU,eventType=Logout,usrGroup=leumiu,usrAuth=False,application=\"tla\",osUsername=item,srcHost=nimid372.api.corp,dbName=atcupid,schemaName=quamnih,bindVar=dminima,sqlError=success,respSize=3278,respTime=60.949000,affRows=tame,action=\"cancel\",rawQuery=\"reetd\"", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=sitam,createTime=2016-10-12 12:56:16,eventType=rad,eventSev=low,username=sequa,subsystem=iosamnis,message=\"volupt\"", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.100.98.56,dstPort=1089,dbUsername=boru,srcIP=10.248.184.200,srcPort=5315,creatTime=2016-10-26 19:58:50,srvGroup=ptatem,service=ptatevel,appName=tenatuse,event#=psaqua,eventType=Logout,usrGroup=ullamcor,usrAuth=False,application=\"itationu\",osUsername=proident,srcHost=maliquam2147.internal.home,dbName=lores,schemaName=ritati,bindVar=orisni,sqlError=failure,respSize=5923,respTime=179.541000,affRows=sitam,action=\"deny\",rawQuery=\"mmodoc\"", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.197.6.245,dstPort=27,dbUsername=dtempo,srcIP=10.82.28.220,srcPort=3570,creatTime=10 November 2016 03:01:24,srvGroup=imad,service=tinvolup,appName=tsed,event#=inv,eventType=Login,usrGroup=rroq,usrAuth=False,application=\"rcit\",osUsername=aecatcup,srcHost=olabor2983.internal.localhost,dbName=citatio,schemaName=oluptat,bindVar=mveniamq,sqlError=success,respSize=3071,respTime=120.142000,affRows=eaqueips,action=\"allow\",rawQuery=\"aturve\"", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.6.27.103,dstPort=3179,dbUsername=redol,srcIP=10.167.252.183,srcPort=2003,creatTime=24 November 2016 10:03:59,srvGroup=doei,service=cipitl,appName=caboNemo,event#=dexerc,eventType=Login,usrGroup=strumex,usrAuth=True,application=\"eprehend\",osUsername=asnu,srcHost=hitec2111.mail.corp,dbName=perspici,schemaName=ationul,bindVar=mquisn,sqlError=failure,respSize=6606,respTime=155.907000,affRows=emUte,action=\"cancel\",rawQuery=\"ccae\"", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=ntNe,event#=itanim,createTime=2016-12-08 17:06:33,updateTime=nesciun,alertSev=medium,group=mollita,ruleName=\"tatem\",evntDesc=\"iae\",category=quido,disposition=emip,eventType=inBC,proto=tcp,srcPort=6165,srcIP=10.88.45.111,dstPort=6735,dstIP=10.81.184.7,policyName=\"saquaea\",occurrences=6344,httpHost=eetd,webMethod=illu,url=\"https://mail.example.com/lorsi/repreh.gif?sitamet=utlabo#tetur\",webQuery=\"tionula\",soapAction=ritqu,resultCode=ecatcupi,sessionID=uamei,username=undeomni,addUsername=tas,responseTime=autfugi,responseSize=tasun,direction=external,dbUsername=eratv,queryGroup=ipsa,application=\"asuntexp\",srcHost=adminim2559.www5.invalid,osUsername=lmole,schemaName=iameaque,dbName=nderi,hdrName=ssusci,action=\"deny\",errormsg=\"failure\"", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.3.140,dstPort=6127,dbUsername=scipitl,srcIP=10.29.119.245,srcPort=1179,creatTime=2016-12-23 00:09:07,srvGroup=olli,service=rever,appName=ore,event#=offici,eventType=Logout,usrGroup=ection,usrAuth=False,application=\"roquisqu\",osUsername=edolorin,srcHost=dolorem6882.api.local,dbName=rsi,schemaName=taliqui,bindVar=mides,sqlError=success,respSize=5140,respTime=119.229000,affRows=tcu,action=\"cancel\",rawQuery=\"inrepreh\"", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=dipiscin,event#=olup,createTime=2017-01-06 07:11:41,updateTime=aco,alertSev=medium,group=accusa,ruleName=\"natu\",evntDesc=\"liquid\",category=enim,disposition=Finibus,eventType=radi,proto=rdp,srcPort=2064,srcIP=10.218.123.234,dstPort=57,dstIP=10.110.133.7,policyName=\"radipisc\",occurrences=5347,httpHost=nibus,webMethod=vitaed,url=\"https://example.org/etconsec/elillum.htm?mporinc=onsectet#idolo\",webQuery=\"atemUte\",soapAction=docon,resultCode=mdolore,sessionID=eosquira,username=pta,addUsername=snos,responseTime=orsi,responseSize=tetura,direction=external,dbUsername=lorsita,queryGroup=eavol,application=\"osamnis\",srcHost=temaccu5302.test,osUsername=etconsec,schemaName=caboNem,dbName=urExcept,hdrName=rumetMal,action=\"allow\",errormsg=\"unknown\"", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.105.190.170,dstPort=2519,dbUsername=doeiu,srcIP=10.182.152.242,srcPort=1877,creatTime=2017-01-20 14:14:16,srvGroup=orumw,service=redol,appName=ecillum,event#=isci,eventType=Logout,usrGroup=dolor,usrAuth=True,application=\"tiumto\",osUsername=litan,srcHost=nder347.www.corp,dbName=alorum,schemaName=mquisn,bindVar=atq,sqlError=unknown,respSize=3474,respTime=68.556000,affRows=ugiatquo,action=\"block\",rawQuery=\"equamnih\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=citati,event#=uamei,createTime=2017-02-03 21:16:50,updateTime=eursinto,alertSev=low,group=tutla,ruleName=\"licaboNe\",evntDesc=\"tautfug\",category=giatquov,disposition=olu,eventType=rmagnido,proto=ipv6-icmp,srcPort=7647,srcIP=10.59.188.188,dstPort=7082,dstIP=10.123.166.197,policyName=\"ici\",occurrences=7102,httpHost=mips,webMethod=itae,url=\"https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu\",webQuery=\"tan\",soapAction=quiac,resultCode=sunt,sessionID=autfugit,username=emUte,addUsername=iusmodi,responseTime=fdeFi,responseSize=Except,direction=inbound,dbUsername=equat,queryGroup=aliquid,application=\"usantiu\",srcHost=idunt4633.internal.host,osUsername=liquam,schemaName=min,dbName=oluptat,hdrName=odt,action=block", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.72.75.207,dstPort=6336,dbUsername=urau,srcIP=10.201.168.116,srcPort=2037,creatTime=2017-02-18 04:19:24,srvGroup=utali,service=sed,appName=xeac,event#=umdolors,eventType=Logout,usrGroup=lumdo,usrAuth=False,application=\"acom\",osUsername=eFini,srcHost=ectob4634.mail.localhost,dbName=prehend,schemaName=eufug,bindVar=roquisq,sqlError=unknown,respSize=3348,respTime=79.765000,affRows=civelits,action=\"accept\",rawQuery=\"reet\"", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.9.46.123,dstPort=586,dbUsername=mfu,srcIP=10.58.133.175,srcPort=1634,creatTime=4 March 2017 11:21:59,srvGroup=llumq,service=tenim,appName=eiusmo,event#=ainc,eventType=Login,usrGroup=miurerep,usrAuth=True,application=\"lestia\",osUsername=nde,srcHost=snu6436.www.local,dbName=texplica,schemaName=oco,bindVar=aboree,sqlError=unknown,respSize=3795,respTime=14.713000,affRows=edquian,action=\"block\",rawQuery=\"uames\"", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.169.50.59,dstPort=7693,dbUsername=pta,srcIP=10.70.29.203,srcPort=5994,creatTime=18 March 2017 18:24:33,srvGroup=piciatis,service=destla,appName=fugitse,event#=minimve,eventType=Login,usrGroup=serrorsi,usrAuth=False,application=\"tametco\",osUsername=mquisnos,srcHost=lore7099.www.host,dbName=isn,schemaName=veniamq,bindVar=lup,sqlError=unknown,respSize=2358,respTime=94.460000,affRows=ipitlabo,action=\"block\",rawQuery=\"prehen\"", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.165.182.111,dstPort=5525,dbUsername=ames,srcIP=10.137.85.123,srcPort=218,creatTime=2017-04-02 01:27:07,srvGroup=amquisno,service=modoc,appName=magnam,event#=uinesc,eventType=Logout,usrGroup=cid,usrAuth=True,application=\"emi\",osUsername=Bonorum,srcHost=lesti6939.api.local,dbName=idu,schemaName=sis,bindVar=idolo,sqlError=success,respSize=6401,respTime=171.434000,affRows=its,action=\"block\",rawQuery=\"edutp\"", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=enimadmi,createTime=2017-04-16 08:29:41,eventType=tateveli,eventSev=high,username=sumdolo,subsystem=idolorem,message=\"temvele\"", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=inimve,event#=uio,createTime=2017-04-30 15:32:16,updateTime=mexercit,alertSev=high,group=onofdeF,ruleName=\"ibusBo\",evntDesc=\"orin\",category=enia,disposition=iavol,eventType=natuserr,proto=rdp,srcPort=3327,srcIP=10.64.184.196,dstPort=6659,dstIP=10.173.178.109,policyName=\"tatemse\",occurrences=4493,httpHost=amqui,webMethod=lamco,url=\"https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi\",webQuery=\"tlabore\",soapAction=idunt,resultCode=expl,sessionID=olore,username=uian,addUsername=atuserro,responseTime=madminim,responseSize=tobeata,direction=inbound,dbUsername=ioff,queryGroup=oinBCS,application=\"itsedd\",srcHost=upt6017.api.localdomain,osUsername=nesci,schemaName=tam,dbName=sin,hdrName=idexeac,action=\"block\",errormsg=\"failure\"", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.90.50.149,dstPort=1936,dbUsername=olu,srcIP=10.168.225.209,srcPort=6,creatTime=2017-05-14 22:34:50,srvGroup=taliq,service=tautfugi,appName=fdeFinib,event#=uip,eventType=Logout,usrGroup=ectobea,usrAuth=True,application=\"dat\",osUsername=aUtenima,srcHost=turQuis4046.api.test,dbName=deomnisi,schemaName=olupta,bindVar=oll,sqlError=success,respSize=1127,respTime=55.870000,affRows=evelite,action=\"block\",rawQuery=\"iav\"", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.59.182.36,dstPort=5792,dbUsername=mtota,srcIP=10.18.150.82,srcPort=6648,creatTime=29 May 2017 05:37:24,srvGroup=rit,service=eumfu,appName=lors,event#=oluptat,eventType=Login,usrGroup=enimad,usrAuth=True,application=\"tis\",osUsername=qua,srcHost=con6049.internal.lan,dbName=quelaud,schemaName=luptat,bindVar=rinrep,sqlError=unknown,respSize=6112,respTime=135.357000,affRows=nimv,action=\"allow\",rawQuery=\"tconse\"", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=rem,createTime=2017-06-12 12:39:58,eventType=ulamcola,eventSev=very-high,username=llita,subsystem=ntsunt,message=\"nturmag\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.228.229.144,dstPort=3236,dbUsername=ametcons,srcIP=10.151.240.35,srcPort=3197,creatTime=2017-06-26 19:42:33,srvGroup=roquisq,service=uasi,appName=maveniam,event#=uis,eventType=lill,usrGroup=remeum,usrAuth=mmod,application=\"taevit\",osUsername=ama,srcHost=tatnonp1371.www.invalid,dbName=xercit,schemaName=lam,bindVar=asnu,sqlError=failure,respSize=4325,respTime=168.492000,affRows=eriam,action=\"cancel\",rawQuery=\"aquae\"", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.242.48.203,dstPort=1102,dbUsername=ese,srcIP=10.147.142.242,srcPort=2586,creatTime=2017-07-11 02:45:07,srvGroup=eca,service=ctionofd,appName=mpori,event#=olupt,eventType=Logout,usrGroup=ola,usrAuth=False,application=\"ptat\",osUsername=quasi,srcHost=tium3542.internal.invalid,dbName=squamest,schemaName=quisn,bindVar=pteu,sqlError=success,respSize=3970,respTime=11.548000,affRows=antium,action=\"block\",rawQuery=\"velillum\"", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=lapari,event#=Mal,createTime=2017-07-25 09:47:41,updateTime=itinvo,alertSev=very-high,group=paq,ruleName=\"emipsumq\",evntDesc=\"culpaq\",category=quamq,disposition=usan,eventType=tdolo,proto=ipv6,srcPort=4723,srcIP=10.213.165.165,dstPort=3787,dstIP=10.254.10.98,policyName=\"adipisc\",occurrences=7365,httpHost=tasnul,webMethod=uptasn,url=\"https://example.net/itati/oidentsu.gif?eporroqu=aturve#temqui\",webQuery=\"lup\",soapAction=aeca,resultCode=isau,sessionID=giat,username=ttenb,addUsername=eirure,responseTime=boreetd,responseSize=tNe,direction=outbound,dbUsername=eeufug,queryGroup=ntin,application=\"iades\",srcHost=radipis3991.mail.invalid,osUsername=civeli,schemaName=eufugia,dbName=utlabore,hdrName=tamr,action=\"cancel\",errormsg=\"success\"", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=onemul,createTime=2017-08-08 16:50:15,eventType=trudexe,eventSev=very-high,username=ura,subsystem=oreeufug,message=\"Quisa\"", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=llitani,event#=uscipit,createTime=2017-08-22 23:52:50,updateTime=luptat,alertSev=very-high,group=etco,ruleName=\"iuntN\",evntDesc=\"utfugi\",category=ursintoc,disposition=tio,eventType=mmodicon,proto=ipv6,srcPort=5439,srcIP=10.116.1.130,dstPort=3402,dstIP=10.169.28.157,policyName=\"exeacomm\",occurrences=1295,httpHost=ionula,webMethod=pexeaco,url=\"https://api.example.org/uamqua/Neq.gif?eumiu=nim#pteurs\",webQuery=\"ercitati\",soapAction=atem,resultCode=serro,sessionID=lumquid,username=eturadip,addUsername=amquaera,responseTime=rsitamet,responseSize=leumiur,direction=internal,dbUsername=utod,queryGroup=olesti,application=\"edquia\",srcHost=ihi7294.www5.localhost,osUsername=reseo,schemaName=amco,dbName=ons,hdrName=onsecte,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.29.138.31,dstPort=5871,dbUsername=volupta,srcIP=10.45.69.152,srcPort=4083,creatTime=6 September 2017 06:55:24,srvGroup=emi,service=uaerat,appName=iduntu,event#=samvol,eventType=Login,usrGroup=equa,usrAuth=False,application=\"apari\",osUsername=tsunt,srcHost=caecat4920.api.host,dbName=enim,schemaName=umq,bindVar=sistena,sqlError=failure,respSize=744,respTime=33.416000,affRows=temquia,action=\"deny\",rawQuery=\"eumiu\"", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.152.213.228,dstPort=3387,dbUsername=ptatev,srcIP=10.100.113.11,srcPort=6971,creatTime=2017-09-20 13:57:58,srvGroup=aliqu,service=sequine,appName=utaliqui,event#=isciv,eventType=Logout,usrGroup=osqu,usrAuth=False,application=\"ptatemse\",osUsername=itationu,srcHost=setquas6188.internal.local,dbName=magnaali,schemaName=velillum,bindVar=ionev,sqlError=success,respSize=7245,respTime=131.118000,affRows=ameaq,action=\"cancel\",rawQuery=\"Except\"", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=uiac,createTime=2017-10-04 21:00:32,eventType=tquii,eventSev=low,username=reme,subsystem=emeumfu,message=\"inBCSedu\"", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.208.33.55,dstPort=1849,dbUsername=ulapari,srcIP=10.248.102.129,srcPort=3510,creatTime=2017-10-19 04:03:07,srvGroup=iatn,service=saquaeab,appName=eli,event#=rissusci,eventType=Logout,usrGroup=ectetur,usrAuth=True,application=\"dictasun\",osUsername=inimv,srcHost=nibusBo3674.www5.localhost,dbName=ntut,schemaName=mremaper,bindVar=uteirur,sqlError=unknown,respSize=6433,respTime=111.360000,affRows=isni,action=\"accept\",rawQuery=\"quovo\"", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.203.164.132,dstPort=6213,dbUsername=mporin,srcIP=10.109.230.216,srcPort=4447,creatTime=2017-11-02 11:05:41,srvGroup=uov,service=pariat,appName=icaboNe,event#=boreetd,eventType=Logout,usrGroup=uir,usrAuth=True,application=\"rumex\",osUsername=ectobea,srcHost=totamr7676.www5.home,dbName=imadm,schemaName=ibus,bindVar=lumdol,sqlError=success,respSize=547,respTime=166.971000,affRows=reprehe,action=\"block\",rawQuery=\"ihil\"", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.151.203.60,dstPort=482,dbUsername=dol,srcIP=10.117.81.75,srcPort=3365,creatTime=16 November 2017 18:08:15,srvGroup=iciatis,service=agn,appName=cul,event#=tate,eventType=Login,usrGroup=psam,usrAuth=True,application=\"itaedi\",osUsername=exeac,srcHost=idents7231.mail.home,dbName=veniamqu,schemaName=iconsequ,bindVar=ueporr,sqlError=unknown,respSize=484,respTime=27.563000,affRows=tur,action=\"block\",rawQuery=\"onorumet\"", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.224.217.153,dstPort=6339,dbUsername=eriti,srcIP=10.45.152.205,srcPort=6907,creatTime=1 December 2017 01:10:49,srvGroup=riame,service=datatn,appName=seq,event#=mquis,eventType=Login,usrGroup=tur,usrAuth=True,application=\"itation\",osUsername=utlabo,srcHost=tat50.mail.host,dbName=essequam,schemaName=imav,bindVar=mtot,sqlError=success,respSize=922,respTime=17.709000,affRows=prehend,action=\"allow\",rawQuery=\"liquid\"", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=umq,event#=ipsu,createTime=2017-12-15 08:13:24,updateTime=oremip,alertSev=low,group=odit,ruleName=\"vol\",evntDesc=\"epteurs\",category=itse,disposition=rever,eventType=sBonoru,proto=udp,srcPort=2652,srcIP=10.60.164.100,dstPort=5119,dstIP=10.1.193.187,policyName=\"yCice\",occurrences=508,httpHost=ionem,webMethod=taevitae,url=\"https://api.example.net/quam/saute.htm?nostru=docons#emipsumq\",webQuery=\"orinr\",soapAction=ineavol,resultCode=umdo,sessionID=tass,username=ugi,addUsername=riat,responseTime=atvol,responseSize=emipsum,direction=internal,dbUsername=uameiu,queryGroup=quiado,application=\"conse\",srcHost=mips3283.corp,osUsername=hite,schemaName=adipis,dbName=abo,hdrName=suntex,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.244.203,dstPort=806,dbUsername=mquamei,srcIP=10.146.228.234,srcPort=4346,creatTime=2017-12-29 15:15:58,srvGroup=rissusci,service=uaturQ,appName=iusmod,event#=susc,eventType=taed,usrGroup=eatae,usrAuth=siutali,application=\"oloremq\",osUsername=sum,srcHost=aliquip7229.mail.domain,dbName=doe,schemaName=eiusm,bindVar=oremipsu,sqlError=failure,respSize=3058,respTime=133.358000,affRows=llum,action=\"allow\",rawQuery=\"mto\"", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.122.127.237,dstPort=1138,dbUsername=consecte,srcIP=10.86.121.152,srcPort=3971,creatTime=2018-01-12 22:18:32,srvGroup=mquamei,service=litesse,appName=fug,event#=liquid,eventType=Logout,usrGroup=uidex,usrAuth=False,application=\"umdolo\",osUsername=nimv,srcHost=fde7756.mail.corp,dbName=usmod,schemaName=ine,bindVar=qui,sqlError=success,respSize=2771,respTime=136.167000,affRows=orsitame,action=\"block\",rawQuery=\"ipex\"", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.201.223.119,dstPort=3614,dbUsername=rcit,srcIP=10.204.223.184,srcPort=6092,creatTime=2018-01-27 05:21:06,srvGroup=giat,service=nculpa,appName=olupt,event#=tvol,eventType=Logout,usrGroup=ostru,usrAuth=True,application=\"mea\",osUsername=tuserror,srcHost=agnama5013.internal.example,dbName=boreetdo,schemaName=teni,bindVar=iin,sqlError=unknown,respSize=4113,respTime=161.837000,affRows=tNeq,action=\"block\",rawQuery=\"liq\"", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.12.126,dstPort=2347,dbUsername=magnido,srcIP=10.223.56.33,srcPort=5899,creatTime=10 February 2018 12:23:41,srvGroup=ing,service=amal,appName=aliq,event#=utem,eventType=Login,usrGroup=oreetd,usrAuth=True,application=\"itatis\",osUsername=Nequepo,srcHost=edictas4693.home,dbName=borisnis,schemaName=elitsedd,bindVar=hitecto,sqlError=failure,respSize=3243,respTime=75.415000,affRows=imven,action=\"block\",rawQuery=\"hende\"", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=deseru,event#=aquioff,createTime=2018-02-24 19:26:15,updateTime=cip,alertSev=very-high,group=onsequat,ruleName=\"tiumd\",evntDesc=\"atuse\",category=imad,disposition=tura,eventType=equuntur,proto=ipv6,srcPort=428,srcIP=10.94.89.177,dstPort=1752,dstIP=10.65.225.101,policyName=\"nulapari\",occurrences=2513,httpHost=ostrumex,webMethod=eruntmol,url=\"https://internal.example.com/imide/uiineav.htm?lloinve=eni#asia\",webQuery=\"edquiac\",soapAction=psamvolu,resultCode=teturad,sessionID=ritq,username=tuserror,addUsername=tla,responseTime=orroq,responseSize=modtempo,direction=outbound,dbUsername=uptate,queryGroup=sumqui,application=\"eritin\",srcHost=nibu2565.api.local,osUsername=citation,schemaName=emquel,dbName=rspiciat,hdrName=iavol,action=\"cancel\",errormsg=\"unknown\"", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.65.174.196,dstPort=472,dbUsername=iin,srcIP=10.191.184.105,srcPort=6821,creatTime=2018-03-11 02:28:49,srvGroup=iat,service=orain,appName=equaturQ,event#=llu,eventType=quaUt,usrGroup=labor,usrAuth=oris,application=\"tatemse\",osUsername=uta,srcHost=tsun7120.home,dbName=per,schemaName=tione,bindVar=nibus,sqlError=unknown,respSize=5836,respTime=61.864000,affRows=olo,action=\"deny\",rawQuery=\"BCSedutp\"", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=tdolor,event#=Ute,createTime=2018-03-25 09:31:24,updateTime=tura,alertSev=very-high,group=umSecti,ruleName=\"eabil\",evntDesc=\"ibusB\",category=rporis,disposition=etco,eventType=mip,proto=rdp,srcPort=6078,srcIP=10.224.148.48,dstPort=2803,dstIP=10.41.181.179,policyName=\"siarch\",occurrences=7468,httpHost=setq,webMethod=rumwr,url=\"https://api.example.com/ptatem/mporain.gif?corpo=commod#iumd\",webQuery=\"ntore\",soapAction=tect,resultCode=ion,sessionID=tutl,username=niam,addUsername=oru,responseTime=mcorp,responseSize=uelaud,direction=outbound,dbUsername=ameiu,queryGroup=utei,application=\"caecat\",srcHost=lumquid6940.mail.localdomain,osUsername=equepor,schemaName=iosamn,dbName=erspicia,hdrName=neavolup,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.21.208.103,dstPort=5543,dbUsername=imidest,srcIP=10.21.61.134,srcPort=6124,creatTime=2018-04-08 16:33:58,srvGroup=iacon,service=ncu,appName=quaturve,event#=ciad,eventType=Logout,usrGroup=diconseq,usrAuth=False,application=\"utod\",osUsername=ostr,srcHost=amcorp7299.api.example,dbName=uptatem,schemaName=mipsa,bindVar=nproide,sqlError=success,respSize=7766,respTime=91.186000,affRows=siutali,action=\"deny\",rawQuery=\"nemullam\"", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.23.6.216,dstPort=4578,dbUsername=iarchit,srcIP=10.221.192.116,srcPort=4688,creatTime=2018-04-22 23:36:32,srvGroup=usBonor,service=mide,appName=sten,event#=enderi,eventType=Logout,usrGroup=labore,usrAuth=False,application=\"uasiarch\",osUsername=iamquisn,srcHost=magnama868.api.local,dbName=Section,schemaName=tevelite,bindVar=esciunt,sqlError=success,respSize=639,respTime=6.388000,affRows=borisnis,action=\"accept\",rawQuery=\"oremagn\"", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=rcita,event#=ataev,createTime=2018-05-07 06:39:06,updateTime=oris,alertSev=very-high,group=tate,ruleName=\"tutlabo\",evntDesc=\"nto\",category=sciv,disposition=tlabo,eventType=nsequun,proto=ipv6,srcPort=2976,srcIP=10.191.142.143,dstPort=5850,dstIP=10.240.62.238,policyName=\"sintoc\",occurrences=7580,httpHost=laboris,webMethod=ali,url=\"https://www5.example.net/aUten/edutpers.gif?apariatu=mnisis#onsequa\",webQuery=\"sunt\",soapAction=orumSe,resultCode=olupta,sessionID=emveleum,username=modtempo,addUsername=mfugi,responseTime=roqui,responseSize=ntutlabo,direction=external,dbUsername=isq,queryGroup=eacommo,application=\"amqua\",srcHost=tionevol3157.mail.invalid,osUsername=nofde,schemaName=animide,dbName=Lore,hdrName=oin,action=cancel", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=ecatcu,event#=entoreve,createTime=2018-05-21 13:41:41,updateTime=ion,alertSev=very-high,group=onev,ruleName=\"atu\",evntDesc=\"adeseru\",category=sitas,disposition=eni,eventType=cte,proto=igmp,srcPort=3124,srcIP=10.178.79.217,dstPort=7499,dstIP=10.111.22.134,policyName=\"datatno\",occurrences=3538,httpHost=siar,webMethod=orisnis,url=\"https://www.example.net/mvolup/pidat.jpg?ents=nsec#iaeco\",webQuery=\"ommodoco\",soapAction=ritinv,resultCode=rita,sessionID=oidents,username=ccusan,addUsername=inimav,responseTime=quel,responseSize=ugitsed,direction=external,dbUsername=idolor,queryGroup=xplic,application=\"stenat\",srcHost=mquis319.api.local,osUsername=inibusBo,schemaName=tqui,dbName=sequun,hdrName=nimadm,action=deny", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.161.225.172,dstPort=3708,dbUsername=meaqu,srcIP=10.77.86.215,srcPort=6390,creatTime=4 June 2018 20:44:15,srvGroup=con,service=aeabil,appName=iumtot,event#=edicta,eventType=Login,usrGroup=itaspern,usrAuth=False,application=\"tau\",osUsername=rcit,srcHost=urad5712.api.host,dbName=sitamet,schemaName=xerc,bindVar=mcolabor,sqlError=success,respSize=7286,respTime=143.926000,affRows=evita,action=\"block\",rawQuery=\"ant\"", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.186.133.184,dstPort=7864,dbUsername=boriosa,srcIP=10.211.161.187,srcPort=843,creatTime=2018-06-19 03:46:49,srvGroup=laud,service=uido,appName=uis,event#=msequin,eventType=autem,usrGroup=mporai,usrAuth=ipi,application=\"qua\",osUsername=acons,srcHost=enbyCic4659.www5.example,dbName=orroqui,schemaName=sci,bindVar=psamvolu,sqlError=unknown,respSize=1578,respTime=66.164000,affRows=temse,action=\"deny\",rawQuery=\"onevol\"", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.160.147.230,dstPort=2126,dbUsername=nimvenia,srcIP=10.254.198.47,srcPort=3925,creatTime=2018-07-03 10:49:23,srvGroup=lit,service=quin,appName=adipisc,event#=sedqui,eventType=ueporroq,usrGroup=dolo,usrAuth=adm,application=\"dolor\",osUsername=ndeomnis,srcHost=inBCSed5308.api.corp,dbName=modicons,schemaName=illoin,bindVar=rinre,sqlError=unknown,respSize=5988,respTime=34.664000,affRows=olorem,action=\"cancel\",rawQuery=\"dquiaco\"", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.40.24.93,dstPort=7487,dbUsername=mSecti,srcIP=10.182.197.243,srcPort=3687,creatTime=2018-07-17 17:51:58,srvGroup=xerci,service=qua,appName=iaecons,event#=pteurs,eventType=Logout,usrGroup=intocc,usrAuth=True,application=\"abo\",osUsername=orisnis,srcHost=reseo2067.api.localdomain,dbName=nsectetu,schemaName=exerci,bindVar=lit,sqlError=success,respSize=4129,respTime=171.277000,affRows=ono,action=\"cancel\",rawQuery=\"equuntu\"", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.249.13.159,dstPort=3023,dbUsername=uisautei,srcIP=10.108.130.106,srcPort=7601,creatTime=1 August 2018 00:54:32,srvGroup=scinge,service=lum,appName=iinea,event#=xercit,eventType=Login,usrGroup=reh,usrAuth=False,application=\"velitess\",osUsername=colab,srcHost=itte6905.mail.invalid,dbName=tesseq,schemaName=exeacomm,bindVar=uptat,sqlError=success,respSize=1044,respTime=112.679000,affRows=ptatema,action=\"cancel\",rawQuery=\"cepteurs\"", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=ioffic,event#=rumetMal,createTime=2018-08-15 07:57:06,updateTime=tiumtot,alertSev=very-high,group=caboNe,ruleName=\"ptate\",evntDesc=\"enimips\",category=Nequepor,disposition=nisiu,eventType=ptat,proto=ggp,srcPort=4082,srcIP=10.64.94.174,dstPort=3852,dstIP=10.39.244.49,policyName=\"ctas\",occurrences=7128,httpHost=sequ,webMethod=gna,url=\"https://internal.example.org/aev/uovolup.txt?aqueip=aqueip#rautod\",webQuery=\"tur\",soapAction=minimav,resultCode=uovo,sessionID=aven,username=Sedut,addUsername=stiaec,responseTime=rveli,responseSize=serr,direction=internal,dbUsername=uid,queryGroup=lamcor,application=\"rorsitv\",srcHost=caboNemo274.www.host,osUsername=estiae,schemaName=iunt,dbName=eFinibu,hdrName=uisaut,action=cancel", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=odit,createTime=2018-08-29 14:59:40,eventType=ercitati,eventSev=very-high,username=imad,subsystem=olo,message=\"deserun\"", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=scingeli,createTime=2018-09-12 22:02:15,eventType=uatDuis,eventSev=medium,username=apari,subsystem=itesseci,message=\"utali\"", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.203.143,dstPort=6889,dbUsername=utoditau,srcIP=10.134.135.22,srcPort=1809,creatTime=27 September 2018 05:04:49,srvGroup=serror,service=itl,appName=Bonoru,event#=rumetMa,eventType=Login,usrGroup=entor,usrAuth=False,application=\"urere\",osUsername=involu,srcHost=qui5978.api.test,dbName=amre,schemaName=orpori,bindVar=sistena,sqlError=failure,respSize=7868,respTime=5.277000,affRows=borisn,action=\"cancel\",rawQuery=\"quatu\"", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.43.244.252,dstPort=1752,dbUsername=inculp,srcIP=10.251.212.166,srcPort=3925,creatTime=11 October 2018 12:07:23,srvGroup=iur,service=aboNemo,appName=tsedquia,event#=ididun,eventType=Login,usrGroup=tatiset,usrAuth=False,application=\"enim\",osUsername=gnido,srcHost=iamq2577.internal.corp,dbName=uisa,schemaName=uptat,bindVar=siutal,sqlError=unknown,respSize=6947,respTime=144.976000,affRows=tempori,action=\"accept\",rawQuery=\"lamco\"", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=nimve,createTime=2018-10-25 19:09:57,eventType=edutpe,eventSev=medium,username=isunde,subsystem=nimadm,message=\"cepte\"", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.20.231.188,dstPort=1200,dbUsername=tesseq,srcIP=10.88.189.164,srcPort=1373,creatTime=2018-11-09 02:12:32,srvGroup=iusmod,service=aincid,appName=giatq,event#=tion,eventType=Logout,usrGroup=tNeque,usrAuth=False,application=\"uidolore\",osUsername=uatDuisa,srcHost=usB4127.localhost,dbName=ufugia,schemaName=mqu,bindVar=remagna,sqlError=failure,respSize=1623,respTime=33.468000,affRows=Uteni,action=\"cancel\",rawQuery=\"porinci\"", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=edd,createTime=2018-11-23 09:15:06,eventType=uianon,eventSev=low,username=quamquae,subsystem=aaliq,message=\"nos\"", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.231.77.26,dstPort=7082,dbUsername=rehe,srcIP=10.225.11.197,srcPort=3513,creatTime=7 December 2018 16:17:40,srvGroup=siarchi,service=seddoeiu,appName=lorinrep,event#=isq,eventType=Login,usrGroup=quines,usrAuth=False,application=\"entsu\",osUsername=ineavol,srcHost=abor3266.mail.home,dbName=voluptat,schemaName=volu,bindVar=iutaliqu,sqlError=failure,respSize=3064,respTime=61.960000,affRows=iusmo,action=\"allow\",rawQuery=\"uovo\"", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.148.3.197,dstPort=979,dbUsername=usa,srcIP=10.106.166.105,srcPort=4567,creatTime=2018-12-21 23:20:14,srvGroup=oremagna,service=siuta,appName=amnihil,event#=nderit,eventType=ficia,usrGroup=tru,usrAuth=tionu,application=\"natuser\",osUsername=olupt,srcHost=eprehe2455.www.home,dbName=smo,schemaName=avolup,bindVar=litse,sqlError=failure,respSize=2658,respTime=84.894000,affRows=untutlab,action=\"allow\",rawQuery=\"byCicer\"", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.172.121.239,dstPort=5339,dbUsername=iuta,srcIP=10.57.169.205,srcPort=3093,creatTime=2019-01-05 06:22:49,srvGroup=reeufugi,service=oloree,appName=xeaco,event#=urm,eventType=Logout,usrGroup=mpo,usrAuth=False,application=\"cept\",osUsername=ctas,srcHost=destla2110.www5.localdomain,dbName=inea,schemaName=ipsu,bindVar=iden,sqlError=failure,respSize=392,respTime=19.061000,affRows=reetd,action=\"cancel\",rawQuery=\"maven\"", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.234.200,dstPort=3833,dbUsername=tisundeo,srcIP=10.42.218.103,srcPort=3315,creatTime=19 January 2019 13:25:23,srvGroup=mnis,service=tametco,appName=snisiut,event#=lit,eventType=Login,usrGroup=laborio,usrAuth=False,application=\"aaliqu\",osUsername=tevelit,srcHost=exerc3694.api.home,dbName=consec,schemaName=dquia,bindVar=cep,sqlError=success,respSize=6709,respTime=34.273000,affRows=volupta,action=\"allow\",rawQuery=\"ipex\"", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.111.132.221,dstPort=2262,dbUsername=ali,srcIP=10.76.121.224,srcPort=4305,creatTime=2019-02-02 20:27:57,srvGroup=xcep,service=ehen,appName=remap,event#=mUt,eventType=Logout,usrGroup=admi,usrAuth=True,application=\"siarch\",osUsername=oloremi,srcHost=ididu5928.www5.local,dbName=tNe,schemaName=scive,bindVar=tcupi,sqlError=unknown,respSize=6155,respTime=139.491000,affRows=Sed,action=\"cancel\",rawQuery=\"ita\"", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.195.8.141,dstPort=4342,dbUsername=enimip,srcIP=10.17.214.21,srcPort=4821,creatTime=17 February 2019 03:30:32,srvGroup=umquiado,service=taspe,appName=empori,event#=mipsum,eventType=Login,usrGroup=tium,usrAuth=True,application=\"riaturE\",osUsername=ota,srcHost=boriosa7066.www.corp,dbName=Nequep,schemaName=dolo,bindVar=exeacom,sqlError=success,respSize=469,respTime=146.775000,affRows=eufugiat,action=\"accept\",rawQuery=\"non\"", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.173.13.179,dstPort=1211,dbUsername=ptasn,srcIP=10.179.60.167,srcPort=1124,creatTime=2019-03-03 10:33:06,srvGroup=amqui,service=itatise,appName=utlab,event#=ostr,eventType=Logout,usrGroup=liqu,usrAuth=True,application=\"cons\",osUsername=apar,srcHost=ssusc1892.internal.host,dbName=xplic,schemaName=isn,bindVar=quepor,sqlError=failure,respSize=758,respTime=58.800000,affRows=etur,action=\"block\",rawQuery=\"cusan\"", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.42.135.34,dstPort=4361,dbUsername=tiset,srcIP=10.178.190.123,srcPort=3288,creatTime=2019-03-17 17:35:40,srvGroup=xercitat,service=ueporr,appName=utlab,event#=entoreve,eventType=Logout,usrGroup=lmolest,usrAuth=False,application=\"ser\",osUsername=ore,srcHost=iatisund424.mail.localdomain,dbName=tametcon,schemaName=orsi,bindVar=ull,sqlError=success,respSize=2290,respTime=1.468000,affRows=etdolore,action=\"cancel\",rawQuery=\"ore\"", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=ectetur,createTime=2019-04-01 00:38:14,eventType=cons,eventSev=medium,username=fugit,subsystem=dantiu,message=\"ntutla\"", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.207.198.239,dstPort=4735,dbUsername=Loremips,srcIP=10.8.147.176,srcPort=5920,creatTime=15 April 2019 07:40:49,srvGroup=odtem,service=ite,appName=tseddo,event#=ptatems,eventType=Login,usrGroup=ori,usrAuth=False,application=\"exerc\",osUsername=aUteni,srcHost=uidolo7626.local,dbName=rchite,schemaName=incididu,bindVar=idolor,sqlError=failure,respSize=3043,respTime=36.712000,affRows=oinB,action=\"accept\",rawQuery=\"econsequ\"", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.116.26.185,dstPort=595,dbUsername=oNe,srcIP=10.206.221.180,srcPort=6818,creatTime=2019-04-29 14:43:23,srvGroup=repr,service=idu,appName=otam,event#=amquaera,eventType=rumS,usrGroup=uelau,usrAuth=quidolor,application=\"cca\",osUsername=litesseq,srcHost=dmini3435.internal.domain,dbName=rumexerc,schemaName=nseq,bindVar=quisnost,sqlError=unknown,respSize=3218,respTime=26.485000,affRows=orisnisi,action=\"block\",rawQuery=\"nul\"", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.86.180.150,dstPort=5495,dbUsername=mnisis,srcIP=10.253.127.130,srcPort=5339,creatTime=2019-05-13 21:45:57,srvGroup=isciveli,service=urve,appName=sundeomn,event#=tasu,eventType=Logout,usrGroup=equunt,usrAuth=True,application=\"uat\",osUsername=itasper,srcHost=nibusBo1864.domain,dbName=ent,schemaName=etconsec,bindVar=docons,sqlError=failure,respSize=4564,respTime=4.592000,affRows=mremap,action=\"allow\",rawQuery=\"sperna\"", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=mexe,event#=sequatDu,createTime=2019-05-28 04:48:31,updateTime=ssuscip,alertSev=high,group=ciade,ruleName=\"busBonor\",evntDesc=\"enima\",category=emseq,disposition=osamni,eventType=umetMa,proto=ipv6-icmp,srcPort=4469,srcIP=10.220.175.201,dstPort=579,dstIP=10.158.161.5,policyName=\"eab\",occurrences=4098,httpHost=ciduntut,webMethod=atisu,url=\"https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu\",webQuery=\"suntincu\",soapAction=lore,resultCode=equatu,sessionID=enbyCi,username=dolo,addUsername=adipi,responseTime=beata,responseSize=evelites,direction=inbound,dbUsername=tNeq,queryGroup=umtot,application=\"eumiurer\",srcHost=inv6528.www5.example,osUsername=rrors,schemaName=dolo,dbName=tsed,hdrName=corpori,action=allow", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,event#=uioff,createTime=2019-06-11 11:51:06,eventType=ema,eventSev=low,username=mpo,subsystem=deritinv,message=\"ten\"", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.150.27.144,dstPort=5627,dbUsername=res,srcIP=10.248.16.82,srcPort=6834,creatTime=25 June 2019 18:53:40,srvGroup=loinv,service=umd,appName=madmi,event#=xercit,eventType=Login,usrGroup=avolup,usrAuth=True,application=\"etdo\",osUsername=tuserror,srcHost=nisiutal4437.www.example,dbName=uipex,schemaName=ditautf,bindVar=orr,sqlError=failure,respSize=4367,respTime=25.972000,affRows=uptas,action=\"cancel\",rawQuery=\"osquira\"", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.146.131.76,dstPort=2281,dbUsername=orsi,srcIP=10.173.19.140,srcPort=7780,creatTime=2019-07-10 01:56:14,srvGroup=atu,service=ddo,appName=veli,event#=ata,eventType=Logout,usrGroup=untmoll,usrAuth=False,application=\"ididun\",osUsername=olo,srcHost=tqui5172.www.local,dbName=untex,schemaName=Except,bindVar=elitsedd,sqlError=failure,respSize=5844,respTime=52.550000,affRows=cingel,action=\"allow\",rawQuery=\"seos\"", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.69.5.227,dstPort=5845,dbUsername=doloreme,srcIP=10.171.175.165,srcPort=5776,creatTime=2019-07-24 08:58:48,srvGroup=taspe,service=litess,appName=enimadm,event#=corpori,eventType=onemull,usrGroup=emeu,usrAuth=uisaute,application=\"tvol\",osUsername=ntocc,srcHost=intocca6708.mail.corp,dbName=dquiaco,schemaName=rumw,bindVar=ula,sqlError=failure,respSize=5201,respTime=46.690000,affRows=quam,action=\"deny\",rawQuery=\"edquian\"", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.213.214.118,dstPort=7851,dbUsername=ate,srcIP=10.253.175.129,srcPort=5547,creatTime=7 August 2019 16:01:23,srvGroup=rsi,service=tuser,appName=equinesc,event#=ectet,eventType=Login,usrGroup=emull,usrAuth=False,application=\"enatuser\",osUsername=epteurs,srcHost=isetqu2843.www.invalid,dbName=niamqu,schemaName=nrep,bindVar=lauda,sqlError=failure,respSize=6260,respTime=9.295000,affRows=aincidu,action=\"deny\",rawQuery=\"ipsamvol\"", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=estquido,event#=eufugiat,createTime=2019-08-21 23:03:57,updateTime=minima,alertSev=high,group=bor,ruleName=\"uisnos\",evntDesc=\"loi\",category=tation,disposition=seddoe,eventType=adol,proto=rdp,srcPort=7756,srcIP=10.149.91.130,dstPort=3548,dstIP=10.89.26.170,policyName=\"aqueipsa\",occurrences=5863,httpHost=ide,webMethod=atcupi,url=\"https://www.example.com/sit/ugi.gif?sitametc=rur#edut\",webQuery=\"sitametc\",soapAction=iarchite,resultCode=uide,sessionID=iono,username=aboris,addUsername=eturad,responseTime=ipiscive,responseSize=sequu,direction=internal,dbUsername=epteur,queryGroup=iqu,application=\"uptateve\",srcHost=commodo6041.mail.localhost,osUsername=atus,schemaName=orumetMa,dbName=inventor,hdrName=dolo,action=block", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=tmolli,event#=orumSe,createTime=2019-09-05 06:06:31,updateTime=mSe,alertSev=high,group=teturad,ruleName=\"alorumwr\",evntDesc=\"pis\",category=idol,disposition=mmodico,eventType=emaccu,proto=rdp,srcPort=5818,srcIP=10.52.106.68,dstPort=856,dstIP=10.81.108.232,policyName=\"atemq\",occurrences=5098,httpHost=volupta,webMethod=Quisaut,url=\"https://internal.example.net/obeatae/sedqui.jpg?nulap=onseq#amrem\",webQuery=\"plicab\",soapAction=isisten,resultCode=eiusmodt,sessionID=naaliq,username=aco,addUsername=psamvolu,responseTime=inculp,responseSize=eni,direction=inbound,dbUsername=sedqu,queryGroup=ipitlabo,application=\"olorinr\",srcHost=gitse6744.api.local,osUsername=neavolup,schemaName=uaturve,dbName=lapa,hdrName=uepor,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=umquamei,event#=nih,createTime=2019-09-19 13:09:05,updateTime=tionev,alertSev=high,group=quia,ruleName=\"eabill\",evntDesc=\"itatiset\",category=uaerat,disposition=met,eventType=isno,proto=icmp,srcPort=2572,srcIP=10.230.48.97,dstPort=1991,dstIP=10.223.10.28,policyName=\"emveleu\",occurrences=4029,httpHost=norumet,webMethod=tconse,url=\"https://mail.example.com/iaturE/inc.htm?uisaut=mnihilm#itinvo\",webQuery=\"lestia\",soapAction=anti,resultCode=eavo,sessionID=enderi,username=erit,addUsername=uptatem,responseTime=reeufug,responseSize=temveleu,direction=unknown,dbUsername=repre,queryGroup=consec,application=\"untmoll\",srcHost=par3605.internal.localdomain,osUsername=usmodte,schemaName=untex,dbName=ommodi,hdrName=ntiu,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.42.231,dstPort=2143,dbUsername=res,srcIP=10.161.212.150,srcPort=2748,creatTime=3 October 2019 20:11:40,srvGroup=corporis,service=turExc,appName=urvelil,event#=ulapa,eventType=Login,usrGroup=abi,usrAuth=False,application=\"ameiusm\",osUsername=tasnul,srcHost=isau4356.www.home,dbName=niamqui,schemaName=sequamn,bindVar=onse,sqlError=failure,respSize=4846,respTime=6.993000,affRows=aliquaUt,action=\"deny\",rawQuery=\"natus\"", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=emp,event#=suscipit,createTime=2019-10-18 03:14:14,updateTime=iaconseq,alertSev=medium,group=sciuntNe,ruleName=\"nevo\",evntDesc=\"stiaec\",category=officia,disposition=ametcon,eventType=gnid,proto=ipv6,srcPort=5677,srcIP=10.226.75.20,dstPort=3896,dstIP=10.247.108.144,policyName=\"iutaliqu\",occurrences=3711,httpHost=onsectet,webMethod=iat,url=\"https://www5.example.org/elaud/temsequ.htm?dolo=iciatisu#eip\",webQuery=\"iquaUte\",soapAction=aborumSe,resultCode=writt,sessionID=dent,username=tema,addUsername=saquaeab,responseTime=rpo,responseSize=inr,direction=internal,dbUsername=edquiac,queryGroup=olore,application=\"urEx\",srcHost=labo3477.www5.domain,osUsername=maccusan,schemaName=fugia,dbName=psa,hdrName=iset,action=\"block\",errormsg=\"success\"", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.192.15.65,dstPort=3328,dbUsername=nimides,srcIP=10.97.22.61,srcPort=6420,creatTime=2019-11-01 10:16:48,srvGroup=labor,service=quelaud,appName=ira,event#=gna,eventType=aparia,usrGroup=ntoreve,usrAuth=remips,application=\"uptatemU\",osUsername=illumd,srcHost=itseddo2209.mail.domain,dbName=olu,schemaName=rExcep,bindVar=turExcep,sqlError=success,respSize=4173,respTime=166.270000,affRows=duntutla,action=\"block\",rawQuery=\"tmollit\"", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,alert#=venia,event#=Loremi,createTime=2019-11-15 17:19:22,updateTime=uisnostr,alertSev=medium,group=vol,ruleName=\"ommodi\",evntDesc=\"ritat\",category=dipi,disposition=asnulapa,eventType=atev,proto=tcp,srcPort=7469,srcIP=10.197.254.133,dstPort=2009,dstIP=10.116.76.161,policyName=\"tla\",occurrences=2608,httpHost=ender,webMethod=quid,url=\"https://mail.example.net/teturad/nimide.htm?ueporroq=writ#ema\",webQuery=\"ioffici\",soapAction=agni,resultCode=tat,sessionID=metconse,username=ide,addUsername=equu,responseTime=pernatur,responseSize=orem,direction=outbound,dbUsername=caecatc,queryGroup=iarc,application=\"emquia\",srcHost=duntutl3396.api.host,osUsername=idu,schemaName=trudex,dbName=ncul,hdrName=mcorpor,action=cancel", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.28.77.79,dstPort=3615,dbUsername=upta,srcIP=10.144.14.15,srcPort=1150,creatTime=30 November 2019 00:21:57,srvGroup=consequ,service=min,appName=riame,event#=gnaal,eventType=Login,usrGroup=nti,usrAuth=True,application=\"tetura\",osUsername=utlab,srcHost=colabo6686.internal.invalid,dbName=uptass,schemaName=rspic,bindVar=itsedq,sqlError=success,respSize=4810,respTime=22.348000,affRows=iut,action=\"deny\",rawQuery=\"nemu\"", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.177.182,dstPort=317,dbUsername=quei,srcIP=10.18.15.43,srcPort=2224,creatTime=2019-12-14 07:24:31,srvGroup=reetdol,service=umtotam,appName=itaedi,event#=ant,eventType=tiumt,usrGroup=taedicta,usrAuth=mveniamq,application=\"exerci\",osUsername=quaturve,srcHost=tsunti1164.www.example,dbName=equatur,schemaName=caecat,bindVar=oreetd,sqlError=unknown,respSize=983,respTime=113.318000,affRows=nderit,action=\"accept\",rawQuery=\"icer\"", "tags": [ diff --git a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml index d9a95a242e2..9ddae22a201 100644 --- a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Imperva SecureSphere processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/imperva/data_stream/securesphere/sample_event.json b/packages/imperva/data_stream/securesphere/sample_event.json index 825bdc0fafc..db4afa5ec4f 100644 --- a/packages/imperva/data_stream/securesphere/sample_event.json +++ b/packages/imperva/data_stream/securesphere/sample_event.json @@ -19,7 +19,7 @@ "port": 892 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/imperva/docs/README.md b/packages/imperva/docs/README.md index 61fec0deb92..8496f666be5 100644 --- a/packages/imperva/docs/README.md +++ b/packages/imperva/docs/README.md @@ -72,7 +72,7 @@ The `securesphere` dataset collects Imperva SecureSphere logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index 5e9173908c2..f01ac212fb6 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: "0.12.0" +version: "0.13.0" description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental From c706a6efc24d24cdda20d339e520e81ae5d0b777 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:58 +0530 Subject: [PATCH 059/137] [infoblox_bloxone_ddi] - update ECS to 8.7.0 from 8.6.0 This updates the infoblox_bloxone_ddi integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/infoblox_bloxone_ddi --- packages/infoblox_bloxone_ddi/_dev/build/build.yml | 2 +- packages/infoblox_bloxone_ddi/changelog.yml | 5 +++++ .../pipeline/test-pipeline-dhcp-lease.log-expected.json | 4 ++-- .../dhcp_lease/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dhcp_lease/sample_event.json | 2 +- .../pipeline/test-pipeline-dns-config.log-expected.json | 4 ++-- .../dns_config/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dns_config/sample_event.json | 2 +- .../pipeline/test-pipeline-dns-data.log-expected.json | 4 ++-- .../dns_data/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dns_data/sample_event.json | 2 +- packages/infoblox_bloxone_ddi/docs/README.md | 8 ++++---- packages/infoblox_bloxone_ddi/manifest.yml | 2 +- 13 files changed, 23 insertions(+), 18 deletions(-) diff --git a/packages/infoblox_bloxone_ddi/_dev/build/build.yml b/packages/infoblox_bloxone_ddi/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/infoblox_bloxone_ddi/_dev/build/build.yml +++ b/packages/infoblox_bloxone_ddi/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/infoblox_bloxone_ddi/changelog.yml b/packages/infoblox_bloxone_ddi/changelog.yml index d7d2c0ae031..c62a3ce627c 100644 --- a/packages/infoblox_bloxone_ddi/changelog.yml +++ b/packages/infoblox_bloxone_ddi/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Infoblox BloxOne DDI as GA. diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json index 0bb9ed0f4d4..bcb6d117c41 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml index 2f011bf2be8..a82adf8b832 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DHCP lease logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json index c5c5a2bc838..ce6f5424379 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json index a7f2aa6e7b3..c0ad9e2cfc4 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -649,7 +649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml index dd9f957d559..420b529f200 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DNS config logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json index 6c6ede00898..eab0abed26b 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json index 75e114231db..4a2e98b7cd4 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml index 056f1a781bd..6faae19a091 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DNS data logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json index e72a278a75c..830b4f04833 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", diff --git a/packages/infoblox_bloxone_ddi/docs/README.md b/packages/infoblox_bloxone_ddi/docs/README.md index ee2c8107da9..93550259fa9 100644 --- a/packages/infoblox_bloxone_ddi/docs/README.md +++ b/packages/infoblox_bloxone_ddi/docs/README.md @@ -73,7 +73,7 @@ An example event for `dhcp_lease` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", @@ -189,7 +189,7 @@ An example event for `dhcp_lease` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -255,7 +255,7 @@ An example event for `dns_config` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", @@ -1283,7 +1283,7 @@ An example event for `dns_data` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160", diff --git a/packages/infoblox_bloxone_ddi/manifest.yml b/packages/infoblox_bloxone_ddi/manifest.yml index 323f55088f8..4a008ba09da 100644 --- a/packages/infoblox_bloxone_ddi/manifest.yml +++ b/packages/infoblox_bloxone_ddi/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_bloxone_ddi title: Infoblox BloxOne DDI -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect logs from Infoblox BloxOne DDI with Elastic Agent. From 162852239ec715e463dd670e698124c9dd50a8d8 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:58:59 +0530 Subject: [PATCH 060/137] [infoblox_nios] - update ECS to 8.7.0 from 8.6.0 This updates the infoblox_nios integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/infoblox_nios --- packages/infoblox_nios/_dev/build/build.yml | 2 +- packages/infoblox_nios/changelog.yml | 5 + .../pipeline/test-audit.log-expected.json | 48 +++---- .../test/pipeline/test-dhcp.log-expected.json | 128 +++++++++--------- .../test/pipeline/test-dns.log-expected.json | 50 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/infoblox_nios/docs/README.md | 2 +- packages/infoblox_nios/manifest.yml | 2 +- 9 files changed, 123 insertions(+), 118 deletions(-) diff --git a/packages/infoblox_nios/_dev/build/build.yml b/packages/infoblox_nios/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/infoblox_nios/_dev/build/build.yml +++ b/packages/infoblox_nios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index a420b6c8ded..705e5172dbe 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json index f3c206e3029..6d3547e883f 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-03-18T13:24:41.705Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logout", @@ -57,7 +57,7 @@ { "@timestamp": "2022-04-13T16:44:36.850Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_denied", @@ -112,7 +112,7 @@ { "@timestamp": "2022-03-21T08:53:51.087Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_allowed", @@ -171,7 +171,7 @@ { "@timestamp": "2011-10-19T19:48:37.299Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_allowed", @@ -224,7 +224,7 @@ { "@timestamp": "2011-10-19T14:02:32.750Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login_denied", @@ -273,7 +273,7 @@ { "@timestamp": "2011-10-19T12:43:47.375Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "first_login", @@ -321,7 +321,7 @@ { "@timestamp": "2011-10-19T13:07:33.343Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password_reset_error", @@ -366,7 +366,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified", @@ -413,7 +413,7 @@ { "@timestamp": "2022-03-24T09:37:29.261Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -460,7 +460,7 @@ { "@timestamp": "2022-03-18T11:46:38.877Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified", @@ -507,7 +507,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "called", @@ -553,7 +553,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -600,7 +600,7 @@ { "@timestamp": "2022-03-24T09:28:24.476Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "called", @@ -646,7 +646,7 @@ { "@timestamp": "2022-03-21T15:08:08.238Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -693,7 +693,7 @@ { "@timestamp": "2022-03-21T15:08:08.239Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -740,7 +740,7 @@ { "@timestamp": "2022-03-21T15:08:48.455Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted", @@ -787,7 +787,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted", @@ -834,7 +834,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", @@ -881,7 +881,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified", @@ -928,7 +928,7 @@ { "@timestamp": "2022-03-18T12:40:05.241Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified", @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-18T13:40:05.000Z", @@ -1006,7 +1006,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "called", @@ -1049,7 +1049,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified", @@ -1092,7 +1092,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json index 73c1aadd60f..079fff6e939 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json @@ -7,7 +7,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -52,7 +52,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -99,7 +99,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdiscover", @@ -148,7 +148,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdiscover", @@ -199,7 +199,7 @@ "mac": "00-50-56-83-D0-F6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdiscover", @@ -249,7 +249,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdiscover", @@ -295,7 +295,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdiscover", @@ -347,7 +347,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -410,7 +410,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -472,7 +472,7 @@ "mac": "26-9A-76-87-8A-06" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -529,7 +529,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -590,7 +590,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -648,7 +648,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -708,7 +708,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -765,7 +765,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -821,7 +821,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -872,7 +872,7 @@ "mac": "00-50-56-83-D3-83" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -929,7 +929,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -985,7 +985,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -1039,7 +1039,7 @@ "mac": "00-50-56-83-96-03" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -1092,7 +1092,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -1142,7 +1142,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -1195,7 +1195,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprequest", @@ -1253,7 +1253,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1314,7 +1314,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1374,7 +1374,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpoffer", @@ -1432,7 +1432,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1491,7 +1491,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1549,7 +1549,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1610,7 +1610,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1665,7 +1665,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -1723,7 +1723,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprelease", @@ -1779,7 +1779,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcprelease", @@ -1832,7 +1832,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpexpire", @@ -1875,7 +1875,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpinform", @@ -1923,7 +1923,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpinform", @@ -1970,7 +1970,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpinform", @@ -2024,7 +2024,7 @@ "mac": "34-29-8F-71-B8-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdecline", @@ -2076,7 +2076,7 @@ "mac": "00-C0-DD-07-18-E2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpdecline", @@ -2129,7 +2129,7 @@ "mac": "F4-30-B9-17-AB-0E" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpnak", @@ -2178,7 +2178,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpleasequery", @@ -2223,7 +2223,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2262,7 +2262,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2301,7 +2301,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2340,7 +2340,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2379,7 +2379,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2418,7 +2418,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2457,7 +2457,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2496,7 +2496,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2535,7 +2535,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2574,7 +2574,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2613,7 +2613,7 @@ { "@timestamp": "2023-03-27T08:32:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-27T08:32:59.000Z", @@ -2656,7 +2656,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "encapsulated solicit", @@ -2701,7 +2701,7 @@ "ip": "2a02:cf40::" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "advertise na", @@ -2748,7 +2748,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "relay-forward", @@ -2796,7 +2796,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "encapsulating advertise", @@ -2838,7 +2838,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sending relay-reply", @@ -2880,7 +2880,7 @@ "mac": "00-50-56-83-96-03" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -2940,7 +2940,7 @@ "mac": "CE-93-30-8E-DB-AC" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "release", @@ -2986,7 +2986,7 @@ "mac": "9C-AD-97-7A-FD-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -3035,7 +3035,7 @@ "mac": "4A-34-BF-D2-78-24" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -3096,7 +3096,7 @@ "mac": "4A-34-BF-D2-78-24" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -3163,7 +3163,7 @@ "mac": "4A-34-BF-D2-78-24" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", @@ -3228,7 +3228,7 @@ "mac": "4A-34-BF-D2-78-24" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpack", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 2b20c1eb082..d5a0db501b9 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -41,7 +41,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -101,7 +101,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -181,7 +181,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -244,7 +244,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -328,7 +328,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -379,7 +379,7 @@ "port": 59735 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-09T23:59:59.000Z", @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-09T23:59:59.000Z", @@ -481,7 +481,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -580,7 +580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -691,7 +691,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -737,7 +737,7 @@ "port": 46982 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -841,7 +841,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -894,7 +894,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -947,7 +947,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -989,7 +989,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -1033,7 +1033,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -1123,7 +1123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-03-11T23:51:31.000Z", @@ -1175,7 +1175,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-04-14T16:17:20.000Z", @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-04-14T16:16:05.000Z", @@ -1288,7 +1288,7 @@ "port": 64727 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-04-14T16:16:05.000Z", @@ -1364,7 +1364,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2023-10-04T10:18:07.000Z", diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index be39ba09c2b..143183d9a37 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: field: event.original patterns: diff --git a/packages/infoblox_nios/data_stream/log/sample_event.json b/packages/infoblox_nios/data_stream/log/sample_event.json index 760678c4450..4869877c0c1 100644 --- a/packages/infoblox_nios/data_stream/log/sample_event.json +++ b/packages/infoblox_nios/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/infoblox_nios/docs/README.md b/packages/infoblox_nios/docs/README.md index 843b6e65dfd..81012aa9fb7 100644 --- a/packages/infoblox_nios/docs/README.md +++ b/packages/infoblox_nios/docs/README.md @@ -167,7 +167,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index 2460025be13..b29017d5cb4 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: "1.6.2" +version: "1.7.0" license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration From 51736ae5adf835740867f2e1d8786dd3ca153800 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:00 +0530 Subject: [PATCH 061/137] [iptables] - update ECS to 8.7.0 from 8.6.0 This updates the iptables integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/iptables --- packages/iptables/_dev/build/build.yml | 2 +- packages/iptables/changelog.yml | 5 ++ .../test-iptables-raw.log-expected.json | 88 +++++++++---------- .../pipeline/test-journald.json-expected.json | 2 +- .../pipeline/test-ubiquiti.log-expected.json | 44 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/iptables/docs/README.md | 2 +- packages/iptables/manifest.yml | 2 +- 9 files changed, 77 insertions(+), 72 deletions(-) diff --git a/packages/iptables/_dev/build/build.yml b/packages/iptables/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/iptables/_dev/build/build.yml +++ b/packages/iptables/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 18e16729a2a..7f30fba6e7c 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json index 93777cf6a3f..390af41e68a 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json @@ -1,14 +1,14 @@ { "expected": [ { - "@timestamp": "2022-10-10T07:25:12.000Z", + "@timestamp": "2023-10-10T07:25:12.000Z", "destination": { "ip": "10.4.0.5", "mac": "90-10-20-76-8D-20", "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -108,7 +108,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -208,7 +208,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -296,13 +296,13 @@ ] }, { - "@timestamp": "2022-01-08T03:37:09.000Z", + "@timestamp": "2023-01-08T03:37:09.000Z", "destination": { "ip": "192.168.2.83", "mac": "90-10-28-5F-62-24" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deny", @@ -352,14 +352,14 @@ ] }, { - "@timestamp": "2022-01-08T03:37:09.000Z", + "@timestamp": "2023-01-08T03:37:09.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -431,14 +431,14 @@ ] }, { - "@timestamp": "2022-01-08T03:37:57.000Z", + "@timestamp": "2023-01-08T03:37:57.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 1433 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -495,14 +495,14 @@ ] }, { - "@timestamp": "2022-01-08T03:38:45.000Z", + "@timestamp": "2023-01-08T03:38:45.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -574,14 +574,14 @@ ] }, { - "@timestamp": "2022-01-08T03:39:25.000Z", + "@timestamp": "2023-01-08T03:39:25.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -653,14 +653,14 @@ ] }, { - "@timestamp": "2022-01-08T03:40:21.000Z", + "@timestamp": "2023-01-08T03:40:21.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -732,14 +732,14 @@ ] }, { - "@timestamp": "2022-01-08T03:40:25.000Z", + "@timestamp": "2023-01-08T03:40:25.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -796,14 +796,14 @@ ] }, { - "@timestamp": "2022-01-08T03:41:17.000Z", + "@timestamp": "2023-01-08T03:41:17.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -863,14 +863,14 @@ ] }, { - "@timestamp": "2022-01-08T03:41:23.000Z", + "@timestamp": "2023-01-08T03:41:23.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -930,14 +930,14 @@ ] }, { - "@timestamp": "2022-01-08T03:43:18.000Z", + "@timestamp": "2023-01-08T03:43:18.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 139 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -994,14 +994,14 @@ ] }, { - "@timestamp": "2022-01-08T03:43:42.000Z", + "@timestamp": "2023-01-08T03:43:42.000Z", "destination": { "ip": "172.16.54.114", "mac": "90-10-35-5A-1E-3A", "port": 8088 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop_input", @@ -1058,7 +1058,7 @@ ] }, { - "@timestamp": "2022-01-22T09:05:05.000Z", + "@timestamp": "2023-01-22T09:05:05.000Z", "destination": { "geo": { "continent_name": "Europe", @@ -1072,7 +1072,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1129,13 +1129,13 @@ ] }, { - "@timestamp": "2022-01-22T10:52:34.000Z", + "@timestamp": "2023-01-22T10:52:34.000Z", "destination": { "ip": "ff02:0000:0000:0000:0000:0000:0000:0016", "mac": "90-10-12-34-56-78" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1185,7 +1185,7 @@ ] }, { - "@timestamp": "2022-01-05T20:17:05.000Z", + "@timestamp": "2023-01-05T20:17:05.000Z", "destination": { "geo": { "city_name": "London", @@ -1204,7 +1204,7 @@ "port": 48689 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -1265,14 +1265,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -1341,14 +1341,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -1424,14 +1424,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -1499,14 +1499,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -1574,14 +1574,14 @@ ] }, { - "@timestamp": "2022-06-28T04:35:30.000Z", + "@timestamp": "2023-06-28T04:35:30.000Z", "destination": { "ip": "10.251.1.1", "mac": "0A-EA-10-00-F0-06", "port": 9000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1627,13 +1627,13 @@ ] }, { - "@timestamp": "2022-06-28T04:30:32.000Z", + "@timestamp": "2023-06-28T04:30:32.000Z", "destination": { "ip": "10.251.1.1", "mac": "0A-EA-10-00-F0-06" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json index c40efa71ada..16b6aae5a6c 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json @@ -20,7 +20,7 @@ "port": 40702 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json index a5c7e5e0c39..cbf6b0e4bb1 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-01-05T20:17:05.000Z", + "@timestamp": "2023-01-05T20:17:05.000Z", "destination": { "geo": { "city_name": "London", @@ -20,7 +20,7 @@ "port": 48689 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -81,14 +81,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -157,14 +157,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -240,14 +240,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -315,14 +315,14 @@ ] }, { - "@timestamp": "2022-01-05T20:17:01.000Z", + "@timestamp": "2023-01-05T20:17:01.000Z", "destination": { "ip": "192.168.2.25", "mac": "90-10-20-76-8D-20", "port": 1443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "accept", @@ -390,12 +390,12 @@ ] }, { - "@timestamp": "2022-05-05T20:46:45.000Z", + "@timestamp": "2023-05-05T20:46:45.000Z", "destination": { "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -432,12 +432,12 @@ ] }, { - "@timestamp": "2022-05-05T20:46:46.000Z", + "@timestamp": "2023-05-05T20:46:46.000Z", "destination": { "port": 7914 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -474,12 +474,12 @@ ] }, { - "@timestamp": "2022-05-05T20:46:46.000Z", + "@timestamp": "2023-05-05T20:46:46.000Z", "destination": { "port": 51179 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -515,12 +515,12 @@ ] }, { - "@timestamp": "2022-05-05T20:47:09.000Z", + "@timestamp": "2023-05-05T20:47:09.000Z", "destination": { "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -557,12 +557,12 @@ ] }, { - "@timestamp": "2022-05-05T20:46:56.000Z", + "@timestamp": "2023-05-05T20:46:56.000Z", "destination": { "port": 51182 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -598,12 +598,12 @@ ] }, { - "@timestamp": "2022-05-05T20:45:44.000Z", + "@timestamp": "2023-05-05T20:45:44.000Z", "destination": { "port": 49209 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b6be64d6119..3a8c27057a9 100644 --- a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for iptables logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # These two fields are treated as immutable in the case reindexing. - set: diff --git a/packages/iptables/data_stream/log/sample_event.json b/packages/iptables/data_stream/log/sample_event.json index 0ca0ea13d07..81864bf2e8e 100644 --- a/packages/iptables/data_stream/log/sample_event.json +++ b/packages/iptables/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "660f37cf-e109-4766-b85b-8150ca4cd173", diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index e4e1c47e95f..99037ad5372 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "660f37cf-e109-4766-b85b-8150ca4cd173", diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 6bad5827d2d..e50457edf6c 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.4.0" +version: "1.5.0" release: ga description: Collect logs from Iptables with Elastic Agent. type: integration From 2c5529a577f3c85cc8b5c26b45f90f8a85de320e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:05 +0530 Subject: [PATCH 062/137] [jamf_compliance_reporter] - update ECS to 8.7.0 from 8.6.0 This updates the jamf_compliance_reporter integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/jamf_compliance_reporter --- .../_dev/build/build.yml | 2 +- .../jamf_compliance_reporter/changelog.yml | 5 ++ ...est-pipeline-app-metrics.log-expected.json | 2 +- .../test-pipeline-audit.log-expected.json | 72 +++++++++---------- .../test-pipeline-event.log-expected.json | 32 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../jamf_compliance_reporter/docs/README.md | 2 +- .../jamf_compliance_reporter/manifest.yml | 2 +- 9 files changed, 63 insertions(+), 58 deletions(-) diff --git a/packages/jamf_compliance_reporter/_dev/build/build.yml b/packages/jamf_compliance_reporter/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/jamf_compliance_reporter/_dev/build/build.yml +++ b/packages/jamf_compliance_reporter/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/jamf_compliance_reporter/changelog.yml b/packages/jamf_compliance_reporter/changelog.yml index 6cf36ae6ede..738685e0c7e 100644 --- a/packages/jamf_compliance_reporter/changelog.yml +++ b/packages/jamf_compliance_reporter/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Jamf Compliance Reporter as GA. diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json index 0c58c8bfe1c..d8c765e3ff2 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-15T18:30:27.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "app_metrics", diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json index 7c853c26719..9b89c9bdcff 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-04T01:56:59.281Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -143,7 +143,7 @@ { "@timestamp": "2019-10-15T18:33:10.518Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -274,7 +274,7 @@ { "@timestamp": "2019-10-15T18:31:00.736Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -419,7 +419,7 @@ { "@timestamp": "2019-10-04T02:06:53.885Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -563,7 +563,7 @@ { "@timestamp": "2019-10-13T07:35:04.499Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -726,7 +726,7 @@ { "@timestamp": "2019-10-15T18:34:41.174Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "150" @@ -867,7 +867,7 @@ { "@timestamp": "2019-10-15T18:30:12.223Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1045,7 +1045,7 @@ { "@timestamp": "2019-10-04T02:07:12.671Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1183,7 +1183,7 @@ { "@timestamp": "2019-10-02T16:21:03.400Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1320,7 +1320,7 @@ { "@timestamp": "2019-10-15T17:57:25.519Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1450,7 +1450,7 @@ { "@timestamp": "2019-10-04T02:07:20.363Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1629,7 +1629,7 @@ { "@timestamp": "2019-10-15T18:23:50.822Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1770,7 +1770,7 @@ { "@timestamp": "2019-10-10T21:16:18.957Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -1909,7 +1909,7 @@ { "@timestamp": "2019-10-10T21:17:59.235Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2042,7 +2042,7 @@ { "@timestamp": "2019-10-15T18:17:16.978Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2183,7 +2183,7 @@ { "@timestamp": "2019-10-15T17:37:31.350Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2343,7 +2343,7 @@ { "@timestamp": "2019-10-04T02:07:03.295Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2464,7 +2464,7 @@ { "@timestamp": "2019-10-15T18:34:40.882Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2619,7 +2619,7 @@ { "@timestamp": "2019-10-15T15:16:00.270Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2763,7 +2763,7 @@ { "@timestamp": "2019-10-10T17:56:24.088Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -2903,7 +2903,7 @@ { "@timestamp": "2019-10-15T18:25:30.525Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3018,7 +3018,7 @@ { "@timestamp": "2019-10-15T18:25:54.133Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3133,7 +3133,7 @@ { "@timestamp": "2019-10-15T18:33:06.553Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3248,7 +3248,7 @@ { "@timestamp": "2019-10-15T17:57:31.064Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3363,7 +3363,7 @@ { "@timestamp": "2019-10-04T02:07:15.007Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3497,7 +3497,7 @@ { "@timestamp": "2019-10-04T01:57:00.582Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3628,7 +3628,7 @@ { "@timestamp": "2019-10-13T22:24:19.201Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3757,7 +3757,7 @@ { "@timestamp": "2019-10-04T01:57:00.567Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -3888,7 +3888,7 @@ { "@timestamp": "2019-10-04T01:57:00.560Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4021,7 +4021,7 @@ { "@timestamp": "2019-10-15T15:16:00.338Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4159,7 +4159,7 @@ { "@timestamp": "2019-10-15T15:16:00.338Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4291,7 +4291,7 @@ { "@timestamp": "2019-10-15T16:59:30.567Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4424,7 +4424,7 @@ { "@timestamp": "2019-10-04T02:07:19.630Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4598,7 +4598,7 @@ { "@timestamp": "2019-10-04T02:07:19.468Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4724,7 +4724,7 @@ { "@timestamp": "2019-10-15T17:37:31.441Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "0" @@ -4879,7 +4879,7 @@ { "@timestamp": "2019-10-04T02:07:12.671Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "10" diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json index bd941c56c43..8f8024a1c3d 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-14T01:49:46.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audio_video_device_event", @@ -61,7 +61,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "audit_class_verification_event", @@ -117,7 +117,7 @@ { "@timestamp": "2019-10-12T14:32:01.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "compliance_reporter_tamper_event", @@ -201,7 +201,7 @@ { "@timestamp": "2019-10-15T18:34:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_event", @@ -285,7 +285,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "gatekeeper_info_event", @@ -338,7 +338,7 @@ { "@timestamp": "2019-10-04T02:25:42.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "gatekeeper_manual_overrides", @@ -480,7 +480,7 @@ { "@timestamp": "2019-10-15T18:30:11.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "gatekeeper_quarantine_log", @@ -542,7 +542,7 @@ { "@timestamp": "2019-10-14T01:15:30.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "hardware_event", @@ -617,7 +617,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "license_info_event", @@ -677,7 +677,7 @@ { "@timestamp": "2019-10-02T16:17:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "preference_list_event", @@ -781,7 +781,7 @@ { "@timestamp": "2019-10-06T23:37:31.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "print_event_information", @@ -844,7 +844,7 @@ { "@timestamp": "2020-07-10T19:32:06.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "prohibited_app_blocked", @@ -991,7 +991,7 @@ { "@timestamp": "2019-10-14T14:18:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "signal_event", @@ -1041,7 +1041,7 @@ { "@timestamp": "2019-10-15T18:19:10.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "unified_log_event", @@ -1125,7 +1125,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "xprotect_definitions_version_info", @@ -1180,7 +1180,7 @@ { "@timestamp": "2019-10-11T19:17:42.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "xprotect_event_log", diff --git a/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b15df17ca08..ca3ef6173e7 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Jamf Compliance Reporter logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/jamf_compliance_reporter/data_stream/log/sample_event.json b/packages/jamf_compliance_reporter/data_stream/log/sample_event.json index d5870622261..89e7b19f37f 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/sample_event.json +++ b/packages/jamf_compliance_reporter/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4f9748a6-cc5b-4160-bfdb-b533f9ba576a", diff --git a/packages/jamf_compliance_reporter/docs/README.md b/packages/jamf_compliance_reporter/docs/README.md index b894c32b92c..726c1138a6a 100644 --- a/packages/jamf_compliance_reporter/docs/README.md +++ b/packages/jamf_compliance_reporter/docs/README.md @@ -81,7 +81,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4f9748a6-cc5b-4160-bfdb-b533f9ba576a", diff --git a/packages/jamf_compliance_reporter/manifest.yml b/packages/jamf_compliance_reporter/manifest.yml index a179a065591..880f67f304c 100644 --- a/packages/jamf_compliance_reporter/manifest.yml +++ b/packages/jamf_compliance_reporter/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: jamf_compliance_reporter title: Jamf Compliance Reporter -version: "1.0.0" +version: "1.1.0" license: basic description: Collect logs from Jamf Compliance Reporter with Elastic Agent. type: integration From e43fb41ec0f118e79a10b8814c947c4b2d9c9832 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:06 +0530 Subject: [PATCH 063/137] [jumpcloud] - update ECS to 8.7.0 from 8.5.0 This updates the jumpcloud integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/jumpcloud --- packages/jumpcloud/_dev/build/build.yml | 2 +- packages/jumpcloud/changelog.yml | 5 +++++ .../events/_dev/test/pipeline/test-events.json-expected.json | 4 ++-- .../events/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/jumpcloud/data_stream/events/sample_event.json | 2 +- packages/jumpcloud/docs/README.md | 2 +- packages/jumpcloud/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/jumpcloud/_dev/build/build.yml b/packages/jumpcloud/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/jumpcloud/_dev/build/build.yml +++ b/packages/jumpcloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/jumpcloud/changelog.yml b/packages/jumpcloud/changelog.yml index 35c8218a31d..c2f1e638a0a 100644 --- a/packages/jumpcloud/changelog.yml +++ b/packages/jumpcloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.0.2" changes: - description: Fix img links in readme diff --git a/packages/jumpcloud/data_stream/events/_dev/test/pipeline/test-events.json-expected.json b/packages/jumpcloud/data_stream/events/_dev/test/pipeline/test-events.json-expected.json index 420143767b8..ab6e3d43991 100644 --- a/packages/jumpcloud/data_stream/events/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/jumpcloud/data_stream/events/_dev/test/pipeline/test-events.json-expected.json @@ -18,7 +18,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "admin_login_attempt", @@ -75,4 +75,4 @@ } } ] -} +} \ No newline at end of file diff --git a/packages/jumpcloud/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/jumpcloud/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 1d20db71834..0beefb2f15f 100644 --- a/packages/jumpcloud/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jumpcloud/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for JumpCloud Events processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - rename: field: message diff --git a/packages/jumpcloud/data_stream/events/sample_event.json b/packages/jumpcloud/data_stream/events/sample_event.json index 087f38d853e..f490f09b4f4 100644 --- a/packages/jumpcloud/data_stream/events/sample_event.json +++ b/packages/jumpcloud/data_stream/events/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "admin_login_attempt", diff --git a/packages/jumpcloud/docs/README.md b/packages/jumpcloud/docs/README.md index 95637a5a8ad..232d171ae35 100644 --- a/packages/jumpcloud/docs/README.md +++ b/packages/jumpcloud/docs/README.md @@ -248,7 +248,7 @@ An example event for `events` looks as following: "ip": "81.2.69.144" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "admin_login_attempt", diff --git a/packages/jumpcloud/manifest.yml b/packages/jumpcloud/manifest.yml index 3488a82da74..a128bcfd35c 100644 --- a/packages/jumpcloud/manifest.yml +++ b/packages/jumpcloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: jumpcloud title: "JumpCloud" -version: 0.0.2 +version: "0.1.0" description: "Collect logs from JumpCloud Directory as a Service" type: integration categories: From 5d21dc118b2c84f6269ab694cbaca2583b65bdb0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:06 +0530 Subject: [PATCH 064/137] [juniper_junos] - update ECS to 8.7.0 from 8.6.0 This updates the juniper_junos integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/juniper_junos --- packages/juniper_junos/_dev/build/build.yml | 2 +- packages/juniper_junos/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/juniper_junos/docs/README.md | 4 +- packages/juniper_junos/manifest.yml | 2 +- 7 files changed, 111 insertions(+), 106 deletions(-) diff --git a/packages/juniper_junos/_dev/build/build.yml b/packages/juniper_junos/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/juniper_junos/_dev/build/build.yml +++ b/packages/juniper_junos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index 9c4f52764e3..12b0cbfe170 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.6.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 179d9caf994..eb824f54708 100644 --- a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 29 06:09:59 ceroinBC.exe[6713]: RPD_SCHED_TASK_LONGRUNTIME: : exe ran for 7309(5049)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 12 13:12:33 DCD_FILTER_LIB_ERROR message repeated [7608]: llu: Filter library initialization failed", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 26 20:15:08 MIB2D_TRAP_SEND_FAILURE: restart [6747]: sum: uaerat: cancel: success", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 12 03:17:42 seq olorema6148.www.localdomain: fug5500.www.domain IFP trace\u003e node: dqu", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 26 10:20:16 ssb SNMPD_CONTEXT_ERROR: [7400]: emq: isiu: success in 6237 context 5367", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 9 17:22:51 RPD_KRT_IFL_CELL_RELAY_MODE_UNSPECIFIED: restart [7618]: ionul: ifl : nibus, unknown", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 24 00:25:25 CHASSISD_SNMP_TRAP10 message repeated [1284]: ume: SNMP trap: failure: ono", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 8 07:27:59 sunt prehen6218.www.localhost: onse.exe[254]: RPD_KRT_IFL_CELL_RELAY_MODE_INVALID: : ifl : inibusBo, failure", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 22 14:30:33 iamquis quirat6972.www5.lan: isc.exe[3237]: SNMPD_USER_ERROR: : conseq: unknown in 6404 user 'atiset' 4068", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 5 21:33:08 fpc9 RPD_TASK_REINIT: [4621]: lita: Reinitializing", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 20 04:35:42 fpc4 LOGIN_FAILED: [2227]: oinBC: Login failed for user quameius from host ipsumdol4488.api.localdomain", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 4 11:38:16 NASD_PPP_SEND_PARTIAL: restart [3994]: aper: Unable to send all of message: santiumd", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 18 18:40:50 UI_COMMIT_AT_FAILED message repeated [7440]: temqu: success, minimav", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 2 01:43:25 rnatur ofdeFin7811.lan: emipsumd.exe[5020]: BOOTPD_NEW_CONF: : New configuration installed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 16 08:45:59 RPD_RIP_JOIN_MULTICAST message repeated [60]: onemulla: Unable to join multicast group enp0s4292: unknown", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 30 15:48:33 FSAD_TERMINATED_CONNECTION: restart [6703]: xea: Open file ites` closed due to unknown", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 13 22:51:07 RPD_KRT_IFL_GENERATION message repeated [5539]: eri: ifl lo2169 generation mismatch -- unknown", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 28 05:53:42 cfeb UI_COMMIT_ROLLBACK_FAILED: [3453]: avolu: Automatic rollback failed", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 12 12:56:16 mquisn.exe[3993]: RMOPD_usage : failure: midest", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 26 19:58:50 undeomni.exe[4938]: RPD_ISIS_LSPCKSUM: : IS-IS 715 LSP checksum error, interface enp0s1965, LSP id tasun, sequence 3203, checksum eratv, lifetime ipsa", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 10 03:01:24 kmd: restart ", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 24 10:03:59 ever.exe[6463]: LOGIN_FAILED: : Login failed for user atq from host erspi4926.www5.test", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 8 17:06:33 CHASSISD_MBUS_ERROR message repeated [72]: iadese: nisiu imad: management bus failed sanity test", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 23 00:09:07 niamquis.exe[1471]: TFTPD_NAK_ERR : nak error ptatems, 357", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 6 07:11:41 UI_DUPLICATE_UID: restart [3350]: atqu: Users naturau have the same UID olorsita", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 20 14:14:16 piscivel.exe[4753]: TFTPD_CREATE_ERR: : check_space unknown", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 3 21:16:50 fpc4 RPD_START: [1269]: riat: Start 181 version version built 7425", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 18 04:19:24 fpc2 COSMAN: : uptasnul: delete class_to_ifl table 2069, ifl 3693", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 4 11:21:59 orum oinBCSed3073.www.lan: ilm.exe[3193]: SNMPD_TRAP_QUEUE_MAX_ATTEMPTS: : fugiatqu: after 4003 attempts, deleting 4568 traps queued to exercita", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 18 18:24:33 TFTPD_BIND_ERR: restart [1431]: ntut: bind: failure", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 2 01:27:07 lite ugia517.api.host: doei.exe[7073]: RPD_LDP_SESSIONDOWN: : LDP session 10.88.126.165 is down, failure", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 16 08:29:41 fpc6 SNMPD_CONTEXT_ERROR: [180]: eturadip: ent: unknown in 5848 context 316", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 30 15:32:16 NASD_CHAP_INVALID_CHAP_IDENTIFIER message repeated [796]: iumdo: lo2721: received aturv expected CHAP ID: ectetura", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 14 22:34:50 UI_LOAD_EVENT message repeated [6342]: seq: User 'moll' is performing a 'allow'", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 29 05:37:24 fdeFin.exe[4053]: SNMP_TRAP_TRACE_ROUTE_TEST_FAILED : traceRouteCtlOwnerIndex = 1450, traceRouteCtlTestName = edic", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 12 12:39:58 SNMPD_RTSLIB_ASYNC_EVENT: restart [508]: uae: oremip: sequence mismatch failure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 26 19:42:33 tesse olupta2743.internal.localdomain: ine.exe[3181]: BOOTPD_TIMEOUT: : Timeout success unreasonable", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 11 02:45:07 NASD_RADIUS_MESSAGE_UNEXPECTED message repeated [33]: abore: Unknown response from RADIUS server: unknown", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 25 09:47:41 PWC_LOCKFILE_BAD_FORMAT: restart [3426]: illum: PID lock file has bad format: eprehe", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 8 16:50:15 snostr.exe[1613]: RPD_KRT_AFUNSUPRT : tec: received itaspe message with unsupported address family 4176", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 22 23:52:50 oreeufug.exe[6086]: PWC_PROCESS_FORCED_HOLD : Process plicaboN forcing hold down of child 619 until signal", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 6 06:55:24 MIB2D_IFL_IFINDEX_FAILURE message repeated [4115]: tiu: SNMP index assigned to wri changed from 3902 to unknown", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 20 13:57:58 mwr cia5990.api.localdomain: pitlabo.exe[3498]: UI_DBASE_MISMATCH_MAJOR: : Database header major version number mismatch for file 'ende': expecting 6053, got 4884", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 4 21:00:32 iuntN utfugi851.www5.invalid: nul.exe[1005]: SNMPD_VIEW_INSTALL_DEFAULT: : eetdo: success installing default 1243 view 5146", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 19 04:03:07 DCD_PARSE_STATE_EMERGENCY message repeated [2498]: uptatem: An unhandled state was encountered during interface parsing", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 2 11:05:41 loremagn acons3820.internal.home: ain.exe[7192]: LOGIN_PAM_MAX_RETRIES: : Too many retries while authenticating user iquipex", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 16 18:08:15 onorume.exe[3290]: BOOTPD_NO_BOOTSTRING : No boot string found for type veleu", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 1 01:10:49 eirured sequamn5243.mail.home: sshd: sshd: SSHD_LOGIN_FAILED: Login failed for user 'ciatisun' from host '10.252.209.246'.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 15 08:13:24 COS: restart : Received FC-\u003eQ map, caecat", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 29 15:15:58 cgatool message repeated : nvolupta: generated address is success", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 12 22:18:32 CHASSISD_SNMP_TRAP6 message repeated [4667]: idolor: SNMP trap generated: success (les)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 27 05:21:06 ssb FLOW_REASSEMBLE_SUCCEED: : Packet merged source 10.102.228.136 destination 10.151.136.250 ipid upt succeed", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 10 12:23:41 DFWD_PARSE_FILTER_EMERGENCY message repeated [2037]: serrorsi: tsedquia encountered errors while parsing filter index file", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 24 19:26:15 remips laboreet5949.mail.test: tesse.exe[4358]: RPD_LDP_SESSIONDOWN: : LDP session 10.148.255.126 is down, unknown", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 11 02:28:49 fpc2 NASD_CHAP_REPLAY_ATTACK_DETECTED: [mipsumqu]: turad: eth680.6195: received doloremi unknown.iciatis", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 25 09:31:24 rema mcol7795.domain: mquis lsys_ssam_handler: : processing lsys root-logical-system tur", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 8 16:33:58 UI_LOST_CONN message repeated [7847]: loreeuf: Lost connection to daemon orainci", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 22 23:36:32 PWC_PROCESS_HOLD: restart [1791]: itse: Process lapari holding down child 2702 until signal", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 7 06:39:06 undeo ficiade4365.mail.domain: norum.exe[4443]: LIBSERVICED_SOCKET_BIND: : dantium: unable to bind socket ors: failure", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 21 13:41:41 liq eleumiu2852.lan: mfugiat.exe[3946]: LOGIN_FAILED: : Login failed for user olu from host mSect5899.domain", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 4 20:44:15 idolo.exe[6535]: MIB2D_IFL_IFINDEX_FAILURE: : SNMP index assigned to deseru changed from 6460 to unknown", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 19 03:46:49 modtempo.exe[5276]: CHASSISD_RELEASE_MASTERSHIP: : Release mastership notification", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 3 10:49:23 fpc4 PWC_PROCESS_HOLD: [3450]: dexea: Process aturExc holding down child 7343 until signal", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 17 17:51:58 ame.exe[226]: SERVICED_RTSOCK_SEQUENCE : boreet: routing socket sequence error, unknown", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 1 00:54:32 consect6919.mail.localdomain iset.exe[940]: idpinfo: urere", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 15 07:57:06 RPD_KRT_NOIFD: restart [4822]: oreeufug: No device 5020 for interface lo4593", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 29 14:59:40 eprehen oinB3432.api.invalid: citatio.exe[5029]: craftd: , unknown", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 12 22:02:15 ACCT_CU_RTSLIB_error message repeated [7583]: eetd: liquide getting class usage statistics for interface enp0s2674: success", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 27 05:04:49 userro oree nimadmi7341.www.home RT_FLOW - kmd [", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 11 12:07:23 LOGIN_PAM_NONLOCAL_USER: restart [686]: rauto: User rese authenticated but has no local login ID", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 25 19:09:57 doconse.exe[6184]: RPD_KRT_NOIFD : No device 5991 for interface enp0s7694", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 9 02:12:32 quidolor1064.www.domain: uspinfo: : flow_print_session_summary_output received rcita", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 23 09:15:06 RPD_TASK_REINIT: restart [1810]: mfugi: Reinitializing", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 7 16:17:40 inibusBo.exe[2509]: ECCD_TRACE_FILE_OPEN_FAILED : allow: failure", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 21 23:20:14 ECCD_TRACE_FILE_OPEN_FAILED message repeated [2815]: rudexer: accept: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 5 06:22:49 eseosqu oeius641.api.home: laud.exe[913]: LOGIN_FAILED: : Login failed for user turQ from host tod6376.mail.host", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jan 19 13:25:23 ine.exe[1578]: FSAD_CONNTIMEDOUT : Connection timed out to the client (oreve2538.www.localdomain, 10.44.24.103) having request type reprehen", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 2 20:27:57 UI_SCHEMA_SEQUENCE_ERROR: restart [734]: rinre: Schema sequence number mismatch", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Feb 17 03:30:32 LIBJNX_EXEC_PIPE: restart [946]: olors: Unable to create pipes for command 'deny': unknown", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 3 10:33:06 UI_DBASE_MISMATCH_EXTENT: restart [4686]: isnost: Database header extent mismatch for file 'lumdolor': expecting 559, got 7339", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Mar 17 17:35:40 NASD_usage message repeated [7744]: eumfu: unknown: quidex", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 1 00:38:14 /kmd: ", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 15 07:40:49 sshd message repeated : very-high: can't get client address: unknown", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Apr 29 14:43:23 fpc4 RPD_LDP_NBRUP: [4279]: stlaboru: LDP neighbor 10.248.68.242 (eth1282) is success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 13 21:45:57 uun iduntutl4723.example: uel.exe[5770]: SNMPD_TRAP_QUEUE_DRAINED: : metco: traps queued to vel sent successfully", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 28 04:48:31 fpc8 ECCD_PCI_WRITE_FAILED: [4837]: radip: cancel: success", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 11 11:51:06 TFTPD_RECVCOMPLETE_INFO message repeated [7501]: piciatis: Received 3501 blocks of 5877 size for file 'tatisetq'", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jun 25 18:53:40 usp_trace_ipc_reconnect message repeated illum.exe:USP trace client cannot reconnect to server", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 10 01:56:14 amnis atevelit2799.internal.host: tatiset.exe IFP trace\u003e BCHIP: : cannot write ucode mask reg", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Jul 24 08:58:48 RPD_MPLS_LSP_DOWN message repeated [5094]: moditemp: MPLS LSP eth2042 unknown", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 7 16:01:23 CHASSISD_PARSE_INIT: restart [4153]: uatDuisa: Parsing configuration file 'usB'", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Aug 21 23:03:57 RMOPD_ROUTING_INSTANCE_NO_INFO: restart [6922]: upidatat: No information for routing instance non: failure", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 5 06:06:31 Utenimad.exe[4305]: CHASSISD_TERM_SIGNAL: : Received SIGTERM request, success", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Sep 19 13:09:05 tseddo.exe[484]: RPD_OSPF_NBRUP : OSPF neighbor 10.49.190.163 (lo50) aUteni due to failure", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 3 20:11:40 cfeb NASD_usage: [6968]: litseddo: failure: metconse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Oct 18 03:14:14 RPD_LDP_NBRDOWN message repeated [4598]: emu: LDP neighbor 10.101.99.109 (eth4282) is success", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 1 10:16:48 RPD_RDISC_NOMULTI message repeated [4764]: con: Ignoring interface 594 on lo7449 -- unknown", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 15 17:19:22 BOOTPD_NEW_CONF: restart [1768]: isquames: New configuration installed", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Nov 30 00:21:57 SNMP_TRAP_LINK_DOWN message repeated [7368]: ngelit: ifIndex 4197, ifAdminStatus ons, ifOperStatus unknown, ifName lo3193", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "Dec 14 07:24:31 MIB2D_ATM_ERROR message repeated [4927]: udexerci: voluptat: failure", "tags": [ diff --git a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0c3e919670c..555c344c87d 100644 --- a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Juniper JUNOS processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_junos/data_stream/log/sample_event.json b/packages/juniper_junos/data_stream/log/sample_event.json index 563588b9068..e9cc95da15d 100644 --- a/packages/juniper_junos/data_stream/log/sample_event.json +++ b/packages/juniper_junos/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/docs/README.md b/packages/juniper_junos/docs/README.md index 88a56cd299c..8a80b88c086 100644 --- a/packages/juniper_junos/docs/README.md +++ b/packages/juniper_junos/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -164,7 +164,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 08e8537db5a..cb9e1199e7f 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: "0.6.0" +version: "0.7.0" description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental From a529dc2bb8a779fc5b47cde396b3075cf7d86e1b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:07 +0530 Subject: [PATCH 065/137] [juniper_netscreen] - update ECS to 8.7.0 from 8.6.0 This updates the juniper_netscreen integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/juniper_netscreen --- .../juniper_netscreen/_dev/build/build.yml | 2 +- packages/juniper_netscreen/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/juniper_netscreen/docs/README.md | 4 +- packages/juniper_netscreen/manifest.yml | 2 +- 7 files changed, 111 insertions(+), 106 deletions(-) diff --git a/packages/juniper_netscreen/_dev/build/build.yml b/packages/juniper_netscreen/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/juniper_netscreen/_dev/build/build.yml +++ b/packages/juniper_netscreen/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index c1496948412..37c739abb77 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index e49ad93920f..4e8dcc52795 100644 --- a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF)", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 .", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo)", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33)", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25)", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi.", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User \"ntiumto\" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07)", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet.", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem.", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam)", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu \u003e nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)\u003c\u003ccolabori\u003e", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 .", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15)", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58)", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06)", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe.", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24)", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-\u003e untrust-vr: exer", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router \"asper\" used by OSPF, BGP routing instances id has been uninitialized. (dictasun)", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32)", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06)", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57)", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users.", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49)", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31)", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected!", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57)", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40)", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22)", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57)", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change", "tags": [ diff --git a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 64b01dcd58a..e88d76d6f33 100644 --- a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Netscreen processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_netscreen/data_stream/log/sample_event.json b/packages/juniper_netscreen/data_stream/log/sample_event.json index 35fbb496b4e..3e57504a2e2 100644 --- a/packages/juniper_netscreen/data_stream/log/sample_event.json +++ b/packages/juniper_netscreen/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11de7269-3d5a-4523-8b1f-e40ea1e2be97", diff --git a/packages/juniper_netscreen/docs/README.md b/packages/juniper_netscreen/docs/README.md index 79a35f5eb1a..60f7826cdf1 100644 --- a/packages/juniper_netscreen/docs/README.md +++ b/packages/juniper_netscreen/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11de7269-3d5a-4523-8b1f-e40ea1e2be97", @@ -151,7 +151,7 @@ An example event for `log` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index 22c8e0d4bc5..423a604f7d4 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: "0.6.1" +version: "0.7.0" description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security", "firewall_security"] release: experimental From 232f4ae3c96ee3bbc6a78a465be8fc1771d86ec7 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:09 +0530 Subject: [PATCH 066/137] [juniper_srx] - update ECS to 8.7.0 from 8.6.0 This updates the juniper_srx integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/juniper_srx --- packages/juniper_srx/_dev/build/build.yml | 2 +- packages/juniper_srx/changelog.yml | 5 ++ .../test/pipeline/test-atp.log-expected.json | 8 +-- .../test/pipeline/test-flow.log-expected.json | 58 +++++++++---------- .../test/pipeline/test-idp.log-expected.json | 14 ++--- .../test/pipeline/test-ids.log-expected.json | 24 ++++---- .../pipeline/test-secintel.log-expected.json | 4 +- .../test/pipeline/test-utm.log-expected.json | 24 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/juniper_srx/docs/README.md | 2 +- packages/juniper_srx/manifest.yml | 2 +- 12 files changed, 76 insertions(+), 71 deletions(-) diff --git a/packages/juniper_srx/_dev/build/build.yml b/packages/juniper_srx/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/juniper_srx/_dev/build/build.yml +++ b/packages/juniper_srx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 474bd7a5b0f..846d5749ee6 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json index bcb1732c168..0e4354beb90 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware_detected", @@ -105,7 +105,7 @@ { "@timestamp": "2016-09-20T17:43:30.330Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware_detected", @@ -168,7 +168,7 @@ { "@timestamp": "2016-09-20T17:40:30.050Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json index 59ea88545fe..3d72e36ff4e 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json @@ -30,7 +30,7 @@ "port": 10400 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -131,7 +131,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_deny", @@ -225,7 +225,7 @@ "port": 2003 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_deny", @@ -337,7 +337,7 @@ "port": 902 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -463,7 +463,7 @@ "port": 768 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -579,7 +579,7 @@ "port": 46384 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -689,7 +689,7 @@ "port": 46384 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -809,7 +809,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -926,7 +926,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -1045,7 +1045,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -1177,7 +1177,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -1287,7 +1287,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -1407,7 +1407,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1526,7 +1526,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1654,7 +1654,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -1784,7 +1784,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1921,7 +1921,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2056,7 +2056,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -2192,7 +2192,7 @@ "port": 768 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2301,7 +2301,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_deny", @@ -2406,7 +2406,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -2546,7 +2546,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2667,7 +2667,7 @@ "port": 8883 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -2794,7 +2794,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2909,7 +2909,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -3030,7 +3030,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3147,7 +3147,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3271,7 +3271,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", @@ -3411,7 +3411,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_close", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json index 223f46a7c5e..de8c036b89e 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json @@ -22,7 +22,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security_threat", @@ -150,7 +150,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security_threat", @@ -278,7 +278,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security_threat", @@ -397,7 +397,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "security_threat", @@ -501,7 +501,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application_ddos", @@ -577,7 +577,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application_ddos", @@ -672,7 +672,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application_ddos", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json index ba34eb0f35c..519acce397c 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json @@ -23,7 +23,7 @@ "port": 1433 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sweep_detected", @@ -114,7 +114,7 @@ "port": 139 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack_detected", @@ -204,7 +204,7 @@ "port": 50010 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flood_detected", @@ -298,7 +298,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flood_detected", @@ -389,7 +389,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "fragment_detected", @@ -478,7 +478,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -567,7 +567,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tunneling_screen", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "tunneling_screen", @@ -748,7 +748,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flood_detected", @@ -807,7 +807,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flood_detected", @@ -883,7 +883,7 @@ "port": 10778 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "scan_detected", @@ -953,7 +953,7 @@ "port": 7 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "illegal_tcp_flag_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json index 6238e126e3b..52a3a807923 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json @@ -23,7 +23,7 @@ "port": 24039 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware_detected", @@ -127,7 +127,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "malware_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json index 801e0661c94..b3002d79513 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "web_filter", @@ -113,7 +113,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -199,7 +199,7 @@ "port": 47095 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "virus_detected", @@ -299,7 +299,7 @@ "port": 33578 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -387,7 +387,7 @@ "port": 51727 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -444,7 +444,7 @@ "ip": "10.10.10.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "antispam_filter", @@ -515,7 +515,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "content_filter", @@ -610,7 +610,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "web_filter", @@ -700,7 +700,7 @@ "port": 47095 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "virus_detected", @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -889,7 +889,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "web_filter", @@ -969,7 +969,7 @@ "port": 58954 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 14e8310766b..e8fc4d014bf 100644 --- a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ description: Pipeline for parsing junipersrx firewall logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/juniper_srx/data_stream/log/sample_event.json b/packages/juniper_srx/data_stream/log/sample_event.json index 8263bd0cd75..7591bcb174e 100644 --- a/packages/juniper_srx/data_stream/log/sample_event.json +++ b/packages/juniper_srx/data_stream/log/sample_event.json @@ -33,7 +33,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/juniper_srx/docs/README.md b/packages/juniper_srx/docs/README.md index 542ed3e2005..4b6d9a73c49 100644 --- a/packages/juniper_srx/docs/README.md +++ b/packages/juniper_srx/docs/README.md @@ -307,7 +307,7 @@ The following processes and tags are supported: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index bad62cc85fd..efc5c93e747 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: "1.9.1" +version: "1.10.0" description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security", "firewall_security"] release: ga From f012a59eef75d33a82b379dcea42d4db938226e0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:10 +0530 Subject: [PATCH 067/137] [keycloak] - update ECS to 8.7.0 from 8.6.0 This updates the keycloak integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/keycloak --- packages/keycloak/_dev/build/build.yml | 2 +- packages/keycloak/changelog.yml | 5 +++ .../test/pipeline/test-log.log-expected.json | 44 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/keycloak/docs/README.md | 2 +- packages/keycloak/manifest.yml | 2 +- 7 files changed, 32 insertions(+), 27 deletions(-) diff --git a/packages/keycloak/_dev/build/build.yml b/packages/keycloak/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/keycloak/_dev/build/build.yml +++ b/packages/keycloak/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index ba5512c0114..f053c55f250 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 12ae1296a5d..044c89c032b 100644 --- a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-22T21:01:42.548-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'", @@ -26,7 +26,7 @@ { "@timestamp": "2021-10-22T21:01:42.667-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication", @@ -49,7 +49,7 @@ { "@timestamp": "2021-10-22T21:01:42.912-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ", @@ -72,7 +72,7 @@ { "@timestamp": "2021-10-22T21:01:43.208-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ", @@ -95,7 +95,7 @@ { "@timestamp": "2021-10-22T21:01:43.299-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server", @@ -118,7 +118,7 @@ { "@timestamp": "2021-10-22T21:01:43.307-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)", @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management", @@ -164,7 +164,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990", @@ -187,7 +187,7 @@ { "@timestamp": "2021-10-22T21:01:45.403-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN_ERROR", @@ -250,7 +250,7 @@ { "@timestamp": "2021-10-22T21:20:42.120-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN_ERROR", @@ -325,7 +325,7 @@ { "@timestamp": "2021-10-22T21:24:41.076-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN_ERROR", @@ -394,7 +394,7 @@ { "@timestamp": "2021-10-22T21:31:31.555-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN_ERROR", @@ -457,7 +457,7 @@ { "@timestamp": "2021-10-22T20:58:02.700-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN_ERROR", @@ -532,7 +532,7 @@ { "@timestamp": "2021-10-22T22:11:31.257-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGIN", @@ -608,7 +608,7 @@ { "@timestamp": "2021-10-22T22:11:32.131-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CODE_TO_TOKEN", @@ -666,7 +666,7 @@ { "@timestamp": "2021-10-22T22:12:09.871-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE-USER", @@ -734,7 +734,7 @@ { "@timestamp": "2021-10-22T22:12:13.599-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UPDATE-USER", @@ -802,7 +802,7 @@ { "@timestamp": "2021-10-22T22:14:29.031-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE-GROUP", @@ -869,7 +869,7 @@ { "@timestamp": "2021-10-22T22:16:12.150-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE-CLIENT_SCOPE", @@ -933,7 +933,7 @@ { "@timestamp": "2021-10-22T22:45:12.592-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "LOGOUT", @@ -1001,7 +1001,7 @@ { "@timestamp": "2021-10-22T22:46:14.913-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DELETE-GROUP", @@ -1068,7 +1068,7 @@ { "@timestamp": "2021-10-22T23:05:03.371-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "CREATE-GROUP", diff --git a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 05b5a3763e2..62462a2f25c 100644 --- a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing keycloak logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/keycloak/data_stream/log/sample_event.json b/packages/keycloak/data_stream/log/sample_event.json index 2110e10d459..d3959f3fb74 100644 --- a/packages/keycloak/data_stream/log/sample_event.json +++ b/packages/keycloak/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/docs/README.md b/packages/keycloak/docs/README.md index b49fa973a46..af51a9f1d92 100644 --- a/packages/keycloak/docs/README.md +++ b/packages/keycloak/docs/README.md @@ -146,7 +146,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 56edc58fd67..eda24e62884 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: "1.7.2" +version: "1.8.0" release: ga description: Collect logs from Keycloak with Elastic Agent. type: integration From 57b80811e332065edfa96ae3699cdc8c8430ce15 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:11 +0530 Subject: [PATCH 068/137] [lastpass] - update ECS to 8.7.0 from 8.6.0 This updates the lastpass integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/lastpass --- packages/lastpass/_dev/build/build.yml | 2 +- packages/lastpass/changelog.yml | 5 + ...t-detailed-shared-folder.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../detailed_shared_folder/sample_event.json | 2 +- .../test-event-report.log-expected.json | 188 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../event_report/sample_event.json | 2 +- .../test-pipeline-user.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/user/sample_event.json | 2 +- packages/lastpass/docs/README.md | 6 +- packages/lastpass/manifest.yml | 2 +- 13 files changed, 112 insertions(+), 107 deletions(-) diff --git a/packages/lastpass/_dev/build/build.yml b/packages/lastpass/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/lastpass/_dev/build/build.yml +++ b/packages/lastpass/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/lastpass/changelog.yml b/packages/lastpass/changelog.yml index c442c95486f..0728619a768 100644 --- a/packages/lastpass/changelog.yml +++ b/packages/lastpass/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release LastPass as GA. diff --git a/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json b/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json index 65c94bb7d92..c613f280481 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json +++ b/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "state", diff --git a/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml index f092c39bee3..f1b6297a67f 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Detailed Shared Folder logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json b/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json index eccda8e9fcc..6d94ce58210 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json +++ b/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json b/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json index f432c40992b..e7e563679e1 100644 --- a/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json +++ b/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login verification email sent", @@ -58,7 +58,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "multifactor enabled", @@ -113,7 +113,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "enterprise api secret regenerated", @@ -168,7 +168,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "master password changed", @@ -223,7 +223,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "saml login", @@ -282,7 +282,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete policy", @@ -340,7 +340,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add policy", @@ -398,7 +398,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reporting", @@ -453,7 +453,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "get user data", @@ -508,7 +508,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "get shared folder data", @@ -563,7 +563,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log in", @@ -622,7 +622,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed login attempt", @@ -681,7 +681,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log in", @@ -740,7 +740,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login to admin console", @@ -801,7 +801,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee account created", @@ -876,7 +876,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee invited", @@ -948,7 +948,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "make admin", @@ -1009,7 +1009,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login to admin console", @@ -1067,7 +1067,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "make admin", @@ -1125,7 +1125,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site added", @@ -1181,7 +1181,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted sites", @@ -1239,7 +1239,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site added", @@ -1295,7 +1295,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted sites", @@ -1356,7 +1356,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created shared folder", @@ -1412,7 +1412,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted shared folder", @@ -1468,7 +1468,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add secure note", @@ -1525,7 +1525,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open secure note", @@ -1581,7 +1581,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open secure note", @@ -1638,7 +1638,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add to shared folder", @@ -1697,7 +1697,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create group", @@ -1760,7 +1760,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "adding user to group", @@ -1826,7 +1826,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created lastpass account", @@ -1888,7 +1888,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update folder permissions", @@ -1952,7 +1952,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "master password reset by super admin", @@ -2013,7 +2013,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee account deleted", @@ -2076,7 +2076,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "require password change", @@ -2137,7 +2137,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove admin", @@ -2198,7 +2198,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "edit secure note", @@ -2254,7 +2254,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "renamed shared folder", @@ -2311,7 +2311,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move to shared folder", @@ -2368,7 +2368,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move to shared folder", @@ -2424,7 +2424,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", @@ -2481,7 +2481,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", @@ -2537,7 +2537,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "limit shared folder", @@ -2594,7 +2594,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed from shared folder", @@ -2651,7 +2651,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete shared sites", @@ -2708,7 +2708,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", @@ -2763,7 +2763,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login verification email sent", @@ -2818,7 +2818,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "multifactor enabled", @@ -2873,7 +2873,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "enterprise api secret regenerated", @@ -2928,7 +2928,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "master password changed", @@ -2983,7 +2983,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "saml login", @@ -3042,7 +3042,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete policy", @@ -3100,7 +3100,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add policy", @@ -3158,7 +3158,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reporting", @@ -3213,7 +3213,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "get user data", @@ -3268,7 +3268,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "get shared folder data", @@ -3323,7 +3323,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log in", @@ -3382,7 +3382,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "failed login attempt", @@ -3441,7 +3441,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log in", @@ -3500,7 +3500,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login to admin console", @@ -3561,7 +3561,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee account created", @@ -3636,7 +3636,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee invited", @@ -3708,7 +3708,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "make admin", @@ -3769,7 +3769,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login to admin console", @@ -3827,7 +3827,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "make admin", @@ -3885,7 +3885,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site added", @@ -3941,7 +3941,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted sites", @@ -3999,7 +3999,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "site added", @@ -4055,7 +4055,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted sites", @@ -4116,7 +4116,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created shared folder", @@ -4172,7 +4172,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted shared folder", @@ -4228,7 +4228,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add secure note", @@ -4285,7 +4285,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open secure note", @@ -4341,7 +4341,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "open secure note", @@ -4398,7 +4398,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add to shared folder", @@ -4457,7 +4457,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create group", @@ -4520,7 +4520,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "adding user to group", @@ -4586,7 +4586,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created lastpass account", @@ -4648,7 +4648,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update folder permissions", @@ -4712,7 +4712,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "master password reset by super admin", @@ -4773,7 +4773,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "employee account deleted", @@ -4836,7 +4836,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "require password change", @@ -4897,7 +4897,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove admin", @@ -4958,7 +4958,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "edit secure note", @@ -5014,7 +5014,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "renamed shared folder", @@ -5071,7 +5071,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move to shared folder", @@ -5128,7 +5128,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move to shared folder", @@ -5184,7 +5184,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", @@ -5241,7 +5241,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", @@ -5297,7 +5297,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "limit shared folder", @@ -5354,7 +5354,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed from shared folder", @@ -5411,7 +5411,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete shared sites", @@ -5468,7 +5468,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "move from shared folder", diff --git a/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml index 45c73003af2..7090de5189c 100644 --- a/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Event Report logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/event_report/sample_event.json b/packages/lastpass/data_stream/event_report/sample_event.json index 6f4c53e1e9b..821bb8345c8 100644 --- a/packages/lastpass/data_stream/event_report/sample_event.json +++ b/packages/lastpass/data_stream/event_report/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json b/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json index cbfcaf85713..a83d8565e2b 100644 --- a/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json +++ b/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml index 90471758906..d995a50890d 100644 --- a/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing User logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/user/sample_event.json b/packages/lastpass/data_stream/user/sample_event.json index 7da5b1573dd..2ddcd6dcabb 100644 --- a/packages/lastpass/data_stream/user/sample_event.json +++ b/packages/lastpass/data_stream/user/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/lastpass/docs/README.md b/packages/lastpass/docs/README.md index 11edc78565d..2a1a0387275 100644 --- a/packages/lastpass/docs/README.md +++ b/packages/lastpass/docs/README.md @@ -66,7 +66,7 @@ An example event for `detailed_shared_folder` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -209,7 +209,7 @@ An example event for `event_report` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -372,7 +372,7 @@ An example event for `user` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/lastpass/manifest.yml b/packages/lastpass/manifest.yml index d20e57d80e9..afa559e6082 100644 --- a/packages/lastpass/manifest.yml +++ b/packages/lastpass/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: lastpass title: LastPass -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect logs from LastPass with Elastic Agent. From 1dccd776802982334ebd88f084519b5b885be926 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:12 +0530 Subject: [PATCH 069/137] [lyve_cloud] - update ECS to 8.7.0 from 8.5.1 This updates the lyve_cloud integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/lyve_cloud --- packages/lyve_cloud/_dev/build/build.yml | 2 +- packages/lyve_cloud/changelog.yml | 5 +++++ .../test-audit-events.json-expected.json | 20 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/lyve_cloud/docs/README.md | 2 +- packages/lyve_cloud/manifest.yml | 2 +- 7 files changed, 20 insertions(+), 15 deletions(-) diff --git a/packages/lyve_cloud/_dev/build/build.yml b/packages/lyve_cloud/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/lyve_cloud/_dev/build/build.yml +++ b/packages/lyve_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/lyve_cloud/changelog.yml b/packages/lyve_cloud/changelog.yml index 67bc2ca7991..76077e8ef84 100644 --- a/packages/lyve_cloud/changelog.yml +++ b/packages/lyve_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/lyve_cloud/data_stream/audit/_dev/test/pipeline/test-audit-events.json-expected.json b/packages/lyve_cloud/data_stream/audit/_dev/test/pipeline/test-audit-events.json-expected.json index 658e54355cb..ecdcfb92fb4 100644 --- a/packages/lyve_cloud/data_stream/audit/_dev/test/pipeline/test-audit-events.json-expected.json +++ b/packages/lyve_cloud/data_stream/audit/_dev/test/pipeline/test-audit-events.json-expected.json @@ -21,7 +21,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"HeadObject\", \"bucket\": \"user-name-t10\", \"object\": \"c\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"601866322ns\"}, \"time\": \"2022-10-24T08:37:41.232759412Z\", \"version\": \"1\", \"requestID\": \"1720F4788755136D\", \"userAgent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -142,7 +142,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketLocation\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"27121602ns\", \"timeToFirstByte\": \"27072750ns\"}, \"time\": \"2022-10-20T12:52:42.974686686Z\", \"version\": \"1\", \"requestID\": \"171FC8111B3F560B\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"location\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -260,7 +260,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketObjectLockConfig\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"4281871ns\", \"timeToFirstByte\": \"4241444ns\"}, \"time\": \"2022-10-20T12:52:42.991884911Z\", \"version\": \"1\", \"requestID\": \"171FC8111DA28FBB\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"object-lock\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -378,7 +378,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketVersioning\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"11629964ns\", \"timeToFirstByte\": \"11592380ns\"}, \"time\": \"2022-10-20T12:52:42.987061593Z\", \"version\": \"1\", \"requestID\": \"171FC8111CE88EA9\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"versioning\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -496,7 +496,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketLifecycle\", \"bucket\": \"user-name-t10\", \"status\": \"Not Found\", \"statusCode\": 404, \"timeToResponse\": \"9060988ns\", \"timeToFirstByte\": \"9022818ns\"}, \"time\": \"2022-10-20T12:52:43.001490536Z\", \"version\": \"1\", \"requestID\": \"171FC8111DEBF8A3\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"lifecycle\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -614,7 +614,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketReplicationConfig\", \"bucket\": \"user-name-t10\", \"status\": \"Not Found\", \"statusCode\": 404, \"timeToResponse\": \"2397832ns\", \"timeToFirstByte\": \"2356303ns\"}, \"time\": \"2022-10-20T12:52:43.04373248Z\", \"version\": \"1\", \"requestID\": \"171FC81120D65691\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"replication\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -720,7 +720,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"ListObjectsV2\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"632390347ns\", \"timeToFirstByte\": \"632337102ns\"}, \"time\": \"2022-10-20T12:54:19.9977067Z\", \"version\": \"1\", \"requestID\": \"171FC8278E316C8A\", \"userAgent\": \"aws-cli/2.5.2 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/s3.ls\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"prefix\": \"\", \"list-type\": \"2\", \"encoding-type\": \"url\"}, \"requestHeader\": {\"X-Real-Ip\": \"10.213.135.134:23254\", \"User-Agent\": \"aws-cli/2.5.2 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/s3.ls\", \"X-Amz-Date\": \"20221020T125418Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221020/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 10.213.135.134\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"\", \"Vary\": \"Origin\", \"Content-Type\": \"application/xml\", \"Accept-Ranges\": \"bytes\", \"Content-Length\": \"557\", \"X-Amz-Request-Id\": \"171FC8278E316C8A\", \"X-Xss-Protection\": \"1; mode=block\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"Content-Security-Policy\": \"block-all-mixed-content\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -810,7 +810,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"DeleteObject\", \"bucket\": \"user-name-t10\", \"object\": \"accapi.go\", \"status\": \"No Content\", \"statusCode\": 204, \"timeToResponse\": \"42147881ns\"}, \"time\": \"2022-10-20T12:55:27.16794052Z\", \"version\": \"1\", \"requestID\": \"171FC8375508A9C8\", \"userAgent\": \"aws-cli/2.5.2 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/s3api.delete-object\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"versionId\": \"2802c0f7-4bde-4618-9a74-b020f2401191\"}, \"requestHeader\": {\"X-Real-Ip\": \"10.213.134.169:16912\", \"User-Agent\": \"aws-cli/2.5.2 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/s3api.delete-object\", \"X-Amz-Date\": \"20221020T125526Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221020/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 10.213.134.169\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"\", \"Vary\": \"Origin\", \"Accept-Ranges\": \"bytes\", \"Content-Length\": \"0\", \"X-Amz-Request-Id\": \"171FC8375508A9C8\", \"X-Xss-Protection\": \"1; mode=block\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"Content-Security-Policy\": \"block-all-mixed-content\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -911,7 +911,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"PutBucketObjectLockConfig\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"3517481471ns\"}, \"time\": \"2022-10-20T12:58:22.69646988Z\", \"version\": \"1\", \"requestID\": \"171FC85F6433DEC0\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"object-lock\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 81.2.69.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" @@ -1034,7 +1034,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"PutBucketLifecycle\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"1880737476ns\"}, \"time\": \"2022-10-20T12:58:24.57801948Z\", \"version\": \"1\", \"requestID\": \"171FC86035E84025\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"lifecycle\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"81.2.69.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"81.2.69.142, 89.160.20.128\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" diff --git a/packages/lyve_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/lyve_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f061348f9d1..34e72afdce4 100644 --- a/packages/lyve_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lyve_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: "message" target_field: "event.original" diff --git a/packages/lyve_cloud/data_stream/audit/sample_event.json b/packages/lyve_cloud/data_stream/audit/sample_event.json index c486c862ba3..9838ae1c7b5 100644 --- a/packages/lyve_cloud/data_stream/audit/sample_event.json +++ b/packages/lyve_cloud/data_stream/audit/sample_event.json @@ -4,7 +4,7 @@ "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketLocation\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"27121602ns\", \"timeToFirstByte\": \"27072750ns\"}, \"time\": \"2022-10-20T12:52:42.974686686Z\", \"version\": \"1\", \"requestID\": \"171FC8111B3F560B\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"location\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"10.213.135.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"1.128.0.0, 10.213.135.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" diff --git a/packages/lyve_cloud/docs/README.md b/packages/lyve_cloud/docs/README.md index a439323c844..3ca9730e249 100644 --- a/packages/lyve_cloud/docs/README.md +++ b/packages/lyve_cloud/docs/README.md @@ -144,7 +144,7 @@ An example event for `audit` looks as following: "provider": "lyvecloud" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "original": "{\"auditEntry\": {\"api\": {\"name\": \"GetBucketLocation\", \"bucket\": \"user-name-t10\", \"status\": \"OK\", \"statusCode\": 200, \"timeToResponse\": \"27121602ns\", \"timeToFirstByte\": \"27072750ns\"}, \"time\": \"2022-10-20T12:52:42.974686686Z\", \"version\": \"1\", \"requestID\": \"171FC8111B3F560B\", \"userAgent\": \"MinIO (linux; amd64) minio-go/v7.0.15\", \"deploymentid\": \"8fe8887f-d1e2-4918-9e33-52bfba3b0de8\", \"requestQuery\": {\"location\": \"\"}, \"requestHeader\": {\"X-Real-Ip\": \"10.213.135.144:28911\", \"User-Agent\": \"aws-cli/2.7.7 Python/3.9.11 Linux/5.15.0-52-generic exe/x86_64.ubuntu.20 prompt/off command/s3api.head-object\", \"X-Amz-Date\": \"20221024T083808Z\", \"Authorization\": \"AWS4-HMAC-SHA256 Credential=\u003credacted\u003e/20221024/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=\u003credacted\u003e\", \"Accept-Encoding\": \"identity\", \"X-Forwarded-For\": \"1.128.0.0, 10.213.135.144\", \"X-Forwarded-Host\": \"s3.us-east-1.lyvecloud.seagate.com\", \"X-Forwarded-Proto\": \"https\", \"X-Amz-Content-Sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"}, \"responseHeader\": {\"ETag\": \"b1946ac92492d2347c6235b4d2611184\", \"Vary\": \"Origin\", \"Content-Type\": \"application/octet-stream\", \"Accept-Ranges\": \"bytes\", \"Last-Modified\": \"Sun, 23 Oct 2022 12:51:23 GMT\", \"Content-Length\": \"6\", \"X-Amz-Request-Id\": \"1720F4788755136D\", \"X-Xss-Protection\": \"1; mode=block\", \"x-amz-version-id\": \"ab44978d-0929-4c3a-8d52-17157c1fb6ad\", \"X-Amz-Bucket-Region\": \"us-east-1\", \"X-Amz-Object-Lock-Mode\": \"COMPLIANCE\", \"Content-Security-Policy\": \"block-all-mixed-content\", \"X-Amz-Server-Side-Encryption\": \"AES256\", \"X-Amz-Object-Lock-Retain-Until-Date\": \"2022-10-27T12:51:23.250Z\"}}, \"serviceAccountName\": \"user-name-terraform\", \"serviceAccountCreatorId\": \"name.last@company.com\"}" diff --git a/packages/lyve_cloud/manifest.yml b/packages/lyve_cloud/manifest.yml index abe3c4bab41..26bf8d9d90a 100644 --- a/packages/lyve_cloud/manifest.yml +++ b/packages/lyve_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: lyve_cloud title: Lyve Cloud -version: "1.0.2" +version: "1.1.0" license: basic description: Collect S3 API audit log from Lyve Cloud with Elastic Agent. type: integration From f5b81592b6391f1cf5d3e3f7d6f1827a05629fd0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:14 +0530 Subject: [PATCH 070/137] [m365_defender] - update ECS to 8.7.0 from 8.5.0 This updates the m365_defender integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.5.0, 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/m365_defender --- packages/m365_defender/_dev/build/build.yml | 2 +- packages/m365_defender/changelog.yml | 5 +++++ .../pipeline/test-alert.log-expected.json | 4 ++-- .../test-app-and-identity.log-expected.json | 8 +++---- .../pipeline/test-device.log-expected.json | 20 ++++++++--------- .../pipeline/test-email.log-expected.json | 10 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-incident.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/incident/sample_event.json | 2 +- ...est-m365-defender-ndjson.log-expected.json | 22 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/m365_defender/docs/README.md | 4 ++-- packages/m365_defender/manifest.yml | 2 +- 15 files changed, 47 insertions(+), 42 deletions(-) diff --git a/packages/m365_defender/_dev/build/build.yml b/packages/m365_defender/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/m365_defender/_dev/build/build.yml +++ b/packages/m365_defender/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 57fc96e2a7e..6f17b62ecfc 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-alert.log-expected.json b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-alert.log-expected.json index 617523cb158..f5ab839a3c0 100644 --- a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-alert.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-08T08:41:56.595Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -112,7 +112,7 @@ { "@timestamp": "2022-11-08T08:42:17.295Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-app-and-identity.log-expected.json b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-app-and-identity.log-expected.json index 75a3a5f44ef..d0221bcdef5 100644 --- a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-app-and-identity.log-expected.json +++ b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-app-and-identity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-22T06:19:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logonsuccess", @@ -90,7 +90,7 @@ { "@timestamp": "2022-11-22T06:19:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "processcreated", @@ -159,7 +159,7 @@ { "@timestamp": "2022-11-22T06:19:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "processcreated", @@ -228,7 +228,7 @@ { "@timestamp": "2022-12-08T12:48:45.833Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "write-deployments", diff --git a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-device.log-expected.json b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-device.log-expected.json index c6cd4e994b3..4d135cb8fb0 100644 --- a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-device.log-expected.json +++ b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-device.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-07T17:07:42.025Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dpapiaccessed", @@ -110,7 +110,7 @@ { "@timestamp": "2022-11-07T17:00:58.150Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -192,7 +192,7 @@ { "@timestamp": "2022-11-07T16:45:21.211Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "filecreated", @@ -328,7 +328,7 @@ { "@timestamp": "2022-11-07T16:45:19.295Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "imageloaded", @@ -449,7 +449,7 @@ { "@timestamp": "2022-11-08T05:56:25.883Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -536,7 +536,7 @@ { "@timestamp": "2022-11-09T17:47:28.816Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logonfailed", @@ -638,7 +638,7 @@ { "@timestamp": "2022-11-09T17:43:28.188Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "networksignatureinspected", @@ -728,7 +728,7 @@ { "@timestamp": "2022-11-09T17:54:53.534Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -816,7 +816,7 @@ { "@timestamp": "2022-11-09T17:59:52.626Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "processcreated", @@ -966,7 +966,7 @@ { "@timestamp": "2022-11-09T19:17:43.575Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "registryvalueset", diff --git a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-email.log-expected.json b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-email.log-expected.json index 96f3305b259..0081c55ba74 100644 --- a/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-email.log-expected.json +++ b/packages/m365_defender/data_stream/event/_dev/test/pipeline/test-email.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-22T06:19:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -87,7 +87,7 @@ { "@timestamp": "2022-11-22T06:19:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "Intra-org", @@ -187,7 +187,7 @@ { "@timestamp": "2022-11-22T06:19:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "local_id": "a194a8a6-d97c-4be1-ae31-08dacc512345" @@ -248,7 +248,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "local_id": "a194a8a6-d97c-4be1-ae31-08dacc512345", @@ -315,7 +315,7 @@ { "@timestamp": "2022-11-22T06:19:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "local_id": "a194a8a6-d97c-4be1-ae31-08dacc512345" diff --git a/packages/m365_defender/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/event/elasticsearch/ingest_pipeline/default.yml index fb43a014ee9..f47f0473a0e 100644 --- a/packages/m365_defender/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Event logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/m365_defender/data_stream/incident/_dev/test/pipeline/test-incident.log-expected.json b/packages/m365_defender/data_stream/incident/_dev/test/pipeline/test-incident.log-expected.json index 52e50439b6e..a5091b49f15 100644 --- a/packages/m365_defender/data_stream/incident/_dev/test/pipeline/test-incident.log-expected.json +++ b/packages/m365_defender/data_stream/incident/_dev/test/pipeline/test-incident.log-expected.json @@ -11,7 +11,7 @@ ] }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": [ diff --git a/packages/m365_defender/data_stream/incident/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/incident/elasticsearch/ingest_pipeline/default.yml index 00c5cb50e1c..6b987eaa11f 100644 --- a/packages/m365_defender/data_stream/incident/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/incident/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Incident logs. processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/m365_defender/data_stream/incident/sample_event.json b/packages/m365_defender/data_stream/incident/sample_event.json index 627ecbe827a..6c0ee6b1448 100644 --- a/packages/m365_defender/data_stream/incident/sample_event.json +++ b/packages/m365_defender/data_stream/incident/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457", diff --git a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json index 9d03310e107..67cf6f0af43 100644 --- a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json +++ b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json @@ -6,7 +6,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", @@ -121,7 +121,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", @@ -223,7 +223,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", @@ -326,7 +326,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", @@ -421,7 +421,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -517,7 +517,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -609,7 +609,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -705,7 +705,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -778,7 +778,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -858,7 +858,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SuspiciousActivity", @@ -951,7 +951,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "InitialAccess", diff --git a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 10da5cd79da..0d4a425078d 100644 --- a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing m365 defender logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/m365_defender/data_stream/log/sample_event.json b/packages/m365_defender/data_stream/log/sample_event.json index 1847a2e7eca..49b12a045fa 100644 --- a/packages/m365_defender/data_stream/log/sample_event.json +++ b/packages/m365_defender/data_stream/log/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457", diff --git a/packages/m365_defender/docs/README.md b/packages/m365_defender/docs/README.md index aea0ef7a017..c52a3ebb924 100644 --- a/packages/m365_defender/docs/README.md +++ b/packages/m365_defender/docs/README.md @@ -487,7 +487,7 @@ An example event for `incident` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457", @@ -1107,7 +1107,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "e77dcfd5-f1ee-46d9-8fcf-08ad9ace0457", diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index b92597c7f62..cd53eec6c41 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: Microsoft M365 Defender -version: 1.6.2 +version: "1.7.0" description: Collect logs from Microsoft M365 Defender with Elastic Agent. categories: - "security" From 4d7940e393458215d7e4382bd2f7e10015790eae Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:14 +0530 Subject: [PATCH 071/137] [mattermost] - update ECS to 8.7.0 from 8.6.0 This updates the mattermost integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/mattermost --- packages/mattermost/_dev/build/build.yml | 2 +- packages/mattermost/changelog.yml | 5 ++ .../pipeline/test-audit.log-expected.json | 64 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/mattermost/docs/README.md | 2 +- packages/mattermost/manifest.yml | 2 +- 7 files changed, 42 insertions(+), 37 deletions(-) diff --git a/packages/mattermost/_dev/build/build.yml b/packages/mattermost/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/mattermost/_dev/build/build.yml +++ b/packages/mattermost/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index 9b31f1694e3..225c9fcbb2d 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 93fb4f004e8..fcf2fcff04c 100644 --- a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-12-04T23:19:32.051Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updateConfig", @@ -85,7 +85,7 @@ { "@timestamp": "2021-12-04T23:19:48.599Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updateConfig", @@ -167,7 +167,7 @@ { "@timestamp": "2021-12-04T23:19:51.324Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Logout", @@ -250,7 +250,7 @@ { "@timestamp": "2021-12-04T23:19:58.729Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login", @@ -337,7 +337,7 @@ { "@timestamp": "2021-12-04T23:20:33.027Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchUser", @@ -433,7 +433,7 @@ { "@timestamp": "2021-12-04T23:20:37.771Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchUser", @@ -529,7 +529,7 @@ { "@timestamp": "2021-12-04T23:20:53.063Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updatePassword", @@ -620,7 +620,7 @@ { "@timestamp": "2021-12-04T23:28:18.032Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updatePreferences", @@ -703,7 +703,7 @@ { "@timestamp": "2021-12-04T23:28:19.342Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "createPost", @@ -797,7 +797,7 @@ { "@timestamp": "2021-12-05T00:01:23.974Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "createChannel", @@ -889,7 +889,7 @@ { "@timestamp": "2021-12-05T00:01:48.946Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchChannel", @@ -986,7 +986,7 @@ { "@timestamp": "2021-12-05T00:01:52.914Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleteChannel", @@ -1078,7 +1078,7 @@ { "@timestamp": "2021-12-05T00:02:01.482Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "api.channel.delete_channel.deleted.app_error" @@ -1178,7 +1178,7 @@ { "@timestamp": "2021-12-05T00:02:09.835Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "error": { "code": "app.channel.update.bad_id" @@ -1286,7 +1286,7 @@ { "@timestamp": "2021-12-05T00:02:25.202Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "restoreChannel", @@ -1378,7 +1378,7 @@ { "@timestamp": "2021-12-05T00:02:31.485Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "convertChannelToPrivate", @@ -1478,7 +1478,7 @@ { "@timestamp": "2021-12-05T00:02:56.786Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removeChannelMember", @@ -1573,7 +1573,7 @@ { "@timestamp": "2021-12-05T00:03:01.043Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "getConfig", @@ -1656,7 +1656,7 @@ { "@timestamp": "2021-12-05T00:03:13.849Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "createChannel", @@ -1748,7 +1748,7 @@ { "@timestamp": "2021-12-05T00:04:01.294Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleteChannel", @@ -1840,7 +1840,7 @@ { "@timestamp": "2021-12-05T00:12:11.211Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "getConfig", @@ -1923,7 +1923,7 @@ { "@timestamp": "2021-12-05T00:12:23.085Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchTeam", @@ -2025,7 +2025,7 @@ { "@timestamp": "2021-12-05T00:12:29.655Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchTeam", @@ -2127,7 +2127,7 @@ { "@timestamp": "2021-12-05T00:12:46.044Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "createTeam", @@ -2224,7 +2224,7 @@ { "@timestamp": "2021-12-05T00:18:13.183Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removeTeamMember", @@ -2329,7 +2329,7 @@ { "@timestamp": "2021-12-05T00:18:17.907Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "revokeAllSessionsForUser", @@ -2411,7 +2411,7 @@ { "@timestamp": "2021-12-05T01:02:56.163Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "patchUser", @@ -2511,7 +2511,7 @@ { "@timestamp": "2021-12-05T01:13:26.358Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "addTeamMembers", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-12-05T01:13:08.904Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "addTeamMembers", @@ -2722,7 +2722,7 @@ { "@timestamp": "2021-12-05T01:20:06.246Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "addTeamMembers", @@ -2833,7 +2833,7 @@ { "@timestamp": "2021-12-05T17:21:36.724Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleteTeam", @@ -2909,7 +2909,7 @@ { "@timestamp": "2021-12-05T17:24:33.077Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "updateUserActive", diff --git a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index ce8f91c84ad..b570214e41f 100644 --- a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Mattermost audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mattermost/data_stream/audit/sample_event.json b/packages/mattermost/data_stream/audit/sample_event.json index 4a86624ea3f..bfca38061e4 100644 --- a/packages/mattermost/data_stream/audit/sample_event.json +++ b/packages/mattermost/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/docs/README.md b/packages/mattermost/docs/README.md index dddd32fb1a9..74d4618ae8f 100644 --- a/packages/mattermost/docs/README.md +++ b/packages/mattermost/docs/README.md @@ -138,7 +138,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/manifest.yml b/packages/mattermost/manifest.yml index 498c80c9e4a..27fdfa250e0 100644 --- a/packages/mattermost/manifest.yml +++ b/packages/mattermost/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mattermost title: "Mattermost" -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from Mattermost with Elastic Agent. type: integration From cc18a411cabc9d89305f0cb28e0973449d8cf29a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:15 +0530 Subject: [PATCH 072/137] [microsoft_defender_endpoint] - update ECS to 8.7.0 from 8.6.0 This updates the microsoft_defender_endpoint integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/microsoft_defender_endpoint --- packages/microsoft_defender_endpoint/_dev/build/build.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-defenderatp.log-expected.json | 8 ++++---- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/microsoft_defender_endpoint/docs/README.md | 2 +- packages/microsoft_defender_endpoint/manifest.yml | 2 +- 7 files changed, 14 insertions(+), 9 deletions(-) diff --git a/packages/microsoft_defender_endpoint/_dev/build/build.yml b/packages/microsoft_defender_endpoint/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/microsoft_defender_endpoint/_dev/build/build.yml +++ b/packages/microsoft_defender_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 60c4752d54d..14faa3bf77a 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.8.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json index 6bc93071978..13c566e290b 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json @@ -11,7 +11,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", @@ -90,7 +90,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DefenseEvasion", @@ -192,7 +192,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DefenseEvasion", @@ -276,7 +276,7 @@ "provider": "azure" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Malware", diff --git a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 884fa433270..2a1d64a636e 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Microsoft Defender for Endpoint logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index 6b01b250175..25622b3c5c6 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -22,7 +22,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index 1f54618ebb0..caf15ca9e63 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -70,7 +70,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 62a23fe5bd1..acd8794814f 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: 2.8.2 +version: "2.9.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "security" From fc234ed05339d39b3ca5b71900e7591352ee082a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:16 +0530 Subject: [PATCH 073/137] [microsoft_dhcp] - update ECS to 8.7.0 from 8.6.0 This updates the microsoft_dhcp integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/microsoft_dhcp --- packages/microsoft_dhcp/_dev/build/build.yml | 2 +- packages/microsoft_dhcp/changelog.yml | 5 +++ .../test/pipeline/test-log.log-expected.json | 36 +++++++++---------- .../pipeline/test-logv6.log-expected.json | 28 +++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/microsoft_dhcp/docs/README.md | 4 +-- packages/microsoft_dhcp/manifest.yml | 2 +- 8 files changed, 43 insertions(+), 38 deletions(-) diff --git a/packages/microsoft_dhcp/_dev/build/build.yml b/packages/microsoft_dhcp/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/microsoft_dhcp/_dev/build/build.yml +++ b/packages/microsoft_dhcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/microsoft_dhcp/changelog.yml b/packages/microsoft_dhcp/changelog.yml index 8f001d37fc8..dae1f66a8e1 100644 --- a/packages/microsoft_dhcp/changelog.yml +++ b/packages/microsoft_dhcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.10.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 0f001c7ef44..8f837ae1515 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-04-19T13:11:13.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log-end", @@ -32,7 +32,7 @@ { "@timestamp": "2020-04-19T12:43:06.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log-start", @@ -61,7 +61,7 @@ { "@timestamp": "2021-09-20T09:16:15.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -102,7 +102,7 @@ { "@timestamp": "2021-09-20T09:16:09.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -143,7 +143,7 @@ { "@timestamp": "2021-09-20T09:16:03.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -184,7 +184,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -227,7 +227,7 @@ { "@timestamp": "2021-09-20T09:18:00.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -268,7 +268,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -309,7 +309,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -348,7 +348,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-new", @@ -393,7 +393,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-new", @@ -443,7 +443,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ip-cleanup-start", @@ -479,7 +479,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-dns-update", @@ -520,7 +520,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-expire", @@ -558,7 +558,7 @@ { "@timestamp": "2020-04-19T12:43:54.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-server-detection", @@ -593,7 +593,7 @@ { "@timestamp": "2020-04-19T12:43:21.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-server-detection", @@ -627,7 +627,7 @@ { "@timestamp": "2020-04-19T12:43:28.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rogue-server-detection", @@ -657,7 +657,7 @@ { "@timestamp": "2022-10-02T00:00:33.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcp-new", diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json index a7abf9248f8..1595243a004 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log-start", @@ -32,7 +32,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1103", @@ -54,7 +54,7 @@ { "@timestamp": "2021-11-04T18:40:37.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log-stop", @@ -83,7 +83,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "log-start", @@ -112,7 +112,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1103", @@ -138,7 +138,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-solicit", @@ -180,7 +180,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-request", @@ -222,7 +222,7 @@ { "@timestamp": "2021-12-06T12:45:48.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-solicit", @@ -264,7 +264,7 @@ { "@timestamp": "2021-12-06T12:45:49.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-request", @@ -306,7 +306,7 @@ { "@timestamp": "2021-12-06T12:45:59.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-solicit", @@ -348,7 +348,7 @@ { "@timestamp": "2021-12-06T12:46:00.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-request", @@ -390,7 +390,7 @@ { "@timestamp": "2021-12-06T12:46:25.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-solicit", @@ -432,7 +432,7 @@ { "@timestamp": "2021-12-06T12:46:26.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-request", @@ -474,7 +474,7 @@ { "@timestamp": "2021-12-06T13:25:21.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dhcpv6-stateless-clients-pruged", diff --git a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 498f9a46e98..d5158be255e 100644 --- a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Microsoft DHCP Server logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/microsoft_dhcp/data_stream/log/sample_event.json b/packages/microsoft_dhcp/data_stream/log/sample_event.json index 3e8360fd378..361a0362ccb 100644 --- a/packages/microsoft_dhcp/data_stream/log/sample_event.json +++ b/packages/microsoft_dhcp/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4a42006d-197a-4da4-9fa4-331718818b77", diff --git a/packages/microsoft_dhcp/docs/README.md b/packages/microsoft_dhcp/docs/README.md index 587322c372c..36b024779cf 100644 --- a/packages/microsoft_dhcp/docs/README.md +++ b/packages/microsoft_dhcp/docs/README.md @@ -34,7 +34,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4a42006d-197a-4da4-9fa4-331718818b77", @@ -118,7 +118,7 @@ An example event for `log` looks as following: | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | | keyword | | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.offset | | long | diff --git a/packages/microsoft_dhcp/manifest.yml b/packages/microsoft_dhcp/manifest.yml index 906ffeed637..d2d127bf0de 100644 --- a/packages/microsoft_dhcp/manifest.yml +++ b/packages/microsoft_dhcp/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_dhcp title: Microsoft DHCP -version: "1.10.1" +version: "1.11.0" license: basic description: Collect logs from Microsoft DHCP with Elastic Agent. type: integration From 4e8e0c66f1761613e66df16b73df0fa4826582de Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:17 +0530 Subject: [PATCH 074/137] [microsoft_exchange_online_message_trace] - update ECS to 8.7.0 from 8.6.0 This updates the microsoft_exchange_online_message_trace integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/microsoft_exchange_online_message_trace --- .../_dev/build/build.yml | 2 +- .../microsoft_exchange_online_message_trace/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-log.log-expected.json | 8 ++++---- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../docs/README.md | 2 +- .../microsoft_exchange_online_message_trace/manifest.yml | 2 +- 7 files changed, 14 insertions(+), 9 deletions(-) diff --git a/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml b/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml +++ b/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/microsoft_exchange_online_message_trace/changelog.yml b/packages/microsoft_exchange_online_message_trace/changelog.yml index a161b954b8e..496fcab7b31 100644 --- a/packages/microsoft_exchange_online_message_trace/changelog.yml +++ b/packages/microsoft_exchange_online_message_trace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Microsoft Exchange Online Message Trace as GA. diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index ce220956695..17bf362a53c 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -30,7 +30,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -130,7 +130,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -229,7 +229,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -328,7 +328,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c8e26afaa53..80aa0dfc851 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Parsing of payload json - json: field: event.original diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json index f4fe7297d04..e42612e6aa0 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json @@ -34,7 +34,7 @@ "top_level_domain": "com" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6f0c420a-c434-4d40-90cb-956665a6fdd6", diff --git a/packages/microsoft_exchange_online_message_trace/docs/README.md b/packages/microsoft_exchange_online_message_trace/docs/README.md index ffe206c5a86..10823ab09e3 100644 --- a/packages/microsoft_exchange_online_message_trace/docs/README.md +++ b/packages/microsoft_exchange_online_message_trace/docs/README.md @@ -121,7 +121,7 @@ An example event for `log` looks as following: "top_level_domain": "com" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6f0c420a-c434-4d40-90cb-956665a6fdd6", diff --git a/packages/microsoft_exchange_online_message_trace/manifest.yml b/packages/microsoft_exchange_online_message_trace/manifest.yml index 35d8241073e..767922a7b9e 100644 --- a/packages/microsoft_exchange_online_message_trace/manifest.yml +++ b/packages/microsoft_exchange_online_message_trace/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_exchange_online_message_trace title: "Microsoft Exchange Online Message Trace" -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: "Microsoft Exchange Online Message Trace Integration" From ea26e7450390555ee7638cefb5cd249f26ef7580 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:19 +0530 Subject: [PATCH 075/137] [mimecast] - update ECS to 8.7.0 from 8.6.0 This updates the mimecast integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/mimecast --- packages/mimecast/_dev/build/build.yml | 2 +- packages/mimecast/changelog.yml | 5 ++ .../test-audit-events.log-expected.json | 62 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../audit_events/sample_event.json | 2 +- .../pipeline/test-dlp-logs.log-expected.json | 22 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dlp_logs/sample_event.json | 2 +- .../pipeline/test-siem-logs.log-expected.json | 16 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/siem_logs/sample_event.json | 2 +- ...t-intel-malware-customer.log-expected.json | 14 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../sample_event.json | 2 +- ...hreat-intel-malware-grid.log-expected.json | 14 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../sample_event.json | 2 +- .../test-ttp-ap-logs.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ttp_ap_logs/sample_event.json | 2 +- .../test-ttp-ip-logs.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ttp_ip_logs/sample_event.json | 2 +- .../test-ttp-url-logs.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../ttp_url_logs/sample_event.json | 2 +- packages/mimecast/docs/README.md | 16 ++--- packages/mimecast/manifest.yml | 2 +- 28 files changed, 104 insertions(+), 99 deletions(-) diff --git a/packages/mimecast/_dev/build/build.yml b/packages/mimecast/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/mimecast/_dev/build/build.yml +++ b/packages/mimecast/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index cfed6b50cff..8d15f64075e 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.5" changes: - description: Added categories and/or subcategories. diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json index b9253110ec2..5598b094b88 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json @@ -18,7 +18,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "threat-intel-feed-download", @@ -71,7 +71,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "threat-intel-feed-download", @@ -124,7 +124,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logged-on", @@ -175,7 +175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-requires-challenge", @@ -226,7 +226,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logged-on", @@ -276,7 +276,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mimecast-support-login", @@ -325,7 +325,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mimecast-support-login", @@ -374,7 +374,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -437,7 +437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "search-action", @@ -486,7 +486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -523,7 +523,7 @@ { "@timestamp": "2021-10-11T13:21:06.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "completed-directory-sync", @@ -564,7 +564,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "case-action", @@ -613,7 +613,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -664,7 +664,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "existing-archive-task-changed", @@ -713,7 +713,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connectors-management", @@ -762,7 +762,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "page-data-exports", @@ -816,7 +816,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "custom-report-definition-created", @@ -865,7 +865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "folder-log-entry", @@ -896,7 +896,7 @@ { "@timestamp": "2021-10-12T19:56:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-password-changed", @@ -940,7 +940,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remediation-incident-adjustment", @@ -989,7 +989,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "archive-mailbox-restore", @@ -1038,7 +1038,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "archive-mailbox-restore", @@ -1087,7 +1087,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "archive-mailbox-export-download", @@ -1136,7 +1136,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "review-set-action", @@ -1185,7 +1185,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remediation-incident-adjustment", @@ -1234,7 +1234,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -1284,7 +1284,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -1335,7 +1335,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -1386,7 +1386,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user-logged-on", @@ -1435,7 +1435,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", @@ -1486,7 +1486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logon-authentication-failed", diff --git a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 5967dd12b93..e07d20a00ea 100644 --- a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/audit_events/sample_event.json b/packages/mimecast/data_stream/audit_events/sample_event.json index 7f9c9d32a53..232d055deb6 100644 --- a/packages/mimecast/data_stream/audit_events/sample_event.json +++ b/packages/mimecast/data_stream/audit_events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8c5473c5-468b-444c-b5c0-0783fde1f55e", diff --git a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json index c3e34ebbf12..537d9ab0877 100644 --- a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json +++ b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -35,7 +35,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -67,7 +67,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -99,7 +99,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -131,7 +131,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -163,7 +163,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -195,7 +195,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -227,7 +227,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -259,7 +259,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -291,7 +291,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -323,7 +323,7 @@ { "@timestamp": "2022-12-29T03:45:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml index 6aab0f168f8..0a293f9d841 100644 --- a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/dlp_logs/sample_event.json b/packages/mimecast/data_stream/dlp_logs/sample_event.json index 646e8c1ee30..0ab8a3d149d 100644 --- a/packages/mimecast/data_stream/dlp_logs/sample_event.json +++ b/packages/mimecast/data_stream/dlp_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json index 0d86e1aef1f..b437546f0de 100644 --- a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json +++ b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-18T08:02:43.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -40,7 +40,7 @@ { "@timestamp": "2021-10-19T06:06:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -200,7 +200,7 @@ { "@timestamp": "2021-11-08T12:09:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "internal", @@ -232,7 +232,7 @@ { "@timestamp": "2021-11-08T12:10:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "internal", @@ -280,7 +280,7 @@ { "@timestamp": "2021-11-29T15:13:58.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -332,7 +332,7 @@ { "@timestamp": "2023-02-14T13:18:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml index ef0b8dc2d89..9eb6a089ac2 100644 --- a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/siem_logs/sample_event.json b/packages/mimecast/data_stream/siem_logs/sample_event.json index 7cf742fc4eb..afdc19eb9b3 100644 --- a/packages/mimecast/data_stream/siem_logs/sample_event.json +++ b/packages/mimecast/data_stream/siem_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json index eeaf7043c51..1e136b5fcc1 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml index 96d20de7ccf..b2c888ee629 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json index c0d0edec088..60e1842a6e1 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json index 7ddd250534f..051082abf43 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml index 2b41a52ebf2..6613d5c2394 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json index f931a21c23e..3f821287541 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json index 714d204dba5..0fb6c0f72c0 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-14T18:54:32.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": { diff --git a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml index 0ece1c874ed..cc5e58269c8 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json index c1e667d2169..c43f1bdcf9f 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json index 86eeea1011c..3074ef723e7 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T17:10:46.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -59,7 +59,7 @@ { "@timestamp": "2021-10-15T06:16:34.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -115,7 +115,7 @@ { "@timestamp": "2021-10-13T16:12:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml index e006e5ca2c5..e504e805046 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json index 8e65fcc6b2a..c61aa18ba37 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json index 6284619d987..8324541cc8a 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-16T14:45:34.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -66,7 +66,7 @@ { "@timestamp": "2021-10-16T14:07:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", @@ -129,7 +129,7 @@ { "@timestamp": "2021-10-16T13:31:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml index 22b7c0d5677..b37a927ec3c 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json index 56fb0bb5ee3..5927a51c843 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/docs/README.md b/packages/mimecast/docs/README.md index d5128fa00f5..d63414b5192 100644 --- a/packages/mimecast/docs/README.md +++ b/packages/mimecast/docs/README.md @@ -40,7 +40,7 @@ An example event for `audit_events` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8c5473c5-468b-444c-b5c0-0783fde1f55e", @@ -192,7 +192,7 @@ An example event for `dlp` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -317,7 +317,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -517,7 +517,7 @@ An example event for `threat_intel_malware_customer` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -669,7 +669,7 @@ An example event for `threat_intel_malware_grid` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -824,7 +824,7 @@ An example event for `ttp_ap` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -985,7 +985,7 @@ An example event for `ttp_ip` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", @@ -1159,7 +1159,7 @@ An example event for `ttp_url` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "5d3eee86-91a9-4afa-af92-c6b79bd866c0", diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index 57c13643859..ea8fda3fabe 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: "1.6.5" +version: "1.7.0" license: basic description: Collect logs from Mimecast with Elastic Agent. type: integration From 951541745e3e8559ff5ff15719ccf8b934ef676c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:20 +0530 Subject: [PATCH 076/137] [modsecurity] - update ECS to 8.7.0 from 8.6.0 This updates the modsecurity integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/modsecurity --- packages/modsecurity/_dev/build/build.yml | 2 +- packages/modsecurity/changelog.yml | 5 +++++ .../pipeline/test-apache-audit.log-expected.json | 8 ++++---- .../_dev/test/pipeline/test-audit.log-expected.json | 12 ++++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/auditlog/sample_event.json | 2 +- packages/modsecurity/manifest.yml | 2 +- 7 files changed, 19 insertions(+), 14 deletions(-) diff --git a/packages/modsecurity/_dev/build/build.yml b/packages/modsecurity/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/modsecurity/_dev/build/build.yml +++ b/packages/modsecurity/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 676930ea604..37b804497a6 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json index 3da1583d946..659637c237e 100644 --- a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json +++ b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json @@ -6,7 +6,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "172.21.50.216" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -188,7 +188,7 @@ "ip": "175.16.199.50" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -278,7 +278,7 @@ "ip": "172.26.0.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json index 96df93513cd..8574cf9c1da 100644 --- a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-14T14:52:47.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -104,7 +104,7 @@ { "@timestamp": "2021-05-14T15:11:52.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -192,7 +192,7 @@ { "@timestamp": "2021-05-14T15:12:01.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -280,7 +280,7 @@ { "@timestamp": "2021-05-14T15:12:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -368,7 +368,7 @@ { "@timestamp": "2022-05-10T04:52:04.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -446,7 +446,7 @@ { "@timestamp": "2022-05-09T09:41:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml index 8e14b0ea2ce..879846a5cc3 100644 --- a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for modsecurity audit log. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/modsecurity/data_stream/auditlog/sample_event.json b/packages/modsecurity/data_stream/auditlog/sample_event.json index b6b1cd2350e..a0a74bee377 100644 --- a/packages/modsecurity/data_stream/auditlog/sample_event.json +++ b/packages/modsecurity/data_stream/auditlog/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a27141ba-9754-4dc0-9468-bd32f5cbe036", diff --git a/packages/modsecurity/manifest.yml b/packages/modsecurity/manifest.yml index 46f0db88931..81edcc4af4a 100644 --- a/packages/modsecurity/manifest.yml +++ b/packages/modsecurity/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: modsecurity title: "ModSecurity Audit" -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from ModSecurity with Elastic Agent type: integration From 9700a74bc5e748d5a1a87b57579a4f21b7911a55 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:20 +0530 Subject: [PATCH 077/137] [mysql_enterprise] - update ECS to 8.7.0 from 8.6.0 This updates the mysql_enterprise integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/mysql_enterprise --- .../mysql_enterprise/_dev/build/build.yml | 2 +- packages/mysql_enterprise/changelog.yml | 5 ++ .../test-mysql-audit.log-expected.json | 68 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/mysql_enterprise/docs/README.md | 2 +- packages/mysql_enterprise/manifest.yml | 2 +- 7 files changed, 44 insertions(+), 39 deletions(-) diff --git a/packages/mysql_enterprise/_dev/build/build.yml b/packages/mysql_enterprise/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/mysql_enterprise/_dev/build/build.yml +++ b/packages/mysql_enterprise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/mysql_enterprise/changelog.yml b/packages/mysql_enterprise/changelog.yml index 3916179fb7e..f9fdeb66e8d 100644 --- a/packages/mysql_enterprise/changelog.yml +++ b/packages/mysql_enterprise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json index 0c22d7e478d..24b41edd09e 100644 --- a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json +++ b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-19T19:21:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-startup", @@ -66,7 +66,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-connect", @@ -132,7 +132,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -190,7 +190,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-disconnect", @@ -246,7 +246,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-connect", @@ -312,7 +312,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -370,7 +370,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -429,7 +429,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -488,7 +488,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -547,7 +547,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -606,7 +606,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -675,7 +675,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -744,7 +744,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -803,7 +803,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -862,7 +862,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -921,7 +921,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -981,7 +981,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-connect", @@ -1050,7 +1050,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1112,7 +1112,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1174,7 +1174,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1236,7 +1236,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1297,7 +1297,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1359,7 +1359,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1421,7 +1421,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1483,7 +1483,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-insert", @@ -1545,7 +1545,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1607,7 +1607,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-read", @@ -1669,7 +1669,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1731,7 +1731,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-disconnect", @@ -1790,7 +1790,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-disconnect", @@ -1843,7 +1843,7 @@ { "@timestamp": "2020-10-19T19:32:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-shutdown", @@ -1878,7 +1878,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -1949,7 +1949,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", @@ -2007,7 +2007,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mysql-status", diff --git a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 559571e9674..75451414a1e 100644 --- a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing MySQL Enterprise Audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/mysql_enterprise/data_stream/audit/sample_event.json b/packages/mysql_enterprise/data_stream/audit/sample_event.json index 5ceae34d3d8..8130b2b9dee 100644 --- a/packages/mysql_enterprise/data_stream/audit/sample_event.json +++ b/packages/mysql_enterprise/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/docs/README.md b/packages/mysql_enterprise/docs/README.md index 737ac3b9f10..a0111c61f08 100644 --- a/packages/mysql_enterprise/docs/README.md +++ b/packages/mysql_enterprise/docs/README.md @@ -136,7 +136,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index 32889b62de9..19d89d9425a 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql_enterprise title: "MySQL Enterprise" -version: "1.4.1" +version: "1.5.0" license: basic description: Collect audit logs from MySQL Enterprise with Elastic Agent. type: integration From fe6b7d2a3d80b6932108670713c4d02044495102 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:21 +0530 Subject: [PATCH 078/137] [netflow] - update ECS to 8.7.0 from 8.6.0 This updates the netflow integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/netflow --- packages/netflow/_dev/build/build.yml | 2 +- packages/netflow/changelog.yml | 5 ++ ...test-netflow-log-events.json-expected.json | 68 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../netflow/data_stream/log/sample_event.json | 2 +- packages/netflow/docs/README.md | 2 +- packages/netflow/manifest.yml | 2 +- 7 files changed, 44 insertions(+), 39 deletions(-) diff --git a/packages/netflow/_dev/build/build.yml b/packages/netflow/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/netflow/_dev/build/build.yml +++ b/packages/netflow/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index 05dd1e1a415..ea2ff5ad4f1 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.6.1" changes: - description: Add UDP read buffer configuration option. diff --git a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json index e2d572dde1e..ff151cd4195 100644 --- a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json +++ b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json @@ -18,7 +18,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -125,7 +125,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -232,7 +232,7 @@ "packets": 1 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -339,7 +339,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -446,7 +446,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -553,7 +553,7 @@ "packets": 18 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -660,7 +660,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -767,7 +767,7 @@ "packets": 47 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -874,7 +874,7 @@ "packets": 20 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -981,7 +981,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1088,7 +1088,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1195,7 +1195,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1302,7 +1302,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1409,7 +1409,7 @@ "packets": 13 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1516,7 +1516,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1623,7 +1623,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1730,7 +1730,7 @@ "packets": 7 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1837,7 +1837,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -1944,7 +1944,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2051,7 +2051,7 @@ "packets": 15 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2158,7 +2158,7 @@ "packets": 10 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2265,7 +2265,7 @@ "packets": 4 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2372,7 +2372,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2479,7 +2479,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2586,7 +2586,7 @@ "packets": 3 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2693,7 +2693,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2800,7 +2800,7 @@ "packets": 1 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -2907,7 +2907,7 @@ "packets": 19 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3014,7 +3014,7 @@ "packets": 236 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3111,7 +3111,7 @@ "port": 54594 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3184,7 +3184,7 @@ "port": 49180 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3293,7 +3293,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3366,7 +3366,7 @@ "port": 135 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", @@ -3447,7 +3447,7 @@ "port": 135 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "netflow_flow", diff --git a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e22547e125c..a507fc024db 100644 --- a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for NetFlow processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - convert: field: network.iana_number type: string diff --git a/packages/netflow/data_stream/log/sample_event.json b/packages/netflow/data_stream/log/sample_event.json index f42746756b7..5c73a6f1c16 100644 --- a/packages/netflow/data_stream/log/sample_event.json +++ b/packages/netflow/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "f98d63fc-e620-4d4d-b16e-814a105b1bc9", diff --git a/packages/netflow/docs/README.md b/packages/netflow/docs/README.md index 84d7b6f6e7c..22cf2ebdd27 100644 --- a/packages/netflow/docs/README.md +++ b/packages/netflow/docs/README.md @@ -221,7 +221,7 @@ The `log` dataset collects netflow logs. | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index af2a5ab41ec..f83e26edd82 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: "2.6.1" +version: "2.7.0" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration From 7e32be5748299d6011fd5480e925e32f8e4d1bba Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:22 +0530 Subject: [PATCH 079/137] [netscout] - update ECS to 8.7.0 from 8.6.0 This updates the netscout integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/netscout --- packages/netscout/_dev/build/build.yml | 2 +- packages/netscout/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/sightline/sample_event.json | 2 +- packages/netscout/docs/README.md | 2 +- packages/netscout/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/netscout/_dev/build/build.yml b/packages/netscout/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/netscout/_dev/build/build.yml +++ b/packages/netscout/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index 41ad2fa98d5..b02edfcb9a9 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json index 02640a27d0e..346dcff029f 100644 --- a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 29 06:09:59 pfsp: The configuration was changed on leader olab to version 1.6078 by rci", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 12 13:12:33 pfsp: Alert Autoclassification was restarted on 2016-02-12 13:12:33 uredolor by tatemac", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 26 20:15:08 ntsunti: Change Log: Username:nseq, Subsystem:itinvol, Setting Type:psa, Message:umq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 12 03:17:42 pfsp: Test syslog message", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 26 10:20:16 pfsp: Alert Device ritquiin unreachable by controller umqui since 2016-03-26 10:20:16", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 9 17:22:51 pfsp: Alert Host Detection alert riosam, start 2016-04-9 17:22:51 anonnu, duration 116.480000, direction external, host 10.51.132.10, signatures (utper), impact squame, importance medium, managed_objects (omm), (parent managed object iin)", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 24 00:25:25 pfsp: Autoclassification was restarted on 2016-04-24 00:25:25 nim by incidi", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 8 07:27:59 pfsp: Alert Peakflow device oloremqu unreachable by temvel since 2016-05-08 07:27:59", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 22 14:30:33 pfsp: Autoclassification was restarted on 2016-05-22 14:30:33 serror by anti", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 5 21:33:08 pfsp: script ufugiatn ran at 2016-06-05 21:33:08 tionulam, leader uameius", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 20 04:35:42 pfsp: Alert Test syslog message", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 4 11:38:16 pfsp: configuration was changed on leader uipexea to version 1.5162 by nci", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 18 18:40:50 pfsp: The SNMP restored for router mvolu, leader radip at 2016-07-18 18:40:50 tNequ", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 2 01:43:25 tatno: Protection Mode: Changed protection mode to active for protection groupdquiac,URL:https://mail.example.net/uam/untutl.jpg?llu=uptassi#tamremap", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 16 08:45:59 pfsp: Alert script estqui ran at 2016-08-16 08:45:59 uasiarch, leader emaper", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 30 15:48:33 eum: Blocked Host: Blocked host10.66.171.247atsitby Blocked Countries usingudpdestination10.155.162.162,URL:https://www5.example.org/seq/olorema.jpg?quid=fug#uatDuis", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 13 22:51:07 pfsp: Alert TMS 'eip' fault for resource 'lupta' on TMS iusmodt", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 28 05:53:42 pfsp: Alert Autoclassification was restarted on 2016-09-28 05:53:42 atatnonp by uiano", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 12 12:56:16 temq: Blocked Host: Blocked host10.38.77.13ataquaeabby Blocked Countries usingipv6-icmpdestination10.179.26.34,URL:https://example.org/isiu/nimadmi.gif?ari=equun#suntinc", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 26 19:58:50 pfsp: Hardware failure on tatevel since 2016-10-26 19:58:50 GMT: abilloi", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 10 03:01:24 pfsp: The anomaly ore id 2933 status tsed severity very-high classification enimad router incididu router_name eci interface aali interface_name \"lo5882\" porainc", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 24 10:03:59 moll: anomaly: anomaly Bandwidth id 2902 status inim severity high classification deomni router tquovol router_name ntsuntin interface aecatcup interface_name \"lo4987\" oluptate", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 8 17:06:33 pfsp: Alert Autoclassification was restarted on 2016-12-08 17:06:33 iam by qua", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 23 00:09:07 pfsp: Test syslog message", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 6 07:11:41 pfsp: Autoclassification was restarted on 2017-01-06 07:11:41 olupta by turveli", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 20 14:14:16 pfsp: Alert Autoclassification was restarted on 2017-01-20 14:14:16 ntutl by caecatc", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 3 21:16:50 pfsp: Alert GRE tunnel restored for destination 10.224.68.213, leader taed at 2017-02-03 21:16:50 lup", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 18 04:19:24 pfsp: Alert Hardware failure on aperi since 2017-02-18 04:19:24 GMT: lor", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 4 11:21:59 pfsp: The BGP Instability for router oin ended", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 18 18:24:33 pfsp: Hardware failure on ritatis done at 2017-03-18 18:24:33 oloremi GMT: pitla", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 2 01:27:07 eomnisis: Change Log: Username:mqui, Subsystem:civeli, Setting Type:errorsi, Message:des", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 16 08:29:41 pfsp: Device tdolorem unreachable by controller ono since 2017-04-16 08:29:41", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 30 15:32:16 pfsp: The GRE tunnel down for destination 10.60.185.151, leader uidolo since 2017-04-30 15:32:16 lumquido", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 14 22:34:50 Lor: Test: Test syslog message", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 29 05:37:24 pfsp: Alert script modoco ran at 2017-05-29 05:37:24 , leader estqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 12 12:39:58 intoccae: Protection Mode: Changed protection mode to active for protection groupents,URL:https://www.example.net/nse/sinto.gif?CSed=lupt#psaquae", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 26 19:42:33 pfsp: The BGP Trap reetd: Prefix lumqui itinvo mdolore", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 11 02:45:07 pfsp: Device mque reachable again by controller uovolup at 2017-07-11 02:45:07 samvolu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 25 09:47:41 pfsp: The Host Detection alert eirure, start 2017-07-25 09:47:41 conseq, duration 38.117000, stop 2017-07-25 09:47:41 mpori, , importance very-high, managed_objects (atu), is now unknown, (parent managed object lpaqui)", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 8 16:50:15 pfsp: BGP Trap doloremi: Prefix luptasn hitect dol", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 22 23:52:50 nsecte: BGP: ipv6 instability router tincu threshold ari (exercit) observed sci (quamnih)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 6 06:55:24 emoe: Protection Mode: Changed protection mode to active for protection groupeaq,URL:https://mail.example.net/corp/modtemp.jpg?oluptas=tNequepo#lup", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 20 13:57:58 evita: Change Log: Username:suntexp, Subsystem:duntut, Setting Type:magni, Message:pisciv", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 4 21:00:32 radipisc: Blocked Host: Blocked host10.136.232.108atabiby Blocked Countries usingrdpdestination10.168.131.247,URL:https://example.net/temqu/edol.jpg?ipi=reseos#pariatu", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 19 04:03:07 pfsp: GRE tunnel restored for destination 10.209.182.237, leader tper at 2017-10-19 04:03:07 olor", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 2 11:05:41 pfsp: Alert Device xerc reachable again by controller iutali at 2017-11-02 11:05:41 fdeFi", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 16 18:08:15 pfsp: BGP down for router ati, leader tlabo since 2017-11-16 18:08:15 uames", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 1 01:10:49 pfsp: script offi ran at 2017-12-01 01:10:49 , leader giatnu", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 15 08:13:24 untex: Blocked Host: Blocked host10.83.23.104attisetqby Blocked Countries usingrdpdestination10.163.161.165,URL:https://www5.example.org/atem/gnido.txt?tmollita=fde#nsecte", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 29 15:15:58 pfsp: GRE tunnel restored for destination 10.53.248.4, leader derit at 2017-12-29 15:15:58 dexea", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 12 22:18:32 pfsp: Test syslog message", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 27 05:21:06 pfsp: Alert Flow down for router tessec, leader olupta since 2018-01-27 05:21:06 litse", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 10 12:23:41 pfsp: Alert Host Detection alert sperna, start 2018-02-10 12:23:41 sintocc, duration 24.633000, stop 2018-02-10 12:23:41 scivelit, , importance medium, managed_objects (ehen), is now success, (parent managed object quameius)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 24 19:26:15 ate: Change Log: Username:uiac, Subsystem:epte, Setting Type:idolo, Message:quinesc", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 11 02:28:49 pfsp: BGP Instability for router iatisu ended", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 25 09:31:24 evolu: Change Log: Username:ersp, Subsystem:tquov, Setting Type:diconseq, Message:inven", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 8 16:33:58 pfsp: Test syslog message", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 22 23:36:32 Sedutp: Test: Test syslog message", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 7 06:39:06 ema: Change Log: Username:rsitv, Subsystem:iciade, Setting Type:ntiumt, Message:iquipe", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 21 13:41:41 quin: Protection Mode: Changed protection mode to active for protection groupupida,URL:https://api.example.com/eufugi/pici.html?ccaecat=tquiin#tse", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 4 20:44:15 minimav: Change Log: Username:udexerci, Subsystem:naal, Setting Type:lore, Message:tnonpro", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 19 03:46:49 pfsp: The Device illoin unreachable by controller tanimid since 2018-06-19 03:46:49", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 3 10:49:23 pfsp: configuration was changed on leader natuse to version 1.4425 by ati", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 17 17:51:58 boree: anomaly: anomaly Bandwidth id 2366 status queips severity low classification itess router iscinge router_name ofdeFini interface irat interface_name \"enp0s4306\" aturauto", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 1 00:54:32 pfsp: SNMP restored for router entsunt, leader ihilm at 2018-08-01 00:54:32 dmin", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 15 07:57:06 pfsp: The Host Detection alert uscipitl, start 2018-08-15 07:57:06 uia, duration 29.657000, direction internal, host 10.54.49.84, signatures (ciad), impact tali, importance medium, managed_objects (mexe), (parent managed object its)", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 29 14:59:40 pfsp: Alert Test syslog message", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 12 22:02:15 pfsp: anomaly Bandwidth id 5089 status commodo severity medium classification tutlab router sau router_name atevelit interface meius interface_name \"lo4293\" labo", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 27 05:04:49 pfsp: Alert script nre ran at 2018-09-27 05:04:49 veli, leader volupta", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 11 12:07:23 pfsp: The BGP instability router uptate threshold mac (iumdol) observed tpersp (stla)", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 25 19:09:57 pfsp: Alert TMS 'tem' fault for resource 'dol' on TMS proiden", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 9 02:12:32 pfsp: Device isis reachable again by controller uasiar at 2018-11-09 02:12:32 utlab", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 23 09:15:06 pfsp: Alert script dantium ran at 2018-11-23 09:15:06 lor, leader velillu", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 7 16:17:40 pfsp: The script tvolu ran at 2018-12-07 16:17:40 nreprehe, leader tetu", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 21 23:20:14 temporin: Blocked Host: Blocked host10.122.76.148atmiuby Blocked Countries usingipv6-icmpdestination10.28.226.128,URL:https://mail.example.org/idunt/luptat.txt?ica=lillum#remips", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 5 06:22:49 cola: Protection Mode: Changed protection mode to active for protection groupamcor,URL:https://internal.example.com/ineavol/iosa.html?usc=rem#amvolupt", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "January 19 13:25:23 mnis: Protection Mode: Changed protection mode to active for protection groupequepor,URL:https://internal.example.org/quaUten/nisiut.txt?teturad=perspici#itation", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 2 20:27:57 nimave: Protection Mode: Changed protection mode to active for protection groupisciv,URL:https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "February 17 03:30:32 iosamnis: Blocked Host: Blocked host10.31.177.226atdeserunby Blocked Countries usingggpdestination10.98.209.10,URL:https://www.example.org/ptateve/enderi.html?toccaec=fugi#labo", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 3 10:33:06 estl: Blocked Host: Blocked host10.44.47.27atmmodocby Blocked Countries usingigmpdestination10.179.210.218,URL:https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "March 17 17:35:40 pfsp: Alert configuration was changed on leader emvele to version 1.2883 by lor", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 1 00:38:14 pfsp: Alert BGP instability router iquamqua threshold sit (rumSect) observed ita (vitaed)", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 15 07:40:49 pfsp: Alert Test syslog message", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "April 29 14:43:23 numquam: Change Log: Username:tMal, Subsystem:ommodo, Setting Type:uptat, Message:idex", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 13 21:45:57 pfsp: Alert configuration was changed on leader maveni to version 1.2552 by onu", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "May 28 04:48:31 pfsp: Alert BGP Hijack for prefix tlaboree router norumet done", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 11 11:51:06 pfsp: Host Detection alert col, start 2019-06-11 11:51:06 mve, duration 177.586000, stop 2019-06-11 11:51:06 tinvolup, , importance very-high, managed_objects (Sedutpe), is now failure, (parent managed object rroq)", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "June 25 18:53:40 pfsp: script remipsum ran at 2019-06-25 18:53:40 , leader tempor", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 10 01:56:14 ccae: Change Log: Username:orroqu, Subsystem:elitsed, Setting Type:labore, Message:uela", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "July 24 08:58:48 uto: Test: Test syslog message", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 7 16:01:23 remq: Change Log: Username:veniamq, Subsystem:occ, Setting Type:oloreseo, Message:iruredol", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "August 21 23:03:57 cupi: Blocked Host: Blocked host10.151.129.181atduntby Blocked Countries usingggpdestination10.55.156.64,URL:https://www.example.net/itanim/nesciun.txt?mollita=tatem#iae", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 5 06:06:31 eumi: Protection Mode: Changed protection mode to active for protection groupquasiarc,URL:https://www.example.net/rever/ore.jpg?oluptat=metco#acom", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "September 19 13:09:05 pfsp: The Host Detection alert inBCSedu, start 2019-09-19 13:09:05 erspi, duration 77.637000, direction internal, host 10.46.77.76, signatures (iacons), impact occaec, importance medium, managed_objects (uov), (parent managed object quaeab)", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 3 20:11:40 pfsp: Hardware failure on ntiu since 2019-10-03 20:11:40 GMT: radipisc", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "October 18 03:14:14 pfsp: script vitaed ran at 2019-10-18 03:14:14 ser, leader etconsec", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 1 10:16:48 upt: Blocked Host: Blocked host10.73.89.189atidoloby Blocked Countries usingicmpdestination10.166.90.130,URL:https://api.example.org/eosquira/pta.htm?econs=lmolesti#apariatu", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 15 17:19:22 pfsp: Alert script msequ ran at 2019-11-15 17:19:22 uat, leader lupta", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "November 30 00:21:57 tlabori: Protection Mode: Changed protection mode to active for protection grouplaudan,URL:https://www5.example.com/atcupida/tessequa.htm?dolores=equamnih#taliqui", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "December 14 07:24:31 destlabo: Change Log: Username:rcitat, Subsystem:dolorema, Setting Type:emagn, Message:radipis", "tags": [ diff --git a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml index e0ab6e5fd87..aad45491221 100644 --- a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Arbor Peakflow SP processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/netscout/data_stream/sightline/sample_event.json b/packages/netscout/data_stream/sightline/sample_event.json index d5e124211d6..4a4a000da7a 100644 --- a/packages/netscout/data_stream/sightline/sample_event.json +++ b/packages/netscout/data_stream/sightline/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/netscout/docs/README.md b/packages/netscout/docs/README.md index 7ba764c36b8..000bc5a0dbb 100644 --- a/packages/netscout/docs/README.md +++ b/packages/netscout/docs/README.md @@ -73,7 +73,7 @@ The `sightline` dataset collects Arbor Peakflow SP logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index 65fc1a69f38..2347a403689 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netscout title: Arbor Peakflow SP Logs -version: "0.12.1" +version: "0.13.0" description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent. categories: ["security", "network"] release: experimental From e98e82c0576f7ad50a3fe515f2e8ae7539089a90 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:23 +0530 Subject: [PATCH 080/137] [netskope] - update ECS to 8.7.0 from 8.6.0 This updates the netskope integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/netskope --- packages/netskope/_dev/build/build.yml | 2 +- packages/netskope/changelog.yml | 5 ++ .../pipeline/test-alerts.log-expected.json | 54 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alerts/sample_event.json | 2 +- .../pipeline/test-events.log-expected.json | 38 ++++++------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/events/sample_event.json | 2 +- packages/netskope/docs/README.md | 4 +- packages/netskope/manifest.yml | 2 +- 10 files changed, 59 insertions(+), 54 deletions(-) diff --git a/packages/netskope/_dev/build/build.yml b/packages/netskope/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/netskope/_dev/build/build.yml +++ b/packages/netskope/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index a2e00044cf7..6dd6bbb3990 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 80ad561429c..59acaebcfc7 100644 --- a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "f621f259f5fbde850ad5593a", @@ -172,7 +172,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -342,7 +342,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "d370a4733b213214d7efd44b", @@ -515,7 +515,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -634,7 +634,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -832,7 +832,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1024,7 +1024,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -1189,7 +1189,7 @@ { "@timestamp": "2022-01-19T21:39:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "47eccb9569fe50460ad1200f", @@ -1243,7 +1243,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -1362,7 +1362,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -1560,7 +1560,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1752,7 +1752,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -1933,7 +1933,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -2114,7 +2114,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -2312,7 +2312,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -2505,7 +2505,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -2687,7 +2687,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -2879,7 +2879,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -3062,7 +3062,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -3232,7 +3232,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -3387,7 +3387,7 @@ { "@timestamp": "2022-01-19T21:39:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "47eccb9569fe50460ad1200f", @@ -3460,7 +3460,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -3654,7 +3654,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -3856,7 +3856,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -4026,7 +4026,7 @@ { "@timestamp": "2022-05-15T15:34:26.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "abc123a1a53aad", @@ -4097,7 +4097,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "123abb3426a0ffa82a", @@ -4217,7 +4217,7 @@ "ip": "81.2.69.142" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "abcd19518cee24e", diff --git a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 6a74e39f509..368840a3146 100644 --- a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope alerts. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/alerts/sample_event.json b/packages/netskope/data_stream/alerts/sample_event.json index 154be60549f..4cc20c4cec4 100644 --- a/packages/netskope/data_stream/alerts/sample_event.json +++ b/packages/netskope/data_stream/alerts/sample_event.json @@ -29,7 +29,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json index 51c4adf5999..861b8d097f9 100644 --- a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json @@ -24,7 +24,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -201,7 +201,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allow", @@ -318,7 +318,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -376,7 +376,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "fd54bdb5916df42dc55712a4", @@ -522,7 +522,7 @@ { "@timestamp": "2021-12-24T00:29:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"@timestamp\":\"2021-12-24T00:29:56.000Z\",\"event.id\":\"613ee55ec9d868fc47654a73\",\"netskope\":{\"events\":{\"event_type\":\"infrastructure\",\"severity\":{\"level\":\"high\"},\"alarm\":{\"name\":\"No_events_from_device\",\"description\":\"Events from device not received in the last 24 hours\"},\"device\":{\"name\":\"device-1\"},\"metric_value\":43831789,\"serial\":\"FFFFFFFFFFFFFFFF\",\"supporting_data\":\"abc\"}}}" @@ -570,7 +570,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -695,7 +695,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -873,7 +873,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allow", @@ -991,7 +991,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -1050,7 +1050,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "fd54bdb5916df42dc55712a4", @@ -1197,7 +1197,7 @@ { "@timestamp": "2021-12-24T00:29:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"@timestamp\":\"2021-12-24T00:29:56.000Z\",\"event.id\":\"613ee55ec9d868fc47654a73\",\"netskope\":{\"events\":{\"event_type\":\"infrastructure\",\"severity\":{\"level\":\"high\"},\"alarm\":{\"name\":\"No_events_from_device\",\"description\":\"Events from device not received in the last 24 hours\"},\"device\":{\"name\":\"device-1\"},\"metric_value\":43831789,\"serial\":\"FFFFFFFFFFFFFFFF\",\"supporting_data\":\"abc\"}}}" @@ -1245,7 +1245,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -1371,7 +1371,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -1540,7 +1540,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -1667,7 +1667,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allow", @@ -1788,7 +1788,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -1827,7 +1827,7 @@ { "@timestamp": "2021-09-12T11:31:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "123f357a5241c6f", @@ -1955,7 +1955,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -2087,7 +2087,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "123asd25fe48c2b3d", diff --git a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml index a34dadd57da..a8f19698eda 100644 --- a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope events. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/events/sample_event.json b/packages/netskope/data_stream/events/sample_event.json index d0920ac5c2e..9fdacbd815d 100644 --- a/packages/netskope/data_stream/events/sample_event.json +++ b/packages/netskope/data_stream/events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/netskope/docs/README.md b/packages/netskope/docs/README.md index 795146cbf33..5cf84e3ade0 100644 --- a/packages/netskope/docs/README.md +++ b/packages/netskope/docs/README.md @@ -611,7 +611,7 @@ An example event for `alerts` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", @@ -1194,7 +1194,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index c80e24fa395..e035a100bd7 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: "1.6.1" +version: "1.7.0" license: basic description: Collect logs from Netskope with Elastic Agent. type: integration From 73e67483e7d2900d398b5a4cc3e357e8b1800dd9 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:25 +0530 Subject: [PATCH 081/137] [network_traffic] - update ECS to 8.7.0 from 8.6.0 This updates the network_traffic integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/network_traffic --- packages/network_traffic/_dev/build/build.yml | 2 +- packages/network_traffic/changelog.yml | 5 ++++ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/amqp/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/cassandra/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dhcpv4/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/dns/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/http/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/icmp/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/memcached/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/mongodb/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/mysql/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/nfs/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/pgsql/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/redis/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/sip/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/thrift/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/tls/sample_event.json | 2 +- packages/network_traffic/docs/README.md | 30 +++++++++---------- packages/network_traffic/manifest.yml | 2 +- 35 files changed, 53 insertions(+), 48 deletions(-) diff --git a/packages/network_traffic/_dev/build/build.yml b/packages/network_traffic/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100755 --- a/packages/network_traffic/_dev/build/build.yml +++ b/packages/network_traffic/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 0cb755e9dba..550150dfa4e 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.3" changes: - description: Added categories and/or subcategories. diff --git a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml index 2261312348c..878e85466ff 100644 --- a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing amqp traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/amqp/sample_event.json b/packages/network_traffic/data_stream/amqp/sample_event.json index ff487b32f1e..5d83630554b 100644 --- a/packages/network_traffic/data_stream/amqp/sample_event.json +++ b/packages/network_traffic/data_stream/amqp/sample_event.json @@ -57,7 +57,7 @@ "port": 5672 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "00a75d9d-728c-4ab5-acb6-9f78082797e7", diff --git a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml index 1060e42d449..e911efb8bdf 100644 --- a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing cassandra traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/cassandra/sample_event.json b/packages/network_traffic/data_stream/cassandra/sample_event.json index 5ffc7466bd9..40690ab10f5 100644 --- a/packages/network_traffic/data_stream/cassandra/sample_event.json +++ b/packages/network_traffic/data_stream/cassandra/sample_event.json @@ -53,7 +53,7 @@ "port": 9042 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml index 30902751bea..b58b0d6a446 100644 --- a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dhcpv4/sample_event.json b/packages/network_traffic/data_stream/dhcpv4/sample_event.json index 04c973e7a9f..7cb5f1cb078 100644 --- a/packages/network_traffic/data_stream/dhcpv4/sample_event.json +++ b/packages/network_traffic/data_stream/dhcpv4/sample_event.json @@ -41,7 +41,7 @@ "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index dac1d9f2895..1532b92eb08 100644 --- a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dns/sample_event.json b/packages/network_traffic/data_stream/dns/sample_event.json index 1b0e1146c46..37471d0e69c 100644 --- a/packages/network_traffic/data_stream/dns/sample_event.json +++ b/packages/network_traffic/data_stream/dns/sample_event.json @@ -82,7 +82,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml index 3230527fff0..39ce858eb1a 100644 --- a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing traffic flows processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml index 9743d283f6c..509842dff4e 100644 --- a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing http traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/sample_event.json b/packages/network_traffic/data_stream/http/sample_event.json index 5e086db241c..56dcae63915 100644 --- a/packages/network_traffic/data_stream/http/sample_event.json +++ b/packages/network_traffic/data_stream/http/sample_event.json @@ -24,7 +24,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml index 342eff9251e..64dd50f0e81 100644 --- a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing icmp traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/icmp/sample_event.json b/packages/network_traffic/data_stream/icmp/sample_event.json index 7c1a07b66b1..030e2997e90 100644 --- a/packages/network_traffic/data_stream/icmp/sample_event.json +++ b/packages/network_traffic/data_stream/icmp/sample_event.json @@ -21,7 +21,7 @@ "ip": "::2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml index b700ee0cfd2..76da60d3d62 100644 --- a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing memcached traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/memcached/sample_event.json b/packages/network_traffic/data_stream/memcached/sample_event.json index 14b94b4bfd6..37a01b884bd 100644 --- a/packages/network_traffic/data_stream/memcached/sample_event.json +++ b/packages/network_traffic/data_stream/memcached/sample_event.json @@ -22,7 +22,7 @@ "port": 11211 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml index 1ae79b04012..65547813a47 100644 --- a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mongodb traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mongodb/sample_event.json b/packages/network_traffic/data_stream/mongodb/sample_event.json index 86ff963bd79..498f960063e 100644 --- a/packages/network_traffic/data_stream/mongodb/sample_event.json +++ b/packages/network_traffic/data_stream/mongodb/sample_event.json @@ -23,7 +23,7 @@ "port": 27017 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index 325fbb487af..a9b97ba82fd 100644 --- a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mysql traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mysql/sample_event.json b/packages/network_traffic/data_stream/mysql/sample_event.json index 50e1804852e..292dcbdbb56 100644 --- a/packages/network_traffic/data_stream/mysql/sample_event.json +++ b/packages/network_traffic/data_stream/mysql/sample_event.json @@ -23,7 +23,7 @@ "port": 3306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml index 16a9b9df8ed..352f1a81ef8 100644 --- a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing nfs traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/nfs/sample_event.json b/packages/network_traffic/data_stream/nfs/sample_event.json index 1000cdaf681..bad90d57c8c 100644 --- a/packages/network_traffic/data_stream/nfs/sample_event.json +++ b/packages/network_traffic/data_stream/nfs/sample_event.json @@ -24,7 +24,7 @@ "port": 2049 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml index 05151d911bf..7afa7b2a89f 100644 --- a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing pgsql traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/pgsql/sample_event.json b/packages/network_traffic/data_stream/pgsql/sample_event.json index cf38cf0a437..0e342bd05bc 100644 --- a/packages/network_traffic/data_stream/pgsql/sample_event.json +++ b/packages/network_traffic/data_stream/pgsql/sample_event.json @@ -23,7 +23,7 @@ "port": 5432 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml index 4af551dc032..64107774d42 100644 --- a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing redis traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/redis/sample_event.json b/packages/network_traffic/data_stream/redis/sample_event.json index 6744fe01790..4a3921ce0f9 100644 --- a/packages/network_traffic/data_stream/redis/sample_event.json +++ b/packages/network_traffic/data_stream/redis/sample_event.json @@ -23,7 +23,7 @@ "port": 6380 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 9266df92984..96d14730779 100644 --- a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sip traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/sip/sample_event.json b/packages/network_traffic/data_stream/sip/sample_event.json index 0d2fafa91f5..15cb71f44c2 100644 --- a/packages/network_traffic/data_stream/sip/sample_event.json +++ b/packages/network_traffic/data_stream/sip/sample_event.json @@ -21,7 +21,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml index b0f6491a9c6..f32419d8ba1 100644 --- a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing thrift traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/thrift/sample_event.json b/packages/network_traffic/data_stream/thrift/sample_event.json index c7646e52a08..e856038a4a5 100644 --- a/packages/network_traffic/data_stream/thrift/sample_event.json +++ b/packages/network_traffic/data_stream/thrift/sample_event.json @@ -23,7 +23,7 @@ "port": 9090 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml index b2bde4cdb7a..030e3d0f8f8 100644 --- a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing tls traffic processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/tls/sample_event.json b/packages/network_traffic/data_stream/tls/sample_event.json index 55e5669b4b2..bae38c05c2d 100644 --- a/packages/network_traffic/data_stream/tls/sample_event.json +++ b/packages/network_traffic/data_stream/tls/sample_event.json @@ -22,7 +22,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/docs/README.md b/packages/network_traffic/docs/README.md index 8868b2f63e4..7890c5e98bf 100644 --- a/packages/network_traffic/docs/README.md +++ b/packages/network_traffic/docs/README.md @@ -531,7 +531,7 @@ An example event for `amqp` looks as following: "port": 5672 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "00a75d9d-728c-4ab5-acb6-9f78082797e7", @@ -921,7 +921,7 @@ An example event for `cassandra` looks as following: "port": 9042 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1206,7 +1206,7 @@ An example event for `dhcpv4` looks as following: "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1551,7 +1551,7 @@ An example event for `dns` looks as following: "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1939,7 +1939,7 @@ An example event for `http` looks as following: "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2228,7 +2228,7 @@ An example event for `icmp` looks as following: "ip": "::2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2552,7 +2552,7 @@ An example event for `memcached` looks as following: "port": 11211 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2839,7 +2839,7 @@ An example event for `mongodb` looks as following: "port": 27017 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3107,7 +3107,7 @@ An example event for `mysql` looks as following: "port": 3306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3369,7 +3369,7 @@ An example event for `nfs` looks as following: "port": 2049 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3645,7 +3645,7 @@ An example event for `pgsql` looks as following: "port": 5432 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3898,7 +3898,7 @@ An example event for `redis` looks as following: "port": 6380 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -4232,7 +4232,7 @@ An example event for `sip` looks as following: "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -4651,7 +4651,7 @@ An example event for `thrift` looks as following: "port": 9090 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -5066,7 +5066,7 @@ An example event for `tls` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index f27f722f209..034682a7030 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: "1.9.3" +version: "1.10.0" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration From f2c6d19e8928cc553bf9a9dc1b7a437ec6fcb414 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:28 +0530 Subject: [PATCH 082/137] [o365] - update ECS to 8.7.0 from 8.6.0 This updates the o365 integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/o365 --- packages/o365/_dev/build/build.yml | 2 +- packages/o365/changelog.yml | 5 + .../test-azuread-events.json-expected.json | 200 +++++++++--------- ...zuread-sts-logon-events.json-expected.json | 138 ++++++------ .../pipeline/test-bad-ips.json-expected.json | 8 +- ...ata-insights-api-events.json-expected.json | 18 +- ...est-dlp-exchange-events.json-expected.json | 12 +- ...t-dlp-sharepoint-events.json-expected.json | 14 +- ...t-exchange-admin-events.json-expected.json | 200 +++++++++--------- ...st-exchange-item-events.json-expected.json | 18 +- .../test-ip-formats-events.json-expected.json | 30 +-- ...est-modified-properites.json-expected.json | 2 +- .../test-ms-teams-events.json-expected.json | 8 +- .../test-parameter-string.json-expected.json | 4 +- ...-sec-comp-alerts-events.json-expected.json | 6 +- .../test-sharepoint-events.json-expected.json | 8 +- ...sharepointfileop-events.json-expected.json | 24 +-- ...st-sp-sharing-op-events.json-expected.json | 20 +- .../test-yammer-events.json-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../o365/data_stream/audit/sample_event.json | 2 +- packages/o365/docs/README.md | 4 +- packages/o365/manifest.yml | 2 +- 23 files changed, 368 insertions(+), 363 deletions(-) diff --git a/packages/o365/_dev/build/build.yml b/packages/o365/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/o365/_dev/build/build.yml +++ b/packages/o365/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 09a9cd8edaa..b3bec9005a4 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.13.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json index 31329c64558..730aadc336a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -189,7 +189,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -371,7 +371,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -744,7 +744,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -935,7 +935,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1139,7 +1139,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1343,7 +1343,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1547,7 +1547,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1751,7 +1751,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1955,7 +1955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2159,7 +2159,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2363,7 +2363,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2567,7 +2567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2771,7 +2771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2975,7 +2975,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3179,7 +3179,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -3383,7 +3383,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3587,7 +3587,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -3769,7 +3769,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -3951,7 +3951,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -4142,7 +4142,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -4324,7 +4324,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -4506,7 +4506,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -4688,7 +4688,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -4879,7 +4879,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5083,7 +5083,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5491,7 +5491,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5695,7 +5695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5899,7 +5899,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6103,7 +6103,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6307,7 +6307,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6511,7 +6511,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -6718,7 +6718,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -6922,7 +6922,7 @@ "@timestamp": "2020-02-10T15:15:04.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "modified-user-account", @@ -7094,7 +7094,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7298,7 +7298,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7502,7 +7502,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7706,7 +7706,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -7910,7 +7910,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8114,7 +8114,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8318,7 +8318,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8522,7 +8522,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8726,7 +8726,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8930,7 +8930,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9134,7 +9134,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9338,7 +9338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9542,7 +9542,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9746,7 +9746,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9950,7 +9950,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -10154,7 +10154,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -10361,7 +10361,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -10568,7 +10568,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10772,7 +10772,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10976,7 +10976,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11180,7 +11180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11384,7 +11384,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11588,7 +11588,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11792,7 +11792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11996,7 +11996,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12200,7 +12200,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12404,7 +12404,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add application.", @@ -12598,7 +12598,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add application.", @@ -12792,7 +12792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add application.", @@ -12986,7 +12986,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add application.", @@ -13180,7 +13180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add owner to application.", @@ -13375,7 +13375,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add service principal.", @@ -13586,7 +13586,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add service principal.", @@ -13797,7 +13797,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add service principal.", @@ -14008,7 +14008,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add service principal.", @@ -14219,7 +14219,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -14391,7 +14391,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14573,7 +14573,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14755,7 +14755,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -14946,7 +14946,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -15137,7 +15137,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -15328,7 +15328,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -15510,7 +15510,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -15692,7 +15692,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update application.", @@ -15874,7 +15874,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -16065,7 +16065,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -16256,7 +16256,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update service principal.", @@ -16447,7 +16447,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16651,7 +16651,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16855,7 +16855,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17059,7 +17059,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17263,7 +17263,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17467,7 +17467,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17671,7 +17671,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17875,7 +17875,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -18079,7 +18079,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18283,7 +18283,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18487,7 +18487,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18691,7 +18691,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -18898,7 +18898,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -19105,7 +19105,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Consent to application.", @@ -19312,7 +19312,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19512,7 +19512,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19712,7 +19712,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add app role assignment grant to user.", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json index 6c0dde32730..9d6d639145f 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -137,7 +137,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -267,7 +267,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -397,7 +397,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -527,7 +527,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -787,7 +787,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -917,7 +917,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1047,7 +1047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1177,7 +1177,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1307,7 +1307,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1437,7 +1437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1567,7 +1567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1827,7 +1827,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -1957,7 +1957,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2087,7 +2087,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2217,7 +2217,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2347,7 +2347,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2477,7 +2477,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2607,7 +2607,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2737,7 +2737,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2867,7 +2867,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -2997,7 +2997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3127,7 +3127,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3257,7 +3257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3387,7 +3387,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3517,7 +3517,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3647,7 +3647,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3777,7 +3777,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -3906,7 +3906,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoginFailed", @@ -4037,7 +4037,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -4152,7 +4152,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -4282,7 +4282,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -4397,7 +4397,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoginFailed", @@ -4528,7 +4528,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -4643,7 +4643,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoginFailed", @@ -4774,7 +4774,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -4904,7 +4904,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5034,7 +5034,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5149,7 +5149,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoginFailed", @@ -5280,7 +5280,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5410,7 +5410,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5540,7 +5540,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5670,7 +5670,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5785,7 +5785,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -5915,7 +5915,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6045,7 +6045,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6175,7 +6175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6305,7 +6305,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6435,7 +6435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6565,7 +6565,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6695,7 +6695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6825,7 +6825,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -6955,7 +6955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7085,7 +7085,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7215,7 +7215,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7345,7 +7345,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7475,7 +7475,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7605,7 +7605,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7735,7 +7735,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7865,7 +7865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -7995,7 +7995,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8125,7 +8125,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8255,7 +8255,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8385,7 +8385,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8515,7 +8515,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8645,7 +8645,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -8775,7 +8775,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json index 8896ec27145..d83c147cde3 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json @@ -7,7 +7,7 @@ "domain": "NOTANIPV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupCreation", @@ -74,7 +74,7 @@ "ip": "10.90.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupCreation", @@ -149,7 +149,7 @@ "domain": "INCORRECTIPV4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupCreation", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-28T09:42:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json index 168bd3ce036..c5c266f42f3 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -49,7 +49,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -95,7 +95,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -141,7 +141,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -187,7 +187,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -233,7 +233,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -279,7 +279,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -325,7 +325,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -371,7 +371,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SearchDataInsightsSubscription", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json index 4642af19c50..3500ff59adb 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleMatch", @@ -182,7 +182,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleUndo", @@ -353,7 +353,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleMatch", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleMatch", @@ -701,7 +701,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleMatch", @@ -819,7 +819,7 @@ { "@timestamp": "2020-02-24T20:11:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DlpRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json index 335e959f8a0..031ab83b65a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-25T16:20:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -107,7 +107,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -220,7 +220,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -329,7 +329,7 @@ { "@timestamp": "2020-02-25T16:22:22.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -442,7 +442,7 @@ { "@timestamp": "2020-02-26T10:13:48.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -555,7 +555,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", @@ -668,7 +668,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DLPRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json index fe543e27790..0b209f8eb33 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json @@ -6,7 +6,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -73,7 +73,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -153,7 +153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -233,7 +233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Install-DefaultSharingPolicy", @@ -300,7 +300,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Install-AdminAuditLogConfig", @@ -367,7 +367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -435,7 +435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -504,7 +504,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -571,7 +571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -651,7 +651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -731,7 +731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Enable-AddressListPaging", @@ -799,7 +799,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -879,7 +879,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -959,7 +959,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1039,7 +1039,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1119,7 +1119,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1199,7 +1199,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1279,7 +1279,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1346,7 +1346,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -1414,7 +1414,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -1482,7 +1482,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1549,7 +1549,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -1617,7 +1617,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1777,7 +1777,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1857,7 +1857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -1937,7 +1937,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2017,7 +2017,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2097,7 +2097,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2177,7 +2177,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2257,7 +2257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2339,7 +2339,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2419,7 +2419,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2499,7 +2499,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2579,7 +2579,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2659,7 +2659,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2739,7 +2739,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2819,7 +2819,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2899,7 +2899,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -2979,7 +2979,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3059,7 +3059,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3136,7 +3136,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -3205,7 +3205,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -3273,7 +3273,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TransportConfig", @@ -3341,7 +3341,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "New-ExchangeAssistanceConfig", @@ -3409,7 +3409,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3491,7 +3491,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3571,7 +3571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3651,7 +3651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3731,7 +3731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3811,7 +3811,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3891,7 +3891,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -3971,7 +3971,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4051,7 +4051,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4131,7 +4131,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4211,7 +4211,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4291,7 +4291,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4371,7 +4371,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -4440,7 +4440,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4509,7 +4509,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4589,7 +4589,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4669,7 +4669,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4738,7 +4738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -4805,7 +4805,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4887,7 +4887,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -4967,7 +4967,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5047,7 +5047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5127,7 +5127,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5207,7 +5207,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5367,7 +5367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5447,7 +5447,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Enable-AddressListPaging", @@ -5515,7 +5515,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5584,7 +5584,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-ExchangeAssistanceConfig", @@ -5652,7 +5652,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -5721,7 +5721,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -5788,7 +5788,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add-MailboxPermission", @@ -5857,7 +5857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -5924,7 +5924,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5993,7 +5993,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6073,7 +6073,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6153,7 +6153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6233,7 +6233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6313,7 +6313,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6393,7 +6393,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6473,7 +6473,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6553,7 +6553,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6633,7 +6633,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Add-MailboxPermission", @@ -6702,7 +6702,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6782,7 +6782,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -6862,7 +6862,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Enable-AddressListPaging", @@ -6930,7 +6930,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -7010,7 +7010,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Install-ResourceConfig", @@ -7077,7 +7077,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7146,7 +7146,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -7223,7 +7223,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -7303,7 +7303,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7372,7 +7372,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -7452,7 +7452,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", @@ -7534,7 +7534,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json index e3dc64e5de6..86941a32757 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json @@ -10,7 +10,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Create", @@ -101,7 +101,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Create", @@ -192,7 +192,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Create", @@ -283,7 +283,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", @@ -374,7 +374,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", @@ -465,7 +465,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", @@ -556,7 +556,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", @@ -647,7 +647,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", @@ -738,7 +738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ModifyFolderPermissions", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json index 4ac988c43cd..188783f71a0 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -52,7 +52,7 @@ "port": 12345 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -95,7 +95,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -180,7 +180,7 @@ "port": 12345 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -224,7 +224,7 @@ "port": 12345 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -276,7 +276,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -378,7 +378,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -419,7 +419,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -449,7 +449,7 @@ "domain": "[localhost]:12345" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "domain": "localhost:12345" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -509,7 +509,7 @@ "domain": "[cool.client.local]:12345" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -539,7 +539,7 @@ "domain": "cool.client.local" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -569,7 +569,7 @@ "domain": "cool.client.local:12345" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json index 27f2b3fbb7b..92dbc02c97d 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json @@ -10,7 +10,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Update", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json index f3fe0a784a0..eb7a28f6de9 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-group-account-to", @@ -55,7 +55,7 @@ { "@timestamp": "2020-02-17T16:59:47.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-users-to-group", @@ -142,7 +142,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added-users-to-group", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-17T16:59:34.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TeamsSessionStarted", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json index 4a07a11d5f3..fbcae59849d 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "UserLoggedIn", @@ -116,7 +116,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json index fdb4b4a5d89..394ed5de4a4 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AlertEntityGenerated", @@ -68,7 +68,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AlertTriggered", @@ -130,7 +130,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AlertTriggered", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json index 3e0c252aae4..ae49d1404a5 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PageViewed", @@ -106,7 +106,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PageViewed", @@ -205,7 +205,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PageViewed", @@ -304,7 +304,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "PageViewed", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json index 94c0dfa6f60..ec180dfebd7 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileDeleted", @@ -116,7 +116,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileDeleted", @@ -225,7 +225,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileAccessed", @@ -334,7 +334,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileAccessed", @@ -443,7 +443,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileUploaded", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileModified", @@ -662,7 +662,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileDeleted", @@ -771,7 +771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileUploaded", @@ -881,7 +881,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileModified", @@ -990,7 +990,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileModified", @@ -1099,7 +1099,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "FileModified", @@ -1208,7 +1208,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SecureLinkUsed", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json index 71a90566401..6a38cf413ca 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AddedToGroup", @@ -77,7 +77,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AddedToGroup", @@ -150,7 +150,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AddedToGroup", @@ -223,7 +223,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AddedToGroup", @@ -296,7 +296,7 @@ "@timestamp": "2020-02-17T16:59:49.000Z", "client": {}, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AddedToGroup", @@ -372,7 +372,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SharingInheritanceBroken", @@ -477,7 +477,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AnonymousLinkCreated", @@ -586,7 +586,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SharingSet", @@ -696,7 +696,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SharingSet", @@ -806,7 +806,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SharingSet", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json index f5072f8370d..12e4a921ea3 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupCreation", @@ -97,7 +97,7 @@ "port": 12346 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GroupCreation", diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 6f4f49cf0a9..69b73ab5466 100644 --- a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Office 365 Audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/o365/data_stream/audit/sample_event.json b/packages/o365/data_stream/audit/sample_event.json index 1f24d02d05b..2eb05afadda 100644 --- a/packages/o365/data_stream/audit/sample_event.json +++ b/packages/o365/data_stream/audit/sample_event.json @@ -17,7 +17,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "daae9b35-e01e-4afc-a59d-da75f9702aa7", diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md index e5fd4dddb80..79fdb4ddbd0 100644 --- a/packages/o365/docs/README.md +++ b/packages/o365/docs/README.md @@ -49,7 +49,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "daae9b35-e01e-4afc-a59d-da75f9702aa7", @@ -198,7 +198,7 @@ An example event for `audit` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index 925d70a23a6..4f3726ec7a2 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Microsoft 365 -version: "1.13.1" +version: "1.14.0" release: ga description: Collect logs from Microsoft 365 with Elastic Agent. type: integration From ff26aa1dc0d079b5ad94dfee1dcc436315e2080b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:29 +0530 Subject: [PATCH 083/137] [okta] - update ECS to 8.7.0 from 8.6.0 This updates the okta integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/okta --- packages/okta/_dev/build/build.yml | 2 +- packages/okta/changelog.yml | 5 +++++ .../test-okta-system-events.json-expected.json | 18 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../okta/data_stream/system/sample_event.json | 2 +- packages/okta/docs/README.md | 2 +- packages/okta/manifest.yml | 2 +- 7 files changed, 19 insertions(+), 14 deletions(-) diff --git a/packages/okta/_dev/build/build.yml b/packages/okta/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/okta/_dev/build/build.yml +++ b/packages/okta/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 506d52b5867..63557030b20 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.18.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.17.0" changes: - description: Extract username from email diff --git a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json index d94cfa3c80d..fba7bb1b97f 100644 --- a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json +++ b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.session.end", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.session.end", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.session.end", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.session.end", @@ -614,7 +614,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.session.start", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.authentication.verify", @@ -978,7 +978,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.authentication.verify", @@ -1158,7 +1158,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.authentication.auth_via_mfa", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.authentication.auth_via_mfa", diff --git a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml index 53f1891c52c..92612c98808 100644 --- a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml +++ b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Okta system logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # Keep message as event.original. # Warn if event.original has already been set. This is most likely due to logstash ecs_compatibility setting. - append: diff --git a/packages/okta/data_stream/system/sample_event.json b/packages/okta/data_stream/system/sample_event.json index a5d665bf140..b9fa8b9d01c 100644 --- a/packages/okta/data_stream/system/sample_event.json +++ b/packages/okta/data_stream/system/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "42d84727-4667-423f-a1b6-d5111c2a1ed5", diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md index d11ba22b16c..62ca6ee7d1a 100644 --- a/packages/okta/docs/README.md +++ b/packages/okta/docs/README.md @@ -43,7 +43,7 @@ An example event for `system` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "42d84727-4667-423f-a1b6-d5111c2a1ed5", diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index cd9a8f67a30..70b8760badf 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta -version: "1.17.0" +version: "1.18.0" release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration From adceb5b7290a1788e3e1ea90b7911dee0b0e9b9f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:32 +0530 Subject: [PATCH 084/137] [osquery] - update ECS to 8.7.0 from 8.6.0 This updates the osquery integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/osquery --- packages/osquery/_dev/build/build.yml | 2 +- packages/osquery/changelog.yml | 5 + .../pipeline/test-osquery.log-expected.json | 4426 ++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/result/sample_event.json | 2 +- packages/osquery/docs/README.md | 2 +- packages/osquery/manifest.yml | 2 +- 7 files changed, 2223 insertions(+), 2218 deletions(-) diff --git a/packages/osquery/_dev/build/build.yml b/packages/osquery/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/osquery/_dev/build/build.yml +++ b/packages/osquery/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index aecbcd59e76..4f8917d5db5 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json index 2836f6fb498..a5e488f6f8e 100644 --- a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json +++ b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed", @@ -69,7 +69,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129,7 +129,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -189,7 +189,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -249,7 +249,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -309,7 +309,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -369,7 +369,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -429,7 +429,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -489,7 +489,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -549,7 +549,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -609,7 +609,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -669,7 +669,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -729,7 +729,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -789,7 +789,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -849,7 +849,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -909,7 +909,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -969,7 +969,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1029,7 +1029,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1089,7 +1089,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1149,7 +1149,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1209,7 +1209,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1269,7 +1269,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1329,7 +1329,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1389,7 +1389,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1449,7 +1449,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1509,7 +1509,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1569,7 +1569,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1629,7 +1629,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1689,7 +1689,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1749,7 +1749,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1809,7 +1809,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1869,7 +1869,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1929,7 +1929,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -1989,7 +1989,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2049,7 +2049,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2109,7 +2109,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2169,7 +2169,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2229,7 +2229,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2289,7 +2289,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2349,7 +2349,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2409,7 +2409,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2469,7 +2469,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2529,7 +2529,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2589,7 +2589,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2649,7 +2649,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2709,7 +2709,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2769,7 +2769,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2829,7 +2829,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2889,7 +2889,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -2949,7 +2949,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3009,7 +3009,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3069,7 +3069,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3129,7 +3129,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3189,7 +3189,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3249,7 +3249,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3309,7 +3309,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3369,7 +3369,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3429,7 +3429,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3489,7 +3489,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3549,7 +3549,7 @@ { "@timestamp": "2018-01-08T17:06:29.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3631,7 +3631,7 @@ { "@timestamp": "2018-01-08T17:19:48.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3713,7 +3713,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3768,7 +3768,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3823,7 +3823,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3878,7 +3878,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3933,7 +3933,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -3988,7 +3988,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4043,7 +4043,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4098,7 +4098,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4155,7 +4155,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4212,7 +4212,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4269,7 +4269,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4326,7 +4326,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4383,7 +4383,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4440,7 +4440,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4497,7 +4497,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4554,7 +4554,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4611,7 +4611,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4692,7 +4692,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4770,7 +4770,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4848,7 +4848,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -4926,7 +4926,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5004,7 +5004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5082,7 +5082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5160,7 +5160,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5238,7 +5238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5316,7 +5316,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5394,7 +5394,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5472,7 +5472,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5550,7 +5550,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5631,7 +5631,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5688,7 +5688,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5745,7 +5745,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5802,7 +5802,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5859,7 +5859,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5916,7 +5916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -5973,7 +5973,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6030,7 +6030,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6087,7 +6087,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6144,7 +6144,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6201,7 +6201,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6258,7 +6258,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6315,7 +6315,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6372,7 +6372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6429,7 +6429,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6486,7 +6486,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6543,7 +6543,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6600,7 +6600,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6657,7 +6657,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6714,7 +6714,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6771,7 +6771,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6828,7 +6828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6885,7 +6885,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6942,7 +6942,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -6999,7 +6999,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7056,7 +7056,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7113,7 +7113,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7170,7 +7170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7227,7 +7227,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7284,7 +7284,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7341,7 +7341,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7398,7 +7398,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7455,7 +7455,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7512,7 +7512,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7569,7 +7569,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7626,7 +7626,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7683,7 +7683,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7740,7 +7740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7797,7 +7797,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7854,7 +7854,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7911,7 +7911,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -7968,7 +7968,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8025,7 +8025,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8082,7 +8082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8139,7 +8139,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8196,7 +8196,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8253,7 +8253,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8310,7 +8310,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8367,7 +8367,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8424,7 +8424,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8481,7 +8481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8538,7 +8538,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8595,7 +8595,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8652,7 +8652,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8709,7 +8709,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8766,7 +8766,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8823,7 +8823,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8880,7 +8880,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8937,7 +8937,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -8994,7 +8994,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9051,7 +9051,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9108,7 +9108,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9165,7 +9165,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9222,7 +9222,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9279,7 +9279,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9336,7 +9336,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9393,7 +9393,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9450,7 +9450,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9507,7 +9507,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9564,7 +9564,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9621,7 +9621,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9678,7 +9678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9737,7 +9737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9796,7 +9796,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9856,7 +9856,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9916,7 +9916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -9976,7 +9976,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10035,7 +10035,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10094,7 +10094,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10152,7 +10152,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10210,7 +10210,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10269,7 +10269,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10328,7 +10328,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10386,7 +10386,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10447,7 +10447,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10505,7 +10505,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10564,7 +10564,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10623,7 +10623,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10681,7 +10681,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10739,7 +10739,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10797,7 +10797,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10856,7 +10856,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10915,7 +10915,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -10974,7 +10974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11032,7 +11032,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11091,7 +11091,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11150,7 +11150,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11209,7 +11209,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11267,7 +11267,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11325,7 +11325,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11383,7 +11383,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11441,7 +11441,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11499,7 +11499,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11559,7 +11559,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11619,7 +11619,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11678,7 +11678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11736,7 +11736,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11795,7 +11795,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11855,7 +11855,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11914,7 +11914,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -11972,7 +11972,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12032,7 +12032,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12092,7 +12092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12151,7 +12151,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12211,7 +12211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12270,7 +12270,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12329,7 +12329,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12388,7 +12388,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12447,7 +12447,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12506,7 +12506,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12565,7 +12565,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12623,7 +12623,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12681,7 +12681,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12740,7 +12740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12801,7 +12801,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12860,7 +12860,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12918,7 +12918,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -12976,7 +12976,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13034,7 +13034,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13092,7 +13092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13153,7 +13153,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13211,7 +13211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13269,7 +13269,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13327,7 +13327,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13385,7 +13385,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13443,7 +13443,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13503,7 +13503,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13562,7 +13562,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13620,7 +13620,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13678,7 +13678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13737,7 +13737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13796,7 +13796,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13855,7 +13855,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13915,7 +13915,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -13974,7 +13974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14034,7 +14034,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14092,7 +14092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14151,7 +14151,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14211,7 +14211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14270,7 +14270,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14329,7 +14329,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14387,7 +14387,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14445,7 +14445,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14506,7 +14506,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14565,7 +14565,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14624,7 +14624,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14682,7 +14682,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14740,7 +14740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14799,7 +14799,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14858,7 +14858,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14916,7 +14916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -14974,7 +14974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15033,7 +15033,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15093,7 +15093,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15153,7 +15153,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15211,7 +15211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15271,7 +15271,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15332,7 +15332,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15392,7 +15392,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15452,7 +15452,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15510,7 +15510,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15570,7 +15570,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15630,7 +15630,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15688,7 +15688,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15747,7 +15747,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15806,7 +15806,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15864,7 +15864,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15924,7 +15924,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -15983,7 +15983,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16044,7 +16044,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16104,7 +16104,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16164,7 +16164,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16223,7 +16223,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16282,7 +16282,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16340,7 +16340,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16398,7 +16398,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16457,7 +16457,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16515,7 +16515,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16573,7 +16573,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16633,7 +16633,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16691,7 +16691,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16752,7 +16752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16811,7 +16811,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16869,7 +16869,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16928,7 +16928,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -16987,7 +16987,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17046,7 +17046,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17105,7 +17105,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17164,7 +17164,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17223,7 +17223,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17281,7 +17281,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17340,7 +17340,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17401,7 +17401,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17461,7 +17461,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17520,7 +17520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17579,7 +17579,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17638,7 +17638,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17696,7 +17696,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17756,7 +17756,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17815,7 +17815,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17874,7 +17874,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17932,7 +17932,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -17991,7 +17991,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18049,7 +18049,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18107,7 +18107,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18166,7 +18166,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18226,7 +18226,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18285,7 +18285,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18346,7 +18346,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18404,7 +18404,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18464,7 +18464,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18523,7 +18523,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18581,7 +18581,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18639,7 +18639,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18699,7 +18699,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18759,7 +18759,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18817,7 +18817,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18878,7 +18878,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18937,7 +18937,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -18998,7 +18998,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19058,7 +19058,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19116,7 +19116,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19174,7 +19174,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19233,7 +19233,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19293,7 +19293,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19351,7 +19351,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19410,7 +19410,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19470,7 +19470,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19528,7 +19528,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19587,7 +19587,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19645,7 +19645,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19705,7 +19705,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19761,7 +19761,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19819,7 +19819,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19879,7 +19879,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19938,7 +19938,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -19996,7 +19996,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20055,7 +20055,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20117,7 +20117,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20175,7 +20175,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20235,7 +20235,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20295,7 +20295,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20354,7 +20354,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20412,7 +20412,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20470,7 +20470,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20530,7 +20530,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20588,7 +20588,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20647,7 +20647,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20706,7 +20706,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20764,7 +20764,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20824,7 +20824,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20882,7 +20882,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20940,7 +20940,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -20999,7 +20999,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21057,7 +21057,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21115,7 +21115,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21175,7 +21175,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21233,7 +21233,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21292,7 +21292,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21350,7 +21350,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21408,7 +21408,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21466,7 +21466,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21524,7 +21524,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21583,7 +21583,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21641,7 +21641,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21700,7 +21700,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21759,7 +21759,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21817,7 +21817,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21875,7 +21875,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21935,7 +21935,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -21993,7 +21993,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22053,7 +22053,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22113,7 +22113,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22173,7 +22173,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22231,7 +22231,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22289,7 +22289,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22349,7 +22349,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22407,7 +22407,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22468,7 +22468,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22529,7 +22529,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22587,7 +22587,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22647,7 +22647,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22706,7 +22706,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22765,7 +22765,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22823,7 +22823,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22881,7 +22881,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -22939,7 +22939,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23001,7 +23001,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23059,7 +23059,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23117,7 +23117,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23177,7 +23177,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23236,7 +23236,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23295,7 +23295,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23353,7 +23353,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23412,7 +23412,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23471,7 +23471,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23531,7 +23531,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23591,7 +23591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23651,7 +23651,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23709,7 +23709,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23768,7 +23768,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23828,7 +23828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23887,7 +23887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -23945,7 +23945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24004,7 +24004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24062,7 +24062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24122,7 +24122,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24181,7 +24181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24239,7 +24239,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24299,7 +24299,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24358,7 +24358,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24416,7 +24416,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24475,7 +24475,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24534,7 +24534,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24592,7 +24592,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24652,7 +24652,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24710,7 +24710,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24769,7 +24769,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24828,7 +24828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24887,7 +24887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -24946,7 +24946,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25005,7 +25005,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25064,7 +25064,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25123,7 +25123,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25181,7 +25181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25241,7 +25241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25300,7 +25300,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25359,7 +25359,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25417,7 +25417,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25475,7 +25475,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25533,7 +25533,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25591,7 +25591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25649,7 +25649,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25708,7 +25708,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25767,7 +25767,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25826,7 +25826,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25888,7 +25888,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -25947,7 +25947,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26005,7 +26005,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26064,7 +26064,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26122,7 +26122,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26180,7 +26180,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26238,7 +26238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26298,7 +26298,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26356,7 +26356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26415,7 +26415,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26473,7 +26473,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26531,7 +26531,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26589,7 +26589,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26648,7 +26648,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26707,7 +26707,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26769,7 +26769,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26828,7 +26828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26887,7 +26887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -26945,7 +26945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27003,7 +27003,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27062,7 +27062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27121,7 +27121,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27179,7 +27179,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27238,7 +27238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27297,7 +27297,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27356,7 +27356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27418,7 +27418,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27477,7 +27477,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27536,7 +27536,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27594,7 +27594,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27653,7 +27653,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27711,7 +27711,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27770,7 +27770,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27829,7 +27829,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27887,7 +27887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -27945,7 +27945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28003,7 +28003,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28062,7 +28062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28120,7 +28120,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28179,7 +28179,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28241,7 +28241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28302,7 +28302,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28362,7 +28362,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28422,7 +28422,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28481,7 +28481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28542,7 +28542,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28601,7 +28601,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28660,7 +28660,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28720,7 +28720,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28781,7 +28781,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28840,7 +28840,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28902,7 +28902,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -28961,7 +28961,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29021,7 +29021,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29082,7 +29082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29141,7 +29141,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29200,7 +29200,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29260,7 +29260,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29319,7 +29319,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29378,7 +29378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29438,7 +29438,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29498,7 +29498,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29559,7 +29559,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29617,7 +29617,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29675,7 +29675,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29734,7 +29734,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29792,7 +29792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29850,7 +29850,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29908,7 +29908,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -29966,7 +29966,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30026,7 +30026,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30084,7 +30084,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30142,7 +30142,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30200,7 +30200,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30259,7 +30259,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30318,7 +30318,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30378,7 +30378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30438,7 +30438,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30496,7 +30496,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30554,7 +30554,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30612,7 +30612,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30670,7 +30670,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30728,7 +30728,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30786,7 +30786,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30844,7 +30844,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30902,7 +30902,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -30960,7 +30960,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31019,7 +31019,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31078,7 +31078,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31137,7 +31137,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31195,7 +31195,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31254,7 +31254,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31314,7 +31314,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31373,7 +31373,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31432,7 +31432,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31490,7 +31490,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31548,7 +31548,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31607,7 +31607,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31668,7 +31668,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31726,7 +31726,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31784,7 +31784,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31842,7 +31842,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31900,7 +31900,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -31958,7 +31958,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32016,7 +32016,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32075,7 +32075,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32135,7 +32135,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32193,7 +32193,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32253,7 +32253,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32313,7 +32313,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32372,7 +32372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32431,7 +32431,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32490,7 +32490,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32549,7 +32549,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32608,7 +32608,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32667,7 +32667,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32726,7 +32726,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32787,7 +32787,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32845,7 +32845,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32904,7 +32904,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -32963,7 +32963,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33022,7 +33022,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33082,7 +33082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33142,7 +33142,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33201,7 +33201,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33260,7 +33260,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33319,7 +33319,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33377,7 +33377,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33435,7 +33435,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33494,7 +33494,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33553,7 +33553,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33611,7 +33611,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33671,7 +33671,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33731,7 +33731,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33792,7 +33792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33851,7 +33851,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33910,7 +33910,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -33969,7 +33969,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34029,7 +34029,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34090,7 +34090,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34149,7 +34149,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34208,7 +34208,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34267,7 +34267,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34326,7 +34326,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34384,7 +34384,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34442,7 +34442,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34502,7 +34502,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34561,7 +34561,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34619,7 +34619,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34679,7 +34679,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34737,7 +34737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34795,7 +34795,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34853,7 +34853,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34912,7 +34912,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -34970,7 +34970,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35030,7 +35030,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35089,7 +35089,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35147,7 +35147,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35205,7 +35205,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35263,7 +35263,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35321,7 +35321,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35381,7 +35381,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35440,7 +35440,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35499,7 +35499,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35558,7 +35558,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35617,7 +35617,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35676,7 +35676,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35734,7 +35734,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35792,7 +35792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35851,7 +35851,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35909,7 +35909,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -35967,7 +35967,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36025,7 +36025,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36083,7 +36083,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36141,7 +36141,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36199,7 +36199,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36258,7 +36258,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36316,7 +36316,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36378,7 +36378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36436,7 +36436,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36494,7 +36494,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36553,7 +36553,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36612,7 +36612,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36671,7 +36671,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36730,7 +36730,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36789,7 +36789,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36848,7 +36848,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36906,7 +36906,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -36964,7 +36964,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37022,7 +37022,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37081,7 +37081,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37140,7 +37140,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37198,7 +37198,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37256,7 +37256,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37314,7 +37314,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37372,7 +37372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37430,7 +37430,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37488,7 +37488,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37546,7 +37546,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37604,7 +37604,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37662,7 +37662,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37720,7 +37720,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37778,7 +37778,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37836,7 +37836,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37894,7 +37894,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -37952,7 +37952,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38010,7 +38010,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38068,7 +38068,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38129,7 +38129,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38187,7 +38187,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38245,7 +38245,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38304,7 +38304,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38363,7 +38363,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38423,7 +38423,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38481,7 +38481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38539,7 +38539,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38597,7 +38597,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38655,7 +38655,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38713,7 +38713,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38771,7 +38771,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38829,7 +38829,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38888,7 +38888,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -38946,7 +38946,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39008,7 +39008,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39066,7 +39066,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39124,7 +39124,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39183,7 +39183,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39241,7 +39241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39299,7 +39299,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39357,7 +39357,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39415,7 +39415,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39473,7 +39473,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39533,7 +39533,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39591,7 +39591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39649,7 +39649,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39707,7 +39707,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39766,7 +39766,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39825,7 +39825,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39884,7 +39884,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -39943,7 +39943,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40004,7 +40004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40063,7 +40063,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40121,7 +40121,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40181,7 +40181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40239,7 +40239,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40297,7 +40297,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40355,7 +40355,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40413,7 +40413,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40471,7 +40471,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40530,7 +40530,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40588,7 +40588,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40646,7 +40646,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40704,7 +40704,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40762,7 +40762,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40820,7 +40820,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40878,7 +40878,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40936,7 +40936,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -40994,7 +40994,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41054,7 +41054,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41112,7 +41112,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41170,7 +41170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41228,7 +41228,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41286,7 +41286,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41345,7 +41345,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41403,7 +41403,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41462,7 +41462,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41520,7 +41520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41578,7 +41578,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41637,7 +41637,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41696,7 +41696,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41755,7 +41755,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41814,7 +41814,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41872,7 +41872,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41931,7 +41931,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -41989,7 +41989,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42047,7 +42047,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42105,7 +42105,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42163,7 +42163,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42221,7 +42221,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42280,7 +42280,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42339,7 +42339,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42397,7 +42397,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42455,7 +42455,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42513,7 +42513,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42572,7 +42572,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42631,7 +42631,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42691,7 +42691,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42751,7 +42751,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42810,7 +42810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42869,7 +42869,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42927,7 +42927,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -42986,7 +42986,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43045,7 +43045,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43104,7 +43104,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43162,7 +43162,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43220,7 +43220,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43280,7 +43280,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43339,7 +43339,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43397,7 +43397,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43456,7 +43456,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43516,7 +43516,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43577,7 +43577,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43636,7 +43636,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43694,7 +43694,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43752,7 +43752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43810,7 +43810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43868,7 +43868,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43930,7 +43930,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -43988,7 +43988,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44048,7 +44048,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44108,7 +44108,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44169,7 +44169,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44228,7 +44228,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44286,7 +44286,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44344,7 +44344,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44403,7 +44403,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44462,7 +44462,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44520,7 +44520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44578,7 +44578,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44636,7 +44636,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44694,7 +44694,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44752,7 +44752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44810,7 +44810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44868,7 +44868,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44926,7 +44926,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -44984,7 +44984,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45042,7 +45042,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45100,7 +45100,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45159,7 +45159,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45217,7 +45217,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45276,7 +45276,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45334,7 +45334,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45392,7 +45392,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45451,7 +45451,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45510,7 +45510,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45569,7 +45569,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45627,7 +45627,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45685,7 +45685,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45744,7 +45744,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45803,7 +45803,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45863,7 +45863,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45922,7 +45922,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -45980,7 +45980,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46040,7 +46040,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46098,7 +46098,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46156,7 +46156,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46215,7 +46215,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46274,7 +46274,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46332,7 +46332,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46390,7 +46390,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46448,7 +46448,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46508,7 +46508,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46567,7 +46567,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46627,7 +46627,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46687,7 +46687,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46747,7 +46747,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46806,7 +46806,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46867,7 +46867,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46927,7 +46927,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -46988,7 +46988,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47049,7 +47049,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47111,7 +47111,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47170,7 +47170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47232,7 +47232,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47294,7 +47294,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47356,7 +47356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47416,7 +47416,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47472,7 +47472,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47528,7 +47528,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47584,7 +47584,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47640,7 +47640,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47696,7 +47696,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47752,7 +47752,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47808,7 +47808,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47864,7 +47864,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47920,7 +47920,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -47973,7 +47973,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48027,7 +48027,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48081,7 +48081,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48135,7 +48135,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48196,7 +48196,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48250,7 +48250,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48304,7 +48304,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48358,7 +48358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48426,7 +48426,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48494,7 +48494,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48563,7 +48563,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48631,7 +48631,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48700,7 +48700,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48769,7 +48769,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48839,7 +48839,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48908,7 +48908,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -48977,7 +48977,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49045,7 +49045,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49115,7 +49115,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49183,7 +49183,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49253,7 +49253,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49320,7 +49320,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49387,7 +49387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49455,7 +49455,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49525,7 +49525,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49594,7 +49594,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49664,7 +49664,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49732,7 +49732,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49801,7 +49801,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49869,7 +49869,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -49938,7 +49938,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50007,7 +50007,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50075,7 +50075,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50144,7 +50144,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50210,7 +50210,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50278,7 +50278,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50348,7 +50348,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50417,7 +50417,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50484,7 +50484,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50553,7 +50553,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50622,7 +50622,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50691,7 +50691,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50761,7 +50761,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50829,7 +50829,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50899,7 +50899,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -50969,7 +50969,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51038,7 +51038,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51106,7 +51106,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51175,7 +51175,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51244,7 +51244,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51313,7 +51313,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51379,7 +51379,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51446,7 +51446,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51513,7 +51513,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51574,7 +51574,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51640,7 +51640,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51708,7 +51708,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51778,7 +51778,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51847,7 +51847,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51914,7 +51914,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -51984,7 +51984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52052,7 +52052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52122,7 +52122,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52191,7 +52191,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52259,7 +52259,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52328,7 +52328,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52397,7 +52397,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52465,7 +52465,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52534,7 +52534,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52601,7 +52601,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52671,7 +52671,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52740,7 +52740,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52808,7 +52808,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52878,7 +52878,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -52948,7 +52948,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53017,7 +53017,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53084,7 +53084,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53149,7 +53149,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53218,7 +53218,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53287,7 +53287,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53356,7 +53356,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53426,7 +53426,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53494,7 +53494,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53563,7 +53563,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53629,7 +53629,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53695,7 +53695,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53762,7 +53762,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53829,7 +53829,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53896,7 +53896,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -53962,7 +53962,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54027,7 +54027,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54095,7 +54095,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54161,7 +54161,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54227,7 +54227,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54293,7 +54293,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54358,7 +54358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54425,7 +54425,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54492,7 +54492,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54553,7 +54553,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54614,7 +54614,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54675,7 +54675,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54736,7 +54736,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54797,7 +54797,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54858,7 +54858,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54919,7 +54919,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -54980,7 +54980,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55046,7 +55046,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55112,7 +55112,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55179,7 +55179,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55246,7 +55246,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55312,7 +55312,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55380,7 +55380,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55448,7 +55448,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55513,7 +55513,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55581,7 +55581,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55647,7 +55647,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55716,7 +55716,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55783,7 +55783,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55848,7 +55848,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55916,7 +55916,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -55984,7 +55984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56052,7 +56052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56121,7 +56121,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56190,7 +56190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56259,7 +56259,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56326,7 +56326,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56394,7 +56394,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56463,7 +56463,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56530,7 +56530,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56599,7 +56599,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56668,7 +56668,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56735,7 +56735,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56801,7 +56801,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56869,7 +56869,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -56938,7 +56938,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57005,7 +57005,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57071,7 +57071,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57139,7 +57139,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57208,7 +57208,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57276,7 +57276,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57343,7 +57343,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57411,7 +57411,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57478,7 +57478,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57545,7 +57545,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57612,7 +57612,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57679,7 +57679,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57746,7 +57746,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57813,7 +57813,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57880,7 +57880,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -57948,7 +57948,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58015,7 +58015,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58085,7 +58085,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58155,7 +58155,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58221,7 +58221,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58290,7 +58290,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58358,7 +58358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58425,7 +58425,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58491,7 +58491,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58558,7 +58558,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58626,7 +58626,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58691,7 +58691,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58757,7 +58757,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58824,7 +58824,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58891,7 +58891,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -58959,7 +58959,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59026,7 +59026,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59093,7 +59093,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59159,7 +59159,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59228,7 +59228,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59296,7 +59296,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59363,7 +59363,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59432,7 +59432,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59500,7 +59500,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59568,7 +59568,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59636,7 +59636,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59704,7 +59704,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59772,7 +59772,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59842,7 +59842,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59909,7 +59909,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -59975,7 +59975,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60042,7 +60042,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60109,7 +60109,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60175,7 +60175,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60242,7 +60242,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60307,7 +60307,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60374,7 +60374,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60442,7 +60442,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60510,7 +60510,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60577,7 +60577,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60645,7 +60645,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60712,7 +60712,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60780,7 +60780,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60850,7 +60850,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60917,7 +60917,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -60984,7 +60984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61052,7 +61052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61118,7 +61118,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61186,7 +61186,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61252,7 +61252,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61316,7 +61316,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61384,7 +61384,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61454,7 +61454,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61522,7 +61522,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61590,7 +61590,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61657,7 +61657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61724,7 +61724,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61791,7 +61791,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61857,7 +61857,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61923,7 +61923,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -61990,7 +61990,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62057,7 +62057,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62124,7 +62124,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62190,7 +62190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62258,7 +62258,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62325,7 +62325,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62392,7 +62392,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62460,7 +62460,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62527,7 +62527,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62594,7 +62594,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62660,7 +62660,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62726,7 +62726,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62792,7 +62792,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62858,7 +62858,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62925,7 +62925,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -62991,7 +62991,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63057,7 +63057,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63123,7 +63123,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63189,7 +63189,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63255,7 +63255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63321,7 +63321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63387,7 +63387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63453,7 +63453,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63519,7 +63519,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63585,7 +63585,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63651,7 +63651,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63717,7 +63717,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63786,7 +63786,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63853,7 +63853,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63920,7 +63920,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -63986,7 +63986,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64052,7 +64052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64119,7 +64119,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64186,7 +64186,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64253,7 +64253,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64321,7 +64321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64387,7 +64387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64453,7 +64453,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64519,7 +64519,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64586,7 +64586,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64653,7 +64653,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64720,7 +64720,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64786,7 +64786,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64852,7 +64852,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64919,7 +64919,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -64985,7 +64985,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65053,7 +65053,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65120,7 +65120,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65187,7 +65187,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65255,7 +65255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65322,7 +65322,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65390,7 +65390,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65458,7 +65458,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65526,7 +65526,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65592,7 +65592,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65657,7 +65657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65722,7 +65722,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65790,7 +65790,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65857,7 +65857,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65922,7 +65922,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -65990,7 +65990,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66058,7 +66058,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66125,7 +66125,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66190,7 +66190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66255,7 +66255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66320,7 +66320,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66386,7 +66386,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66451,7 +66451,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66516,7 +66516,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66583,7 +66583,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66648,7 +66648,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66713,7 +66713,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66781,7 +66781,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66847,7 +66847,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66914,7 +66914,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -66980,7 +66980,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67047,7 +67047,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67116,7 +67116,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67184,7 +67184,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67252,7 +67252,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67321,7 +67321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67389,7 +67389,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67457,7 +67457,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67525,7 +67525,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67592,7 +67592,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67657,7 +67657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67724,7 +67724,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67791,7 +67791,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67856,7 +67856,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67922,7 +67922,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -67987,7 +67987,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68055,7 +68055,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68122,7 +68122,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68190,7 +68190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68258,7 +68258,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68324,7 +68324,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68390,7 +68390,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68451,7 +68451,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68511,7 +68511,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68572,7 +68572,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68633,7 +68633,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68694,7 +68694,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68755,7 +68755,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68815,7 +68815,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68875,7 +68875,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68935,7 +68935,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -68995,7 +68995,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69055,7 +69055,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69115,7 +69115,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69175,7 +69175,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69235,7 +69235,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69295,7 +69295,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69355,7 +69355,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69415,7 +69415,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69475,7 +69475,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69535,7 +69535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69595,7 +69595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69655,7 +69655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69715,7 +69715,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69775,7 +69775,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69835,7 +69835,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69895,7 +69895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -69955,7 +69955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70015,7 +70015,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70075,7 +70075,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70135,7 +70135,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70195,7 +70195,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70255,7 +70255,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70315,7 +70315,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70375,7 +70375,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70435,7 +70435,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70495,7 +70495,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70555,7 +70555,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70615,7 +70615,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70675,7 +70675,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70735,7 +70735,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70795,7 +70795,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70855,7 +70855,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70915,7 +70915,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -70975,7 +70975,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71035,7 +71035,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71096,7 +71096,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71156,7 +71156,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71216,7 +71216,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71276,7 +71276,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71336,7 +71336,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71396,7 +71396,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71456,7 +71456,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71516,7 +71516,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71576,7 +71576,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71636,7 +71636,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71696,7 +71696,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71756,7 +71756,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71816,7 +71816,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71876,7 +71876,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71936,7 +71936,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -71996,7 +71996,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72056,7 +72056,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72116,7 +72116,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72176,7 +72176,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72236,7 +72236,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72296,7 +72296,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72356,7 +72356,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72416,7 +72416,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72476,7 +72476,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72536,7 +72536,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72596,7 +72596,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72656,7 +72656,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72716,7 +72716,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72776,7 +72776,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72836,7 +72836,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72896,7 +72896,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -72956,7 +72956,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73016,7 +73016,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73077,7 +73077,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73137,7 +73137,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73197,7 +73197,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73257,7 +73257,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73317,7 +73317,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73377,7 +73377,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73437,7 +73437,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73497,7 +73497,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73557,7 +73557,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73617,7 +73617,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73678,7 +73678,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73739,7 +73739,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73799,7 +73799,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73859,7 +73859,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73919,7 +73919,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -73979,7 +73979,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74039,7 +74039,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74099,7 +74099,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74159,7 +74159,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74219,7 +74219,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74279,7 +74279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74340,7 +74340,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74401,7 +74401,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74459,7 +74459,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74517,7 +74517,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74575,7 +74575,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74633,7 +74633,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74691,7 +74691,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74749,7 +74749,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74807,7 +74807,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74865,7 +74865,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74923,7 +74923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -74981,7 +74981,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75039,7 +75039,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75097,7 +75097,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75155,7 +75155,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75213,7 +75213,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75271,7 +75271,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75329,7 +75329,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75387,7 +75387,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75445,7 +75445,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75503,7 +75503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75561,7 +75561,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75619,7 +75619,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75677,7 +75677,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75735,7 +75735,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75793,7 +75793,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75851,7 +75851,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75909,7 +75909,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -75967,7 +75967,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76025,7 +76025,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76083,7 +76083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76141,7 +76141,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76199,7 +76199,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76257,7 +76257,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76315,7 +76315,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76373,7 +76373,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76431,7 +76431,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76489,7 +76489,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76547,7 +76547,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76605,7 +76605,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76663,7 +76663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76721,7 +76721,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76779,7 +76779,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76837,7 +76837,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76895,7 +76895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -76953,7 +76953,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77011,7 +77011,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77069,7 +77069,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77127,7 +77127,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77185,7 +77185,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77243,7 +77243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77301,7 +77301,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77359,7 +77359,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77417,7 +77417,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77475,7 +77475,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77533,7 +77533,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77591,7 +77591,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77649,7 +77649,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77707,7 +77707,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77765,7 +77765,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77823,7 +77823,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77881,7 +77881,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77939,7 +77939,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -77997,7 +77997,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78055,7 +78055,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78113,7 +78113,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78171,7 +78171,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78229,7 +78229,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78287,7 +78287,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78345,7 +78345,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78403,7 +78403,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78461,7 +78461,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78519,7 +78519,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78577,7 +78577,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78635,7 +78635,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78693,7 +78693,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78751,7 +78751,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78809,7 +78809,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78867,7 +78867,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78925,7 +78925,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -78983,7 +78983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79041,7 +79041,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79099,7 +79099,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79157,7 +79157,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79215,7 +79215,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79273,7 +79273,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79331,7 +79331,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79389,7 +79389,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79447,7 +79447,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79505,7 +79505,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79563,7 +79563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79621,7 +79621,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79679,7 +79679,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79737,7 +79737,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79795,7 +79795,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79853,7 +79853,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79911,7 +79911,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -79969,7 +79969,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80027,7 +80027,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80085,7 +80085,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80143,7 +80143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80201,7 +80201,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80259,7 +80259,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80317,7 +80317,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80375,7 +80375,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80433,7 +80433,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80491,7 +80491,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80549,7 +80549,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80607,7 +80607,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80665,7 +80665,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80723,7 +80723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80781,7 +80781,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80839,7 +80839,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80897,7 +80897,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -80955,7 +80955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81013,7 +81013,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81071,7 +81071,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81129,7 +81129,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81187,7 +81187,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81245,7 +81245,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81303,7 +81303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81361,7 +81361,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81419,7 +81419,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81477,7 +81477,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81535,7 +81535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81593,7 +81593,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81651,7 +81651,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81709,7 +81709,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81767,7 +81767,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81825,7 +81825,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81883,7 +81883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81941,7 +81941,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -81999,7 +81999,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82057,7 +82057,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82115,7 +82115,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82173,7 +82173,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82231,7 +82231,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82289,7 +82289,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82347,7 +82347,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82405,7 +82405,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82463,7 +82463,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82521,7 +82521,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82579,7 +82579,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82637,7 +82637,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82695,7 +82695,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82753,7 +82753,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82811,7 +82811,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82869,7 +82869,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82927,7 +82927,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -82985,7 +82985,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83043,7 +83043,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83101,7 +83101,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83159,7 +83159,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83217,7 +83217,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83275,7 +83275,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83333,7 +83333,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83391,7 +83391,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83449,7 +83449,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83507,7 +83507,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83565,7 +83565,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83623,7 +83623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83681,7 +83681,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83739,7 +83739,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83797,7 +83797,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83855,7 +83855,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83913,7 +83913,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -83971,7 +83971,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84029,7 +84029,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84087,7 +84087,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84145,7 +84145,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84203,7 +84203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84261,7 +84261,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84319,7 +84319,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84377,7 +84377,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84435,7 +84435,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84493,7 +84493,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84551,7 +84551,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84609,7 +84609,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84667,7 +84667,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84725,7 +84725,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84783,7 +84783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84841,7 +84841,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84899,7 +84899,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -84957,7 +84957,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85015,7 +85015,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85073,7 +85073,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85131,7 +85131,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85189,7 +85189,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85247,7 +85247,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85305,7 +85305,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85363,7 +85363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85421,7 +85421,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85479,7 +85479,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85537,7 +85537,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85595,7 +85595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85653,7 +85653,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85711,7 +85711,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85769,7 +85769,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85827,7 +85827,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85885,7 +85885,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -85943,7 +85943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86001,7 +86001,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86059,7 +86059,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86117,7 +86117,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86175,7 +86175,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86233,7 +86233,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86291,7 +86291,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86349,7 +86349,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86407,7 +86407,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86465,7 +86465,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86523,7 +86523,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86581,7 +86581,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86639,7 +86639,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86697,7 +86697,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86755,7 +86755,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86813,7 +86813,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86871,7 +86871,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86929,7 +86929,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -86987,7 +86987,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87045,7 +87045,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87103,7 +87103,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87161,7 +87161,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87219,7 +87219,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87277,7 +87277,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87335,7 +87335,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87393,7 +87393,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87451,7 +87451,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87509,7 +87509,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87567,7 +87567,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87625,7 +87625,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87683,7 +87683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87741,7 +87741,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87799,7 +87799,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87857,7 +87857,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87915,7 +87915,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -87973,7 +87973,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88031,7 +88031,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88089,7 +88089,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88147,7 +88147,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88205,7 +88205,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88263,7 +88263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88321,7 +88321,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88379,7 +88379,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88437,7 +88437,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88495,7 +88495,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88553,7 +88553,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88611,7 +88611,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88669,7 +88669,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88727,7 +88727,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88785,7 +88785,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88843,7 +88843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88901,7 +88901,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -88959,7 +88959,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89017,7 +89017,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89075,7 +89075,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89133,7 +89133,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89191,7 +89191,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89249,7 +89249,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89307,7 +89307,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89365,7 +89365,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89423,7 +89423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89481,7 +89481,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89539,7 +89539,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89597,7 +89597,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89655,7 +89655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89713,7 +89713,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89771,7 +89771,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89829,7 +89829,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89887,7 +89887,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -89945,7 +89945,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90003,7 +90003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90061,7 +90061,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90119,7 +90119,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90177,7 +90177,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90235,7 +90235,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90293,7 +90293,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90351,7 +90351,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90409,7 +90409,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90467,7 +90467,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90525,7 +90525,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90583,7 +90583,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90641,7 +90641,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90699,7 +90699,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90757,7 +90757,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90815,7 +90815,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90873,7 +90873,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90931,7 +90931,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -90989,7 +90989,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91047,7 +91047,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91105,7 +91105,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91163,7 +91163,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91221,7 +91221,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91279,7 +91279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91337,7 +91337,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91395,7 +91395,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91453,7 +91453,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91511,7 +91511,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91569,7 +91569,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91627,7 +91627,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91685,7 +91685,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91743,7 +91743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91800,7 +91800,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91857,7 +91857,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91914,7 +91914,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -91971,7 +91971,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92028,7 +92028,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92085,7 +92085,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92142,7 +92142,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92199,7 +92199,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92256,7 +92256,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92313,7 +92313,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92370,7 +92370,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92427,7 +92427,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92484,7 +92484,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92541,7 +92541,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92598,7 +92598,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92655,7 +92655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92712,7 +92712,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92769,7 +92769,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92824,7 +92824,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92883,7 +92883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -92943,7 +92943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93003,7 +93003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93063,7 +93063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93123,7 +93123,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93183,7 +93183,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93243,7 +93243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93303,7 +93303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93363,7 +93363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93423,7 +93423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93483,7 +93483,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93543,7 +93543,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93603,7 +93603,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93663,7 +93663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93723,7 +93723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93783,7 +93783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93843,7 +93843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93903,7 +93903,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -93963,7 +93963,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94023,7 +94023,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94083,7 +94083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94143,7 +94143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94203,7 +94203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94263,7 +94263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94323,7 +94323,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94383,7 +94383,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94443,7 +94443,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94503,7 +94503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94563,7 +94563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94623,7 +94623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94683,7 +94683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94743,7 +94743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94803,7 +94803,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94863,7 +94863,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94923,7 +94923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -94983,7 +94983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95043,7 +95043,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95103,7 +95103,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95163,7 +95163,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95223,7 +95223,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95283,7 +95283,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95343,7 +95343,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95403,7 +95403,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95463,7 +95463,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95523,7 +95523,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95583,7 +95583,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95643,7 +95643,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95703,7 +95703,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95763,7 +95763,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95823,7 +95823,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95883,7 +95883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -95943,7 +95943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96003,7 +96003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96063,7 +96063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96123,7 +96123,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96183,7 +96183,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96243,7 +96243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96303,7 +96303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96363,7 +96363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96423,7 +96423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96483,7 +96483,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96543,7 +96543,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96603,7 +96603,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96663,7 +96663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96723,7 +96723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96783,7 +96783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96843,7 +96843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96903,7 +96903,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -96963,7 +96963,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97023,7 +97023,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97083,7 +97083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97143,7 +97143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97203,7 +97203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97263,7 +97263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97323,7 +97323,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97383,7 +97383,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97443,7 +97443,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97503,7 +97503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97563,7 +97563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97623,7 +97623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97683,7 +97683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97743,7 +97743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97803,7 +97803,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97863,7 +97863,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97923,7 +97923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -97983,7 +97983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98042,7 +98042,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98102,7 +98102,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98162,7 +98162,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98221,7 +98221,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98281,7 +98281,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98341,7 +98341,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98401,7 +98401,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98461,7 +98461,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98521,7 +98521,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98580,7 +98580,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98640,7 +98640,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98700,7 +98700,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98760,7 +98760,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98820,7 +98820,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98879,7 +98879,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98939,7 +98939,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -98999,7 +98999,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99059,7 +99059,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99119,7 +99119,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99179,7 +99179,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99238,7 +99238,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99297,7 +99297,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99357,7 +99357,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99417,7 +99417,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99476,7 +99476,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99535,7 +99535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99595,7 +99595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99655,7 +99655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99715,7 +99715,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99775,7 +99775,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99835,7 +99835,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99895,7 +99895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -99955,7 +99955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100009,7 +100009,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100063,7 +100063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100117,7 +100117,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100171,7 +100171,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100225,7 +100225,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100279,7 +100279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100333,7 +100333,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100387,7 +100387,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100441,7 +100441,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100499,7 +100499,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100572,7 +100572,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100646,7 +100646,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100719,7 +100719,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100793,7 +100793,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100866,7 +100866,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -100939,7 +100939,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101012,7 +101012,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101085,7 +101085,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101158,7 +101158,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101230,7 +101230,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101302,7 +101302,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101375,7 +101375,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101448,7 +101448,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101521,7 +101521,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101594,7 +101594,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101668,7 +101668,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101740,7 +101740,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101814,7 +101814,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101886,7 +101886,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -101959,7 +101959,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102031,7 +102031,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102103,7 +102103,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102175,7 +102175,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102247,7 +102247,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102320,7 +102320,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102392,7 +102392,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102464,7 +102464,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102536,7 +102536,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102609,7 +102609,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102682,7 +102682,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102755,7 +102755,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102827,7 +102827,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102900,7 +102900,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -102973,7 +102973,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103031,7 +103031,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103097,7 +103097,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103163,7 +103163,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103229,7 +103229,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103295,7 +103295,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103361,7 +103361,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103437,7 +103437,7 @@ { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103495,7 +103495,7 @@ { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103555,7 +103555,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed", @@ -103621,7 +103621,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed", @@ -103687,7 +103687,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103753,7 +103753,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103819,7 +103819,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "removed", @@ -103895,7 +103895,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -103971,7 +103971,7 @@ { "@timestamp": "2017-12-07T12:21:20.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104028,7 +104028,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104087,7 +104087,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104146,7 +104146,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104205,7 +104205,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104264,7 +104264,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104323,7 +104323,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104382,7 +104382,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104441,7 +104441,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104500,7 +104500,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104559,7 +104559,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104618,7 +104618,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104677,7 +104677,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104736,7 +104736,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104795,7 +104795,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104854,7 +104854,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104913,7 +104913,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -104972,7 +104972,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105031,7 +105031,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105090,7 +105090,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105149,7 +105149,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105208,7 +105208,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105267,7 +105267,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105326,7 +105326,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105385,7 +105385,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105444,7 +105444,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105503,7 +105503,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105562,7 +105562,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105621,7 +105621,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105680,7 +105680,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105739,7 +105739,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105798,7 +105798,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105857,7 +105857,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105916,7 +105916,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -105975,7 +105975,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106034,7 +106034,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106093,7 +106093,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106152,7 +106152,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106211,7 +106211,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106270,7 +106270,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106329,7 +106329,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106388,7 +106388,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106447,7 +106447,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106506,7 +106506,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106565,7 +106565,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106624,7 +106624,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106683,7 +106683,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106742,7 +106742,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106801,7 +106801,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106860,7 +106860,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106919,7 +106919,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -106978,7 +106978,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107037,7 +107037,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107096,7 +107096,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107155,7 +107155,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107214,7 +107214,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107273,7 +107273,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107332,7 +107332,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107385,7 +107385,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107439,7 +107439,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107493,7 +107493,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107546,7 +107546,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107599,7 +107599,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107652,7 +107652,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107705,7 +107705,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107758,7 +107758,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107811,7 +107811,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107864,7 +107864,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107917,7 +107917,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -107976,7 +107976,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108052,7 +108052,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108105,7 +108105,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108159,7 +108159,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108213,7 +108213,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108266,7 +108266,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108319,7 +108319,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108372,7 +108372,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108425,7 +108425,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108478,7 +108478,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108531,7 +108531,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108584,7 +108584,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108637,7 +108637,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108696,7 +108696,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108772,7 +108772,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108838,7 +108838,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108904,7 +108904,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -108970,7 +108970,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109036,7 +109036,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109102,7 +109102,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109168,7 +109168,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109234,7 +109234,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109300,7 +109300,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109366,7 +109366,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109432,7 +109432,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109498,7 +109498,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109564,7 +109564,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109630,7 +109630,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109696,7 +109696,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109762,7 +109762,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109828,7 +109828,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109894,7 +109894,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -109960,7 +109960,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110026,7 +110026,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110092,7 +110092,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110158,7 +110158,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110224,7 +110224,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110290,7 +110290,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110356,7 +110356,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110422,7 +110422,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110488,7 +110488,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110554,7 +110554,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110620,7 +110620,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110686,7 +110686,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110752,7 +110752,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110818,7 +110818,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110877,7 +110877,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110936,7 +110936,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -110995,7 +110995,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111053,7 +111053,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111112,7 +111112,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111171,7 +111171,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111229,7 +111229,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111287,7 +111287,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111346,7 +111346,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111405,7 +111405,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111464,7 +111464,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111522,7 +111522,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111580,7 +111580,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111639,7 +111639,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111698,7 +111698,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111757,7 +111757,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111817,7 +111817,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111875,7 +111875,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111935,7 +111935,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -111994,7 +111994,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112054,7 +112054,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112114,7 +112114,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112173,7 +112173,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112232,7 +112232,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112290,7 +112290,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112348,7 +112348,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112408,7 +112408,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112467,7 +112467,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112526,7 +112526,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112585,7 +112585,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112643,7 +112643,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112702,7 +112702,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112760,7 +112760,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112819,7 +112819,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112878,7 +112878,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112937,7 +112937,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -112996,7 +112996,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113055,7 +113055,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113115,7 +113115,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113174,7 +113174,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113233,7 +113233,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113292,7 +113292,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113350,7 +113350,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113409,7 +113409,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113467,7 +113467,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113527,7 +113527,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113587,7 +113587,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113645,7 +113645,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113704,7 +113704,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113762,7 +113762,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113822,7 +113822,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113881,7 +113881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113941,7 +113941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -113999,7 +113999,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114059,7 +114059,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114119,7 +114119,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114178,7 +114178,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114236,7 +114236,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114296,7 +114296,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114355,7 +114355,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114415,7 +114415,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114474,7 +114474,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114533,7 +114533,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114592,7 +114592,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114651,7 +114651,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114710,7 +114710,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114769,7 +114769,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114828,7 +114828,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114887,7 +114887,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -114947,7 +114947,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115007,7 +115007,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115067,7 +115067,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115127,7 +115127,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115185,7 +115185,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115245,7 +115245,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115304,7 +115304,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115363,7 +115363,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115423,7 +115423,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115483,7 +115483,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115542,7 +115542,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115601,7 +115601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115661,7 +115661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115721,7 +115721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115780,7 +115780,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115840,7 +115840,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115899,7 +115899,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -115959,7 +115959,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116018,7 +116018,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116078,7 +116078,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116138,7 +116138,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116196,7 +116196,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116256,7 +116256,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116316,7 +116316,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116376,7 +116376,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116436,7 +116436,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116495,7 +116495,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116554,7 +116554,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116613,7 +116613,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116671,7 +116671,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116729,7 +116729,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116787,7 +116787,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116847,7 +116847,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116906,7 +116906,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -116964,7 +116964,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117022,7 +117022,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117081,7 +117081,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117140,7 +117140,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117200,7 +117200,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117259,7 +117259,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117319,7 +117319,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117378,7 +117378,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117437,7 +117437,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117497,7 +117497,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117557,7 +117557,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117616,7 +117616,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117676,7 +117676,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117736,7 +117736,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117795,7 +117795,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117853,7 +117853,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117912,7 +117912,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -117971,7 +117971,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118031,7 +118031,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118090,7 +118090,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118150,7 +118150,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118209,7 +118209,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118268,7 +118268,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118328,7 +118328,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118388,7 +118388,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118448,7 +118448,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118508,7 +118508,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118567,7 +118567,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118626,7 +118626,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118686,7 +118686,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118746,7 +118746,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118806,7 +118806,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118866,7 +118866,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118926,7 +118926,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -118986,7 +118986,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119046,7 +119046,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119106,7 +119106,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119166,7 +119166,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119226,7 +119226,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119286,7 +119286,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119346,7 +119346,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119406,7 +119406,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119466,7 +119466,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119526,7 +119526,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119586,7 +119586,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119646,7 +119646,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119706,7 +119706,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119766,7 +119766,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119826,7 +119826,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119886,7 +119886,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -119946,7 +119946,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120005,7 +120005,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120065,7 +120065,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120125,7 +120125,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120185,7 +120185,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120245,7 +120245,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120305,7 +120305,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120365,7 +120365,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120425,7 +120425,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120485,7 +120485,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120545,7 +120545,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120604,7 +120604,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120664,7 +120664,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120724,7 +120724,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120784,7 +120784,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120844,7 +120844,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120904,7 +120904,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -120964,7 +120964,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121024,7 +121024,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121084,7 +121084,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121144,7 +121144,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121204,7 +121204,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121264,7 +121264,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121324,7 +121324,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121384,7 +121384,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121443,7 +121443,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121503,7 +121503,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121563,7 +121563,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121623,7 +121623,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121683,7 +121683,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121743,7 +121743,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121803,7 +121803,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121863,7 +121863,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121923,7 +121923,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -121983,7 +121983,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122043,7 +122043,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122103,7 +122103,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122162,7 +122162,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122222,7 +122222,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122282,7 +122282,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122342,7 +122342,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122402,7 +122402,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122462,7 +122462,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122522,7 +122522,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122582,7 +122582,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122642,7 +122642,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122702,7 +122702,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122762,7 +122762,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122822,7 +122822,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122882,7 +122882,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -122942,7 +122942,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123002,7 +123002,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123062,7 +123062,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123122,7 +123122,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123182,7 +123182,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123242,7 +123242,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123302,7 +123302,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123362,7 +123362,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123422,7 +123422,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123482,7 +123482,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123542,7 +123542,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123602,7 +123602,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123662,7 +123662,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123722,7 +123722,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123782,7 +123782,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123842,7 +123842,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123902,7 +123902,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -123962,7 +123962,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124022,7 +124022,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124082,7 +124082,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124142,7 +124142,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124202,7 +124202,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124262,7 +124262,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124322,7 +124322,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124382,7 +124382,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124442,7 +124442,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124502,7 +124502,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124562,7 +124562,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124622,7 +124622,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124682,7 +124682,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124742,7 +124742,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124802,7 +124802,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124862,7 +124862,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124922,7 +124922,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -124982,7 +124982,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125042,7 +125042,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125101,7 +125101,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125161,7 +125161,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125221,7 +125221,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125281,7 +125281,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125341,7 +125341,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125401,7 +125401,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125461,7 +125461,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125521,7 +125521,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125581,7 +125581,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125641,7 +125641,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125701,7 +125701,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125761,7 +125761,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125821,7 +125821,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125881,7 +125881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -125941,7 +125941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126001,7 +126001,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126061,7 +126061,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126121,7 +126121,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126181,7 +126181,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126241,7 +126241,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126301,7 +126301,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126361,7 +126361,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126421,7 +126421,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126481,7 +126481,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126541,7 +126541,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126601,7 +126601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126661,7 +126661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126721,7 +126721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126781,7 +126781,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126841,7 +126841,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126901,7 +126901,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -126961,7 +126961,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127021,7 +127021,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127081,7 +127081,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127141,7 +127141,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127201,7 +127201,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127261,7 +127261,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127321,7 +127321,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127381,7 +127381,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127441,7 +127441,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127501,7 +127501,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127561,7 +127561,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127621,7 +127621,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127681,7 +127681,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127741,7 +127741,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127801,7 +127801,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127861,7 +127861,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127921,7 +127921,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -127981,7 +127981,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128041,7 +128041,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128101,7 +128101,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128161,7 +128161,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128221,7 +128221,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128281,7 +128281,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128341,7 +128341,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128401,7 +128401,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128461,7 +128461,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128521,7 +128521,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128581,7 +128581,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128641,7 +128641,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128701,7 +128701,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128761,7 +128761,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128821,7 +128821,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128881,7 +128881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -128941,7 +128941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129001,7 +129001,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129061,7 +129061,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129121,7 +129121,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129181,7 +129181,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129241,7 +129241,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129301,7 +129301,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129361,7 +129361,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129421,7 +129421,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129481,7 +129481,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129541,7 +129541,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129601,7 +129601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129661,7 +129661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129721,7 +129721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129781,7 +129781,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129841,7 +129841,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129901,7 +129901,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -129960,7 +129960,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130019,7 +130019,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130078,7 +130078,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130137,7 +130137,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130197,7 +130197,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130257,7 +130257,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130317,7 +130317,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130377,7 +130377,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130437,7 +130437,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130497,7 +130497,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130557,7 +130557,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130617,7 +130617,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130677,7 +130677,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130737,7 +130737,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130797,7 +130797,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130857,7 +130857,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130917,7 +130917,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -130977,7 +130977,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131037,7 +131037,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131097,7 +131097,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131157,7 +131157,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131217,7 +131217,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131277,7 +131277,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131337,7 +131337,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131397,7 +131397,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131457,7 +131457,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131517,7 +131517,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131577,7 +131577,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131637,7 +131637,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131697,7 +131697,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131757,7 +131757,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131817,7 +131817,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131877,7 +131877,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131937,7 +131937,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -131997,7 +131997,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132057,7 +132057,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132117,7 +132117,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132177,7 +132177,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132237,7 +132237,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132296,7 +132296,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132356,7 +132356,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132416,7 +132416,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132476,7 +132476,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132536,7 +132536,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132596,7 +132596,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132656,7 +132656,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132716,7 +132716,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132776,7 +132776,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132834,7 +132834,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132894,7 +132894,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -132954,7 +132954,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133014,7 +133014,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133074,7 +133074,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133134,7 +133134,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133194,7 +133194,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133253,7 +133253,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133312,7 +133312,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133372,7 +133372,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133432,7 +133432,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133492,7 +133492,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133551,7 +133551,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133610,7 +133610,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133670,7 +133670,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133730,7 +133730,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", @@ -133789,7 +133789,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "added", diff --git a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml index ded706ee457..dade012b92b 100644 --- a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml +++ b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: target_field: "json" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index e3fca7d1dcf..6ec301ada29 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index 5dd0e040435..7f0fb9880a6 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -38,7 +38,7 @@ An example event for `result` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index e01028f3bf2..c1748470cc1 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from Osquery with Elastic Agent. type: integration From 41c52f46b76932040b04110e3c2465911e9dbb1f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:39 +0530 Subject: [PATCH 085/137] [panw] - update ECS to 8.7.0 from 8.6.0 This updates the panw integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/panw --- packages/panw/_dev/build/build.yml | 2 +- packages/panw/changelog.yml | 5 + ...os-authentication-sample.log-expected.json | 2 +- ...panw-panos-config-sample.log-expected.json | 4 +- ...correlated-events-sample.log-expected.json | 2 +- ...-panos-decryption-sample.log-expected.json | 4 +- ...nos-globalprotect-sample.log-expected.json | 24 +- ...st-panw-panos-gtp-sample.log-expected.json | 2 +- ...nw-panos-hipmatch-sample.log-expected.json | 4 +- ...w-panos-inc-other-sample.log-expected.json | 68 +-- ...-panos-inc-threat-sample.log-expected.json | 206 ++++----- ...panos-inc-traffic-sample.log-expected.json | 200 ++++----- ...-panw-panos-inc-traffic.json-expected.json | 6 +- ...panw-panos-ip-tag-sample.log-expected.json | 2 +- ...t-panw-panos-sctp-sample.log-expected.json | 2 +- ...panw-panos-system-sample.log-expected.json | 4 +- ...panw-panos-threat-sample.log-expected.json | 374 ++++++++-------- ...anw-panos-traffic-sample.log-expected.json | 400 +++++++++--------- ...tunnel-inspection-sample.log-expected.json | 2 +- ...panw-panos-userid-sample.log-expected.json | 26 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../panw/data_stream/panos/sample_event.json | 2 +- packages/panw/docs/README.md | 4 +- packages/panw/manifest.yml | 2 +- 24 files changed, 677 insertions(+), 672 deletions(-) diff --git a/packages/panw/_dev/build/build.yml b/packages/panw/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/panw/_dev/build/build.yml +++ b/packages/panw/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 5d893ef52e8..36995ac3a30 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "3.5.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json index bc4c505a7ea..ae2042e2a76 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000-04:30", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json index 95afed5e626..eedb60dcd3c 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-25T20:25:39.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-set", @@ -60,7 +60,7 @@ { "@timestamp": "2021-10-25T20:25:19.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-set", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json index c1d7f8af995..d2b865b312b 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-02:30", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json index 15f6bf1718a..e8bc33de476 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -220,7 +220,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json index 1a6ff057fa3..ce0836aa3dc 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-24T11:30:00.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -84,7 +84,7 @@ { "@timestamp": "2021-03-24T11:29:49.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -184,7 +184,7 @@ { "@timestamp": "2021-04-07T17:41:30.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -274,7 +274,7 @@ { "@timestamp": "2021-04-07T17:41:29.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ { "@timestamp": "2021-04-07T17:41:28.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -454,7 +454,7 @@ { "@timestamp": "2021-03-02T09:55:39.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -541,7 +541,7 @@ { "@timestamp": "2021-03-02T11:01:02.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -639,7 +639,7 @@ { "@timestamp": "2021-03-02T09:39:26.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -721,7 +721,7 @@ { "@timestamp": "2021-03-02T09:47:13.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -810,7 +810,7 @@ { "@timestamp": "2021-10-22T11:10:05.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -888,7 +888,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -964,7 +964,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json index 49276fea592..b1a705d06aa 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json index bff1568463c..9d6c328ad03 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-02T10:06:25.000-06:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-06:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 03e979cbbff..79f4304bb69 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2012-02-25T00:51:50.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-set", @@ -51,7 +51,7 @@ { "@timestamp": "2012-02-25T00:53:22.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-set", @@ -99,7 +99,7 @@ { "@timestamp": "2012-02-25T00:53:40.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-commit", @@ -146,7 +146,7 @@ { "@timestamp": "2012-02-25T00:53:53.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -186,7 +186,7 @@ { "@timestamp": "2012-02-25T00:53:56.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -226,7 +226,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -266,7 +266,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -306,7 +306,7 @@ { "@timestamp": "2012-02-25T00:57:17.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-edit", @@ -354,7 +354,7 @@ { "@timestamp": "2012-02-25T00:57:36.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-commit", @@ -401,7 +401,7 @@ { "@timestamp": "2012-02-25T00:57:49.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -441,7 +441,7 @@ { "@timestamp": "2012-02-25T00:57:52.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -481,7 +481,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -521,7 +521,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -561,7 +561,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -601,7 +601,7 @@ { "@timestamp": "2012-02-25T00:58:14.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -641,7 +641,7 @@ { "@timestamp": "2012-02-25T00:59:36.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -681,7 +681,7 @@ { "@timestamp": "2012-04-10T03:11:57.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -721,7 +721,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -761,7 +761,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -801,7 +801,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -841,7 +841,7 @@ { "@timestamp": "2012-04-10T03:06:11.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -881,7 +881,7 @@ { "@timestamp": "2012-04-10T03:06:00.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -921,7 +921,7 @@ { "@timestamp": "2012-04-09T09:02:53.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -961,7 +961,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1001,7 +1001,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1041,7 +1041,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1081,7 +1081,7 @@ { "@timestamp": "2012-04-09T09:00:55.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1121,7 +1121,7 @@ { "@timestamp": "2012-04-09T09:00:52.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1161,7 +1161,7 @@ { "@timestamp": "2012-04-09T09:00:35.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-commit", @@ -1208,7 +1208,7 @@ { "@timestamp": "2012-04-09T09:00:20.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "cmd-edit", @@ -1256,7 +1256,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1296,7 +1296,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1336,7 +1336,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1395,7 +1395,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index 91c616a9897..33486028a05 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -21,7 +21,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -189,7 +189,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -358,7 +358,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -527,7 +527,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -696,7 +696,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -865,7 +865,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1034,7 +1034,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1370,7 +1370,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1538,7 +1538,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1707,7 +1707,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1874,7 +1874,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2042,7 +2042,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2211,7 +2211,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2378,7 +2378,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2546,7 +2546,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2714,7 +2714,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2881,7 +2881,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3048,7 +3048,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3215,7 +3215,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3383,7 +3383,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3550,7 +3550,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3718,7 +3718,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3885,7 +3885,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4052,7 +4052,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4219,7 +4219,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4386,7 +4386,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4553,7 +4553,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4720,7 +4720,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4887,7 +4887,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5054,7 +5054,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5221,7 +5221,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5388,7 +5388,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5555,7 +5555,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5722,7 +5722,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5889,7 +5889,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6055,7 +6055,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6222,7 +6222,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6388,7 +6388,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6554,7 +6554,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6720,7 +6720,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6887,7 +6887,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7053,7 +7053,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7211,7 +7211,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -7372,7 +7372,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7537,7 +7537,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7702,7 +7702,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7868,7 +7868,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8033,7 +8033,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8198,7 +8198,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8364,7 +8364,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8530,7 +8530,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8696,7 +8696,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8854,7 +8854,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -9021,7 +9021,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9179,7 +9179,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -9338,7 +9338,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -9505,7 +9505,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9663,7 +9663,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -9822,7 +9822,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -9989,7 +9989,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10155,7 +10155,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10321,7 +10321,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10479,7 +10479,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -10646,7 +10646,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10811,7 +10811,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -10963,7 +10963,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11119,7 +11119,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11282,7 +11282,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11434,7 +11434,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11597,7 +11597,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11749,7 +11749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -11905,7 +11905,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -12064,7 +12064,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -12220,7 +12220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -12376,7 +12376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -12532,7 +12532,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -12695,7 +12695,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -12847,7 +12847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13003,7 +13003,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13159,7 +13159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13315,7 +13315,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13471,7 +13471,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13627,7 +13627,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13783,7 +13783,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -13939,7 +13939,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14095,7 +14095,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14251,7 +14251,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14407,7 +14407,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14563,7 +14563,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14726,7 +14726,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -14878,7 +14878,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15034,7 +15034,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15197,7 +15197,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15349,7 +15349,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15505,7 +15505,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15661,7 +15661,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15817,7 +15817,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -15973,7 +15973,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -16129,7 +16129,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "data_match", @@ -16285,7 +16285,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -16445,7 +16445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "file_match", @@ -16603,7 +16603,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index 7d67da91abd..e779b39c0e1 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -143,7 +143,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -264,7 +264,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -385,7 +385,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -506,7 +506,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -627,7 +627,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -748,7 +748,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -869,7 +869,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -990,7 +990,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1111,7 +1111,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1232,7 +1232,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1353,7 +1353,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1474,7 +1474,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1595,7 +1595,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -1716,7 +1716,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1837,7 +1837,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1958,7 +1958,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2079,7 +2079,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2200,7 +2200,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2321,7 +2321,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2442,7 +2442,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2563,7 +2563,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -2684,7 +2684,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2805,7 +2805,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2926,7 +2926,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3047,7 +3047,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3168,7 +3168,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3289,7 +3289,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3410,7 +3410,7 @@ "port": 13069 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3531,7 +3531,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3652,7 +3652,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -3773,7 +3773,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3894,7 +3894,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4015,7 +4015,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4136,7 +4136,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4257,7 +4257,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4378,7 +4378,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4499,7 +4499,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4620,7 +4620,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4741,7 +4741,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -4850,7 +4850,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -4971,7 +4971,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5080,7 +5080,7 @@ "port": 40026 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5201,7 +5201,7 @@ "port": 40029 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5322,7 +5322,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5431,7 +5431,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -5552,7 +5552,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -5673,7 +5673,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -5794,7 +5794,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -5915,7 +5915,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6036,7 +6036,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6157,7 +6157,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6278,7 +6278,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6399,7 +6399,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6520,7 +6520,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6641,7 +6641,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -6762,7 +6762,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -6883,7 +6883,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7004,7 +7004,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7125,7 +7125,7 @@ "port": 40043 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7246,7 +7246,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7367,7 +7367,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7488,7 +7488,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7609,7 +7609,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7730,7 +7730,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7851,7 +7851,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -7972,7 +7972,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8093,7 +8093,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8214,7 +8214,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8335,7 +8335,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8456,7 +8456,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8577,7 +8577,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8698,7 +8698,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -8819,7 +8819,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8940,7 +8940,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -9061,7 +9061,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -9182,7 +9182,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -9293,7 +9293,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9414,7 +9414,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9535,7 +9535,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9646,7 +9646,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9757,7 +9757,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9878,7 +9878,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -9999,7 +9999,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10120,7 +10120,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10241,7 +10241,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10362,7 +10362,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10473,7 +10473,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10594,7 +10594,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10715,7 +10715,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10836,7 +10836,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -10957,7 +10957,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11078,7 +11078,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11199,7 +11199,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11320,7 +11320,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11441,7 +11441,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11552,7 +11552,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11673,7 +11673,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11794,7 +11794,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -11915,7 +11915,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index b070bc05789..e06fdf0f8a0 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -191,7 +191,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -364,7 +364,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json index aece090d998..0fe60f339c9 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000+01:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json index 5330f9f9faf..554d980490f 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json index ce4751b0534..d929ca4f45b 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-26T15:05:03.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -53,7 +53,7 @@ { "@timestamp": "2021-10-26T14:49:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json index 17c4d111211..8a8970ca042 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json @@ -25,7 +25,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -185,7 +185,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -345,7 +345,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -505,7 +505,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -665,7 +665,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -825,7 +825,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -985,7 +985,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1145,7 +1145,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1305,7 +1305,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1465,7 +1465,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1625,7 +1625,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1785,7 +1785,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -1945,7 +1945,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2105,7 +2105,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2265,7 +2265,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2425,7 +2425,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2585,7 +2585,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2745,7 +2745,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -2905,7 +2905,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3065,7 +3065,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3225,7 +3225,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3385,7 +3385,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3545,7 +3545,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3705,7 +3705,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -3865,7 +3865,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4025,7 +4025,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4185,7 +4185,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4345,7 +4345,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4505,7 +4505,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4665,7 +4665,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4825,7 +4825,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -4985,7 +4985,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5145,7 +5145,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5305,7 +5305,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5465,7 +5465,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5625,7 +5625,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5785,7 +5785,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -5945,7 +5945,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6105,7 +6105,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6265,7 +6265,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6425,7 +6425,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6585,7 +6585,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6745,7 +6745,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -6905,7 +6905,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7065,7 +7065,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7225,7 +7225,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7385,7 +7385,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7545,7 +7545,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7705,7 +7705,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -7865,7 +7865,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8025,7 +8025,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8185,7 +8185,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8345,7 +8345,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8505,7 +8505,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8665,7 +8665,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8825,7 +8825,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -8985,7 +8985,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9145,7 +9145,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9305,7 +9305,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9465,7 +9465,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9625,7 +9625,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9785,7 +9785,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -9945,7 +9945,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10105,7 +10105,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10265,7 +10265,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10425,7 +10425,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10585,7 +10585,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10745,7 +10745,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -10905,7 +10905,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11065,7 +11065,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11225,7 +11225,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11385,7 +11385,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11545,7 +11545,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11705,7 +11705,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -11865,7 +11865,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -12025,7 +12025,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "url_filtering", @@ -12184,7 +12184,7 @@ "port": 36524 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "virus_detected", @@ -12369,7 +12369,7 @@ "port": 36524 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "virus_detected", @@ -12554,7 +12554,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -12738,7 +12738,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -12919,7 +12919,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -13103,7 +13103,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -13287,7 +13287,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -13471,7 +13471,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -13655,7 +13655,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -13836,7 +13836,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14017,7 +14017,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14198,7 +14198,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14382,7 +14382,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14566,7 +14566,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14750,7 +14750,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -14936,7 +14936,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -15109,7 +15109,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -15298,7 +15298,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -15471,7 +15471,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -15657,7 +15657,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -15830,7 +15830,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16019,7 +16019,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16192,7 +16192,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16381,7 +16381,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16554,7 +16554,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16743,7 +16743,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -16916,7 +16916,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -17105,7 +17105,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -17278,7 +17278,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -17467,7 +17467,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -17645,7 +17645,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -17818,7 +17818,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18007,7 +18007,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18180,7 +18180,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18369,7 +18369,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18542,7 +18542,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18731,7 +18731,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -18904,7 +18904,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19090,7 +19090,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19263,7 +19263,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19452,7 +19452,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19625,7 +19625,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19814,7 +19814,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -19987,7 +19987,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -20176,7 +20176,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -20349,7 +20349,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -20533,7 +20533,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -20722,7 +20722,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -20900,7 +20900,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21073,7 +21073,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21262,7 +21262,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21435,7 +21435,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21624,7 +21624,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21797,7 +21797,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -21986,7 +21986,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -22159,7 +22159,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -22345,7 +22345,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -22518,7 +22518,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -22702,7 +22702,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -22891,7 +22891,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23069,7 +23069,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23242,7 +23242,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23431,7 +23431,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23604,7 +23604,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23788,7 +23788,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -23977,7 +23977,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -24155,7 +24155,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -24328,7 +24328,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -24517,7 +24517,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -24695,7 +24695,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -24868,7 +24868,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25052,7 +25052,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25241,7 +25241,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25419,7 +25419,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25592,7 +25592,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25773,7 +25773,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -25959,7 +25959,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -26132,7 +26132,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -26321,7 +26321,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -26494,7 +26494,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -26675,7 +26675,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -26864,7 +26864,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27042,7 +27042,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27215,7 +27215,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27404,7 +27404,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27577,7 +27577,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27766,7 +27766,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -27939,7 +27939,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -28128,7 +28128,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -28301,7 +28301,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -28490,7 +28490,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -28663,7 +28663,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -28852,7 +28852,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29025,7 +29025,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29209,7 +29209,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29398,7 +29398,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29571,7 +29571,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29757,7 +29757,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -29930,7 +29930,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -30114,7 +30114,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -30303,7 +30303,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -30476,7 +30476,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -30665,7 +30665,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -30838,7 +30838,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31027,7 +31027,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31205,7 +31205,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31378,7 +31378,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31567,7 +31567,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31740,7 +31740,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -31929,7 +31929,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", @@ -32102,7 +32102,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "spyware_detected", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json index 055462f5fbb..60fc2eebb32 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -215,7 +215,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -398,7 +398,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -587,7 +587,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -770,7 +770,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -959,7 +959,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1148,7 +1148,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1331,7 +1331,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1520,7 +1520,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1709,7 +1709,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -1898,7 +1898,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2087,7 +2087,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2276,7 +2276,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2465,7 +2465,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2654,7 +2654,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -2843,7 +2843,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3026,7 +3026,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3215,7 +3215,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3404,7 +3404,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3593,7 +3593,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3776,7 +3776,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -3965,7 +3965,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -4154,7 +4154,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -4343,7 +4343,7 @@ "port": 4282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_dropped", @@ -4532,7 +4532,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_denied", @@ -4715,7 +4715,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4900,7 +4900,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -5086,7 +5086,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5275,7 +5275,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5464,7 +5464,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5647,7 +5647,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -5830,7 +5830,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6019,7 +6019,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6208,7 +6208,7 @@ "port": 4282 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6397,7 +6397,7 @@ "port": 17472 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6586,7 +6586,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6775,7 +6775,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -6964,7 +6964,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7153,7 +7153,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7342,7 +7342,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7531,7 +7531,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7720,7 +7720,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -7909,7 +7909,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8098,7 +8098,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8287,7 +8287,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8476,7 +8476,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8665,7 +8665,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -8854,7 +8854,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9043,7 +9043,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9232,7 +9232,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9411,7 +9411,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9600,7 +9600,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9789,7 +9789,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -9978,7 +9978,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10167,7 +10167,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10356,7 +10356,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10545,7 +10545,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10734,7 +10734,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -10923,7 +10923,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11112,7 +11112,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11301,7 +11301,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11490,7 +11490,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11679,7 +11679,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -11868,7 +11868,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -12057,7 +12057,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -12246,7 +12246,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -12435,7 +12435,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -12624,7 +12624,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -12813,7 +12813,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13002,7 +13002,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13191,7 +13191,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13380,7 +13380,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13569,7 +13569,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13758,7 +13758,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -13947,7 +13947,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -14136,7 +14136,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -14325,7 +14325,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -14514,7 +14514,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -14702,7 +14702,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -14890,7 +14890,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -15078,7 +15078,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -15266,7 +15266,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -15455,7 +15455,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -15644,7 +15644,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -15833,7 +15833,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16022,7 +16022,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16211,7 +16211,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16400,7 +16400,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16589,7 +16589,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16778,7 +16778,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -16967,7 +16967,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -17156,7 +17156,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -17345,7 +17345,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -17534,7 +17534,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -17723,7 +17723,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -17906,7 +17906,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -18095,7 +18095,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -18284,7 +18284,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -18473,7 +18473,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -18662,7 +18662,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -18850,7 +18850,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19027,7 +19027,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19200,7 +19200,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19377,7 +19377,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19554,7 +19554,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19722,7 +19722,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -19909,7 +19909,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -20087,7 +20087,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -20274,7 +20274,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -20461,7 +20461,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -20648,7 +20648,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -20834,7 +20834,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -21011,7 +21011,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -21189,7 +21189,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -21376,7 +21376,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -21554,7 +21554,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -21741,7 +21741,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -21914,7 +21914,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -22092,7 +22092,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -22279,7 +22279,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -22456,7 +22456,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -22633,7 +22633,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -22811,7 +22811,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -22999,7 +22999,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -23185,7 +23185,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -23363,7 +23363,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -23551,7 +23551,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -23737,7 +23737,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -23915,7 +23915,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -24093,7 +24093,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -24280,7 +24280,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -24457,7 +24457,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -24625,7 +24625,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -24812,7 +24812,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -24980,7 +24980,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -25167,7 +25167,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -25340,7 +25340,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -25518,7 +25518,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -25705,7 +25705,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -25882,7 +25882,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -26060,7 +26060,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -26248,7 +26248,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -26435,7 +26435,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -26613,7 +26613,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -26800,7 +26800,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -26968,7 +26968,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -27155,7 +27155,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -27332,7 +27332,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -27509,7 +27509,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -27682,7 +27682,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -27859,7 +27859,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -28037,7 +28037,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -28224,7 +28224,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -28410,7 +28410,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -28588,7 +28588,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -28775,7 +28775,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -28961,7 +28961,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -29139,7 +29139,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -29326,7 +29326,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -29513,7 +29513,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -29700,7 +29700,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -29887,7 +29887,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -30074,7 +30074,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -30260,7 +30260,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -30437,7 +30437,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -30615,7 +30615,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -30802,7 +30802,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -30980,7 +30980,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -31158,7 +31158,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -31345,7 +31345,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -31523,7 +31523,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -31710,7 +31710,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -31888,7 +31888,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -32075,7 +32075,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -32252,7 +32252,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -32425,7 +32425,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -32603,7 +32603,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -32790,7 +32790,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -32968,7 +32968,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -33155,7 +33155,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -33332,7 +33332,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -33509,7 +33509,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -33687,7 +33687,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -33874,7 +33874,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -34061,7 +34061,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -34247,7 +34247,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -34421,7 +34421,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -34608,7 +34608,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -34795,7 +34795,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -34981,7 +34981,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -35158,7 +35158,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -35335,7 +35335,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -35513,7 +35513,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -35700,7 +35700,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -35886,7 +35886,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -36063,7 +36063,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -36240,7 +36240,7 @@ "port": 30514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_terminated", @@ -36418,7 +36418,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -36605,7 +36605,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", @@ -36792,7 +36792,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json index 92f65241988..351969ab0fd 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json @@ -29,7 +29,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json index 08ded2bc59f..5d06e432791 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json @@ -6,7 +6,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -114,7 +114,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -210,7 +210,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -293,7 +293,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -459,7 +459,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -542,7 +542,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -638,7 +638,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -830,7 +830,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -924,7 +924,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1018,7 +1018,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1112,7 +1112,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index 2dbb4e206b2..8e9c03541b0 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Palo Alto Networks PAN-OS Logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: Palo Alto Networks diff --git a/packages/panw/data_stream/panos/sample_event.json b/packages/panw/data_stream/panos/sample_event.json index ec6892027c5..e1fd750bf6a 100644 --- a/packages/panw/data_stream/panos/sample_event.json +++ b/packages/panw/data_stream/panos/sample_event.json @@ -31,7 +31,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index fa3a6580162..f244c4b9362 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -62,7 +62,7 @@ An example event for `panos` looks as following: "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -284,7 +284,7 @@ An example event for `panos` looks as following: | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 829fe9cd4a6..97b25ced68f 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: "3.5.2" +version: "3.6.0" release: ga description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration From 12d3b1c5f0be286cbe44bbbb29b8c9c68dfb815e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:39 +0530 Subject: [PATCH 086/137] [panw_cortex_xdr] - update ECS to 8.7.0 from 8.6.0 This updates the panw_cortex_xdr integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/panw_cortex_xdr --- packages/panw_cortex_xdr/_dev/build/build.yml | 2 +- packages/panw_cortex_xdr/changelog.yml | 5 +++++ .../test/pipeline/test-panw-xdr-bioc.log-expected.json | 4 ++-- .../_dev/test/pipeline/test-panw-xdr.log-expected.json | 8 ++++---- .../alerts/elasticsearch/ingest_pipeline/default.yml | 2 +- .../panw_cortex_xdr/data_stream/alerts/sample_event.json | 2 +- packages/panw_cortex_xdr/docs/README.md | 2 +- packages/panw_cortex_xdr/manifest.yml | 2 +- 8 files changed, 16 insertions(+), 11 deletions(-) diff --git a/packages/panw_cortex_xdr/_dev/build/build.yml b/packages/panw_cortex_xdr/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/panw_cortex_xdr/_dev/build/build.yml +++ b/packages/panw_cortex_xdr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 01a0480faad..d2fa59c2d1f 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json index 4ac7799165c..bf5754de480 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-05-06T19:15:14.182Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DETECTED", @@ -608,7 +608,7 @@ { "@timestamp": "2020-05-06T19:15:14.182Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json index 2e6fe0b3443..56476f92e6f 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BLOCKED_9", @@ -124,7 +124,7 @@ { "@timestamp": "2020-02-21T08:36:19.588Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BLOCKED", @@ -217,7 +217,7 @@ { "@timestamp": "2022-07-23T04:07:14.982Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DETECTED", @@ -350,7 +350,7 @@ { "@timestamp": "2022-07-23T04:07:14.982Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 02da8ca0bf3..8e8ecf12a66 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Palo Alto XDR API. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: alert diff --git a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json index 32499a6eea5..b78f8a779d4 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/panw_cortex_xdr/docs/README.md b/packages/panw_cortex_xdr/docs/README.md index a92b4fceb26..9928a651ef2 100644 --- a/packages/panw_cortex_xdr/docs/README.md +++ b/packages/panw_cortex_xdr/docs/README.md @@ -28,7 +28,7 @@ An example event for `alerts` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index 967ae81e190..0d8df1069ac 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR -version: 1.7.1 +version: "1.8.0" release: ga description: Collect logs from Palo Alto Cortex XDR with Elastic Agent. type: integration From 23feb32d7203166706688b646b2033d0894a671f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:41 +0530 Subject: [PATCH 087/137] [pfsense] - update ECS to 8.7.0 from 8.6.0 This updates the pfsense integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/pfsense --- packages/pfsense/_dev/build/build.yml | 2 +- packages/pfsense/changelog.yml | 5 ++ .../pipeline/test-opensense.log-expected.json | 12 ++-- .../test-pfsense-bsd.log-expected.json | 38 ++++++------ .../test-pfsense-dhcp.log-expected.json | 58 +++++++++---------- .../test-pfsense-haproxy.log-expected.json | 14 ++--- .../test-pfsense-ipsec.log-expected.json | 50 ++++++++-------- .../test-pfsense-openvpn.log-expected.json | 24 ++++---- .../test-pfsense-phpfpm.log-expected.json | 6 +- .../test-pfsense-squid.log-expected.json | 5 +- .../test-pfsense-syslog.log-expected.json | 28 ++++----- .../test-pfsense-unbound.log-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pfsense/data_stream/log/sample_event.json | 2 +- packages/pfsense/docs/README.md | 2 +- packages/pfsense/manifest.yml | 2 +- 16 files changed, 130 insertions(+), 124 deletions(-) diff --git a/packages/pfsense/_dev/build/build.yml b/packages/pfsense/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/pfsense/_dev/build/build.yml +++ b/packages/pfsense/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index 219d380b28b..39d442d06de 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.4" changes: - description: Fix squid GROK pattern diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json index 888898a936f..a35e94d5e74 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -118,7 +118,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -203,7 +203,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DHCPDISCOVER", @@ -275,7 +275,7 @@ "type": "question" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -330,7 +330,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -422,7 +422,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json index 690619b7185..1bcc9b23414 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -129,7 +129,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -238,7 +238,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -338,7 +338,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -447,7 +447,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -556,7 +556,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -653,7 +653,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -751,7 +751,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -860,7 +860,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -969,7 +969,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1078,7 +1078,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1187,7 +1187,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1296,7 +1296,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1405,7 +1405,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1502,7 +1502,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -1602,7 +1602,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1710,7 +1710,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -1806,7 +1806,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -1894,7 +1894,7 @@ "ip": "10.100.15.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json index 0cede8a3230..92944b77b85 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json @@ -6,7 +6,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DHCPDISCOVER", @@ -67,7 +67,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DHCPOFFER", @@ -145,7 +145,7 @@ "ip": "10.150.60.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DHCPREQUEST", @@ -224,7 +224,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DHCPACK", @@ -293,7 +293,7 @@ { "@timestamp": "2023-07-04T09:40:40.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -334,7 +334,7 @@ { "@timestamp": "2023-07-04T09:40:40.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -378,7 +378,7 @@ "mac": "5F-A5-54-63-CC-1F" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "listening-on-bpf", @@ -442,7 +442,7 @@ "mac": "5F-A5-54-63-CC-1F" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sending-on-bpf", @@ -503,7 +503,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -544,7 +544,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -585,7 +585,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -630,7 +630,7 @@ "ip": "2a02:cf40:72dc:dd12:7378:913c:b42e:099c" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "remove-an-address", @@ -696,7 +696,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -737,7 +737,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -778,7 +778,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ { "@timestamp": "2023-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -864,7 +864,7 @@ "ip": "2a02:cf40:72dc:dd12:7378:913c:b42e:099c" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add-an-address", @@ -930,7 +930,7 @@ { "@timestamp": "2023-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -971,7 +971,7 @@ { "@timestamp": "2023-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1012,7 +1012,7 @@ { "@timestamp": "2023-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1058,7 +1058,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "solicit-message", @@ -1120,7 +1120,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "picking-pool-address", @@ -1185,7 +1185,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "advertise-na", @@ -1258,7 +1258,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sending-advertise", @@ -1316,7 +1316,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "request-message", @@ -1378,7 +1378,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reply-na", @@ -1451,7 +1451,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "sending-reply", @@ -1509,7 +1509,7 @@ "port": 546 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "information-request-message", @@ -1571,7 +1571,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "reusing-lease", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json index 1ecc48cdd47..d9f6d700690 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-15T16:15:18.502-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ { "@timestamp": "2021-08-15T16:15:18.407-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -178,7 +178,7 @@ { "@timestamp": "2021-08-15T16:15:10.549-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -257,7 +257,7 @@ { "@timestamp": "2022-06-13T20:53:10.208-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -346,7 +346,7 @@ { "@timestamp": "2022-06-13T20:56:55.187-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "duration": 204000000, @@ -413,7 +413,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -484,7 +484,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json index 3b33b214a57..9802ca7dd24 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -39,7 +39,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -147,7 +147,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -219,7 +219,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -255,7 +255,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -291,7 +291,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -363,7 +363,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -399,7 +399,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -435,7 +435,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -471,7 +471,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -507,7 +507,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -543,7 +543,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -579,7 +579,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -615,7 +615,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -651,7 +651,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -687,7 +687,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -723,7 +723,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -759,7 +759,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -795,7 +795,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -831,7 +831,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -884,7 +884,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json index 89f99380ca8..337dcd93982 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -219,7 +219,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -273,7 +273,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -381,7 +381,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -437,7 +437,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -481,7 +481,7 @@ { "@timestamp": "2023-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -540,7 +540,7 @@ { "@timestamp": "2021-07-04T03:17:01.074Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -603,7 +603,7 @@ { "@timestamp": "2021-07-04T03:40:38.477Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-phpfpm.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-phpfpm.log-expected.json index de17bc4fbc8..d8894a00999 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-phpfpm.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-phpfpm.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2023-07-03T19:10:30.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -54,7 +54,7 @@ { "@timestamp": "2023-07-03T19:10:30.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -105,7 +105,7 @@ { "@timestamp": "2023-07-03T19:10:30.000-04:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json index afff9452df5..39398e5d330 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -95,6 +95,7 @@ } }, { + "@timestamp": "2023-08-21T22:08:13.000-04:00", "destination": { "address": "81.2.69.145", "geo": { @@ -112,7 +113,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json index aaed7a8672e..c07eba27dcc 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -130,7 +130,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -329,7 +329,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -439,7 +439,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -537,7 +537,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -651,7 +651,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -761,7 +761,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -859,7 +859,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -948,7 +948,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -1049,7 +1049,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1159,7 +1159,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "block", @@ -1269,7 +1269,7 @@ "port": 1900 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", @@ -1357,7 +1357,7 @@ "ip": "224.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json index c64bfddf921..e17566ce2dd 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json @@ -18,7 +18,7 @@ "type": "question" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -82,7 +82,7 @@ "type": "question" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 4af37c5cca3..be49754d509 100644 --- a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for PFsense processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor value: netgate diff --git a/packages/pfsense/data_stream/log/sample_event.json b/packages/pfsense/data_stream/log/sample_event.json index e158d0cc4ea..8dd8780b253 100644 --- a/packages/pfsense/data_stream/log/sample_event.json +++ b/packages/pfsense/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/pfsense/docs/README.md b/packages/pfsense/docs/README.md index e4d28318404..5b619bd121d 100644 --- a/packages/pfsense/docs/README.md +++ b/packages/pfsense/docs/README.md @@ -77,7 +77,7 @@ An example event for `log` looks as following: "port": 853 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 5d7265f0a97..6690902ddb4 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense -version: "1.6.4" +version: "1.7.0" release: ga description: Collect logs from pfSense and OPNsense with Elastic Agent. type: integration From eec2886c7c047ba549352d2c1b0ae15cb66b33cb Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:42 +0530 Subject: [PATCH 088/137] [ping_one] - update ECS to 8.7.0 from 8.6.0 This updates the ping_one integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ping_one --- packages/ping_one/_dev/build/build.yml | 2 +- packages/ping_one/changelog.yml | 5 + .../test-pipeline-audit.log-expected.json | 196 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- packages/ping_one/docs/README.md | 2 +- packages/ping_one/manifest.yml | 2 +- 7 files changed, 108 insertions(+), 103 deletions(-) diff --git a/packages/ping_one/_dev/build/build.yml b/packages/ping_one/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ping_one/_dev/build/build.yml +++ b/packages/ping_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ping_one/changelog.yml b/packages/ping_one/changelog.yml index 19e18eac00f..86b22daf517 100644 --- a/packages/ping_one/changelog.yml +++ b/packages/ping_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release PingOne as GA. diff --git a/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index b2e17babda4..13b517a305b 100644 --- a/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-06T06:12:00.400Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "action.created", @@ -62,7 +62,7 @@ { "@timestamp": "2022-07-18T13:25:08.750Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "action.updated", @@ -121,7 +121,7 @@ { "@timestamp": "2022-07-06T06:12:00.405Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application.created", @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application.updated", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "application.deleted", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_attribute.created", @@ -471,7 +471,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_attribute.deleted", @@ -566,7 +566,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_attribute.updated", @@ -661,7 +661,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_condition.created", @@ -756,7 +756,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_condition.deleted", @@ -851,7 +851,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_condition.updated", @@ -946,7 +946,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_policy.updated", @@ -1041,7 +1041,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_processor.created", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_processor.deleted", @@ -1231,7 +1231,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_processor.updated", @@ -1326,7 +1326,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_service.created", @@ -1421,7 +1421,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_service.deleted", @@ -1516,7 +1516,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_service.updated", @@ -1611,7 +1611,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_advice.created", @@ -1706,7 +1706,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_advice.deleted", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_advice.updated", @@ -1896,7 +1896,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_rule.created", @@ -1991,7 +1991,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_rule.deleted", @@ -2086,7 +2086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "authorize_shared_rule.updated", @@ -2181,7 +2181,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "decision_endpoint.created", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "decision_endpoint.deleted", @@ -2371,7 +2371,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "decision_endpoint.updated", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "environment.created", @@ -2561,7 +2561,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "environment.updated", @@ -2656,7 +2656,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "fido_policy.created", @@ -2751,7 +2751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "fido_policy.deleted", @@ -2846,7 +2846,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "fido_policy.updated", @@ -2941,7 +2941,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow.deleted", @@ -3040,7 +3040,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow.created", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "flow.updated", @@ -3238,7 +3238,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "grant.created", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "grant.deleted", @@ -3428,7 +3428,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "grant.updated", @@ -3523,7 +3523,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "group.created", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "group.deleted", @@ -3709,7 +3709,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "group.updated", @@ -3802,7 +3802,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "identity_provider.created", @@ -3894,7 +3894,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "identity_provider.deleted", @@ -3986,7 +3986,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "identity_provider.updated", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "idp_attribute.created", @@ -4170,7 +4170,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "idp_attribute.deleted", @@ -4262,7 +4262,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "idp_attribute.updated", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "image.created", @@ -4446,7 +4446,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "key.created", @@ -4538,7 +4538,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "mfa_settings.updated", @@ -4633,7 +4633,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "notification_policy.created", @@ -4728,7 +4728,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "notification_policy.deleted", @@ -4823,7 +4823,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "notification_policy.updated", @@ -4912,7 +4912,7 @@ { "@timestamp": "2022-07-07T13:12:36.168Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password.check_failed", @@ -4973,7 +4973,7 @@ { "@timestamp": "2022-07-07T13:12:48.320Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password.check_succeeded", @@ -5041,7 +5041,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy.created", @@ -5133,7 +5133,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "policy.deleted", @@ -5225,7 +5225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password.reset", @@ -5313,7 +5313,7 @@ { "@timestamp": "2022-07-06T06:12:00.573Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "password.set", @@ -5380,7 +5380,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "population.created", @@ -5472,7 +5472,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "population.deleted", @@ -5564,7 +5564,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "population.updated", @@ -5656,7 +5656,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_connection.created", @@ -5748,7 +5748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_rule.deleted", @@ -5840,7 +5840,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_rule.deleted", @@ -5932,7 +5932,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_connection.updated", @@ -6024,7 +6024,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_rule.created", @@ -6116,7 +6116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "provisioning_rule.updated", @@ -6208,7 +6208,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "resource_attribute.created", @@ -6300,7 +6300,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "resource_attribute.deleted", @@ -6392,7 +6392,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "resource.created", @@ -6484,7 +6484,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "resource.deleted", @@ -6576,7 +6576,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "resource.updated", @@ -6668,7 +6668,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_policy_set.created", @@ -6760,7 +6760,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_policy_set.deleted", @@ -6852,7 +6852,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_policy_set.updated", @@ -6944,7 +6944,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_predictor.created", @@ -7036,7 +7036,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_predictor.deleted", @@ -7128,7 +7128,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "risk_predictor.updated", @@ -7214,7 +7214,7 @@ { "@timestamp": "2022-07-06T06:12:00.615Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "role_assignment.created", @@ -7286,7 +7286,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "role_assignment.deleted", @@ -7378,7 +7378,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "saml_attribute.created", @@ -7473,7 +7473,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "saml_attribute.deleted", @@ -7568,7 +7568,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "saml_attribute.updated", @@ -7663,7 +7663,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "schema_attribute.created", @@ -7755,7 +7755,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "schema_attribute.deleted", @@ -7847,7 +7847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "schema_attribute.updated", @@ -7939,7 +7939,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "scope.created", @@ -8031,7 +8031,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "scope.deleted", @@ -8123,7 +8123,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "scope.updated", @@ -8215,7 +8215,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "secret.read", @@ -8309,7 +8309,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.access_allowed", @@ -8413,7 +8413,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.created", @@ -8509,7 +8509,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.deleted", @@ -8609,7 +8609,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.updated", @@ -8705,7 +8705,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "member_of_group.created", @@ -8798,7 +8798,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "member_of_group.deleted", @@ -8891,7 +8891,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.access_allowed", diff --git a/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b03815d9b89..a034bb572bb 100644 --- a/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/ping_one/data_stream/audit/sample_event.json b/packages/ping_one/data_stream/audit/sample_event.json index 92ab7da0b27..eabad576d3a 100644 --- a/packages/ping_one/data_stream/audit/sample_event.json +++ b/packages/ping_one/data_stream/audit/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8e2910ec-3bb9-439a-90a1-acedb9847388", diff --git a/packages/ping_one/docs/README.md b/packages/ping_one/docs/README.md index e9345a0dc54..a095603fd70 100644 --- a/packages/ping_one/docs/README.md +++ b/packages/ping_one/docs/README.md @@ -81,7 +81,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8e2910ec-3bb9-439a-90a1-acedb9847388", diff --git a/packages/ping_one/manifest.yml b/packages/ping_one/manifest.yml index a6daed84c86..3863ffc1bd5 100644 --- a/packages/ping_one/manifest.yml +++ b/packages/ping_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: ping_one title: PingOne -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect logs from PingOne with Elastic-Agent. From 9ce61033bb50c0c1461560cf3cec5dcb6df485d4 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:44 +0530 Subject: [PATCH 089/137] [proofpoint_tap] - update ECS to 8.7.0 from 8.6.0 This updates the proofpoint_tap integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/proofpoint_tap --- packages/proofpoint_tap/_dev/build/build.yml | 2 +- packages/proofpoint_tap/changelog.yml | 5 +++++ .../test-clicks-blocked.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/clicks_blocked/sample_event.json | 2 +- .../test-clicks-permitted.log-expected.json | 8 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../clicks_permitted/sample_event.json | 2 +- .../test-message-blocked.log-expected.json | 12 ++++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../message_blocked/sample_event.json | 2 +- .../test-message-delivered.log-expected.json | 16 ++++++++-------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../message_delivered/sample_event.json | 2 +- packages/proofpoint_tap/docs/README.md | 8 ++++---- packages/proofpoint_tap/manifest.yml | 2 +- 16 files changed, 42 insertions(+), 37 deletions(-) diff --git a/packages/proofpoint_tap/_dev/build/build.yml b/packages/proofpoint_tap/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/proofpoint_tap/_dev/build/build.yml +++ b/packages/proofpoint_tap/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index 61dc7e00186..ed742fa6fa7 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json index db688691077..9164a89223d 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -116,7 +116,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -299,7 +299,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -391,7 +391,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml index a4897bf163e..6c1ec9dc70e 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked clicks logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json index 4cbd35a0af1..ba67a713153 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json @@ -34,7 +34,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json index 02e832fb417..2fee1f49baa 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -115,7 +115,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -298,7 +298,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml index afd29f2e57b..f3e5d1fb845 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP permitted clicks logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json index be841874903..ae4e1306e52 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json @@ -34,7 +34,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json index 8f590ef153f..6d25100fa7c 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-01T00:45:55.050Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -125,7 +125,7 @@ { "@timestamp": "2022-01-01T01:25:59.059Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -246,7 +246,7 @@ { "@timestamp": "2022-01-01T04:51:56.269Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -374,7 +374,7 @@ { "@timestamp": "2022-01-01T00:25:20.010Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -571,7 +571,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -698,7 +698,7 @@ { "@timestamp": "2022-01-01T05:00:02.010Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml index 60a7ada0e33..f61892d0779 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked message logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json index a2cb4bfca7a..91b4259ffe1 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json index 59271e653a7..5f285d67b09 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-05T10:05:56.020Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "delivery_timestamp": "2022-01-05T10:05:56.020Z", @@ -90,7 +90,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -160,7 +160,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -236,7 +236,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -312,7 +312,7 @@ { "@timestamp": "2022-03-15T15:00:20.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -460,7 +460,7 @@ { "@timestamp": "2021-09-28T16:28:59.490Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -615,7 +615,7 @@ { "@timestamp": "2022-08-17T18:00:22.060Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ @@ -764,7 +764,7 @@ { "@timestamp": "2022-03-24T13:24:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml index 45dda221e51..09215d398d8 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP delivered message logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json index 8eab0d07d51..6b941101db3 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/proofpoint_tap/docs/README.md b/packages/proofpoint_tap/docs/README.md index 31210091d6a..c0e4a5f6ae0 100644 --- a/packages/proofpoint_tap/docs/README.md +++ b/packages/proofpoint_tap/docs/README.md @@ -64,7 +64,7 @@ An example event for `clicks_blocked` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", @@ -292,7 +292,7 @@ An example event for `clicks_permitted` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", @@ -497,7 +497,7 @@ An example event for `message_blocked` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", @@ -805,7 +805,7 @@ An example event for `message_delivered` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "19f05486-b68d-449a-9bdd-1493d2f3b55d", diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index 80f7c2e137e..2e676534ce4 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: "1.4.1" +version: "1.5.0" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration From c869521b00247afe64dfb79ca51a13aa797159fc Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:45 +0530 Subject: [PATCH 090/137] [pulse_connect_secure] - update ECS to 8.7.0 from 8.6.0 This updates the pulse_connect_secure integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/pulse_connect_secure --- .../pulse_connect_secure/_dev/build/build.yml | 2 +- packages/pulse_connect_secure/changelog.yml | 5 ++++ .../pipeline/test-log-admin.log-expected.json | 20 +++++++------- .../test-log-syslog.log-expected.json | 10 +++---- .../test-log-system.log-expected.json | 16 ++++++------ .../pipeline/test-log-vpn.log-expected.json | 26 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/pulse_connect_secure/docs/README.md | 2 +- packages/pulse_connect_secure/manifest.yml | 2 +- 10 files changed, 46 insertions(+), 41 deletions(-) diff --git a/packages/pulse_connect_secure/_dev/build/build.yml b/packages/pulse_connect_secure/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/pulse_connect_secure/_dev/build/build.yml +++ b/packages/pulse_connect_secure/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index a0365f3fb2e..e6c22ce8188 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.0" changes: - description: Handle user domain for SAML events. diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json index 524ea0df07b..91bf01a8b16 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -85,7 +85,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -145,7 +145,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -223,7 +223,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -301,7 +301,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -381,7 +381,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -539,7 +539,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -617,7 +617,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -695,7 +695,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index c46eb5098e1..621210570b2 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -185,7 +185,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -247,7 +247,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -291,7 +291,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json index 3c5df579d76..e703120415b 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json @@ -7,7 +7,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -67,7 +67,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -127,7 +127,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -211,7 +211,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -271,7 +271,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -430,7 +430,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json index 575a2552582..8f2400de55b 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -103,7 +103,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -200,7 +200,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -293,7 +293,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -371,7 +371,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -449,7 +449,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -529,7 +529,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -687,7 +687,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -863,7 +863,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -944,7 +944,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1037,7 +1037,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f7c7e21b1b0..d3832fbc408 100644 --- a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Pulse Connect Secure logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/pulse_connect_secure/data_stream/log/sample_event.json b/packages/pulse_connect_secure/data_stream/log/sample_event.json index 8627e69ee48..4a281e8c4f6 100644 --- a/packages/pulse_connect_secure/data_stream/log/sample_event.json +++ b/packages/pulse_connect_secure/data_stream/log/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/docs/README.md b/packages/pulse_connect_secure/docs/README.md index b91cc34a507..3c21233992c 100644 --- a/packages/pulse_connect_secure/docs/README.md +++ b/packages/pulse_connect_secure/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index ff26897fb63..40ca1f52ac6 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: "1.6.0" +version: "1.7.0" release: ga description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration From 82288d02a3ee50fccc405b8b460ed45c8954bfcc Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:45 +0530 Subject: [PATCH 091/137] [qnap_nas] - update ECS to 8.7.0 from 8.6.0 This updates the qnap_nas integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/qnap_nas --- packages/qnap_nas/_dev/build/build.yml | 2 +- packages/qnap_nas/changelog.yml | 5 ++ .../pipeline/test-access.log-expected.json | 60 +++++++------- .../pipeline/test-event.log-expected.json | 78 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/qnap_nas/docs/README.md | 4 +- packages/qnap_nas/manifest.yml | 2 +- 8 files changed, 80 insertions(+), 75 deletions(-) diff --git a/packages/qnap_nas/_dev/build/build.yml b/packages/qnap_nas/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/qnap_nas/_dev/build/build.yml +++ b/packages/qnap_nas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 7ada2e8e4a8..eca0d87a5e0 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Ensure numeric timezones are correctly interpreted. diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json index ba2f7ac058a..cd5e189e754 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json @@ -1,16 +1,16 @@ { "expected": [ { - "@timestamp": "2022-10-30T20:24:24.000-05:00", + "@timestamp": "2023-10-30T20:24:24.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create-directory", "category": [ "file" ], - "created": "2022-10-30T20:24:24.000-05:00", + "created": "2023-10-30T20:24:24.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:24:24 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/New folder, Action: Create Directory", "provider": "conn-log", @@ -71,16 +71,16 @@ } }, { - "@timestamp": "2022-10-30T20:24:25.000-05:00", + "@timestamp": "2023-10-30T20:24:25.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-fail", "category": [ "authentication" ], - "created": "2022-10-30T20:24:25.000-05:00", + "created": "2023-10-30T20:24:25.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:24:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: ---, Action: Login Fail", "outcome": "failure", @@ -136,16 +136,16 @@ } }, { - "@timestamp": "2022-10-30T20:35:25.000-05:00", + "@timestamp": "2023-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-success", "category": [ "authentication" ], - "created": "2022-10-30T20:35:25.000-05:00", + "created": "2023-10-30T20:35:25.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:35:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: ---, Action: Login Success", "outcome": "success", @@ -201,16 +201,16 @@ } }, { - "@timestamp": "2022-11-21T14:42:18.000-05:00", + "@timestamp": "2023-11-21T14:42:18.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-success", "category": [ "authentication" ], - "created": "2022-11-21T14:42:18.000-05:00", + "created": "2023-11-21T14:42:18.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 14:42:18 qnap-nas01 qulogd[14387]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Connection type: HTTP/HTTPS, Accessed resources: Administration, Action: Login Success", "outcome": "success", @@ -263,16 +263,16 @@ } }, { - "@timestamp": "2022-10-30T20:35:25.000-05:00", + "@timestamp": "2023-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logout", "category": [ "authentication" ], - "created": "2022-10-30T20:35:25.000-05:00", + "created": "2023-10-30T20:35:25.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:35:25 qnap-nas01 qulogd[14629]: conn log: Users: guest, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: HTTP/HTTPS, Accessed resources: ---, Action: Logout", "provider": "conn-log", @@ -327,16 +327,16 @@ } }, { - "@timestamp": "2022-10-30T20:24:30.000-05:00", + "@timestamp": "2023-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", "category": [ "file" ], - "created": "2022-10-30T20:24:30.000-05:00", + "created": "2023-10-30T20:24:30.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:24:30 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Connection type: HTTP/HTTPS, Accessed resources: [File Station] /Browser Station/admin, Action: Read", "provider": "conn-log", @@ -394,16 +394,16 @@ } }, { - "@timestamp": "2022-10-30T20:24:30.000-05:00", + "@timestamp": "2023-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rename", "category": [ "file" ], - "created": "2022-10-30T20:24:30.000-05:00", + "created": "2023-10-30T20:24:30.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:24:30 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/New folder -\u003e path/to/files/asdf, Action: Rename", "provider": "conn-log", @@ -459,16 +459,16 @@ } }, { - "@timestamp": "2022-10-30T20:24:33.000-05:00", + "@timestamp": "2023-10-30T20:24:33.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", "category": [ "file" ], - "created": "2022-10-30T20:24:33.000-05:00", + "created": "2023-10-30T20:24:33.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:24:33 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/asdf, Action: Delete", "provider": "conn-log", @@ -529,16 +529,16 @@ } }, { - "@timestamp": "2022-10-30T20:43:19.000-05:00", + "@timestamp": "2023-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", "category": [ "file" ], - "created": "2022-10-30T20:43:19.000-05:00", + "created": "2023-10-30T20:43:19.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:43:19 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/picture.jpg, Action: Read", "provider": "conn-log", @@ -600,16 +600,16 @@ } }, { - "@timestamp": "2022-10-30T20:43:19.000-05:00", + "@timestamp": "2023-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "add", "category": [ "file" ], - "created": "2022-10-30T20:43:19.000-05:00", + "created": "2023-10-30T20:43:19.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:43:19 qnap-nas01 qulogd[14629]: conn log: Users: admin.user, Source IP: 10.50.36.33, Computer name: user-laptop, Connection type: Samba, Accessed resources: path/to/files/picture.jpg, Action: Add", "provider": "conn-log", diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json index c97f2fee057..fbf0fcf8799 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json @@ -1,15 +1,15 @@ { "expected": [ { - "@timestamp": "2022-10-30T20:28:41.000-05:00", + "@timestamp": "2023-10-30T20:28:41.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ "configuration" ], - "created": "2022-10-30T20:28:41.000-05:00", + "created": "2023-10-30T20:28:41.000-05:00", "kind": "event", "original": "\u003c28\u003eOct 30 20:28:41 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" disconnected.", "provider": "event-log", @@ -53,15 +53,15 @@ } }, { - "@timestamp": "2022-10-30T20:29:32.000-05:00", + "@timestamp": "2023-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ "configuration" ], - "created": "2022-10-30T20:29:32.000-05:00", + "created": "2023-10-30T20:29:32.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Infrastructure, Content: [Network \u0026 Virtual Switch] Interface \"Adapter 2\" connected.", "provider": "event-log", @@ -105,15 +105,15 @@ } }, { - "@timestamp": "2022-10-30T20:29:32.000-05:00", + "@timestamp": "2023-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ "configuration" ], - "created": "2022-10-30T20:29:32.000-05:00", + "created": "2023-10-30T20:29:32.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:29:32 qnap-nas01 qulogd[14629]: event log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Application: External Device, Category: UPS, Content: [External Device] UPS power restored. Canceled autoprotection mode..", "provider": "event-log", @@ -157,15 +157,15 @@ } }, { - "@timestamp": "2022-10-30T20:32:25.000-05:00", + "@timestamp": "2023-10-30T20:32:25.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ "configuration" ], - "created": "2022-10-30T20:32:25.000-05:00", + "created": "2023-10-30T20:32:25.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:32:25 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Added static route. Interface: , Destination: 5.5.5.0.", "provider": "event-log", @@ -216,15 +216,15 @@ } }, { - "@timestamp": "2022-10-30T20:34:22.000-05:00", + "@timestamp": "2023-10-30T20:34:22.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ "configuration" ], - "created": "2022-10-30T20:34:22.000-05:00", + "created": "2023-10-30T20:34:22.000-05:00", "kind": "event", "original": "\u003c30\u003eOct 30 20:34:22 qnap-nas01 qulogd[14629]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Network \u0026 Virtual Switch, Category: Static Route, Content: [Network \u0026 Virtual Switch] Removed static route. Interface: , Destination: 5.5.5.0.", "provider": "event-log", @@ -275,16 +275,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created-shared-folder", "category": [ "file" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Created shared folder \"abcd\".", "provider": "event-log", @@ -343,16 +343,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted-shared-folder", "category": [ "file" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Shared Folders, Category: General, Content: [Shared Folders] Deleted shared folder \"abcd\".", "provider": "event-log", @@ -411,16 +411,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted-user-group", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: User Groups, Category: General, Content: [User Groups] Deleted user group \"test1\".", "provider": "event-log", @@ -477,16 +477,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created-user-group", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: User Groups, Category: General, Content: [User Groups] Created user group \"test1\".", "provider": "event-log", @@ -543,16 +543,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "changed-password", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Changed the password of user \"test\".", "outcome": "success", @@ -610,16 +610,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "edited-account-profile", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Edited the account profile of user \"test\".", "outcome": "success", @@ -677,16 +677,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "created-user", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Created user \"test\".", "provider": "event-log", @@ -743,16 +743,16 @@ } }, { - "@timestamp": "2022-11-21T15:23:42.000-05:00", + "@timestamp": "2023-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "deleted-user", "category": [ "iam" ], - "created": "2022-11-21T15:23:42.000-05:00", + "created": "2023-11-21T15:23:42.000-05:00", "kind": "event", "original": "\u003c30\u003eNov 21 15:23:42 qnap-nas01 qulogd[14387]: event log: Users: admin.user, Source IP: 10.50.36.33, Computer name: ---, Application: Users, Category: General, Content: [Users] Deleted user \"test\".", "provider": "event-log", diff --git a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 41df2513894..e7f248b73e6 100644 --- a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing QNAP NAS logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index fa2dff558c6..34451957278 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index 52dd2431db1..e6bd9d7c0a0 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -26,7 +26,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", @@ -131,7 +131,7 @@ An example event for `log` looks as following: | file.path | Full path to the file, including the file name. It should include the drive letter, when appropriate. | keyword | | file.path.text | Multi-field of `file.path`. | match_only_text | | group.name | Name of the group. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | Type of Filebeat input. | keyword | | log.file.path | Path to the log file. | keyword | | log.flags | Flags for the log file. | keyword | diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index c57b323fda6..4b0ecb8cb6b 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration From 8ff13a221d326cb33935ecf4e5eb5cdeba26319e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:46 +0530 Subject: [PATCH 092/137] [radware] - update ECS to 8.7.0 from 8.6.0 This updates the radware integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/radware --- packages/radware/_dev/build/build.yml | 2 +- packages/radware/changelog.yml | 5 +++++ .../defensepro/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/radware/docs/README.md | 2 +- packages/radware/manifest.yml | 2 +- 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/packages/radware/_dev/build/build.yml b/packages/radware/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/radware/_dev/build/build.yml +++ b/packages/radware/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index 6600c7f9e56..c6f69e5bd70 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.12.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.11.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml index e821c115954..291fb5d7bb4 100644 --- a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml +++ b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Radware DefensePro processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/radware/docs/README.md b/packages/radware/docs/README.md index 81fdfbca878..7a7728ddd0d 100644 --- a/packages/radware/docs/README.md +++ b/packages/radware/docs/README.md @@ -72,7 +72,7 @@ The `defensepro` dataset collects Radware DefensePro logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index 2557b14a4d9..65a1646c3f8 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: "0.11.0" +version: "0.12.0" description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental From cc573f20d97cc7d2c107cb8c3a014e599706b802 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:47 +0530 Subject: [PATCH 093/137] [santa] - update ECS to 8.7.0 from 8.6.0 This updates the santa integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/santa --- packages/santa/_dev/build/build.yml | 2 +- packages/santa/changelog.yml | 5 +++++ .../pipeline/test-santa-raw.log-expected.json | 22 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../santa/data_stream/log/sample_event.json | 2 +- packages/santa/docs/README.md | 2 +- packages/santa/manifest.yml | 2 +- 7 files changed, 21 insertions(+), 16 deletions(-) diff --git a/packages/santa/_dev/build/build.yml b/packages/santa/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/santa/_dev/build/build.yml +++ b/packages/santa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 638ba890bd6..90c71fee826 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "3.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json index c6380d6cbe5..f85c5921f34 100644 --- a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json +++ b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-05-12T11:38:03.923Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "exec", @@ -80,7 +80,7 @@ { "@timestamp": "2022-05-12T11:38:42.781Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "exec", @@ -155,7 +155,7 @@ { "@timestamp": "2022-05-12T11:33:56.696Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", @@ -205,7 +205,7 @@ { "@timestamp": "2022-05-12T11:30:05.248Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "link", @@ -256,7 +256,7 @@ { "@timestamp": "2022-05-12T11:30:16.125Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "rename", @@ -307,7 +307,7 @@ { "@timestamp": "2022-05-12T11:38:05.278Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "write", @@ -357,7 +357,7 @@ { "@timestamp": "2022-05-12T11:32:33.718Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diskdisappear", @@ -382,7 +382,7 @@ { "@timestamp": "2022-05-12T11:32:44.184Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diskappear", @@ -409,7 +409,7 @@ { "@timestamp": "2022-05-12T11:33:57.166Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diskappear", @@ -437,7 +437,7 @@ { "@timestamp": "2022-05-12T11:33:57.235Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diskappear", @@ -466,7 +466,7 @@ { "@timestamp": "2022-05-12T11:35:31.436Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "diskdisappear", diff --git a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e2db8d071ee..57b6fea4fc8 100644 --- a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Google Santa logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/santa/data_stream/log/sample_event.json b/packages/santa/data_stream/log/sample_event.json index 6f01183c5c2..d3ca4a0135f 100644 --- a/packages/santa/data_stream/log/sample_event.json +++ b/packages/santa/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/docs/README.md b/packages/santa/docs/README.md index 0928e8a7b24..c87c166856f 100644 --- a/packages/santa/docs/README.md +++ b/packages/santa/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index 74c70926175..5413f7ea5bd 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa -version: "3.5.1" +version: "3.6.0" release: ga description: Collect logs from Google Santa with Elastic Agent. type: integration From acf9d50d0fb039645bbc3595ae16a229d9e82104 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:48 +0530 Subject: [PATCH 094/137] [sentinel_one] - update ECS to 8.7.0 from 8.6.0 This updates the sentinel_one integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/sentinel_one --- packages/sentinel_one/_dev/build/build.yml | 2 +- packages/sentinel_one/changelog.yml | 5 ++ .../test-pipeline-activity.log-expected.json | 54 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/activity/sample_event.json | 2 +- .../test-pipeline-agent.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/agent/sample_event.json | 2 +- .../test-pipeline-alert.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alert/sample_event.json | 2 +- .../test-pipeline-group.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/group/sample_event.json | 2 +- .../test-pipeline-threat.log-expected.json | 10 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/sentinel_one/docs/README.md | 10 ++-- packages/sentinel_one/manifest.yml | 2 +- 19 files changed, 57 insertions(+), 52 deletions(-) diff --git a/packages/sentinel_one/_dev/build/build.yml b/packages/sentinel_one/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/sentinel_one/_dev/build/build.yml +++ b/packages/sentinel_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index 3a9d2402a16..2a1a7f09c97 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.5.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json index 3117ae37770..47c4385f263 100644 --- a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json +++ b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-18T05:14:08.925Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ { "@timestamp": "2022-04-18T05:14:09.240Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -149,7 +149,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -209,7 +209,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -297,7 +297,7 @@ { "@timestamp": "2022-04-06T08:26:45.582Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -362,7 +362,7 @@ { "@timestamp": "2022-04-06T08:26:52.843Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -435,7 +435,7 @@ { "@timestamp": "2022-04-06T08:45:43.122Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -519,7 +519,7 @@ { "@timestamp": "2022-04-06T08:45:54.532Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -609,7 +609,7 @@ { "@timestamp": "2022-04-06T08:45:55.309Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -703,7 +703,7 @@ { "@timestamp": "2022-04-06T08:45:56.634Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -796,7 +796,7 @@ { "@timestamp": "2022-04-06T08:45:56.641Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -890,7 +890,7 @@ { "@timestamp": "2022-04-06T08:46:08.135Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -974,7 +974,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1033,7 +1033,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1101,7 +1101,7 @@ { "@timestamp": "2022-04-06T08:57:37.680Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1202,7 +1202,7 @@ { "@timestamp": "2022-04-06T08:59:41.758Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1262,7 +1262,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1350,7 +1350,7 @@ { "@timestamp": "2022-04-05T16:01:56.995Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1406,7 +1406,7 @@ { "@timestamp": "2022-04-06T09:00:33.115Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1490,7 +1490,7 @@ { "@timestamp": "2022-04-13T03:34:10.933Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1571,7 +1571,7 @@ { "@timestamp": "2022-04-18T05:09:27.532Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1632,7 +1632,7 @@ { "@timestamp": "2022-04-18T05:09:27.534Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1696,7 +1696,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1756,7 +1756,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1817,7 +1817,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1868,7 +1868,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -1919,7 +1919,7 @@ { "@timestamp": "2022-04-06T08:45:54.532Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml index 8e38319b759..0e111bcb475 100644 --- a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing activity logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/sentinel_one/data_stream/activity/sample_event.json b/packages/sentinel_one/data_stream/activity/sample_event.json index 1d2d6c364c6..849089c8d46 100644 --- a/packages/sentinel_one/data_stream/activity/sample_event.json +++ b/packages/sentinel_one/data_stream/activity/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json index ea85605cd3f..911c02e26b3 100644 --- a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json +++ b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-07T08:31:47.481Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml index 8b944dbfb12..20f56a6c630 100644 --- a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing agent logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/agent/sample_event.json b/packages/sentinel_one/data_stream/agent/sample_event.json index 512f1d86cbe..e253d55d10f 100644 --- a/packages/sentinel_one/data_stream/agent/sample_event.json +++ b/packages/sentinel_one/data_stream/agent/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json index 0525867148d..dfae8c71140 100644 --- a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json +++ b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 6ca67b98e6f..0dfe08df71b 100644 --- a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/alert/sample_event.json b/packages/sentinel_one/data_stream/alert/sample_event.json index 5722e9fde47..636b2f4dec7 100644 --- a/packages/sentinel_one/data_stream/alert/sample_event.json +++ b/packages/sentinel_one/data_stream/alert/sample_event.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json index 181cfbd67b6..77b09a8d41c 100644 --- a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json +++ b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-05T16:01:57.564Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml index 01715267196..a163c274c5c 100644 --- a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing group logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/group/sample_event.json b/packages/sentinel_one/data_stream/group/sample_event.json index b9555840fc8..f0527f0da13 100644 --- a/packages/sentinel_one/data_stream/group/sample_event.json +++ b/packages/sentinel_one/data_stream/group/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json index daa860d8a3f..7c9713b8ec2 100644 --- a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json +++ b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-06T08:54:17.194Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SentinelOne Cloud", @@ -247,7 +247,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -536,7 +536,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -825,7 +825,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -1114,7 +1114,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", diff --git a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 7250f7c34e7..7521ded4319 100644 --- a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing threat logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: alert diff --git a/packages/sentinel_one/data_stream/threat/sample_event.json b/packages/sentinel_one/data_stream/threat/sample_event.json index 83a83728c57..19f1f53bf03 100644 --- a/packages/sentinel_one/data_stream/threat/sample_event.json +++ b/packages/sentinel_one/data_stream/threat/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/docs/README.md b/packages/sentinel_one/docs/README.md index 20556afb986..fa422bfa14f 100644 --- a/packages/sentinel_one/docs/README.md +++ b/packages/sentinel_one/docs/README.md @@ -44,7 +44,7 @@ An example event for `activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", @@ -263,7 +263,7 @@ An example event for `agent` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", @@ -632,7 +632,7 @@ An example event for `alert` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", @@ -1060,7 +1060,7 @@ An example event for `group` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", @@ -1214,7 +1214,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b87eb683-6c5a-4db7-86d4-96694d38752b", diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index f90023fbeda..cc852429131 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sentinel_one title: SentinelOne -version: "1.5.2" +version: "1.6.0" license: basic description: Collect logs from SentinelOne with Elastic Agent. type: integration From 02e8d5bc90da734ca366622024c1ad5d0183711c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:49 +0530 Subject: [PATCH 095/137] [slack] - update ECS to 8.7.0 from 8.6.0 This updates the slack integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/slack --- packages/slack/_dev/build/build.yml | 2 +- packages/slack/changelog.yml | 5 +++++ .../audit/_dev/test/pipeline/test-audit.log-expected.json | 4 ++-- .../audit/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/slack/data_stream/audit/sample_event.json | 2 +- packages/slack/docs/README.md | 4 ++-- packages/slack/manifest.yml | 2 +- 7 files changed, 13 insertions(+), 8 deletions(-) diff --git a/packages/slack/_dev/build/build.yml b/packages/slack/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/slack/_dev/build/build.yml +++ b/packages/slack/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/slack/changelog.yml b/packages/slack/changelog.yml index 97232b94687..26ec3ba5836 100644 --- a/packages/slack/changelog.yml +++ b/packages/slack/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Slack as GA. diff --git a/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index f02942d8c50..d78003ccc1d 100644 --- a/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-03-16T15:32:23.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_login", @@ -86,7 +86,7 @@ { "@timestamp": "2019-08-19T11:46:32.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user_created", diff --git a/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 51e5e1faf93..309e8c697fd 100644 --- a/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Slack Audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/slack/data_stream/audit/sample_event.json b/packages/slack/data_stream/audit/sample_event.json index 1d75fee9ae7..5d7b07a403c 100644 --- a/packages/slack/data_stream/audit/sample_event.json +++ b/packages/slack/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "592bbba2-ceea-4a3a-8ccb-0c8c92d1eed3", diff --git a/packages/slack/docs/README.md b/packages/slack/docs/README.md index 4025af4c41c..64ccfec1372 100644 --- a/packages/slack/docs/README.md +++ b/packages/slack/docs/README.md @@ -74,7 +74,7 @@ Audit logs summarize the history of changes made within the Slack Enterprise. | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | @@ -163,7 +163,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "592bbba2-ceea-4a3a-8ccb-0c8c92d1eed3", diff --git a/packages/slack/manifest.yml b/packages/slack/manifest.yml index 72fff1e0c7b..f2762432b1a 100644 --- a/packages/slack/manifest.yml +++ b/packages/slack/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: slack title: "Slack Logs" -version: "1.0.0" +version: "1.1.0" license: basic release: ga description: "Slack Logs Integration" From d9617106f3b4c5cd5ec2b9573c6701b5c90e8b36 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:50 +0530 Subject: [PATCH 096/137] [snort] - update ECS to 8.7.0 from 8.6.0 This updates the snort integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/snort --- packages/snort/_dev/build/build.yml | 2 +- packages/snort/changelog.yml | 5 +++ .../pipeline/test-log-csv.log-expected.json | 32 +++++++-------- .../pipeline/test-log-fast.log-expected.json | 40 +++++++++---------- .../pipeline/test-log-full.log-expected.json | 28 ++++++------- .../pipeline/test-log-json.log-expected.json | 20 +++++----- .../test-log-pfsense.log-expected.json | 6 +-- .../test-log-syslog.log-expected.json | 12 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../snort/data_stream/log/sample_event.json | 2 +- packages/snort/docs/README.md | 2 +- packages/snort/manifest.yml | 2 +- 12 files changed, 79 insertions(+), 74 deletions(-) diff --git a/packages/snort/_dev/build/build.yml b/packages/snort/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/snort/_dev/build/build.yml +++ b/packages/snort/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/snort/changelog.yml b/packages/snort/changelog.yml index 4b402499422..7ed6fa866ad 100644 --- a/packages/snort/changelog.yml +++ b/packages/snort/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.4.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json index 34701f0ac75..b9f19926949 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-09-04T21:45:37.536-05:00", + "@timestamp": "2023-09-04T21:45:37.536-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", @@ -9,7 +9,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ ] }, { - "@timestamp": "2022-09-04T21:45:37.553-05:00", + "@timestamp": "2023-09-04T21:45:37.553-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", @@ -83,7 +83,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -149,7 +149,7 @@ ] }, { - "@timestamp": "2022-09-04T21:50:40.017-05:00", + "@timestamp": "2023-09-04T21:50:40.017-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", @@ -157,7 +157,7 @@ "port": 55475 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -220,7 +220,7 @@ ] }, { - "@timestamp": "2022-09-04T21:50:39.947-05:00", + "@timestamp": "2023-09-04T21:50:39.947-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", @@ -228,7 +228,7 @@ "port": 55333 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -291,7 +291,7 @@ ] }, { - "@timestamp": "2022-09-04T21:50:40.666-05:00", + "@timestamp": "2023-09-04T21:50:40.666-05:00", "destination": { "address": "10.100.10.255", "ip": "10.100.10.255", @@ -299,7 +299,7 @@ "port": 32414 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -362,7 +362,7 @@ ] }, { - "@timestamp": "2022-09-04T21:49:55.900-05:00", + "@timestamp": "2023-09-04T21:49:55.900-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -381,7 +381,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -449,14 +449,14 @@ ] }, { - "@timestamp": "2022-09-04T21:49:55.911-05:00", + "@timestamp": "2023-09-04T21:49:55.911-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "mac": "00-50-56-9D-A5-BE" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -536,7 +536,7 @@ ] }, { - "@timestamp": "2022-09-04T21:49:56.900-05:00", + "@timestamp": "2023-09-04T21:49:56.900-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -555,7 +555,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json index df1eed7e201..cd904fb9412 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json @@ -1,14 +1,14 @@ { "expected": [ { - "@timestamp": "2022-05-30T19:09:10.917-05:00", + "@timestamp": "2023-05-30T19:09:10.917-05:00", "destination": { "address": "255.255.255.255", "ip": "255.255.255.255", "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ ] }, { - "@timestamp": "2022-05-30T19:09:28.472-05:00", + "@timestamp": "2023-05-30T19:09:28.472-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ ] }, { - "@timestamp": "2022-05-30T19:09:10.917-05:00", + "@timestamp": "2023-05-30T19:09:10.917-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -143,7 +143,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ ] }, { - "@timestamp": "2022-12-30T14:09:21.116-06:00", + "@timestamp": "2023-12-30T14:09:21.116-06:00", "destination": { "address": "175.16.199.1", "geo": { @@ -220,7 +220,7 @@ "port": 1900 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -269,14 +269,14 @@ ] }, { - "@timestamp": "2022-01-21T02:23:42.327-06:00", + "@timestamp": "2023-01-21T02:23:42.327-06:00", "destination": { "address": "192.168.115.10", "ip": "192.168.115.10", "port": 1051 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -337,13 +337,13 @@ ] }, { - "@timestamp": "2022-01-21T02:23:42.208-06:00", + "@timestamp": "2023-01-21T02:23:42.208-06:00", "destination": { "address": "192.168.115.10", "ip": "192.168.115.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -403,14 +403,14 @@ ] }, { - "@timestamp": "2022-09-04T21:55:02.041-05:00", + "@timestamp": "2023-09-04T21:55:02.041-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 54757 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -471,14 +471,14 @@ ] }, { - "@timestamp": "2022-09-04T21:55:02.118-05:00", + "@timestamp": "2023-09-04T21:55:02.118-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 36312 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -539,7 +539,7 @@ ] }, { - "@timestamp": "2022-09-04T21:54:43.216-05:00", + "@timestamp": "2023-09-04T21:54:43.216-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -557,7 +557,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -605,13 +605,13 @@ ] }, { - "@timestamp": "2022-09-04T21:54:43.227-05:00", + "@timestamp": "2023-09-04T21:54:43.227-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json index b7424905464..c2d9915707a 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json @@ -1,14 +1,14 @@ { "expected": [ { - "@timestamp": "2022-09-04T21:42:42.860-05:00", + "@timestamp": "2023-09-04T21:42:42.860-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -73,14 +73,14 @@ ] }, { - "@timestamp": "2022-09-04T21:42:42.903-05:00", + "@timestamp": "2023-09-04T21:42:42.903-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -145,14 +145,14 @@ ] }, { - "@timestamp": "2022-09-04T21:53:15.299-05:00", + "@timestamp": "2023-09-04T21:53:15.299-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 36635 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -213,7 +213,7 @@ ] }, { - "@timestamp": "2022-09-04T21:53:15.299-05:00", + "@timestamp": "2023-09-04T21:53:15.299-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -231,7 +231,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -295,14 +295,14 @@ ] }, { - "@timestamp": "2022-09-04T21:53:15.301-05:00", + "@timestamp": "2023-09-04T21:53:15.301-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -368,13 +368,13 @@ ] }, { - "@timestamp": "2022-09-04T21:53:15.309-05:00", + "@timestamp": "2023-09-04T21:53:15.309-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -449,14 +449,14 @@ ] }, { - "@timestamp": "2022-09-04T21:53:15.358-05:00", + "@timestamp": "2023-09-04T21:53:15.358-05:00", "destination": { "address": "10.100.10.190", "ip": "10.100.10.190", "port": 56012 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json index 09c9b6e1a91..0b05d1d89d3 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json @@ -1,14 +1,14 @@ { "expected": [ { - "@timestamp": "2022-12-16T20:33:33.603-06:00", + "@timestamp": "2023-12-16T20:33:33.603-06:00", "destination": { "address": "10.10.10.1", "ip": "10.10.10.1", "mac": "52-54-00-1F-8A-1C" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -81,14 +81,14 @@ ] }, { - "@timestamp": "2022-11-21T18:01:50.061-06:00", + "@timestamp": "2023-11-21T18:01:50.061-06:00", "destination": { "address": "10.11.21.11", "ip": "10.11.21.11", "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -148,7 +148,7 @@ ] }, { - "@timestamp": "2022-01-17T03:03:23.476-06:00", + "@timestamp": "2023-01-17T03:03:23.476-06:00", "destination": { "address": "192.168.3.35", "ip": "192.168.3.35", @@ -156,7 +156,7 @@ "port": 1047 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -250,7 +250,7 @@ ] }, { - "@timestamp": "2022-04-01T09:02:23.126-05:00", + "@timestamp": "2023-04-01T09:02:23.126-05:00", "destination": { "address": "255.255.255.255", "ip": "255.255.255.255", @@ -258,7 +258,7 @@ "port": 68 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -329,14 +329,14 @@ ] }, { - "@timestamp": "2022-03-16T15:11:22.800-05:00", + "@timestamp": "2023-03-16T15:11:22.800-05:00", "destination": { "address": "192.168.27.27", "ip": "192.168.27.27", "mac": "00-16-47-9D-F2-C2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json index 27a37d2c18f..405d04dd4f1 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json @@ -20,7 +20,7 @@ "port": 91 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -105,7 +105,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -189,7 +189,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index a6773009a83..9626d630aa1 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -1,14 +1,14 @@ { "expected": [ { - "@timestamp": "2022-09-05T16:05:26.000-05:00", + "@timestamp": "2023-09-05T16:05:26.000-05:00", "destination": { "address": "10.25.10.22", "ip": "10.25.10.22", "port": 32414 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -61,14 +61,14 @@ ] }, { - "@timestamp": "2022-09-05T16:05:26.000-05:00", + "@timestamp": "2023-09-05T16:05:26.000-05:00", "destination": { "address": "10.50.10.190", "ip": "10.50.10.190", "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -120,7 +120,7 @@ ] }, { - "@timestamp": "2022-09-05T16:02:55.000-05:00", + "@timestamp": "2023-09-05T16:02:55.000-05:00", "destination": { "address": "175.16.199.1", "geo": { @@ -138,7 +138,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 89f9abb2210..16943fd663b 100644 --- a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Snort logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/snort/data_stream/log/sample_event.json b/packages/snort/data_stream/log/sample_event.json index c66d652a690..ad2f2f9a88d 100644 --- a/packages/snort/data_stream/log/sample_event.json +++ b/packages/snort/data_stream/log/sample_event.json @@ -29,7 +29,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/snort/docs/README.md b/packages/snort/docs/README.md index fa663342a3c..e8675364bdf 100644 --- a/packages/snort/docs/README.md +++ b/packages/snort/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/snort/manifest.yml b/packages/snort/manifest.yml index b599d5c59c5..809b793a50c 100644 --- a/packages/snort/manifest.yml +++ b/packages/snort/manifest.yml @@ -1,6 +1,6 @@ name: snort title: Snort -version: "1.4.2" +version: "1.5.0" release: ga description: Collect logs from Snort with Elastic Agent. type: integration From b89e4553ceb1a58cab977fbac662ddb4d46730a7 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:51 +0530 Subject: [PATCH 097/137] [snyk] - update ECS to 8.7.0 from 8.6.0 This updates the snyk integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/snyk --- packages/snyk/_dev/build/build.yml | 2 +- packages/snyk/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-snyk-audit.log-expected.json | 8 ++++---- .../audit/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/snyk/data_stream/audit/sample_event.json | 2 +- .../pipeline/test-snyk-vulnerabilities.log-expected.json | 8 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../snyk/data_stream/vulnerabilities/sample_event.json | 2 +- packages/snyk/docs/README.md | 4 ++-- packages/snyk/manifest.yml | 2 +- 10 files changed, 21 insertions(+), 16 deletions(-) diff --git a/packages/snyk/_dev/build/build.yml b/packages/snyk/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/snyk/_dev/build/build.yml +++ b/packages/snyk/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/snyk/changelog.yml b/packages/snyk/changelog.yml index 0ece8e27bee..81059d47cb4 100644 --- a/packages/snyk/changelog.yml +++ b/packages/snyk/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.6.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json index d3af307236e..07eced4ccf8 100644 --- a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json +++ b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-17T14:30:13.800Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.logged_in", @@ -30,7 +30,7 @@ { "@timestamp": "2020-11-12T13:24:40.317Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "api.access", @@ -57,7 +57,7 @@ { "@timestamp": "2020-11-11T21:00:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.user.invite", @@ -85,7 +85,7 @@ { "@timestamp": "2020-11-15T06:02:45.497Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "org.user.role.edit", diff --git a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 3cd60c70d32..8feb4195305 100644 --- a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk Audit logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/audit/sample_event.json b/packages/snyk/data_stream/audit/sample_event.json index f540cb072d0..e94b8500d10 100644 --- a/packages/snyk/data_stream/audit/sample_event.json +++ b/packages/snyk/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json index 5a0c129e431..df61ad66c86 100644 --- a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json +++ b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161128\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":4.05,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-07\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -113,7 +113,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161121\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2017-1000228\"],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":619,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-13\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"id\":\"SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"title\":\"Insecure Randomness\",\"type\":\"vuln\",\"package\":\"github.com/satori/go.uuid\",\"version\":\"#000000000000\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"=1.2.0\"],\"hashesRange\":[\"\u003e=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c \u003cd91630c8510268e75203009fe7daf2b8e1d60c45\"],\"vulnerableHashes\":[\"c596ec57260fd2ad47b2ae6809d6890a2f99c3b2\",\"36e9d2ebbde5e3f13ab2e25625fd453271d6522e\",\"f6920249aa08fc2a2c2e8274ea9648d0bb1e9364\",\"0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c\"]},\"isIgnored\":false,\"publicationTime\":\"2018-10-24T08:56:41.000Z\",\"disclosureTime\":\"2018-03-23T08:57:24.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-338\"]},\"credit\":[\"josselin-c\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":405,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-17\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -334,7 +334,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"id\":\"SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"title\":\"Denial of Service (DoS)\",\"type\":\"vuln\",\"package\":\"github.com/go-yaml/yaml\",\"version\":\"2.1.0\",\"severity\":\"medium\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"medium\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"\u003c2.2.8\"],\"hashesRange\":[\"53403b58ad1b561927d19068c655246f2db79d48\"],\"vulnerableHashes\":[\"dd8f49ae7840d1fc6810d53ee7b05356da92f81f\",\"d4766d1dff71f8a135a57e1fcff946c8c1a140ab\",\"2aba0a492be00f1eb4d95483b08930ebe4968b64\",\"3b0eedc5a476efc2b2e025eff55b2fd08fa32abd\",\"2f2fd02e5a54a7d4f5e5d3494b170b0cb9275c92\",\"7ad95dd0798a40da1ccdff6dff35fd177b5edf40\",\"f7716cbe52baa25d2e9b0d0da546fcf909fc16b4\",\"1ff37a7d30b085dc643dee7adb18759e3511661a\",\"eca94c41d994ae2215d455ce578ae6e2dc6ee516\",\"b0c168ac0cf9493da1f9bb76c34b26ffef940b4a\",\"77373ee937410eceadc4dc64b1100d897ed593d0\",\"025607cd2e381e6e08a56ffec46ac79e23ca2d88\",\"7d17c9173a3d25ebba15cedb25b5205bdfb1eac8\",\"ca3d523f32f3b33fb3265bfeb8e11003a8670e3d\",\"85db785e81ed62ffae7a145404fc0f022335378c\",\"a72a87d92dad7563e31c2c007e8d67f93d67f221\",\"1be3d31502d6eabc0dd7ce5b0daab022e14a5538\",\"90376f16b6d74c4e2fff21dd24397bec3dc62dd5\",\"bb263360b83253468e534d974aabeddd6c22f887\",\"d466437aa4adc35830964cffc5b5f262c63ddcb4\",\"d6c23fbaf16f72995b58492627e65801cfb9a8dd\",\"e4d366fc3c7938e2958e662b4258c7a89e1f0e3e\",\"60a2abf4e00318875a661c29b36df7a68e484bf4\",\"f4d271a8a289b41fa88b802c430fefde4e018bba\",\"10c59a7d91867c206737dcd482fe68906a1484ca\",\"d0b6f3facf302fb1bf969a12bad68ce720b3c025\",\"4d6bb54d8acc91e147763cea066cff0b89437e90\",\"1244d3ce02e3e1c16820ada0bae506b6c479f106\",\"49fdd64ad429d146bacf7106dd73078e889be2e8\",\"8e626dec39b5836cef636d885e33479debcf0cb1\",\"4914593b9558e85597f08346c798aea8f6fb899f\",\"031c922227a592b2b562a1833438308381f9a8bf\",\"b51f82a2e3cbedab685908bd64d61d0a1b781754\",\"c75e52ecee48db6de9aa73d00a360d43abf3e7ac\",\"857a0b2759f87f47aaebad6dd319cf4f887eb6dc\",\"5887bc194be84805c8283e9d9a66102bf9571fca\",\"a528d0ef484d32e416d7b9c4a249d1fa7111be6e\",\"5b18502a28c65dfd209ea5aebb405fb6fc07f7e1\",\"5d6f7e02b7cdad63b06ab3877915532cd30073b4\",\"9c272e25743608d6d3287141522eb4506b2dac45\",\"125a562d7bf105e062ed2adfb2d37e6f11c209bd\",\"87e4a22b684220ccca96de3f2e651b2380a55f9e\",\"d56ec34a3ded0bb58c82198664664ccb81eec91b\",\"b754a4fe6ad8db932e083a2d85ae2199b3516bef\",\"04092268b2c5e87e6373229049c827b833af4edb\",\"f59f5e67022f3c186e20af01b1993b86ac74f0dc\",\"52d5976e4791cf8c96a9de7569098e3752677412\",\"770b8dae4cf00919e5eafffbd8d58186294b61b5\",\"71e7ede9d48a2e096f6d5d0516c763513a471bd1\",\"b01920c75e30179201b01633db246038b0226ce9\",\"ef0aede23c8c624e127a9a59183ee8915e48a3c9\",\"1632dd8118ce1efece66b7f53bb167956d5d8b4e\",\"05299e459464264cd87a230b62d1aca93725c51b\",\"d00346f943c9d2c43424c8a3840f5ca58817750d\",\"49c95bdc21843256fb6c4e0d370a05f24a0bf213\",\"088598405c86d37e951287d094d691e221654a00\",\"c11897f0ba79d8a35d8a124ff0d76e13d9dccb9b\",\"711419034010345c604724ef87ec3db91ffe0936\",\"3e6d767784b037b90a14701b6c9f0643f05db963\",\"a83829b6f1293c91addabc89d0571c246397bbf4\",\"ee2f4956ea46791a74a31142105f03c0d5f9492b\",\"7b079234548be56f14c6e342d4660aa8d54865b7\",\"b7fbda9990042cd5456fdf187480c25fdd776f92\",\"a6dc653f939ab0e6a554873806c41add1140d90c\",\"687eda924018599a7c4518013c369f0bfb7eb0e1\",\"fa9662d290d59b79f2ef7e1f72c885560efe512d\",\"e47eca576e8f3a433de0ba77f1923e7c7f959667\",\"e90bcf783f7abddaa0ee0994a09e536498744e49\",\"fdc1ab46101a842d9e914408bd481f6647d5f9c1\",\"f0766b44ca7999dc9af38a050ddf6db79d05bf3b\",\"cdd36ee8d333aa740c1c0bceae0da74969b2c60b\",\"7701d177ce02b7bd38c4ebd2ba4a7783080505ae\",\"2c1be0d7f7ff8305cf666e89152e9753c8b39004\",\"97203c6e4fc7347bfef3bd6d4913e90bd46c7ecb\",\"7c97801ccf41d5273de9e22c8b2af6860c7703a2\",\"7002636de42c9ef59a2921bb4f78744cabe8bfe3\",\"0725b7707fdeeb6894c403d0f5a2a20e1dc7454d\",\"1dd72ac3928693b9db2533639dfc2a5f831697eb\",\"73a1567027eea2fab2b057a193036f844736f7da\",\"7539b1dee2c790ab2d1aa5e254ef877f5552ff97\",\"920b7d819b42f26f4796e4a43f518090a7a6331f\",\"1f64d6156d11335c3f22d9330b0ad14fc1e789ce\",\"1b9791953ba4027efaeb728c7355e542a203be5e\",\"1ed59511881fdb008c1e618e9f219ce0704e658e\",\"c325d146e464fb9567e780ddfa2dad3a99323075\",\"0ee36981cbf495d5eb6aeb540a3afc25c61d1a96\",\"c4a9fb418357aceb801272d73efd518f183700fa\",\"a347d2466e459933f4fb25f8026d995977436ccf\",\"f221b8435cfb71e54062f6c6e99e9ade30b124d5\",\"5206f6dd03423b3a5462a2a4286a4efae8abe347\",\"a1c4bcb6c278a41992e2f4f0f29a44b4146daa5c\",\"4ca689e686c2caf4dda3a62936c097d6dfb56877\",\"119a11e4378a0410c69c42d82f51331a6da7a97c\",\"c7da9dcff86f24fcfdc15e1f9fa39dfc19784616\",\"f29dde21846f6357ee4421013b59eefd65c069b0\",\"5515099aacaeb9ff3ab7492f0803327bb19fc512\",\"1c9241b56a03383c77e1c33d86ea6ca4a927153e\",\"86f5ed62f8a0ee96bd888d2efdfd6d4fb100a4eb\",\"1f2a25ba9402c70a7806e84531ef763943739072\",\"1418a9bc452f9cf4efa70307cafcb10743e64a56\",\"65b1927d8262617ca3d25f296fdde1e8c48f813d\",\"2bf60357b89cbc6044dde700cf63bab94a615bf7\",\"c6314f5b627e2a1c1846d89cd775de6b2808d37e\",\"50e1b1b1332ea40fff2a9b13bfbccbbecd526f00\",\"50f7813e6b19e58334360ab011dfbaece5b1501f\",\"a311394a2a9276454d3f92d26838c3ae3d99cdf3\",\"79f5ef7c40ae7a4ee6bcd26d324bf50491b431e5\",\"731788bc8b082f8c81c63ca0abd5950c7a68a2f1\",\"6491ec31f7b0d27492e3046c86de94838dcb523c\",\"41168bb7ed2fc849bc36727a2b902bd8f447bfc2\",\"bc27649cd5454055cf20fdb9ef556c214d3f9aa0\",\"d6b53382672776035ad8ef0404681f8a4a16bb95\",\"8eba062837dc10754db7cbafcbedbfbc985ca172\",\"837b0877fcd6b2c8ba83d126917267695ff16ad8\",\"72c33f6840f49f9ed7d1faef7562b3266640fdf4\",\"26b882523374125854702734c30b0ce6a1a18d7b\",\"e90048704a8adb0b81b2e15ebafd1a35fa110903\",\"4fc5987536ef307a24ca299aee7ae301cde3d221\",\"4341420a144323d3f148ece677a20da6e077cfd2\",\"5c8bfe59213b6e9a5eb50debebc396e99a9fa174\",\"200c098a06472243b50aeda4510220a90c4e7dbe\",\"de3643d77b438c6f0f69f350c437639a300b5e73\",\"9a4310b1caff4cca3780580195a916ca060d08f7\",\"91eb945ac02153399ac9f69e34751f1a176254c3\",\"4cdd993908b57c3b87bef0695e5ca989151ad55f\",\"7ddc4634ce2d8ca5c03846918ae1df6aa40ee464\",\"ec232d2920a84930b077414b60b5985e076ae228\",\"2c8612dfee1362e7e482c66c5feb892a94d53255\",\"d670f9405373e636a5a2765eea47fac0c9bc91a4\",\"e9bfed595636e952566e5cb857c22b918f2530a2\",\"c1cd2254a6dd314c9d73c338c12688c9325d85c6\",\"df747160af0ebfcc572951e4168d4b1bc91a47f5\",\"a65e08b08285cef29253c50ffd92469bf6e26a29\",\"e6da37e746419537560c1e95e429f42b33f6d0e3\",\"eea198a9c5cc6e02bfcd130a932051088a9f0950\",\"6675ed2a9028caf87bb5915503c08a595e57b77d\",\"562080bfe963d41a6870a4c500918f6361a0b61f\",\"8171f560dedcb162dd3d2c925015679e84bac269\",\"c78cd3ebd83777ac093137fbb55c33a9d3f65819\",\"e4ac4c457c23b390e7fd75ddf746c5a69aa8cfd5\",\"93d787c44dc828e1c67fa275cb66eb86bb2929f8\",\"7cdd87a79f79db641dae55776224443026d28928\",\"406cad6bb47dd7d9a123d005fb8ff766f6463051\",\"523c7d9470684b02d902e8d986cd9eea66884755\",\"9ca8abd6882a6e741166e6ec946a73f3a64df65a\",\"885e19c0dda1f4e4e22837474879f8f3d36fb449\",\"e8976af76e3d35c48f8b2c9540cca3e92995fbc6\",\"addb3a024ff5763c8facbe4767fe530d602cfedc\",\"c7f6f9c6e6c14027a46eb91241427dba67604f39\",\"0a6d1b02c16e372ceea8f17f3b1833b918954bf1\",\"835086a6b6aa65939515e30b5d6c2eba43d7c075\",\"7b8fd2dbef04521fdd8d670ef4c77be691845aa2\",\"3eb2270747cdd89e3f095cb24e8dd4ccf2a098f6\",\"1d653a737648051ca638423377052c2f5c10c050\",\"14d1c4659ec7b9ee26f5d705f3c2bb56cb6cbee4\",\"c544d0342172409bd9c8f7c45d9fb21971c8aee9\",\"6941443daa441371720e9ef8f3554c3958cfb071\",\"f8db564a0a4a5f6d04f66522493597f18e5ab4ae\",\"7c634f6a68c1076d3cfdc56930db26e86f7876d7\",\"f7e23311052d3dda728ce15788fb3727898afa17\",\"8691640bc70f3d96128a809341d850b550a3abb9\",\"b9b22c434500d7639936fbed673fc0ef23ce88f6\",\"d6385b38675d8d03521c9290f4f3d7bff08664c0\",\"4c78c975fe7c825c6d1466c42be594d1d6f3aba6\",\"54c736c86c9bcc793fb4bd6f203604cd738dc0e9\",\"722ff6b958a31d4ca3405db35a72648a6077a6bb\",\"2afc2e57e051513a3f5f67e74857696a8558d67b\",\"283fbcdd1e64975730a38609f8802ef983a43cb9\",\"ab5d55c35f3919fe06e9daedce5a32f4aab23777\",\"e2fbf5b72a6a12abd15be9b37656a0a136fc32f8\",\"399c3345e0f76f583d830cd7da27518bbb00c91a\",\"b6679148d27038e59d7818facc4d100e677a64ae\",\"43a0256bb22b0c2e1803ac6e28f55e5989a60523\",\"f5f5cc19d1f681884684426c96adadef47a3b55c\",\"787afde64d7b36591050440c4a14c2288b373de6\",\"7b8349ac747c6a24702b762d2c4fd9266cf4f1d6\",\"0e4404da71227dcc02fb1deee803d93e86d08f72\",\"a95acef3719e5e9f7614cc90a119dee4699291eb\",\"3ba0e99ffa727bd7eb782b7a5d1aafcb989b0899\",\"5edc3ded41385ca1b9a80339d2a070e4d0a17cb6\",\"2c9db3558be789ef3896b03ed3f354b822c304b9\",\"a833012353d046b1f12c82db87d01c86570b24d7\",\"77b516425597da3c093a666c11608112e91604de\",\"1ade51a028efa6990b524e0b01237dbd9123957d\",\"9e27074feeaed4b0ae4e5e71187eff80c0f0bf35\",\"cd515839285fe1a31b92193360172d59f818c9b8\",\"9f33a69b86c3c76c52e41d12d83e233065bfcca9\",\"36babc3691687601732d9e2571b698be4116469a\",\"51d6538a90f86fe93ac480b35f37b2be17fef232\",\"31c299268d302dd0aa9a0dcf765a3d58971ac83f\",\"3e92d6a11b92fa4612d66712704844bdc0c48aed\",\"9211cbc02789a32acf5e90c23a42f040ac3ec3f8\",\"0cb32393ebcfc65467398e5daadfb63b2184caea\",\"0f9a5c380d77a8b2888a78c3d3a14db15949b1fa\",\"82377a97b299347cd15cc1be13e1c8d04e33efbb\",\"fe9486c37432968838e1798b2317dc1aa10b586b\",\"77b384eced7745af978888311ea3c67e57c7ed96\",\"fc7f19eff1782a0beae3065097c776183e7d01d0\",\"dbd6d0229d1f1e1c3055cd82efb81f60a27d1103\",\"25c4ec802a7d637f88d584ab26798e94ad14c13b\",\"5e76f7cf8cb1fc353b84b96c72a36c4984cbd005\",\"a5844a8f8f489bad96ab6da62cfa21ee1f5d9e6b\",\"41c132e8ac051886e4eb06e7c3d58ced63d58057\",\"4f03e946c120a8f146f43bee6f392f9bb5d0a677\",\"287cf08546ab5e7e37d55a84f7ed3fd1db036de5\",\"1092c5d94f266e0f94e485a24f7010da877eeba0\",\"910de082618d0d8ccac6443a6e7a72cc8bcd5227\",\"feb4ca79644e8e7e39c06095246ee54b1282c118\",\"3c68098bffba683534584be69216dac3a2b2305a\",\"3323b7713e656f16fbd0eec27c60370b6237f4e3\",\"f3293401ceedf2a32a1c22cb062b274dba6be798\",\"43607cc2a1772b23faf366c24b8e33541187b64d\",\"add015b1c64e144664b73d5eacfeb6aeace2e45c\",\"3e69410288aeb97d31353af8e063b798d40feb3f\",\"39e59aa7e15898a87148f0f4891a085c83b9b0fc\",\"a3f3340b5840cee44f372bddb5880fcbc419b46a\",\"05d405925260878bd750ea7d96c746c2d726b349\",\"65622dcbf4c25328cd440d1b322c6530abe83337\",\"8ca81d591dc2242f9c4b7a907533f0b7f93802b5\",\"3d8cfc3754fba03b8f1a0d44ea4e6e870cf86c57\",\"eb3733d160e74a9c7e442f435eb3bea458e1d19f\",\"d0fefed9b627fbe0c1597ac29ed5f48ff2eb9064\",\"dcd83b31fd165d8cc8677fce58f889dca3e06f35\",\"7f97868eec74b32b0982dd158a51a446d1da7eb5\",\"925f818e2c358746b3a14bf3e5614db14208037f\",\"c95af922eae69f190717a0b7148960af8c55a072\",\"0516c53462e633a479f3826e1d3557033413eeb8\",\"53087c11c10b453af4f2eb47471434eae75526f9\",\"5420a8b6744d3b0345ab293f6fcba19c978f1183\",\"fb03f24d58ac0c7a3d85edc1b91dfcfea4329883\",\"08434a82b8376f585898a97654ce18065d14cb97\",\"a5b47d31c556af34a302ce5d659e6fea44d90de0\",\"838f4ea96166350b9185bf3d2cbf786d34127ca2\",\"f2d2788ce5b1741745c0d1a853e856b5b77376b2\",\"284796d39ddb313ec0ae04898de280d41fe32479\",\"970885f01c8bc1fecb7ab1c8ce8e7609bda45530\",\"4f3d34e492b8930c50204a216d960e7da0dc5f63\",\"9f389a1f0b1d442eba00213e7aa09ccd878d18b0\",\"1b2e8c1531abbfe7dcd3de8ff4483326af275bc8\",\"14227de293ca979cf205cd88769fe71ed96a97e2\",\"e72f93569ef83aca933836c2fb9185faeeced236\",\"3b4ad1db5b2a649883ff3782f5f9f6fb52be71af\",\"a0ae8d516398f3724bb3db614ab47f0e4f643f2e\",\"f7a330473f18ddc052fce1f71a2b2d1231860f71\",\"81205292aba40f8868069e2f18d90043d3e724a6\",\"059398de19c863a04c55315526d6c226de540aa1\",\"e6ec13e5a80029d7ebcbc2c90d16ce5ff1fa6c84\",\"8173ecbc8953a159ae0fa2fad94adf3553b0bf8e\",\"b7dfe2d918fda477aa5b42519294b5ada3c991fa\",\"b6b591a3c0ec0452719f4d4555a3e084fd9f12fb\",\"ba29208cca8f239f2cea685183f79df8e4defc29\",\"422f540d2e1f1b41b6184903cd1eb69c777df1bb\",\"914e67f109a574665d15c0d179cdc796abefb176\",\"1bf6a7ce154075e61134f8a68dd50902c3027a10\",\"2628b30e544c309ac3d0c8cd7e78a785400cd41f\",\"0846a25da24891a7b3c725bc190493b5f7525db8\",\"4cadac2bc790baeffa0a7fa19689223966a64c24\",\"b3031338ac8e006cbd668f67c36c24d2c5e64b6d\",\"cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b\",\"205b70273c7999d96b32db43ab54337690817184\",\"62e345dcf33dd13810ceba10407c30a7db6a0958\",\"53feefa2559fb8dfa8d81baad31be332c97d6c77\",\"e720624475f3807e3dc6477e7af6feb09da0b848\",\"bd61a856f807e525beaee41959452c88c83d46cf\",\"f90ceb4f409096b60e2e9076b38b304b8246e5fa\",\"3c0d4d4f56c36fcfd2da00ff26c40046512b4208\",\"1f1f61830e4c9f1eff03047c9d1d11e576853bc4\",\"f96735bc0fa70a12e9f41277b2d909e0c477ee30\",\"e334f8522ac9fe2b381c329b3159a328eeb14f76\",\"18e5f12b39cb93b31a249fb7115b9bbf6162aeeb\",\"b3472531944cd769419f297322dc285a0fc0d6cc\",\"3e542fbf7c84c0bf22f51ad07899cf80f8658caa\",\"00efe9c47819ca58089c4bd5d1d8463248e23228\",\"670d4cfef0544295bc27a114dbac37980d83185a\",\"8ed39f36d6f36299d2ce5f9b35a05d048500f777\",\"bb4e33bf68bf89cad44d386192cbed201f35b241\",\"bef53efd0c76e49e6de55ead051f886bea7e9420\",\"9eade332f0ceebc6b7c9e24893574cad4c51722b\"]},\"isIgnored\":false,\"publicationTime\":\"2020-04-02T11:29:49.000Z\",\"disclosureTime\":\"2020-03-26T11:30:05.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2019-11254\"],\"CWE\":[\"CWE-1050\"]},\"credit\":[\"Unknown\"],\"CVSSv3\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"cvssScore\":\"6.5\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":325,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-29\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" diff --git a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml index 7638b29c1c4..a21a1f6dd66 100644 --- a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk vulnerability logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/vulnerabilities/sample_event.json b/packages/snyk/data_stream/vulnerabilities/sample_event.json index 69a25661df0..2019b0ee313 100644 --- a/packages/snyk/data_stream/vulnerabilities/sample_event.json +++ b/packages/snyk/data_stream/vulnerabilities/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/docs/README.md b/packages/snyk/docs/README.md index aece9536d0e..0bf8a7729a8 100644 --- a/packages/snyk/docs/README.md +++ b/packages/snyk/docs/README.md @@ -28,7 +28,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", @@ -137,7 +137,7 @@ An example event for `vulnerabilities` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/manifest.yml b/packages/snyk/manifest.yml index eb10e7a8905..5b55c201cce 100644 --- a/packages/snyk/manifest.yml +++ b/packages/snyk/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: snyk title: "Snyk" -version: "1.6.0" +version: "1.7.0" license: basic description: Collect logs from Snyk with Elastic Agent. type: integration From 894322d70ec9075445a7bb471c2694216370c96a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:52 +0530 Subject: [PATCH 098/137] [sonicwall_firewall] - update ECS to 8.7.0 from 8.6.0 This updates the sonicwall_firewall integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/sonicwall_firewall --- .../sonicwall_firewall/_dev/build/build.yml | 2 +- packages/sonicwall_firewall/changelog.yml | 5 + .../test-drizzthacker.log-expected.json | 64 ++-- .../pipeline/test-general.log-expected.json | 76 ++--- .../test/pipeline/test-nat.log-expected.json | 8 +- .../test-sonicos70-aws.log-expected.json | 292 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/sonicwall_firewall/docs/README.md | 2 +- packages/sonicwall_firewall/manifest.yml | 2 +- 10 files changed, 230 insertions(+), 225 deletions(-) diff --git a/packages/sonicwall_firewall/_dev/build/build.yml b/packages/sonicwall_firewall/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/sonicwall_firewall/_dev/build/build.yml +++ b/packages/sonicwall_firewall/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 731fbcfc8eb..452d77ceefd 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.3.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json index 2d2b1fa501d..c3ec90c7b68 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -91,7 +91,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -183,7 +183,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -260,7 +260,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1220", @@ -303,7 +303,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "session-start", @@ -379,7 +379,7 @@ "port": 45071 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -457,7 +457,7 @@ "port": 35878 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -544,7 +544,7 @@ "port": 10617 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "866", @@ -620,7 +620,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "867", @@ -694,7 +694,7 @@ "port": 56432 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "internal-log-failure", @@ -770,7 +770,7 @@ "port": 22402 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -840,7 +840,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1231", @@ -904,7 +904,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "326", @@ -965,7 +965,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1232", @@ -1013,7 +1013,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "586", @@ -1055,7 +1055,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "307", @@ -1099,7 +1099,7 @@ "ip": "172.16.1.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "584", @@ -1146,7 +1146,7 @@ { "@timestamp": "2022-04-28T06:38:51.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1371", @@ -1184,7 +1184,7 @@ "port": 37462 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1370", @@ -1253,7 +1253,7 @@ "port": 12137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -1331,7 +1331,7 @@ "port": 61017 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -1420,7 +1420,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "436", @@ -1467,7 +1467,7 @@ { "@timestamp": "2022-04-27T23:04:26.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "585", @@ -1513,7 +1513,7 @@ "port": 81 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-blocked", @@ -1585,7 +1585,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "session-end", @@ -1661,7 +1661,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "session-end", @@ -1725,7 +1725,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-success", @@ -1801,7 +1801,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "logout", @@ -1874,7 +1874,7 @@ "ip": "172.16.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "435", @@ -1921,7 +1921,7 @@ { "@timestamp": "2022-04-29T03:46:56.000+02:00", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "internal-log-failure", @@ -1976,7 +1976,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1230", @@ -2028,7 +2028,7 @@ "port": 4444 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-failure", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json index 1f0906f3322..006f9ab133c 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json @@ -7,7 +7,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -84,7 +84,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-failure", @@ -158,7 +158,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -236,7 +236,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -306,7 +306,7 @@ "port": 1026 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -380,7 +380,7 @@ "port": 41850 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -466,7 +466,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -533,7 +533,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -610,7 +610,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "login-failure", @@ -684,7 +684,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -761,7 +761,7 @@ "port": 6822 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-dropped", @@ -840,7 +840,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -917,7 +917,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "346", @@ -983,7 +983,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1048,7 +1048,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "483", @@ -1102,7 +1102,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1169,7 +1169,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1236,7 +1236,7 @@ "port": 50000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -1317,7 +1317,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -1393,7 +1393,7 @@ "port": 3582 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1458,7 +1458,7 @@ "ip": "192.168.5.10" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1515,7 +1515,7 @@ "ip": "::1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1592,7 +1592,7 @@ "mac": "00-53-00-00-00-0C" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "id=firewall sn=XXXXXXX time=\"2015-11-21 14:30:38\" fw=10.0.0.1 pri=5 msg=\"Unhandled link-local or multicast IPv6 packet dropped\" srcV6=fe80::d4db:99b9:6f20:f6bd dstV6=ff02::c srcMac=00:53:ff:ff:55:55 dstMac=00:53:00:00:00:0c proto=udp/65535", @@ -1647,7 +1647,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "1388", @@ -1709,7 +1709,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-info", @@ -1791,7 +1791,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -1890,7 +1890,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1996,7 +1996,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -2102,7 +2102,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -2210,7 +2210,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -2313,7 +2313,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -2422,7 +2422,7 @@ "port": 8800 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -2505,7 +2505,7 @@ "port": 1850 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-detected", @@ -2603,7 +2603,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "97", @@ -2707,7 +2707,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "attack-blocked", @@ -2797,7 +2797,7 @@ "port": 4433 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -2895,7 +2895,7 @@ "port": 4433 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -2984,7 +2984,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json index c2c90b86041..558f51b35d4 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json @@ -11,7 +11,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", @@ -87,7 +87,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", @@ -166,7 +166,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", @@ -242,7 +242,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json index d9b6125cd61..85705a577fe 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json @@ -9,7 +9,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -111,7 +111,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -213,7 +213,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -313,7 +313,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -407,7 +407,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -506,7 +506,7 @@ "port": 64889 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -607,7 +607,7 @@ "port": 64889 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -695,7 +695,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "config-change", @@ -780,7 +780,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "config-change", @@ -867,7 +867,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -973,7 +973,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -1079,7 +1079,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -1175,7 +1175,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -1363,7 +1363,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1460,7 +1460,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -1551,7 +1551,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -1648,7 +1648,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -1752,7 +1752,7 @@ "port": 64891 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -1853,7 +1853,7 @@ "port": 64891 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -1954,7 +1954,7 @@ "port": 64890 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2055,7 +2055,7 @@ "port": 64890 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2156,7 +2156,7 @@ "port": 64892 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2257,7 +2257,7 @@ "port": 64892 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2345,7 +2345,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -2442,7 +2442,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -2535,7 +2535,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -2641,7 +2641,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -2758,7 +2758,7 @@ "port": 64893 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2859,7 +2859,7 @@ "port": 64893 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -2949,7 +2949,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -3055,7 +3055,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -3159,7 +3159,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -3256,7 +3256,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -3360,7 +3360,7 @@ "port": 64894 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -3461,7 +3461,7 @@ "port": 64894 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -3549,7 +3549,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -3646,7 +3646,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -3750,7 +3750,7 @@ "port": 64895 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -3851,7 +3851,7 @@ "port": 64895 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -3941,7 +3941,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -4047,7 +4047,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -4153,7 +4153,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -4249,7 +4249,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -4346,7 +4346,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -4437,7 +4437,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -4534,7 +4534,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -4638,7 +4638,7 @@ "port": 64896 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -4739,7 +4739,7 @@ "port": 64896 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -4840,7 +4840,7 @@ "port": 64897 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -4941,7 +4941,7 @@ "port": 64897 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -5029,7 +5029,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -5126,7 +5126,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -5230,7 +5230,7 @@ "port": 64898 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -5331,7 +5331,7 @@ "port": 64898 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -5419,7 +5419,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -5516,7 +5516,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -5609,7 +5609,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -5715,7 +5715,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -5832,7 +5832,7 @@ "port": 64899 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -5933,7 +5933,7 @@ "port": 64899 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -6023,7 +6023,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -6129,7 +6129,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -6233,7 +6233,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -6330,7 +6330,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -6434,7 +6434,7 @@ "port": 64901 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -6535,7 +6535,7 @@ "port": 64901 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -6623,7 +6623,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -6720,7 +6720,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -6811,7 +6811,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -6908,7 +6908,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -7012,7 +7012,7 @@ "port": 64903 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7113,7 +7113,7 @@ "port": 64903 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7214,7 +7214,7 @@ "port": 64902 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7315,7 +7315,7 @@ "port": 64902 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7403,7 +7403,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -7500,7 +7500,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -7604,7 +7604,7 @@ "port": 64904 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7705,7 +7705,7 @@ "port": 64904 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -7793,7 +7793,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -7890,7 +7890,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -7983,7 +7983,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -8089,7 +8089,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -8195,7 +8195,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -8312,7 +8312,7 @@ "port": 64905 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -8413,7 +8413,7 @@ "port": 64905 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -8503,7 +8503,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -8607,7 +8607,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -8697,7 +8697,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -8783,7 +8783,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -8889,7 +8889,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -8983,7 +8983,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -9077,7 +9077,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -9171,7 +9171,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -9268,7 +9268,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -9365,7 +9365,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -9456,7 +9456,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -9553,7 +9553,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -9657,7 +9657,7 @@ "port": 64906 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -9758,7 +9758,7 @@ "port": 64906 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -9859,7 +9859,7 @@ "port": 64907 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -9960,7 +9960,7 @@ "port": 64907 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -10048,7 +10048,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -10145,7 +10145,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -10249,7 +10249,7 @@ "port": 64908 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -10350,7 +10350,7 @@ "port": 64908 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -10438,7 +10438,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -10535,7 +10535,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -10628,7 +10628,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -10734,7 +10734,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -10851,7 +10851,7 @@ "port": 64909 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -10952,7 +10952,7 @@ "port": 64909 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -11042,7 +11042,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -11148,7 +11148,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -11246,7 +11246,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -11350,7 +11350,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -11447,7 +11447,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -11551,7 +11551,7 @@ "port": 64910 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -11652,7 +11652,7 @@ "port": 64910 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -11742,7 +11742,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -11850,7 +11850,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -11935,7 +11935,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", @@ -12012,7 +12012,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -12097,7 +12097,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-forwarded", @@ -12172,7 +12172,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -12268,7 +12268,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -12365,7 +12365,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -12456,7 +12456,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -12553,7 +12553,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -12657,7 +12657,7 @@ "port": 64913 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -12758,7 +12758,7 @@ "port": 64913 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -12859,7 +12859,7 @@ "port": 64912 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -12960,7 +12960,7 @@ "port": 64912 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -13055,7 +13055,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -13145,7 +13145,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -13228,7 +13228,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -13325,7 +13325,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -13416,7 +13416,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-start", @@ -13513,7 +13513,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "packet-management", @@ -13617,7 +13617,7 @@ "port": 64914 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -13718,7 +13718,7 @@ "port": 64914 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -13808,7 +13808,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -13914,7 +13914,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", @@ -14031,7 +14031,7 @@ "port": 64915 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -14132,7 +14132,7 @@ "port": 64915 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-denied", @@ -14222,7 +14222,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 34bffd54e36..6b3c0f61a8f 100644 --- a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SonicWall firewall logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: observer.vendor diff --git a/packages/sonicwall_firewall/data_stream/log/sample_event.json b/packages/sonicwall_firewall/data_stream/log/sample_event.json index dba8faaf41b..15846c2155a 100644 --- a/packages/sonicwall_firewall/data_stream/log/sample_event.json +++ b/packages/sonicwall_firewall/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 64889 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/docs/README.md b/packages/sonicwall_firewall/docs/README.md index 1aa9b06a8f8..51988b19dcb 100644 --- a/packages/sonicwall_firewall/docs/README.md +++ b/packages/sonicwall_firewall/docs/README.md @@ -109,7 +109,7 @@ An example event for `log` looks as following: "port": 64889 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index e91b99f3768..c34b023f470 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.3.2" +version: "1.4.0" license: basic release: ga description: "Integration for SonicWall firewall logs" From 815dc847938ee14ff9b58d7d857a6a2361e6e55e Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:56 +0530 Subject: [PATCH 099/137] [sophos] - update ECS to 8.7.0 from 8.6.0 This updates the sophos integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/sophos --- packages/sophos/_dev/build/build.yml | 2 +- packages/sophos/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../test-packet-filter.json-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../sophos/data_stream/utm/sample_event.json | 2 +- ...st-sophos-18-5-anti-spam.log-expected.json | 38 ++-- ...phos-18-5-anti-virus-ftp.log-expected.json | 4 +- ...hos-18-5-anti-virus-smtp.log-expected.json | 6 +- ...phos-18-5-anti-virus-web.log-expected.json | 4 +- ...sophos-18-5-atp-firewall.log-expected.json | 4 +- ...phos-18-5-authentication.log-expected.json | 6 +- ...5-content-filtering-http.log-expected.json | 16 +- ...ering-web-content-policy.log-expected.json | 2 +- ...est-sophos-18-5-firewall.log-expected.json | 32 +-- .../test-sophos-18-5-idp.log-expected.json | 8 +- ...st-sophos-18-5-sandstorm.log-expected.json | 10 +- ...sophos-18-5-systemhealth.log-expected.json | 10 +- ...est-sophos-18-5-wireless.log-expected.json | 4 +- .../pipeline/test-sophos-xg.log-expected.json | 182 ++++++++-------- .../test-xg-cfilter-new.log-expected.json | 100 ++++----- .../test-xg-event-new.log-expected.json | 6 +- .../test-xg-firewall-new.log-expected.json | 100 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../sophos/data_stream/xg/sample_event.json | 2 +- packages/sophos/docs/README.md | 4 +- packages/sophos/manifest.yml | 2 +- 27 files changed, 380 insertions(+), 375 deletions(-) diff --git a/packages/sophos/_dev/build/build.yml b/packages/sophos/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/sophos/_dev/build/build.yml +++ b/packages/sophos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index b7c23440021..56851ffbd5f 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json index b61b7a71b16..59a7405152d 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:1:29-06:09:59 localhost.localdomain smtpd[905]: MASTER[nnumqua]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:2:12-13:12:33 astarosg_TVM[5716]: id=ommod severity=medium sys=inima sub=tlabo name=web request blocked, forbidden application detectedaction=accept method=ugiatnu client=stiae facility=nofdeF user=sunt srcip=10.57.170.140 dstip=10.213.231.72 version=1.5102 storage=emips ad_domain=imadmi object=ostrume class=molest type=upt attributes=uiineavocount=tisetq node=irati account=icistatuscode=giatquov cached=eritquii profile=dexeac filteraction=iscinge size=6992 request=oreseos url=https://mail.example.net/tati/utaliqu.html?iquaUten=santium#iciatisu referer=https://www5.example.org/eporroqu/uat.txt?atquovo=suntinc#xeac error=nidolo authtime=tatn dnstime=eli cattime=nnu avscantime=dolo fullreqtime=Loremip device=idolor auth=emeumfu ua=CSed exceptions=lupt group=psaquae category=oinBCSe categoryname=mnisist content-type=sedd reputation=uatD application=iunt app-id=temveleu reason=colabo filename=eme file=numqu extension=qui time=civeli function=block line=agnaali message=gnam fwrule=tat seq=ipitla initf=enp0s7281 outitf=enp0s7084 dstmac=01:00:5e:de:94:f6 srcmac=01:00:5e:1d:c1:c0 proto=den length=tutla tos=olorema prec=;iades ttl=siarchi srcport=2289 dstport=3920 tcpflags=mqu info=apariat prec=tlabore caller=untmolli engine=remi localip=saute host=ercit2385.internal.home extra=run server=10.47.202.102 cookie=quirat set-cookie=llu", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:2:26-20:15:08 eirure7587.internal.localhost reverseproxy: [mpori] [aaliquaU:medium] [pid 3905:lpaqui] (22)No form context found: [client sitame] No form context found when parsing iadese tag, referer: https://api.example.com/utla/utei.htm?oei=tlabori#oin", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:3:12-03:17:42 data4478.api.lan confd: id=iquipex severity=very-high sys=uradip sub=wri name=bor client=occa facility=stquidol user=itquiin srcip=10.106.239.55 version=1.3129 storage=atevel object=nsecte class=itame type=eumfug attributes=litcount=asun node=estia account=eaq", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:3:26-10:20:16 ctetura3009.www5.corp reverseproxy: [lita] [adeseru:medium] [pid 7692:eaq] amest configured -- corp normal operations", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:4:9-17:22:51 localhost smtpd[1411]: MASTER[inculpa]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:4:24-00:25:25 httpproxy[176]: [nse] disk_cache_zap (non) paquioff", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:5:8-07:27:59 ptasnu6684.mail.lan reverseproxy: [orumSe] [boree:low] [pid 945:rQuisau] AH01915: Init: (10.18.13.211:205) You configured ofdeFini(irat) on the onev(aturauto) port!", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:5:22-14:30:33 ssecillu7166.internal.lan barnyard: Initializing daemon mode", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:6:5-21:33:08 ore5643.api.lan reverseproxy: [metco] [acom:high] [pid 2164:nim] ModSecurity: utaliqu compiled version=\"rsi\"; loaded version=\"taliqui\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:6:20-04:35:42 ciun39.localdomain reverseproxy: [iatqu] [inBCSedu:high] [pid 4006:rorsit] AH00098: pid file tionemu overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:7:4-11:38:16 atatnon6064.www.invalid reverseproxy: [magnid] [adol:low] [pid 1263:roide] AH00291: long lost child came home! (pid tem)", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:7:18-18:40:50 gitse2463.www5.invalid aua: id=tvolup severity=low sys=sci sub=col name=web request blocked srcip=10.42.252.243 user=agnaaliq caller=est engine=mquisno", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:8:2-01:43:25 httpproxy[2078]: [mol] sc_server_cmd (umdolors) decrypt failed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:8:16-08:45:59 oriosam6277.mail.localdomain frox: Listening on 10.169.5.162:6676", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:8:30-15:48:33 ptate3830.internal.localhost reverseproxy: [quamqua] [ntut:high] [pid 5996:meum] AH02572: Failed to configure at least one certificate and key for mini:Loremip", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:9:13-22:51:07 nvo6105.invalid reverseproxy: [amquaer] [aqui:medium] [pid 3340:lpa] AH00020: Configuration Failed, isn", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:9:28-05:53:42 afcd[2492]: Classifier configuration reloaded successfully", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:10:12-12:56:16 edic2758.api.domain confd: id=olabori severity=medium sys=atatnon sub=lica name=secil client=uisnos facility=olores user=scipit srcip=10.54.169.175 version=1.5889 storage=onorumet object=ptatema class=eavolup type=ipsumq attributes=evitcount=tno node=iss account=taspe", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:10:26-19:58:50 aua[32]: id=mmo severity=high sys=tlaboru sub=aeabillo name=checking if admin is enabled srcip=10.26.228.145 user=eruntmo caller=nimve engine=usanti", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:11:10-03:01:24 sshd[2051]: Server listening on 10.59.215.207 port 6195.", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:11:24-10:03:59 ectobeat3157.mail.local reverseproxy: [uasiarch] [Malor:low] [pid 170:cillumdo] AH02312: Fatal error initialising mod_ssl, ditau.", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:12:8-17:06:33 ident2323.internal.corp reverseproxy: [hend] [remagna:high] [pid 873:aparia] AH01909: 10.144.21.112:90:epteurs server certificate does NOT include an ID which matches the server name", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2016:12:23-00:09:07 ttenb4581.www.host httpproxy: [rem] main (exer) shutdown finished, exiting", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:1:6-07:11:41 lapari5763.api.invalid frox: Listening on 10.103.2.48:4713", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:1:20-14:14:16 elites4713.www.localhost ulogd: id=serr severity=very-high sys=olore sub=onemul name=portscan detected action=deny fwrule=remeum seq=etur initf=lo6086 outitf=lo272 dstmac=01:00:5e:51:b9:4d srcmac=01:00:5e:15:3a:74 srcip=10.161.51.135 dstip=10.52.190.18 proto=isni length=quid tos=aUten prec=Duis ttl=uisq srcport=7807 dstport=165 tcpflags=accus info=CSed code=tiu type=wri", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:2:3-21:16:50 sam1795.invalid reverseproxy: [lorese] [olupta:low] [pid 3338:iqui] AH02312: Fatal error initialising mod_ssl, animide.", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:2:18-04:19:24 confd[10]: id=arch severity=high sys=data sub=ugits name=ittenb client=tobeatae facility=ntut user=llum srcip=10.232.108.32 version=1.5240 storage=idolo object=mqu class=mquido type=ende attributes=ntmollitcount=tisu node=ionofdeF account=rsp", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:3:4-11:21:59 nostrum6305.internal.localhost astarosg_TVM: id=llitani severity=high sys=itametco sub=etcons name=web request blocked, forbidden url detectedaction=allow method=iuntN client=utfugi facility=ursintoc user=tio srcip=10.89.41.97 dstip=10.231.116.175 version=1.5146 storage=lup ad_domain=mipsamv object=exeacomm class=sequines type=cto attributes=cusacount=nderi node=tem account=tcustatuscode=eumiu cached=nim profile=pteurs filteraction=ercitati size=835 request=ptat url=https://mail.example.net/velillu/ecatcupi.txt?rsitamet=leumiur#ssequamn referer=https://example.com/taliqui/idi.txt?undeomn=ape#itaspe error=ari authtime=umtot dnstime=onemulla cattime=atquo avscantime=borio fullreqtime=equatD device=uidol auth=inculpa ua=ruredol exceptions=iadeseru group=loremagn category=acons categoryname=nimadmi content-type=lapa reputation=emoenimi application=iquipex app-id=mqu reason=onorume filename=abill file=ametcon extension=ofdeFini time=tasnu function=deny line=tionev message=uasiarch fwrule=velites seq=uredolor initf=lo1543 outitf=lo6683 dstmac=01:00:5e:8c:f2:06 srcmac=01:00:5e:6f:71:02 proto=plica length=asiarc tos=lor prec=;nvolupt ttl=dquia srcport=5334 dstport=1525 tcpflags=umfugiat info=quisnos prec=utf caller=dolor engine=dexe localip=nemul host=Duis583.api.local extra=eavolupt server=10.17.51.153 cookie=aperiame set-cookie=stenat", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:3:18-18:24:33 xeaco7887.www.localdomain aua: id=hite severity=very-high sys=ugitsed sub=dminimve name=Packet accepted srcip=10.137.165.144 user=uptate caller=tot engine=reme", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:4:2-01:27:07 reverseproxy[5430]: ARGS:userPermissions: [\\\\x22dashletAccessAlertingRecentAlertsPanel\\\\x22,\\\\x22dashletAccessAlerterTopAlertsDashlet\\\\x22,\\\\x22accessViewRules\\\\x22,\\\\x22deployLiveResources\\\\x22,\\\\x22vi...\"] [severity [hostname \"iscivel3512.invalid\"] [uri \"atcupi\"] [unique_id \"eriti\"]", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:4:16-08:29:41 sockd[6181]: dante/server 1.202 running", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:4:30-15:32:16 dolor5799.home afcd: Classifier configuration reloaded successfully", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:5:14-22:34:50 oreseosq1859.api.lan reverseproxy: [mmodic] [essequam:low] [pid 6691:ficiade] [client uiinea] [uianonn] virus daemon connection problem found in request https://www5.example.com/dantium/ors.htm?sinto=edi#eumiure, referer: https://example.com/adeser/mSe.gif?aute=rchite#rcit", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:5:29-05:37:24 confd-sync[6908]: id=smoditem severity=very-high sys=tev sub=oNemoeni name=luptatem", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:6:12-12:39:58 autodit272.www.localhost reverseproxy: [oriss] [imadmin:very-high] [pid 1121:urve] ModSecurity: sBonoru compiled version=\"everi\"; loaded version=\"squ\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:6:26-19:42:33 rporis6787.www5.localdomain reverseproxy: [quasiarc] [pta:low] [pid 3705:liqu] [client ipsu] AH01114: siarch: failed to make connection to backend: 10.148.21.7", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:7:11-02:45:07 reprehe5661.www.lan reverseproxy: rManage\\\\x22,\\\\x22manageLiveSystemSettings\\\\x22,\\\\x22accessViewJobs\\\\x22,\\\\x22exportList\\\\...\"] [ver \"olor\"] [maturity \"corpo\"] [accuracy \"commod\"] iumd [hostname \"ntore4333.api.invalid\"] [uri \"sitv\"] [unique_id \"equam\"]", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:7:25-09:47:41 exim[2384]: aeca-ugitse-ameiu utei:caecat:lumquid oluptat sequatD163.internal.example [10.151.206.38]:5794 lits", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:8:8-16:50:15 elillu5777.www5.lan pluto: \"elaudant\"[olup] 10.230.4.70 #ncu: starting keying attempt quaturve of an unlimited number", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:8:22-23:52:50 ecatcup3022.mail.invalid xl2tpd: Inherited by nproide", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:9:6-06:55:24 qui7797.www.host ipsec_starter: Starting strongSwan umet IPsec [starter]...", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:9:20-13:57:58 nofdeFin2037.mail.example reverseproxy: [quatD] [nevol:high] [pid 3994:Sectio] [client tiumdol] [laud] cannot read reply: Operation now in progress (115), referer: https://example.org/tquov/natu.jpg?uianonnu=por#nve", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:10:4-21:00:32 sockd[7264]: dante/server 1.3714 running", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:10:19-04:03:07 eFinib2403.api.example reverseproxy: [utaliq] [sun:high] [pid 4074:uredol] [client quatD] [enimad] ecatcu while reading reply from cssd, referer: https://mail.example.org/urautod/eveli.html?rese=nonproi#doconse", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:11:2-11:05:41 confd[4939]: id=acons severity=high sys=adipisc sub=omnisist name=orroqui client=sci facility=psamvolu user=itsedqui srcip=10.244.96.61 version=1.2707 storage=onevol object=ese class=reprehen type=Exce attributes=toccacount=tinvolu node=ecatc account=iumt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:11:16-18:08:15 named[1900]: reloading eddoei iono", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:12:1-01:10:49 obeatae2042.www.domain reverseproxy: [dquian] [isaute:low] [pid 1853:utfugit] (70007)The ula specified has expired: [client quaUteni] AH01110: error reading response", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:12:15-08:13:24 aerat1267.www5.example pop3proxy: Master started", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2017:12:29-15:15:58 writt2238.internal.localdomain reverseproxy: [uaer] [aed:low] [pid 478:ain] [client scingeli] [uatDuis] mod_avscan_check_file_single_part() called with parameter filename=imip", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:1:12-22:18:32 siutaliq4937.api.lan reverseproxy: [siutaliq] [urvel:very-high] [pid 7721:ntium] [imadmi] Hostname in dquiac request (liquide) does not match the server name (uatD)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:1:27-05:21:06 URID[7596]: T=BCSedut ------ 1 - [exit] accept: ametco", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:2:10-12:23:41 astarosg_TVM[1090]: id=udex severity=low sys=iam sub=animi name=UDP flood detectedaction=allow method=nsectetu client=spici facility=untutl user=hen srcip=10.214.167.164 dstip=10.76.98.53 version=1.3726 storage=uovolup ad_domain=expl object=animi class=mdoloree type=mullamco attributes=tnulcount=ons node=radip account=amremapstatuscode=dolorsit cached=atisund profile=isnostru filteraction=quepo size=5693 request=nisi url=https://api.example.org/iono/secillum.txt?apariat=tse#enbyCi referer=https://example.com/eetdol/aut.jpg?pitlab=tutlabor#imadmi error=nculp authtime=quamnihi dnstime=nimadmi cattime=mquiado avscantime=agn fullreqtime=dip device=urmag auth=nim ua=laboreet exceptions=tutlabo group=incid category=der categoryname=totamrem content-type=eaqu reputation=itani application=mni app-id=runtmol reason=uaer filename=nor file=saut extension=olest time=volu function=block line=osam message=ncid fwrule=loremagn seq=uisau initf=lo1255 outitf=eth965 dstmac=01:00:5e:2f:c3:3e srcmac=01:00:5e:65:2d:fe proto=ictasun length=iumto tos=ciun prec=;prehe ttl=essec srcport=4562 dstport=2390 tcpflags=uaera info=nsequa prec=yCicero caller=orporis engine=oluptate localip=tesseq host=tenbyCi4371.www5.localdomain extra=spernatu server=10.98.126.206 cookie=tion set-cookie=tNeque", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:2:24-19:26:15 ulogd[6722]: id=persp severity=medium sys=orev sub=lapa name=Packet logged action=allow fwrule=adminim seq=isiutali initf=lo7088 outitf=eth6357 dstmac=01:00:5e:9a:fe:91 srcmac=01:00:5e:78:1a:5a srcip=10.203.157.250 dstip=10.32.236.117 proto=turm length=quamei tos=nvento prec=nama ttl=ema srcport=6585 dstport=5550 tcpflags=xeacomm info=oriosa code=erspici type=oreeu", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:3:11-02:28:49 ectob5542.www5.corp reverseproxy: [agni] [ivelit:high] [pid 7755:uovol] AH00959: ap_proxy_connect_backend disabling worker for (10.231.77.26) for volups", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:3:25-09:31:24 iusmo901.www.home httpd: id=scivelit severity=high sys=untut sub=siu name=Authentication successfulaction=allow method=icons client=hende facility=umdol user=Sedutper srcip=10.2.24.156 dstip=10.113.78.101 version=1.2707 storage=amqua ad_domain=nsequatu object=aboNemoe class=mqu type=tse attributes=ntiumdcount=ueip node=amvo account=dolorsistatuscode=acc cached=quinesc profile=ulpaq filteraction=usa size=5474 request=tob url=https://www.example.org/imipsamv/doeiu.jpg?nderit=ficia#tru referer=https://mail.example.org/natuser/olupt.txt?ipsumqu=nsec#smo error=avolup authtime=litse dnstime=archit cattime=nde avscantime=tNequepo fullreqtime=byCicer device=imvenia auth=ipit ua=tdolorem exceptions=nderitin group=mquiado category=ssequa categoryname=nisist content-type=temvele reputation=ofd application=quam app-id=umdol reason=porincid filename=tisetqu file=pici extension=erit time=ehenderi function=block line=fugiatqu message=Duisaute fwrule=uptat seq=hende initf=lo3680 outitf=lo4358 dstmac=01:00:5e:0a:8f:6c srcmac=01:00:5e:34:8c:d2 proto=mnis length=ainci tos=aturve prec=;tiumdol ttl=mporain srcport=6938 dstport=6939 tcpflags=dut info=aecons prec=tionemu caller=edictasu engine=quipexea localip=orsit host=tenima5715.api.example extra=snisiut server=10.92.93.236 cookie=amr set-cookie=mfug port=7174 query=exerc uid=ntoccae", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:4:8-16:33:58 astarosg_TVM[6463]: id=user severity=low sys=sequamn sub=adeseru name=File extension warned and proceededaction=accept method=mquisn client=ulamcol facility=nulamcol user=atatno srcip=10.180.169.49 dstip=10.206.69.71 version=1.3155 storage=risni ad_domain=ccaecat object=dtemp class=onproid type=ica attributes=mnisiscount=edolor node=nonnumqu account=iscivelistatuscode=urve cached=sundeomn profile=tasu filteraction=equunt size=3144 request=ilmo url=https://mail.example.net/isqua/deF.html?iameaq=orainci#adm referer=https://api.example.org/mremap/ate.htm?tlabor=cidunt#ria error=tessec authtime=cupida dnstime=ciade cattime=busBonor avscantime=enima fullreqtime=emseq device=osamni auth=umetMa ua=equatDui exceptions=its group=setquas category=nti categoryname=osamnis content-type=atisetqu reputation=ciduntut application=atisu app-id=edutpe reason=architec filename=incul file=tevelit extension=emse time=eipsaqua function=cancel line=suntincu message=lore fwrule=equatu seq=enbyCi initf=enp0s566 outitf=lo2179 dstmac=01:00:5e:2c:9d:65 srcmac=01:00:5e:1a:03:f5 proto=orema length=iusmo tos=uunturm prec=;mSect ttl=avolupta srcport=3308 dstport=1402 tcpflags=dolo info=tsed prec=corpori caller=cillumd engine=umdol localip=turmagn host=mni4032.lan extra=amrem server=10.202.65.2 cookie=queporr set-cookie=oide", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:4:22-23:36:32 iscing6960.api.invalid reverseproxy: [emipsu] [incidu:very-high] [pid 5350:itation] SSL Library Error: error:itasper:failure", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:5:7-06:39:06 httpd[793]: [ruredo:success] [pid nculpaq:mides] [client iconseq] ModSecurity: Warning. nidolo [file \"runtmoll\"] [line \"tuserror\"] [id \"utlabo\"] [rev \"scip\"] [msg \"imvenia\"] [severity \"low\"] [ver \"1.6420\"] [maturity \"nisi\"] [accuracy \"seq\"] [tag \"ors\"] [hostname \"olupta3647.host\"] [uri \"uaUteni\"] [unique_id \"gitsedqu\"]amqu", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:5:21-13:41:41 named[6633]: FORMERR resolving 'iavolu7814.www5.localhost': 10.194.12.83#elit", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:6:4-20:44:15 astarosg_TVM[5792]: id=elitess severity=low sys=amqua sub=mavenia name=checking if admin is enabledaction=cancel method=doc client=teurs facility=eturadi user=eturadip srcip=10.33.138.154 dstip=10.254.28.41 version=1.4256 storage=volupta ad_domain=dolor object=dolorsit class=tfugits type=lor attributes=oremcount=utper node=ueips account=umqustatuscode=ntexpli cached=siuta profile=porincid filteraction=itame size=1026 request=fugiat url=https://www5.example.org/etcons/aecatc.jpg?ditem=tut#oditautf referer=https://internal.example.org/eddoei/iatqu.htm?itessec=dat#tdol error=emul authtime=ariatu dnstime=luptate cattime=umdolore avscantime=iutaliq fullreqtime=oriosamn device=oluptate auth=tcu ua=mmodo exceptions=rauto group=lup category=orem categoryname=tutl content-type=iusmo reputation=uiavolu application=eri app-id=pis reason=riosam filename=isa file=nonnum extension=Nemoenim time=itati function=cancel line=nes message=atvolupt fwrule=umwritt seq=uae initf=enp0s3792 outitf=lo2114 dstmac=01:00:5e:24:b8:9f srcmac=01:00:5e:a1:a3:9f proto=bil length=itten tos=icer prec=;dolo ttl=siutaliq srcport=1455 dstport=6937 tcpflags=pexeaco info=ercitati prec=dexea caller=tasnul engine=onu localip=orisnisi host=obea2960.mail.corp extra=dolor server=10.45.12.53 cookie=etdo set-cookie=edictas", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:6:19-03:46:49 frox[7744]: Listening on 10.99.134.49:2274", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:7:3-10:49:23 olli5982.www.test reverseproxy: [asp] [uatDui:medium] [pid 212:unde] [client raut] [suscip] virus daemon error found in request ectetu, referer: https://example.com/ariat/ptatemU.txt?cusan=ueipsaq#upid", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:7:17-17:51:58 nsecte3644.internal.test reverseproxy: [tutla] [isund:high] [pid 3136:uidex] [client uptate] Invalid signature, cookie: JSESSIONID", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:8:1-00:54:32 confd[4157]: id=onseq severity=very-high sys=siutaliq sub=aliqu name=serro client=ctet facility=umiurere user=antium srcip=10.32.85.21 version=1.7852 storage=eaco object=onp class=ectetur type=ione attributes=utlaborecount=nci node=acommodi account=etconsec", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:8:15-07:57:06 econseq7119.www.home sshd: error: Could not get shadow information for NOUSER", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:8:29-14:59:40 ant2543.www5.lan reverseproxy: [uaturve] [lapa:high] [pid 3669:idu] [client sed] [utem] cannot read reply: Operation now in progress (115), referer: https://example.com/oremagn/ehenderi.htm?mdolo=ionul#oeiusmo", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:9:12-22:02:15 pluto[7138]: | sent accept notification olore with seqno = urEx", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:9:27-05:04:49 httpd[6562]: id=iurere severity=medium sys=erc sub=atu name=http accessaction=accept method=odte client=uis facility=sedquia user=reetd srcip=10.210.175.52 dstip=10.87.14.186 version=1.7641 storage=tasu ad_domain=mquae object=CSedu class=atae type=aeconseq attributes=boNemocount=duntutla node=mqu account=inimastatuscode=emipsum cached=venia profile=Loremi filteraction=uisnostr size=849 request=vol url=https://internal.example.com/ritat/dipi.jpg?aliquide=aliqui#agnaaliq referer=https://api.example.org/Bonorume/emeumfu.txt?iuntNequ=ender#quid error=mipsa authtime=teturad dnstime=nimide cattime=spernat avscantime=nevolu fullreqtime=itectobe device=rroq auth=itessequ ua=uunt exceptions=pic group=unt category=emUt categoryname=eiru content-type=sauteir reputation=pic application=caecatc app-id=iarc reason=emquia filename=duntutl file=idi extension=reetdo time=pidatatn function=cancel line=ncul message=mcorpor fwrule=ofd seq=lapariat initf=eth65 outitf=lo3615 dstmac=01:00:5e:b3:e3:90 srcmac=01:00:5e:0e:b3:8e proto=consequ length=min tos=riame prec=;gnaal ttl=nti srcport=1125 dstport=605 tcpflags=utlab info=colabo prec=ditem caller=did engine=BCS localip=idex host=nisiuta4810.api.test extra=apa server=10.85.200.58 cookie=esse set-cookie=idexeac port=2294 query=iatquovo uid=rExce", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:10:11-12:07:23 itametc1599.api.test ulogd: id=itaedi severity=low sys=ore sub=ips name=Authentication successful action=block fwrule=iamqu seq=aboN initf=eth2679 outitf=enp0s1164 dstmac=01:00:5e:c3:8a:24 srcmac=01:00:5e:5a:9d:a9 srcip=10.133.45.45 dstip=10.115.166.48 proto=utaliq length=icer tos=essequ prec=oeiu ttl=nsequa srcport=4180 dstport=4884 tcpflags=squa info=etM code=eve type=iru", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:10:25-19:09:57 tiumt5462.mail.localhost sshd: Invalid user admin from runt", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:11:9-02:12:32 vol1450.internal.host sshd: Server listening on 10.71.184.162 port 3506.", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:11:23-09:15:06 ipsec_starter[178]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:12:7-16:17:40 rporissu573.api.test reverseproxy: [exercita] [emaperi:very-high] [pid 5943:ddoei] AH02312: Fatal error initialising mod_ssl, nihi.", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2018:12:21-23:20:14 nostru774.corp URID: T=tatnonp ------ 1 - [exit] allow: natuserr", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:1:5-06:22:49 ipsec_starter[6226]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:1:19-13:25:23 httpd[5037]: [iadese:unknown] [pid isundeo:emq] [client rehender] ModSecurity: Warning. uat [file \"apa\"] [line \"tani\"] [id \"per\"] [rev \"ngelitse\"] [msg \"olorsita\"] [severity \"medium\"] [ver \"1.7102\"] [maturity \"apariat\"] [accuracy \"iuntNequ\"] [tag \"rExc\"] [hostname \"lorsita2216.www5.example\"] [uri \"turvelil\"] [unique_id \"velitsed\"]rau", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:2:2-20:27:57 sum2208.host reverseproxy: [eir] [nia:medium] [pid 4346:mco] [client ritinvol] [quioffi] mod_avscan_check_file_single_part() called with parameter filename=quamquae", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:2:17-03:30:32 ore6843.local reverseproxy: [usmodite] [aveniam:medium] [pid 5126:xplicab] [client taev] No signature found, cookie: dictasu", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:3:3-10:33:06 Sedu1610.mail.corp reverseproxy: [audant] [porr:medium] [pid 7442:tation] [client uunturma] AH01114: cons: failed to make connection to backend: 10.177.35.133", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:3:17-17:35:40 corpo6737.example reverseproxy: [officiad] [aliquide:very-high] [pid 6600:errorsi] [client raincidu] [orincidi] cannot connect: failure (111)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:4:1-00:38:14 pop3proxy[6854]: Master started", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:4:15-07:40:49 eratvol314.www.home pop3proxy: Master started", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:4:29-14:43:23 utemvele1838.mail.test reverseproxy: [xplicabo] [aco:high] [pid 2389:ratione] [client nrepr] ModSecurity: Warning. uipex [file \"alorumw\"] [line \"nibus\"] [id \"eiusmo\"] [msg \"rci\"] [hostname \"seosquir715.local\"] [uri \"ercitati\"] [unique_id \"uiration\"]", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:5:13-21:45:57 ulapari2656.local reverseproxy: [itessec] [non:very-high] [pid 2237:licaboN] [client nvol] [moenimip] cannot connect: failure (111)", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:5:28-04:48:31 reverseproxy[4278]: [ritat] [iscinge:very-high] [pid 4264:rroquisq] [client tnonpro] [nimv] erunt while reading reply from cssd, referer: https://example.org/etcon/ipitlab.gif?utlabore=suscipi#tlabor", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:6:11-11:51:06 URID[7418]: T=xer ------ 1 - [exit] cancel: onemul", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:6:25-18:53:40 pluto[7201]: | handling event ips for 10.165.217.56 \"econse\" #otamr", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:7:10-01:56:14 stla2856.host reverseproxy: [onpro] [adolo:very-high] [pid 7766:siste] ModSecurity for Apache/nisiut (ostr) configured.", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:7:24-08:58:48 peri6748.www5.domain reverseproxy: [cingeli] [esseq:high] [pid 2404:aquae] AH00098: pid file otamrema overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:8:7-16:01:23 tnon5442.internal.test reverseproxy: [ive] [tquido:very-high] [pid 6108:taliquip] AH00295: caught accept, ectetu", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:8:21-23:03:57 ariatu2606.www.host reverseproxy: [quamestq] [umquid:very-high] [pid 7690:rem] [client its] [inv] not all the file sent to the client: rin, referer: https://example.org/tation/tutlabo.jpg?amvo=ullamco#tati", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:9:5-06:06:31 imv1805.api.host ulogd: id=oenim severity=very-high sys=iaturExc sub=orsit name=ICMP flood detected action=cancel fwrule=eos seq=quameius initf=lo4665 outitf=lo3422 dstmac=01:00:5e:d6:f3:bc srcmac=01:00:5e:87:02:08 srcip=10.96.243.231 dstip=10.248.62.55 proto=ugiat length=quiin tos=apar prec=eleumiur ttl=chite srcport=5632 dstport=4206 tcpflags=tevelit info=etc code=lorem type=temvele", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:9:19-13:09:05 rita600.www5.localdomain reverseproxy: [ini] [elite:high] [pid 7650:mnisiut] AH00959: ap_proxy_connect_backend disabling worker for (10.132.101.158) for cipitlabs", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:10:3-20:11:40 sshd[2014]: Did not receive identification string from rroq", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:10:18-03:14:14 admini1122.www.local reverseproxy: [ritte] [umwritte:very-high] [pid 1817:atu] (13)failure: [client vol] AH01095: prefetch request body failed to 10.96.193.132:5342 (orumwr) from bori ()", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:11:1-10:16:48 confd[2475]: id=utaliqu severity=low sys=xplicabo sub=quamni name=dol client=sisten facility=remeumf user=acommod srcip=10.96.200.83 version=1.7416 storage=sper object=asia class=roident type=olorem attributes=teursintcount=evelites node=nostr account=lapariat", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:11:15-17:19:22 emvel4391.localhost sshd: Did not receive identification string from quelaud", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:11:30-00:21:57 confd-sync[5454]: id=smodite severity=high sys=utpersp sub=rnatu name=ico", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "2019:12:14-07:24:31 untinc5531.www5.test sshd: error: Could not get shadow information for NOUSER", "tags": [ diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json index 22e85906be2..fc218b7624d 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json @@ -20,7 +20,7 @@ "port": 51130 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml index 51e47c9a396..1a4c3227843 100644 --- a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Sophos UTM (formerly Astaro Security Gateway). processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - gsub: field: destination.mac ignore_missing: true diff --git a/packages/sophos/data_stream/utm/sample_event.json b/packages/sophos/data_stream/utm/sample_event.json index a2a80c67355..7abaa4fd974 100644 --- a/packages/sophos/data_stream/utm/sample_event.json +++ b/packages/sophos/data_stream/utm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json index 8769aa92ec3..bcf709c557d 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -221,7 +221,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -429,7 +429,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -534,7 +534,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -639,7 +639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -943,7 +943,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Dos", @@ -1028,7 +1028,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1132,7 +1132,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1342,7 +1342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1445,7 +1445,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1853,7 +1853,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json index 027c78301fa..24ed8d6c90e 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", @@ -97,7 +97,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json index 87f8189de90..11ba0d3d7d1 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json index 079c44d84b6..82006260174 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", @@ -119,7 +119,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json index c70aff5d96a..245f1842946 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json @@ -19,7 +19,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -105,7 +105,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json index d8afebbbf44..10702901005 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-01-31T18:13:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ { "@timestamp": "2017-03-15T14:33:37.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ { "@timestamp": "2017-03-15T17:23:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json index e8267215a4a..516a9920e39 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json @@ -20,7 +20,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -115,7 +115,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -218,7 +218,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -326,7 +326,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -434,7 +434,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -543,7 +543,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -651,7 +651,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "warned", @@ -757,7 +757,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json index 741637fbb68..841565a1044 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json index b833ec07871..b9f4efccf35 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json @@ -24,7 +24,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -169,7 +169,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -286,7 +286,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -388,7 +388,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -505,7 +505,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -608,7 +608,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -716,7 +716,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -810,7 +810,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -902,7 +902,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1002,7 +1002,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1102,7 +1102,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1203,7 +1203,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1298,7 +1298,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1412,7 +1412,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1507,7 +1507,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1595,7 +1595,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json index a6e01fb7ccc..a976c2c9b14 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json @@ -7,7 +7,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "detect", @@ -89,7 +89,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -171,7 +171,7 @@ "port": 111 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "detect", @@ -253,7 +253,7 @@ "port": 40575 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json index 3bc8310aaf4..79d065a7a55 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-12-02T18:27:55.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", @@ -63,7 +63,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", @@ -145,7 +145,7 @@ "domain": "ta-web-static.qa.astaro.de" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Denied", @@ -229,7 +229,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Pending", @@ -312,7 +312,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Pending", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json index c159cc42a3c..e5590bfffb9 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18031", @@ -49,7 +49,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18031", @@ -96,7 +96,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18031", @@ -147,7 +147,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18031", @@ -194,7 +194,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18031", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json index 9050c8049b0..42499314d38 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18011", @@ -50,7 +50,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18011", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json index acb26f9e066..1e542bfb8d2 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json @@ -10,7 +10,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -592,7 +592,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -902,7 +902,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Dos", @@ -987,7 +987,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1091,7 +1091,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1206,7 +1206,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", @@ -1327,7 +1327,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1803,7 +1803,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "email": { "from": { @@ -1906,7 +1906,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Virus", @@ -1994,7 +1994,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", @@ -2088,7 +2088,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -2181,7 +2181,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -2285,7 +2285,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -2389,7 +2389,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -2477,7 +2477,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2582,7 +2582,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -2691,7 +2691,7 @@ "port": 5228 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -2797,7 +2797,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2912,7 +2912,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -3029,7 +3029,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3139,7 +3139,7 @@ { "@timestamp": "2016-12-02T18:50:20.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "alert", @@ -3220,7 +3220,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "warned", @@ -3326,7 +3326,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3418,7 +3418,7 @@ { "@timestamp": "2020-05-18T14:38:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3518,7 +3518,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18055", @@ -3591,7 +3591,7 @@ { "@timestamp": "2020-05-18T14:38:59.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18057", @@ -3637,7 +3637,7 @@ { "@timestamp": "2020-05-18T14:39:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3718,7 +3718,7 @@ { "@timestamp": "2020-05-18T14:39:01.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3772,7 +3772,7 @@ { "@timestamp": "2020-05-18T14:39:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "60022", @@ -3819,7 +3819,7 @@ { "@timestamp": "2020-05-18T14:39:03.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3903,7 +3903,7 @@ "bytes": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17824", @@ -3961,7 +3961,7 @@ { "@timestamp": "2020-05-18T14:39:05.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4039,7 +4039,7 @@ { "@timestamp": "2020-05-18T14:39:06.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18017", @@ -4086,7 +4086,7 @@ { "@timestamp": "2020-05-18T14:39:07.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17502", @@ -4144,7 +4144,7 @@ { "@timestamp": "2020-05-18T14:39:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17507", @@ -4214,7 +4214,7 @@ { "@timestamp": "2020-05-18T14:39:09.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17818", @@ -4261,7 +4261,7 @@ { "@timestamp": "2020-05-18T14:39:10.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17923", @@ -4309,7 +4309,7 @@ "bytes": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4388,7 +4388,7 @@ "bytes": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18014", @@ -4445,7 +4445,7 @@ "bytes": 31488 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18015", @@ -4502,7 +4502,7 @@ "bytes": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18016", @@ -4556,7 +4556,7 @@ { "@timestamp": "2018-06-06T11:12:10.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "17815", @@ -4624,7 +4624,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4767,7 +4767,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4910,7 +4910,7 @@ "port": 4980 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5027,7 +5027,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5153,7 +5153,7 @@ "port": 18 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5265,7 +5265,7 @@ "port": 1109 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5392,7 +5392,7 @@ "port": 64465 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5506,7 +5506,7 @@ "port": 56267 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -5618,7 +5618,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5754,7 +5754,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5868,7 +5868,7 @@ "port": 88 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -6006,7 +6006,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6100,7 +6100,7 @@ "port": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6192,7 +6192,7 @@ "port": 137 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6292,7 +6292,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6392,7 +6392,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6499,7 +6499,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6594,7 +6594,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6693,7 +6693,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6806,7 +6806,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -6916,7 +6916,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -7021,7 +7021,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -7126,7 +7126,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -7219,7 +7219,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "detect", @@ -7301,7 +7301,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", @@ -7379,7 +7379,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", @@ -7436,7 +7436,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Denied", @@ -7514,7 +7514,7 @@ { "@timestamp": "2017-01-31T15:28:25.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Allowed", @@ -7574,7 +7574,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Pending", @@ -7658,7 +7658,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Denied", @@ -7743,7 +7743,7 @@ "domain": "sophostest.com" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Denied", @@ -7846,7 +7846,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -7950,7 +7950,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -8043,7 +8043,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -8132,7 +8132,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -8236,7 +8236,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -8324,7 +8324,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18011", @@ -8371,7 +8371,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "18011", @@ -8444,7 +8444,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -8582,7 +8582,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json index b755f4317ff..d1c6603ae36 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json @@ -7,7 +7,7 @@ "port": 22083 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -106,7 +106,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -220,7 +220,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -334,7 +334,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -448,7 +448,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -568,7 +568,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -683,7 +683,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -797,7 +797,7 @@ "port": 8089 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1033,7 +1033,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1154,7 +1154,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1276,7 +1276,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1390,7 +1390,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1489,7 +1489,7 @@ "port": 8089 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1603,7 +1603,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1717,7 +1717,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1831,7 +1831,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1944,7 +1944,7 @@ "port": 4000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -2043,7 +2043,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2277,7 +2277,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2396,7 +2396,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2515,7 +2515,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2629,7 +2629,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2749,7 +2749,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2863,7 +2863,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2980,7 +2980,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3095,7 +3095,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3191,7 +3191,7 @@ "port": 8089 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3305,7 +3305,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3419,7 +3419,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3533,7 +3533,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3647,7 +3647,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3762,7 +3762,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3876,7 +3876,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3991,7 +3991,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4111,7 +4111,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4225,7 +4225,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4339,7 +4339,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4453,7 +4453,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4567,7 +4567,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4681,7 +4681,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4795,7 +4795,7 @@ "port": 8089 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4917,7 +4917,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5031,7 +5031,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5145,7 +5145,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5259,7 +5259,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5374,7 +5374,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5494,7 +5494,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5608,7 +5608,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json index dc650223cef..618e157c016 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-16T02:52:23.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "60020", @@ -55,7 +55,7 @@ { "@timestamp": "2021-11-16T02:57:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "60020", @@ -107,7 +107,7 @@ { "@timestamp": "2021-11-16T03:04:08.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "code": "60020", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json index 8b801398762..eacbdfad407 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -144,7 +144,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -262,7 +262,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -381,7 +381,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -505,7 +505,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -606,7 +606,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -707,7 +707,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -826,7 +826,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -950,7 +950,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1051,7 +1051,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1151,7 +1151,7 @@ "port": 22083 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1251,7 +1251,7 @@ "port": 22083 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1368,7 +1368,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -1471,7 +1471,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1595,7 +1595,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1714,7 +1714,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1838,7 +1838,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -1958,7 +1958,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2082,7 +2082,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "denied", @@ -2185,7 +2185,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2292,7 +2292,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2414,7 +2414,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2531,7 +2531,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2651,7 +2651,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2758,7 +2758,7 @@ "port": 9988 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2871,7 +2871,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -2988,7 +2988,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3107,7 +3107,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3234,7 +3234,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3364,7 +3364,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3488,7 +3488,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3607,7 +3607,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3714,7 +3714,7 @@ "port": 8089 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3834,7 +3834,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -3962,7 +3962,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4081,7 +4081,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4207,7 +4207,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4331,7 +4331,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4450,7 +4450,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4575,7 +4575,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4694,7 +4694,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4818,7 +4818,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -4935,7 +4935,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5053,7 +5053,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5173,7 +5173,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5302,7 +5302,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5419,7 +5419,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5538,7 +5538,7 @@ "packets": 2 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5663,7 +5663,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -5785,7 +5785,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml index a396d65b216..e943d2a7963 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Sophos XG firewall logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.original diff --git a/packages/sophos/data_stream/xg/sample_event.json b/packages/sophos/data_stream/xg/sample_event.json index e957e353920..d9bd3f497e6 100644 --- a/packages/sophos/data_stream/xg/sample_event.json +++ b/packages/sophos/data_stream/xg/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/docs/README.md b/packages/sophos/docs/README.md index a80feee91d8..d23457472a3 100644 --- a/packages/sophos/docs/README.md +++ b/packages/sophos/docs/README.md @@ -86,7 +86,7 @@ The `utm` dataset collects Unified Threat Management logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | @@ -862,7 +862,7 @@ An example event for `xg` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index 5acb4134a18..2c9634f6998 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sophos title: Sophos -version: "2.7.1" +version: "2.8.0" description: Collect logs from Sophos with Elastic Agent. categories: ["security", "network", "firewall_security"] release: ga From d661edc80891b643a04d416b48a111afdd1f72c0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:56 +0530 Subject: [PATCH 100/137] [sophos_central] - update ECS to 8.7.0 from 8.6.0 This updates the sophos_central integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/sophos_central --- packages/sophos_central/_dev/build/build.yml | 2 +- packages/sophos_central/changelog.yml | 5 +++++ .../test/pipeline/test-pipeline-activity.log-expected.json | 2 +- .../alert/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/sophos_central/data_stream/alert/sample_event.json | 2 +- .../test/pipeline/test-pipeline-activity.log-expected.json | 2 +- .../event/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/sophos_central/data_stream/event/sample_event.json | 2 +- packages/sophos_central/docs/README.md | 4 ++-- packages/sophos_central/manifest.yml | 2 +- 10 files changed, 15 insertions(+), 10 deletions(-) diff --git a/packages/sophos_central/_dev/build/build.yml b/packages/sophos_central/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/sophos_central/_dev/build/build.yml +++ b/packages/sophos_central/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/sophos_central/changelog.yml b/packages/sophos_central/changelog.yml index bd9941dc4d6..11eafb9d5a7 100644 --- a/packages/sophos_central/changelog.yml +++ b/packages/sophos_central/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Sophos Central as GA. diff --git a/packages/sophos_central/data_stream/alert/_dev/test/pipeline/test-pipeline-activity.log-expected.json b/packages/sophos_central/data_stream/alert/_dev/test/pipeline/test-pipeline-activity.log-expected.json index 6e315b5e98e..ad098a88507 100644 --- a/packages/sophos_central/data_stream/alert/_dev/test/pipeline/test-pipeline-activity.log-expected.json +++ b/packages/sophos_central/data_stream/alert/_dev/test/pipeline/test-pipeline-activity.log-expected.json @@ -7,7 +7,7 @@ "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/sophos_central/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/sophos_central/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index d1bcc587b66..10d49d8e313 100644 --- a/packages/sophos_central/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos_central/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: alert diff --git a/packages/sophos_central/data_stream/alert/sample_event.json b/packages/sophos_central/data_stream/alert/sample_event.json index cbc4731f98a..ca668785c25 100644 --- a/packages/sophos_central/data_stream/alert/sample_event.json +++ b/packages/sophos_central/data_stream/alert/sample_event.json @@ -17,7 +17,7 @@ "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a2acfef7-f9ea-4493-9c4b-9b0571c41346", diff --git a/packages/sophos_central/data_stream/event/_dev/test/pipeline/test-pipeline-activity.log-expected.json b/packages/sophos_central/data_stream/event/_dev/test/pipeline/test-pipeline-activity.log-expected.json index a13449793a7..82bd40c9e29 100644 --- a/packages/sophos_central/data_stream/event/_dev/test/pipeline/test-pipeline-activity.log-expected.json +++ b/packages/sophos_central/data_stream/event/_dev/test/pipeline/test-pipeline-activity.log-expected.json @@ -7,7 +7,7 @@ "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "New user added automatically: Lightning-wmknq52avx\\Lightning", diff --git a/packages/sophos_central/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/sophos_central/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 2f9c3ef1768..d9a334880bf 100644 --- a/packages/sophos_central/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos_central/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Events logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: event diff --git a/packages/sophos_central/data_stream/event/sample_event.json b/packages/sophos_central/data_stream/event/sample_event.json index f8101ce83d8..6e47242f3ed 100644 --- a/packages/sophos_central/data_stream/event/sample_event.json +++ b/packages/sophos_central/data_stream/event/sample_event.json @@ -17,7 +17,7 @@ "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a2acfef7-f9ea-4493-9c4b-9b0571c41346", diff --git a/packages/sophos_central/docs/README.md b/packages/sophos_central/docs/README.md index 381642e2b5b..f16bd4dbcb0 100644 --- a/packages/sophos_central/docs/README.md +++ b/packages/sophos_central/docs/README.md @@ -67,7 +67,7 @@ An example event for `alert` looks as following: "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a2acfef7-f9ea-4493-9c4b-9b0571c41346", @@ -383,7 +383,7 @@ An example event for `event` looks as following: "port": 789 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a2acfef7-f9ea-4493-9c4b-9b0571c41346", diff --git a/packages/sophos_central/manifest.yml b/packages/sophos_central/manifest.yml index eacec1098f0..49fd40b767d 100644 --- a/packages/sophos_central/manifest.yml +++ b/packages/sophos_central/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: sophos_central title: Sophos Central -version: "1.0.0" +version: "1.1.0" description: This Elastic integration collects logs from Sophos Central with Elastic Agent. type: integration categories: From dc0649aaedd0f4481d416613a07eb98b31a27177 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:57 +0530 Subject: [PATCH 101/137] [squid] - update ECS to 8.7.0 from 8.6.0 This updates the squid integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/squid --- packages/squid/_dev/build/build.yml | 2 +- packages/squid/changelog.yml | 5 + .../pipeline/test-access1.log-expected.json | 200 +++++++++--------- .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../squid/data_stream/log/sample_event.json | 2 +- packages/squid/docs/README.md | 2 +- packages/squid/manifest.yml | 2 +- 8 files changed, 210 insertions(+), 205 deletions(-) diff --git a/packages/squid/_dev/build/build.yml b/packages/squid/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/squid/_dev/build/build.yml +++ b/packages/squid/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index c520f6f2827..690fc7043f8 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json index 381e1ace7d3..fd108904c14 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689312.049 5006 10.105.21.199 TCP_MISS/200 19763 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689320.327 2864 10.105.21.199 TCP_MISS/200 10182 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689320.343 1357 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/styles.css badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689321.315 1 10.105.21.199 TCP_HIT/200 1464 GET http://www.goonernews.com/styles.css badeyek NONE/- text/css", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689322.780 1464 10.105.21.199 TCP_HIT/200 5626 GET http://www.google-analytics.com/urchin.js badeyek NONE/- text/javascript", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689323.718 3856 10.105.21.199 TCP_MISS/200 30169 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689324.156 1372 10.105.21.199 TCP_MISS/200 399 GET http://www.google-analytics.com/__utm.gif? badeyek DIRECT/66.102.9.147 image/gif", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689324.266 1457 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/graphics/newslogo.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689324.281 1465 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/shop/arsenal_shop_ad.jpg badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689325.734 1452 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FUS.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689325.736 2 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FGB.gif badeyek NONE/- image/gif", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689325.953 2603 10.105.21.199 TCP_MISS/200 1013 GET http://as.casalemedia.com/s? badeyek DIRECT/209.85.16.38 text/html", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689326.703 4459 10.105.21.199 TCP_MISS/200 1845 CONNECT us.bc.yahoo.com:443 badeyek DIRECT/68.142.213.132 -", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689327.312 1356 10.105.21.199 TCP_MISS/302 729 GET http://impgb.tradedoubler.com/imp/img/16349696/992098 badeyek DIRECT/217.212.240.172 text/html", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689327.751 3484 10.105.21.199 TCP_MISS/200 1577 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/206.169.136.22 text/html", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689327.803 9 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FFR.gif badeyek NONE/- image/gif", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689329.234 1431 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FAU.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689329.280 1414 10.105.21.199 TCP_REFRESH_HIT/304 213 GET http://www.goonernews.com/graphics/spacer.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689330.920 1686 10.105.21.199 TCP_MISS/200 1784 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/64.127.126.178 text/html", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689331.313 3997 10.105.21.199 TCP_MISS/302 851 GET http://ff.connextra.com/Ladbrokes/selector/image? badeyek DIRECT/213.160.98.161 -", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689335.275 3962 10.105.21.199 TCP_MISS/200 30904 GET http://dd.connextra.com/servlet/controller? badeyek DIRECT/213.160.98.160 image/gif", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689337.481 4 10.105.47.218 TCP_DENIED/407 1661 GET http://hi5.com/ - NONE/- text/html", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689342.757 3657 10.105.21.199 TCP_MISS/200 12569 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689343.106 1 10.105.33.214 TCP_DENIED/407 1752 GET http://update.messenger.yahoo.com/msgrcli7.html - NONE/- text/html", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689343.782 1371 10.105.33.214 TCP_MISS/200 484 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689344.736 4969 10.105.47.218 TCP_MISS/200 29359 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689344.798 1631 10.105.47.218 TCP_MISS/200 5930 GET http://hi5.com/friend/styles/homepage.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689345.641 1810 10.105.33.214 TCP_MISS/200 1645 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689346.267 880 10.105.37.58 TCP_DENIED/407 1812 GET http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml - NONE/- text/html", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689347.190 10 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/styles/style.css nazsoau NONE/- text/css", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689347.307 116 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/friend/styles/buttons_en_us.css nazsoau NONE/- text/css", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689347.751 6160 10.105.47.218 TCP_MISS/200 27799 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689349.064 1758 10.105.47.218 TCP_MISS/200 4470 GET http://hi5.com/friend/styles/headernav.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689350.829 1393 10.105.33.214 TCP_MISS/200 382 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689353.439 3667 10.105.33.214 TCP_MISS/200 24095 GET http://insider.msg.yahoo.com/? adeolaegbedokun DIRECT/68.142.194.14 text/html", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689353.939 4899 10.105.33.214 TCP_MISS/200 22964 GET http://radio.launch.yahoo.com/radio/play/playmessenger.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689354.877 1349 10.105.33.214 TCP_MISS/200 646 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689355.517 1578 10.105.33.214 TCP_MISS/200 699 GET http://address.yahoo.com/yab/us? adeolaegbedokun DIRECT/209.191.93.51 text/xml", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689356.907 6741 10.105.21.199 TCP_MISS/302 734 GET http://fxfeeds.mozilla.org/rss20.xml badeyek DIRECT/63.245.209.21 text/html", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689357.267 6424 10.105.33.214 TCP_MISS/200 31400 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.231.252 text/xml", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689357.720 2831 10.105.33.214 TCP_MISS/200 21152 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.194.14 text/xml", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.173 1 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.226 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.486 711 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689358.683 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689359.199 713 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations_over.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689359.269 1982 10.105.33.214 TCP_MISS/200 362 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689359.924 725 10.105.33.214 TCP_REFRESH_HIT/304 511 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689360.611 687 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/launchcast_radio.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689360.980 1 10.105.47.191 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689361.188 1 10.105.47.191 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689361.393 783 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689361.564 2242 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689362.220 827 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689362.315 751 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689362.318 3 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_off_state_station.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689362.332 13 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_fill.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689362.341 8 10.105.33.214 TCP_HIT/200 2263 GET http://us.i1.yimg.com/us.yimg.com/i/us/toolbar50x50.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689363.423 6517 10.105.21.199 TCP_REFRESH_MISS/200 17396 GET http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml badeyek DIRECT/212.58.226.33 application/xml", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689364.361 2140 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php adeolaegbedokun DIRECT/68.142.231.252 image/gif", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689364.402 7 10.105.33.214 TCP_IMS_HIT/304 219 GET http://us.ent1.yimg.com/images.launch.yahoo.com/000/032/457/32457654.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689364.411 8 10.105.33.214 TCP_HIT/200 10593 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060906/thumb.71d29ded334347c48ac88433d033c9a9.pakistan_bin_laden_nyol440.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689365.312 2420 10.105.33.214 TCP_MISS/302 1270 POST http://radio.launch.yahoo.com/radio/play/authplay.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689366.377 1966 10.105.33.214 TCP_MISS/200 10519 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060908/thumb.443f57762d7349669f609fbf0c97a5f1.academy_awards_host_cacp101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689368.080 1703 10.105.33.214 TCP_MISS/200 515 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689368.370 3057 10.105.33.214 TCP_MISS/200 14411 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689368.889 808 10.105.33.214 TCP_MISS/200 1627 GET http://radio.launch.yahoo.com/radio/play/authplay.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689369.097 1226 10.105.37.65 TCP_DENIED/407 1728 GET http://natrocket.kmip.net:5288/iesocks? - NONE/- text/html", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689369.702 0 10.105.37.65 TCP_DENIED/407 1725 GET http://natrocket.kmip.net:5288/return? - NONE/- text/html", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689370.125 1202 10.105.33.214 TCP_MISS/200 13124 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060907/thumb.1caf18e56db54eafb16da58356eb3382.amazon_com_online_video_watw101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689370.862 736 10.105.33.214 TCP_MISS/302 912 GET http://radio.launch.yahoo.com/radio/clientdata/515/starter.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689371.690 828 10.105.33.214 TCP_MISS/200 1450 GET http://radio.launch.yahoo.com/radio/player/default.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689371.987 3617 10.105.33.214 TCP_MISS/200 30432 GET http://us.a2.yimg.com/us.yimg.com/a/ya/yahoo_messenger/081106_lrec_msgr_interophitchhiker.swf? adeolaegbedokun DIRECT/213.160.98.152 application/x-shockwave-flash", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689373.315 1626 10.105.33.214 TCP_MISS/200 14643 GET http://radio.launch.yahoo.com/radio/player/stickwall.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689374.065 2078 10.105.33.214 TCP_MISS/200 425 GET http://us.bc.yahoo.com/b? adeolaegbedokun DIRECT/68.142.213.132 image/gif", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689376.221 2130 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php;_ylc=X1MDNTcwMzAyODMEX3IDMgRldnQDdDAEaW50bAN1cwR2ZXIDNywwLDIsMTIw? adeolaegbedokun DIRECT/68.142.194.14 image/gif", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689377.171 3412 10.105.33.214 TCP_MISS/200 1476 CONNECT pclick.internal.yahoo.com:443 adeolaegbedokun DIRECT/216.109.124.55 -", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689377.191 11 10.105.33.214 TCP_IMS_HIT/304 233 GET http://a1568.g.akamai.net/7/1568/1600/20051025184124/radio.launch.yahoo.com/radioapi/includes/js/compVersionedJS/rapiBridge_1_4.js adeolaegbedokun NONE/- application/x-javascript", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689377.424 1159 10.105.33.214 TCP_MISS/304 236 GET http://a1568.g.akamai.net/7/1568/1600/20040405222754/radio.launch.yahoo.com/radio/clientdata/515/other.css adeolaegbedokun DIRECT/213.160.98.159 text/css", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689378.221 797 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689378.473 3288 10.105.21.199 TCP_MISS/200 2681 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689378.909 1405 10.105.33.214 TCP_MISS/304 136 GET http://a1568.g.akamai.net/7/1568/1600/20050829181418/radio.launch.yahoo.com/radio/common_radio/resources/images/noaccess_msgr_uk.gif adeolaegbedokun DIRECT/213.160.98.167 -", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689378.924 702 10.105.33.214 TCP_MISS/304 237 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689378.929 4 10.105.33.214 TCP_IMS_HIT/304 218 GET http://a1568.g.akamai.net/7/1568/1600/20040405222807/radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689379.472 563 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689379.488 560 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222756/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689380.159 685 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_fill.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689381.267 1 10.105.37.180 TCP_DENIED/407 1728 GET http://www.google.com/supported_domains - NONE/- text/html", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689381.659 0 10.105.47.191 TCP_DENIED/407 1782 GET http://us.mcafee.com/apps/agent/en-us/agent5/chknews.asp? - NONE/- text/html", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689381.660 2171 10.105.33.214 TCP_MISS/200 449 GET http://launch.adserver.yahoo.com/l? adeolaegbedokun DIRECT/216.109.125.112 image/gif", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689382.173 3700 10.105.21.199 TCP_MISS/200 11746 GET http://uk.f250.mail.yahoo.com/dc/launch? badeyek DIRECT/217.12.10.96 text/html", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689382.622 1 10.105.37.180 TCP_DENIED/407 1670 CONNECT login.live.com:443 - NONE/- text/html", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689384.316 2828 10.105.21.199 TCP_SWAPFAIL_MISS/200 633 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/77cf3e56414f974dfd8616f56f0f632c_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689385.714 1397 10.105.21.199 TCP_HIT/200 1742 GET http://us.js1.yimg.com/us.yimg.com/lib/hdr/ygma5.css badeyek NONE/- text/css", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689387.690 1977 10.105.21.199 TCP_MISS/200 14561 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/f7fc76100697c9c2d25dd0ec35e563b0_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689387.771 80 10.105.21.199 TCP_HIT/200 68733 GET http://us.js1.yimg.com/us.yimg.com/lib/pim/r/medici/13_15/mail/ac.js badeyek NONE/- application/x-javascript", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689387.830 1 10.105.21.199 TCP_HIT/200 898 GET http://us.js2.yimg.com/us.js.yimg.com/lib/common/utils/2/yahoo_2.0.0-b4.js badeyek NONE/- application/x-javascript", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "1157689387.832 60 10.105.21.199 TCP_HIT/200 26803 GET http://us.i1.yimg.com/us.yimg.com/i/us/pim/dclient/d/img/liam_ball_1.gif badeyek NONE/- image/gif", "tags": [ diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 7481256ccb1..bbed958c3d5 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.251.224.219 7337 [29/Jan/2016:6:09:59 nto] \"PROPFIND https://example.org/exercita/der.htm?odoco=ria#min ite\" 10.234.224.44 etdo tation \"quasiarc\" liqua ciade 5699 \"https://example.net/umq/ntium.gif?nes=eab#aliqu\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.102.123.34 7178 [12/Feb/2016:1:12:33 nostrud] \"PURGE https://www.example.org/enderitq/sperna.txt?billoi=oreetdol#nidolor tatemU\" 10.70.36.222 estlabo doeiu \"nia\" olupt volup 208 \"https://example.com/eosquir/orsi.txt?itessequ=vol#luptat\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.15.135.248 7269 [26/Feb/2016:8:15:08 mquia] \"OPTIONS https://internal.example.com/aqu/utper.jpg?eFinib=omm#iin proident\" 10.142.172.64 lupt tia \"oloremqu\" temvel iatu 5493 \"https://example.net/dolo/meumfug.gif?roinBCS=ufugiatn#tionulam\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.44.134.153 5162 [12/Mar/2016:3:17:42 nci] \"GET https://api.example.org/ceroinBC/ratvolup.gif?iatu=ionofde#con uia\" quiavo 1156 \"https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" allow 10.81.122.126 taev 160.145000", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.160.95.56 1980 [26/Mar/2016:10:20:16 aqui] \"PUT https://api.example.org/isetq/estqui.gif?magn=equuntu#eos enimad\" 10.171.175.51 boreet onev \"tenima\" laboreet aquaeabi 5738 \"https://api.example.net/veleumi/tia.gif?ude=maveniam#uian\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.175.107.139 4243 [09/Apr/2016:5:22:51 antium] \"HEAD https://www.example.org/inesci/rsitvolu.txt?pori=occ#ect reetdolo\" 10.12.195.60 uiano mrema \"autfu\" natura aboris 2946 \"https://api.example.com/ssitaspe/gitsedqu.jpg?iutal=dexe#urerep\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.198.136.50 6875 [24/Apr/2016:12:25:25 llam] \"DELETE https://www5.example.com/ari/eataevit.txt?iam=mqua#atat quunt\" 10.207.249.121 iciade tsed \"orai\" mUt usmodte 1296 \"https://www.example.org/ametcons/porainc.jpg?temsequ=emquiavo#nonnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" allow", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.34.9.93 124 [08/May/2016:7:27:59 onse] \"PROPFIND https://example.org/tatno/imav.htm?ofdeF=tion#orsitame quiratio\" 10.116.120.216 qua umdo \"sed\" apariat mol 1510 \"https://internal.example.net/turveli/toccae.htm?erc=taliqu#temUten\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" accept", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.90.131.186 6343 [22/May/2016:2:30:33 nimadmin] \"HEAD https://example.org/uaera/sitas.txt?aedic=atquovo#iumto aboreetd\" 10.30.216.41 enim saute \"vel\" quu undeo 5794 \"https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.8.88.110 7618 [05/Jun/2016:9:33:08 ionul] \"CONNECT https://mail.example.org/edquiano/loru.htm?end=enia#nsequu cup\" 10.203.172.203 idestla Nemoeni \"uradi\" aborumSe luptat 6884 \"https://www5.example.org/strude/ctetura.htm?ittenbyC=aperi#lor\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.71.34.9 267 [20/Jun/2016:4:35:42 dolore] \"UNLOCK https://www.example.org/iqui/etc.txt?tatiset=eprehen#xercitat lpa\" 10.158.185.163 rudexerc aliq \"rsitam\" quam adm 987 \"https://www.example.org/ritatis/oloremi.txt?icab=mwr#fugi\" \"Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g\" allow", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.210.74.24 6423 [04/Jul/2016:11:38:16 untut] \"OPTIONS https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu stiae\" 10.201.76.240 amqu uines \"nsec\" onse emips 2655 \"https://example.net/tion/eataev.htm?uiineavo=tisetq#irati\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" accept", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.114.138.121 1939 [18/Jul/2016:6:40:50 tati] \"COPY https://api.example.org/oriosamn/deFinibu.gif?iciatisu=rehender#eporroqu uat\" 10.206.136.206 suntinc xeac \"nidolo\" tatn eli 6462 \"https://www.example.net/pida/nse.html?emeumfu=CSed#lupt\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.200.199.166 3727 [02/Aug/2016:1:43:25 amvolup] \"COPY https://mail.example.org/rehend/tio.html?numqu=qui#civeli lum\" 10.134.161.118 tat ipitla \"quae\" maccusa uptat 3458 \"https://www.example.com/xerci/aqu.htm?olorema=iades#siarchi\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" block", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.122.46.71 2807 [16/Aug/2016:8:45:59 ihilm] \"NONE https://www.example.org/eav/ionevo.txt?siar=orev#iamquis quirat\" 10.76.3.41 isc aturve \"emulla\" mpori aaliquaU 2989 \"https://www5.example.com/ern/psaquae.html?nsectet=utla#utei\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.164.250.63 2530 [30/Aug/2016:3:48:33 eritqu] \"PROPFIND https://internal.example.net/wri/bor.jpg?hitect=dol#leumiu namali\" 10.249.213.83 nsecte itame \"eumfug\" lit asun 1250 \"https://api.example.com/oluptate/onseq.html?labore=texp#tMalor\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.61.242.75 2591 [13/Sep/2016:10:51:07 dantiumt] \"HEAD https://api.example.net/equat/doloreme.htm?ione=ihilmole#eriamea amre\" 10.236.248.65 pisciv iquidex \"radipisc\" tmo fficiade 3280 \"https://www5.example.net/uioffi/oru.jpg?one=etMalor#ipi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.13.59.31 5685 [28/Sep/2016:5:53:42 sperna] \"PUT https://www5.example.com/estia/tper.gif?volupt=osqui#xerc iutali\" 10.214.7.83 liquide etdol \"uela\" boN eprehend 2462 \"https://internal.example.net/lamcolab/ati.jpg?gel=lorsitam#mpo\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.89.201.140 2447 [12/Oct/2016:12:56:16 uamei] \"GET https://internal.example.net/sin/rvel.htm?nimid=itatione#isnis uptasn\" 10.49.92.179 osamn isnisiu \"bore\" tsu tcons 3128 \"https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.235.7.92 5787 [26/Oct/2016:7:58:50 nsecte] \"PURGE https://api.example.org/abo/veniamqu.gif?aliquide=ofde#equat derit\" 10.90.86.89 piscin lapar \"laboree\" tfu udan 5516 \"https://mail.example.net/xeacomm/mveleu.htm?utlabor=rau#idex\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.14.211.43 4762 [10/Nov/2016:3:01:24 eiu] \"PROPFIND https://api.example.org/autfu/gnaaliq.jpg?olupta=litse#icabo itatio\" 10.14.48.16 sintoc volupt \"siste\" uiinea Utenima 1612 \"https://www5.example.net/ptatem/Nequepor.html?ugiatnu=ciati#nto\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.47.25.230 5491 [24/Nov/2016:10:03:59 ese] \"CONNECT https://internal.example.net/ptatemq/luptatev.html?Nequepo=ipsumd#ntocc uteirure\" 10.93.123.174 evelit reetdolo \"smo\" etcons iusmodi 1563 \"https://example.com/uiac/epte.gif?itam=aper#santiumd\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.7.46.36 837 [08/Dec/2016:5:06:33 nonn] \"MKOL https://www5.example.net/quiavol/rrorsi.gif?iatisu=sec#cons sBon\" 10.233.48.103 leumiur tlab \"aperiame\" isc ullamcor 584 \"https://www5.example.com/tateve/itinvol.txt?tenatus=cipitlab#ipsumd\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.93.220.10 2805 [23/Dec/2016:12:09:07 com] \"PROPATCH https://api.example.net/orain/tiumt.jpg?litessec=itas#edquia sequatu\" 10.27.58.92 amvo qui \"tasn\" Nemoenim squirati 63 \"https://mail.example.com/nbyCic/utlabor.html?iciade=ntiumt#iquipe\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.213.144.249 4427 [06/Jan/2017:7:11:41 taedicta] \"PURGE https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut uamni\" 10.135.217.12 metMalo ntexplic \"archite\" loreme untu 5676 \"https://example.net/con/nisist.gif?ium=esciuntN#idunt\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.13.226.57 3275 [20/Jan/2017:2:14:16 runtm] \"PURGE https://mail.example.net/velitse/oditem.html?torever=oremi#mestq temUt\" 10.233.239.112 npr mquelau \"iadolor\" amcol adeser 3780 \"https://internal.example.com/tqu/reprehen.gif?quam=quid#fugiat\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" cancel", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.161.203.252 301 [03/Feb/2017:9:16:50 emquia] \"CONNECT https://internal.example.org/isnisi/ritatise.gif?tamet=quatur#uisa eFi\" 10.21.169.127 rpori ice \"oles\" edic seq 2835 \"https://example.com/tatn/dolorsit.jpg?billo=labo#oNemoeni\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.17.215.111 148 [18/Feb/2017:4:19:24 ratv] \"LOCK https://www.example.net/ianon/tsed.htm?ameiusm=proide#ano piscinge\" 10.69.139.26 ditemp edqui \"nre\" veli volupta 7124 \"https://api.example.com/ersp/enderi.jpg?adi=umwrit#uptate\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.10.213.83 7206 [04/Mar/2017:11:21:59 nisi] \"COPY https://www5.example.org/ncididun/umSe.jpg?ise=itau#apariat vitaedi\" 10.104.80.189 dolore onsecte \"nBCSedut\" ugiat onulam 1542 \"https://mail.example.org/oditautf/quatu.jpg?lumdolor=nonp#labo\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.125.131.91 3480 [18/Mar/2017:6:24:33 urv] \"UNLOCK https://example.org/uatur/adminimv.gif?exeacom=roidents#tem dol\" 10.116.230.217 mvele isis \"uasiar\" utlab emUteni 7122 \"https://api.example.org/lor/velillu.html?dolorem=tvolu#nreprehe\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.26.96.202 2751 [02/Apr/2017:1:27:07 rautodi] \"ICP_QUERY https://api.example.com/ven/rQu.html?doloreme=dun#reprehe tincu\" 10.119.90.128 lor oraincid \"intocc\" amcorp ntsunt 4826 \"https://mail.example.com/olo/psumqu.txt?fdeF=iquidexe#diconse\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.0.98.205 126 [16/Apr/2017:8:29:41 edquiac] \"HEAD https://api.example.net/eseru/quamest.html?qua=rsita#ate ipsamvo\" 10.76.110.144 tdol upt \"mex\" tatem untutlab 3386 \"https://mail.example.com/plicab/oremq.html?uisaute=imide#poriss\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" deny", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.224.11.165 1646 [30/Apr/2017:3:32:16 nof] \"MOVE https://internal.example.org/mvolu/conse.txt?aincidu=nimadmin#isiu licabo\" 10.135.46.242 lupta xeaco \"nvolupt\" oremi elites 1940 \"https://www.example.org/boNemoe/onsequ.html?amvolupt=onevolu#mnis\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.27.44.4 4686 [14/May/2017:10:34:50 sequatD] \"TRACE https://internal.example.org/isciv/rroqu.html?uisa=tametco#ilmol eri\" 10.154.53.249 tae autodit \"elit\" cidunt plica 7398 \"https://internal.example.org/emqu/nderi.html?accusant=onse#admin\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" accept", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.93.39.140 4275 [29/May/2017:5:37:24 ute] \"COPY https://www5.example.net/uaeratv/isa.txt?periam=dqu#pid rExc\" 10.150.245.88 orisn reetd \"prehen\" ntutlabo iusmodte 1738 \"https://example.org/isc/Nequepor.txt?rem=idid#tesse\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" cancel", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.61.92.2 6595 [12/Jun/2017:12:39:58 maliquam] \"UNLOCK https://www5.example.com/orroq/vitaedic.txt?orisni=ons#remagn ecillu\" 10.73.207.70 llamco atu \"untincul\" ssecil commodi 3023 \"https://mail.example.net/tate/onevo.htm?emvele=isnost#olorem\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.84.32.178 5271 [26/Jun/2017:7:42:33 aliq] \"GET https://example.net/mven/olorsit.gif?oremag=illu#ruredo mac\" temUt 2741 \"https://internal.example.com/uamnihi/risnis.html?scingeli=isn#sBono\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow 10.50.124.116 numquam 104.719000", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.173.222.131 918 [11/Jul/2017:2:45:07 ori] \"TRACE https://www5.example.net/rum/eataevi.html?ulla=iqu#oin hil\" 10.211.234.224 uiadol Duisa \"lupta\" aUt boNem 5564 \"https://api.example.org/maveni/onevo.htm?liquaUte=alorum#obeataev\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.11.83.126 6581 [25/Jul/2017:9:47:41 naaliq] \"PROPFIND https://mail.example.net/osquir/mod.txt?fugitse=imad#tinvolup tsed\" 10.0.157.225 itam atu \"lloin\" remipsum tempor 1282 \"https://www5.example.net/incidid/rure.htm?edquian=loremeu#aturve\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.228.77.21 6889 [08/Aug/2017:4:50:15 lamc] \"PUT https://api.example.com/asper/umq.txt?itasper=uae#mve uia\" 10.92.237.93 mad onse \"redol\" gnaa mod 5107 \"https://www5.example.com/toditaut/voluptat.htm?strumex=eprehend#asnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.102.215.23 3665 [22/Aug/2017:11:52:50 esseq] \"POST https://www5.example.net/quatD/isqua.jpg?oloreseo=iruredol#veniamqu licaboN\" 10.20.28.92 econs ntexpl \"dunt\" litsedq nderiti 409 \"https://api.example.com/Cic/olorema.txt?iscive=quasiar#aeab\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" allow", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.45.28.159 5627 [06/Sep/2017:6:55:24 ree] \"NONE https://api.example.net/ation/luptas.html?iatqu=lorsi#repreh plic\" 10.17.87.79 tetur tionula \"ritqu\" ecatcupi uamei 4595 \"https://www5.example.com/onse/olorem.gif?duntutla=ntium#iration\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.177.238.45 5137 [20/Sep/2017:1:57:58 ssusci] \"DELETE https://internal.example.com/mpo/unte.jpg?ueipsa=scipitl#eumi quasiarc\" 10.189.94.51 tetura rsp \"oluptat\" metco acom 5704 \"https://api.example.com/tem/exeacomm.txt?taliqui=mides#ciun\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" allow", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.46.77.76 5169 [04/Oct/2017:9:00:32 anim] \"GET https://www.example.org/uov/quaeab.jpg?moles=dipiscin#olup aco\" 10.101.85.169 natu liquid \"enim\" Finibus radi 5697 \"https://example.com/taed/umdolo.html?rroqu=dquiaco#nibus\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" accept", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.24.54.129 77 [19/Oct/2017:4:03:07 eprehend] \"HEAD https://example.net/edolo/ugiatquo.jpg?eosquira=pta#snos orsi\" 10.231.7.209 lorsita eavol \"osamnis\" temaccu scipitl 1247 \"https://www5.example.org/caboNem/urExcept.txt?litesseq=atcupida#tessequa\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.121.163.5 7803 [02/Nov/2017:11:05:41 redol] \"CONNECT https://api.example.org/isci/dolor.htm?orinrep=quiavol#nrepreh ratv\" 10.77.129.175 tali BCS \"qui\" ugiatquo incidid 2617 \"https://www.example.com/sBonor/fugits.jpg?amc=vol#admi\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.51.236.148 329 [16/Nov/2017:6:08:15 adol] \"PROPFIND https://mail.example.com/roide/tem.gif?rerepre=nculpaq#culpaqui tvolup\" 10.116.146.114 col obea \"emp\" agnaaliq est 1444 \"https://www.example.com/inculp/onofd.gif?umdolors=dolori#asperna\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.244.108.135 6997 [01/Dec/2017:1:10:49 ume] \"NONE https://internal.example.net/rautod/olest.jpg?lapar=ritati#edquia itesse\" 10.217.222.99 ame amvolu \"mip\" tion tobeatae 2512 \"https://api.example.com/iqua/luptat.txt?oremqu=uradi#velitsed\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" block", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.4.69.152 3833 [15/Dec/2017:8:13:24 scivel] \"PUT https://api.example.org/iusmodt/enim.txt?aquio=ersp#iame orroquis\" 10.150.198.112 ntmoll mexer \"estla\" uipexe abor 1370 \"https://www.example.net/remips/illoi.jpg?abori=uisnostr#reetdol\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.45.114.111 357 [29/Dec/2017:3:15:58 olup] \"POST https://example.org/abillo/undeom.html?oraincid=quaer#eetdo tlab\" 10.45.54.107 seddoeiu nse \"aali\" edictasu mdolors 7490 \"https://www5.example.org/atis/atDuis.txt?nisiut=rumwri#velill\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" accept", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.49.242.174 4078 [12/Jan/2018:10:18:32 tat] \"TRACE https://mail.example.net/uam/orumSec.jpg?isnisiu=suntincu#sse venia\" 10.205.28.24 oeni untutlab \"tvolup\" consecte pteurs 742 \"https://www5.example.net/ons/tiaecon.html?unt=tass#tiumdol\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" allow", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.17.202.219 487 [27/Jan/2018:5:21:06 iame] \"HEAD https://www5.example.org/umiurer/rere.txt?mnisi=usmo#iamea imaveni\" 10.183.223.149 cor odoco \"oin\" itseddoe elites 6366 \"https://mail.example.com/eursinto/litesse.html?licaboNe=tautfug#giatquov\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.81.140.173 7623 [10/Feb/2018:12:23:41 itae] \"MOVE https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu tan\" 10.88.172.222 doconse etdol \"dolorsi\" nturmag tura 6695 \"https://internal.example.org/totam/ntoccae.htm?idunt=atqu#naturau\" \"mobmail android 2.1.3.3150\" cancel", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.162.129.196 4247 [24/Feb/2018:7:26:15 snisi] \"OPTIONS https://api.example.net/uscip/umS.txt?quiacons=uisa#xeacommo Cicero\" 10.247.53.179 issu identsu \"piscivel\" hend eacommo 6835 \"https://example.com/osquira/umd.gif?scipi=tur#acon\" \"mobmail android 2.1.3.3150\" accept", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.110.86.230 536 [11/Mar/2018:2:28:49 eFini] \"UNLOCK https://mail.example.com/mrema/ullamc.txt?eufug=roquisq#temporai uido\" 10.172.148.223 snulap enimadm \"stenatu\" upta atc 3066 \"https://www5.example.net/asnulap/ipi.htm?orissu=fic#sBon\" \"Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80\" accept", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.93.159.170 3481 [25/Mar/2018:9:31:24 emullam] \"GET https://www5.example.com/isau/itinvol.txt?saquaea=ons#orsitam modico\" 10.232.19.43 porinc riame \"riat\" sseq eriam 729 \"https://internal.example.net/imve/essequam.gif?urQuis=etcon#onsequu\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.207.97.192 973 [08/Apr/2018:4:33:58 emp] \"ICP_QUERY https://api.example.net/veli/venia.htm?etdolor=uat#onemulla riaturEx\" 10.55.55.72 nculp asp \"eacom\" mag gelitse 2007 \"https://example.net/lab/llumq.htm?tetura=rumet#uptasnul\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.41.156.88 203 [22/Apr/2018:11:36:32 oco] \"MOVE https://internal.example.net/ainci/osqu.jpg?sus=imavenia#expli ugiat\" 10.89.73.240 orem ntorever \"pisciv\" fugiatqu seos 5561 \"https://www5.example.net/elillum/veleumi.gif?tvol=oluptate#lit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" deny", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.54.44.231 5292 [07/May/2018:6:39:06 aco] \"CONNECT https://www.example.org/runtm/eturadip.htm?psumd=oloree#seos rios\" 10.101.183.86 mvenia mcorpo \"ntexpl\" abor oreverit 6451 \"https://internal.example.net/tat/eufugia.htm?tau=fficia#est\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" allow", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.181.177.74 3378 [21/May/2018:1:41:41 itsedd] \"LOCK https://internal.example.org/liquipex/uisnos.html?ventor=lupt#umwri odoc\" 10.130.150.189 oreeu nvo \"iamqui\" tassita colabori 1223 \"https://www.example.net/lpa/isn.htm?iat=ffic#siuta\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.76.220.3 2492 [04/Jun/2018:8:44:15 serrorsi] \"GET https://api.example.org/mquisnos/lore.txt?siar=isn#veniamq lup\" 10.83.130.95 ipitlabo userror \"eacommo\" nderi liqua 7030 \"https://api.example.net/henderit/remq.jpg?voluptas=velill#rspic\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" deny", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.219.245.58 7073 [19/Jun/2018:3:46:49 snisiut] \"COPY https://www.example.com/quas/occaeca.htm?ender=dico#uptatem upt\" 10.166.160.217 olor radip \"rchitect\" Dui iameaqu 2429 \"https://api.example.com/asnulap/yCiceroi.jpg?ender=inc#tect\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.121.121.153 723 [03/Jul/2018:10:49:23 smoditem] \"UNLOCK https://www5.example.org/uidolo/umdolore.jpg?oquisq=abori#sit catcu\" 10.183.243.246 amni tatio \"amquisno\" modoc magnam 3267 \"https://example.com/idatat/onev.html?lesti=oreseo#reprehen\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.54.5.47 1585 [17/Jul/2018:5:51:58 mmodi] \"OPTIONS https://internal.example.net/eniamqu/inimav.htm?imadm=uta#tisu remagnam\" 10.202.224.209 iusmodit aturv \"ectetura\" obeataev umf 3141 \"https://www.example.com/quaeabil/emip.htm?urExc=tDuis#iqu\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" cancel", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.72.99.69 3172 [01/Aug/2018:12:54:32 oremeumf] \"PROPFIND https://mail.example.net/sintocca/mipsumqu.htm?tnulapar=ico#giatquo lors\" 10.170.234.233 accus uatu \"mquis\" lab uido 2046 \"https://mail.example.com/tena/aal.jpg?CSedu=mcol#lup\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.245.240.47 4017 [15/Aug/2018:7:57:06 itaedict] \"DELETE https://api.example.org/rep/remap.html?siarc=fdeFin#eleumi edic\" 10.142.130.227 olabori odic \"iuta\" liquaUte scivelit 7795 \"https://internal.example.net/scipit/lloinve.htm?evolup=rvelil#isiutali\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" allow", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.62.188.193 4104 [29/Aug/2018:2:59:40 atu] \"DELETE https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa mini\" 10.61.110.7 oremque quaU \"ufugi\" cin tmo 508 \"https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.172.139.78 6533 [12/Sep/2018:10:02:15 lamco] \"COPY https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi tlabore\" 10.68.198.188 doeiu onsectet \"dentsunt\" inea animid 2119 \"https://mail.example.net/onnumqua/quioff.html?upt=atatnonp#nvol\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" block", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.172.47.7 2805 [27/Sep/2018:5:04:49 midest] \"CONNECT https://www.example.org/iduntutl/rsitam.htm?ntor=oinBCSed#oid rchit\" 10.169.63.169 ariat midestl \"quatu\" avolu teturad 3465 \"https://api.example.net/iquaUten/prehende.gif?rpo=velites#nonpro\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.32.98.109 5012 [11/Oct/2018:12:07:23 dexercit] \"PURGE https://example.org/itessequ/porissu.html?uip=ectobea#dat aUtenima\" 10.62.10.137 eeufugi deomnisi \"olupta\" oll laboree 3880 \"https://api.example.org/cupidata/stiaecon.htm?rsint=itl#ttenb\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.176.62.146 5945 [25/Oct/2018:7:09:57 lors] \"COPY https://api.example.net/enimad/tis.txt?mipsumq=ident#nimide quelaud\" 10.255.40.12 rro oeiusmo \"nimv\" emeu tatemac 5192 \"https://www5.example.com/teursint/etMa.gif?lamcolab=ceroinB#umqui\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" deny", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.194.198.46 3387 [09/Nov/2018:2:12:32 cta] \"GET https://api.example.org/taspe/yCiceroi.htm?cti=ommodoc#nse mveniam\" tuser 2694 \"https://internal.example.com/tlaboru/aeabillo.txt?equuntu=quamni#turveli\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" deny 10.88.98.31 rured 105.243000", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.5.49.20 7503 [23/Nov/2018:9:15:06 macc] \"OPTIONS https://example.com/beat/rro.jpg?uisau=qua#iarchite emsequi\" 10.1.27.133 edqu tationu \"gnaaliq\" olore ntutlab 6881 \"https://www5.example.com/gnama/esciun.html?ratvo=ntutl#volupt\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.11.73.145 6972 [07/Dec/2018:4:17:40 uisautem] \"POST https://www5.example.org/loremq/turmagni.txt?emUtenim=ende#dexea aco\" 10.70.244.155 olorsi caboNemo \"uptas\" temaccus ons 2160 \"https://internal.example.com/ctetur/mvolupta.html?oreeu=mea#ssec\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" accept", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.204.214.98 985 [21/Dec/2018:11:20:14 equ] \"PURGE https://www5.example.net/deomnisi/ddoe.txt?oremi=ectobeat#ecte abo\" 10.121.80.158 boriosa cillumdo \"ditau\" moenimip uames 7663 \"https://internal.example.com/lor/oreeu.html?eturadip=nost#atus\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.74.115.33 4006 [05/Jan/2019:6:22:49 nsequat] \"PURGE https://api.example.net/tiset/sci.jpg?rauto=doloreeu#lors eumfu\" 10.139.151.19 eumf roquisq \"uasi\" maveniam uis 5533 \"https://www.example.com/imi/animi.htm?ama=tatnonp#ntiumt\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.191.220.1 6454 [19/Jan/2019:1:25:23 ctetura] \"DELETE https://api.example.net/tDuisau/aturve.htm?tper=pisciv#tconsect pariat\" 10.242.48.203 ctobeat isi \"idexeac\" ntu tdolo 3872 \"https://mail.example.com/olupt/ola.jpg?etquasia=qua#adm\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" deny", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.109.88.27 5568 [02/Feb/2019:8:27:57 cidu] \"PROPATCH https://internal.example.com/oluptate/todi.jpg?tdolo=ident#scip eacommod\" 10.254.10.98 adipisc aparia \"maliq\" ccusant epteurs 6661 \"https://www5.example.org/oditau/onsec.gif?temqui=lup#aeca\" \"Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36\" accept", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.5.148.114 4749 [17/Feb/2019:3:30:32 ntin] \"LOCK https://mail.example.com/radipis/lore.html?civeli=eufugia#utlabore tamr\" 10.175.138.42 olore onemul \"trudexe\" remeum etur 890 \"https://mail.example.org/quiav/ctionofd.gif?Finibus=uisautei#nevolu\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.0.0.240 1795 [03/Mar/2019:10:33:06 psa] \"PROPFIND https://internal.example.org/olupta/tio.jpg?idestl=litani#emp arch\" 10.18.199.203 ugits ittenb \"tobeatae\" ntut llum 366 \"https://example.com/equat/estiaec.htm?mquido=ende#ntmollit\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.1.220.47 6685 [17/Mar/2019:5:35:40 mipsamv] \"NONE https://www5.example.com/sequines/cto.gif?temaccu=uamqua#Neq runt\" 10.73.80.251 pteurs ercitati \"atem\" serro lumquid 5939 \"https://www5.example.org/imaveni/equ.htm?ssequamn=ave#taliqui\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" allow", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.153.109.61 7499 [01/Apr/2019:12:38:14 numq] \"PURGE https://www.example.net/periam/ain.gif?iquipex=mqu#onorume abill\" 10.22.34.206 mini mve \"tionev\" uasiarch velites 1745 \"https://api.example.org/equa/edquiaco.gif?olorsit=naaliq#plica\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" block", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.62.168.226 5334 [15/Apr/2019:7:40:49 bori] \"CONNECT https://www.example.net/ecatc/quovolu.jpg?dexe=nemul#Duis lupt\" 10.199.103.185 uipe ipsa \"con\" eirured sequamn 5243 \"https://mail.example.com/ciatisun/duntutl.htm?didun=riaturEx#nde\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" allow", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.97.33.56 3541 [29/Apr/2019:2:43:23 rad] \"COPY https://example.com/tqui/ssequ.gif?emse=emqui#cipitla tlab\" 10.128.84.27 nula ptate \"volupta\" umfu utla 2478 \"https://www5.example.com/dolo/velites.gif?equa=apari#tsunt\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.49.169.175 2103 [13/May/2019:9:45:57 sistena] \"HEAD https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost sequines\" 10.115.154.104 illum ore \"spici\" Sedut tatis 7767 \"https://www5.example.com/sequines/minimve.gif?toditau=uiad#nvolupta\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.213.100.153 2571 [28/May/2019:4:48:31 iatquo] \"PROPFIND https://www.example.org/oinvento/ali.htm?utaliqui=isciv#osqu ptatemse\" 10.33.112.100 catcup enimad \"magnaali\" velillum ionev 1594 \"https://internal.example.com/ameaq/Quis.html?lestiae=iav#umiure\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" block", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.216.143.226 2632 [11/Jun/2019:11:51:06 deomn] \"CONNECT https://api.example.net/quido/llo.htm?tpersp=assi#rch psa\" 10.25.53.93 tvolup oremeu \"lab\" lla urau 6127 \"https://example.net/equamni/atcupi.htm?onemull=mdo#labore\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.139.195.188 893 [25/Jun/2019:6:53:40 aliquaU] \"HEAD https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti edictasu\" 10.246.115.57 edquiano mSecti \"henderi\" taevitae tevel 5926 \"https://example.com/ita/iquipexe.jpg?quamqua=quuntur#nihi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.60.56.205 4345 [10/Jul/2019:1:56:14 writtenb] \"NONE https://www5.example.com/ugitsed/dminimve.htm?onse=uiac#tquii tesse\" 10.82.148.126 inBCSedu ita \"ade\" nihilmol nder 2214 \"https://api.example.net/uunturm/iatn.gif?tseddo=diduntut#rroq\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" block", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.245.251.98 261 [24/Jul/2019:8:58:48 mremaper] \"DELETE https://api.example.com/ntium/ide.htm?tamrema=isautem#usan gnamali\" 10.6.11.124 edqui tvolu \"psu\" strud onsequ 5930 \"https://www5.example.net/iumto/sequatu.jpg?runtm=mdoloree#que\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" accept", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.99.55.115 1537 [07/Aug/2019:4:01:23 exerci] \"CONNECT https://www5.example.org/iad/ngelits.jpg?mporin=orissusc#utaliqui uov\" 10.145.25.55 litsed lumd \"tiaec\" lorem iamquisn 2079 \"https://mail.example.org/aper/entor.txt?lumdol=edutper#utemve\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.187.86.64 3325 [21/Aug/2019:11:03:57 atatn] \"TRACE https://mail.example.com/iatnulap/roi.htm?uine=loreeu#eprehe ddoeiusm\" 10.6.88.105 uptatemU rem \"onorumet\" iscivel rinci 249 \"https://internal.example.com/eriti/uptateve.htm?rema=mcol#tion\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" allow", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.252.146.132 503 [05/Sep/2019:6:06:31 tat] \"CONNECT https://mail.example.org/turv/use.jpg?mtot=macc#illoin eursi\" 10.163.9.35 uatDu umq \"ipsu\" oremip ota 4562 \"https://example.com/epteurs/itse.jpg?modi=cip#tla\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.249.101.177 4465 [19/Sep/2019:1:09:05 quam] \"DELETE https://mail.example.com/umdol/rerepr.txt?emipsumq=orinr#ineavol umdo\" 10.235.160.245 squamest upta \"umquiad\" porinc uameiu 4857 \"https://api.example.org/mipsa/uas.gif?reeufu=umexe#xce\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" deny", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.140.170.171 773 [03/Oct/2019:8:11:40 deom] \"TRACE https://internal.example.com/rautod/onorumet.htm?mvo=agnidol#nevolup erspici\" 10.73.218.58 quidol tinv \"Utenima\" nse umq 1831 \"https://mail.example.org/meaquei/snisiu.htm?atev=vento#litsed\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.248.156.138 2125 [18/Oct/2019:3:14:14 smodit] \"OPTIONS https://example.net/dun/xce.jpg?nsequat=mvol#asiar eiu\" 10.67.148.40 tcons squamest \"ction\" emveleum siuta 2155 \"https://example.com/epteur/onproi.txt?imveniam=sunte#exerc\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.83.154.75 4260 [01/Nov/2019:10:16:48 explicab] \"UNLOCK https://api.example.com/teiru/mquamei.jpg?pta=uradi#sequu orumetMa\" 10.37.33.179 taed eatae \"siutali\" oloremq sum 6106 \"https://www.example.org/ulamc/doe.txt?remquela=toreve#squirat\" \"Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.14.29.202 7842 [15/Nov/2019:5:19:22 modoco] \"MKOL https://www5.example.net/dtempor/rroquisq.gif?liquid=uidex#umdolo nimv\" 10.84.107.38 tutla usmod \"ine\" qui itse 2097 \"https://www5.example.org/tasn/exeaco.html?metc=aincidu#reprehe\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.221.86.133 6682 [30/Nov/2019:12:21:57 edi] \"POST https://api.example.com/ore/adeser.htm?pre=aute#rchite rcit\" 10.204.223.184 oinve ptasnul \"utaliqui\" mcorpor rerepr 6861 \"https://example.com/tuserror/agnama.jpg?deritq=boreetdo#teni\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "message": "10.195.4.70 3844 [14/Dec/2019:7:24:31 mfugiat] \"PUT https://api.example.com/liqu/dolor.htm?ess=umdo#aer quela\" 10.229.39.190 Nequepo edictas \"emac\" rmagnido exeaco 2574 \"https://api.example.org/loremi/nven.htm?usan=ugiatn#squa\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ diff --git a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d36fb73db8a..cabb927b66c 100644 --- a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Squid processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/squid/data_stream/log/sample_event.json b/packages/squid/data_stream/log/sample_event.json index 4115b9dc709..461442034db 100644 --- a/packages/squid/data_stream/log/sample_event.json +++ b/packages/squid/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ ] }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/squid/docs/README.md b/packages/squid/docs/README.md index b10b2e66cd7..33d248bb486 100644 --- a/packages/squid/docs/README.md +++ b/packages/squid/docs/README.md @@ -76,7 +76,7 @@ The `log` dataset collects Squid logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index d27cb0bfcf0..20286d78919 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: squid title: Squid Logs -version: "0.12.1" +version: "0.13.0" description: Collect and parse logs from Squid devices with Elastic Agent. categories: ["security", "network", "proxy_security"] release: experimental From b5d9c9e603f6ef6a372ac2bf9cb59aff5a1efbf0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 18:59:59 +0530 Subject: [PATCH 102/137] [suricata] - update ECS to 8.7.0 from 8.6.0 This updates the suricata integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/suricata --- packages/suricata/_dev/build/build.yml | 2 +- packages/suricata/changelog.yml | 5 ++ .../pipeline/test-eve-6-0.log-expected.json | 2 +- .../test-eve-alerts.log-expected.json | 44 ++++++++--------- .../test-eve-dns-4-1-4.log-expected.json | 48 +++++++++---------- .../test-eve-metadata.log-expected.json | 2 +- .../pipeline/test-eve-small.log-expected.json | 24 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/eve/sample_event.json | 2 +- packages/suricata/docs/README.md | 2 +- packages/suricata/manifest.yml | 2 +- 11 files changed, 70 insertions(+), 65 deletions(-) diff --git a/packages/suricata/_dev/build/build.yml b/packages/suricata/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/suricata/_dev/build/build.yml +++ b/packages/suricata/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index f7087240c2a..76394ec55e0 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json index 4026f3fdaa8..972ccde15ed 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json index 9c1fee2d5f1..25e36c68123 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json @@ -29,7 +29,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -151,7 +151,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -273,7 +273,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -639,7 +639,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -761,7 +761,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -885,7 +885,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1009,7 +1009,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1133,7 +1133,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1257,7 +1257,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1381,7 +1381,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1505,7 +1505,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1629,7 +1629,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1753,7 +1753,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1877,7 +1877,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2001,7 +2001,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2125,7 +2125,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2249,7 +2249,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2372,7 +2372,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2475,7 +2475,7 @@ "port": 9080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2587,7 +2587,7 @@ "port": 8443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json index 4cee47eb667..11516880945 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json @@ -18,7 +18,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -164,7 +164,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -313,7 +313,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -379,7 +379,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -488,7 +488,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -733,7 +733,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -810,7 +810,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -892,7 +892,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -975,7 +975,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1058,7 +1058,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1141,7 +1141,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1221,7 +1221,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1303,7 +1303,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1386,7 +1386,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1469,7 +1469,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1552,7 +1552,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1621,7 +1621,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1687,7 +1687,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1796,7 +1796,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1906,7 +1906,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json index cd44157c2ee..3a110e5f775 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json index a57bc5b0994..0fc9d9d9840 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -69,7 +69,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -156,7 +156,7 @@ "port": 63963 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ "port": 56118 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -360,7 +360,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -413,7 +413,7 @@ { "@timestamp": "2018-07-05T19:51:23.009Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -613,7 +613,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -713,7 +713,7 @@ "port": 547 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -774,7 +774,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -854,7 +854,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -952,7 +952,7 @@ "port": 8081 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1038,7 +1038,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml index ed80ad9c9e4..23bb972b076 100644 --- a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for parsing Suricata EVE logs processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.original copy_from: message diff --git a/packages/suricata/data_stream/eve/sample_event.json b/packages/suricata/data_stream/eve/sample_event.json index 809bf414d85..9f564f7beea 100644 --- a/packages/suricata/data_stream/eve/sample_event.json +++ b/packages/suricata/data_stream/eve/sample_event.json @@ -18,7 +18,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "543eeec2-6585-484f-9f7b-34db47abcd9c", diff --git a/packages/suricata/docs/README.md b/packages/suricata/docs/README.md index 2cac8dc234f..0d96a3144ec 100644 --- a/packages/suricata/docs/README.md +++ b/packages/suricata/docs/README.md @@ -34,7 +34,7 @@ An example event for `eve` looks as following: "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "543eeec2-6585-484f-9f7b-34db47abcd9c", diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index 86fe55d08bf..ab3676c5a2b 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata -version: "2.6.1" +version: "2.7.0" release: ga description: Collect logs from Suricata with Elastic Agent. type: integration From 7482865614de38fe8ec3f1e26a16cc6053da6f18 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:00 +0530 Subject: [PATCH 103/137] [symantec_endpoint] - update ECS to 8.7.0 from 8.6.0 This updates the symantec_endpoint integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/symantec_endpoint --- packages/symantec_endpoint/_dev/build/build.yml | 2 +- packages/symantec_endpoint/changelog.yml | 5 +++++ .../pipeline/test-administrative.log-expected.json | 4 ++-- .../pipeline/test-agent-activity.log-expected.json | 2 +- .../pipeline/test-agent-behavior.log-expected.json | 4 ++-- .../pipeline/test-agent-packet.log-expected.json | 2 +- ...agent-proactive-detection-sonar.log-expected.json | 4 ++-- .../test/pipeline/test-agent-risk.log-expected.json | 2 +- .../test/pipeline/test-agent-scan.log-expected.json | 4 ++-- .../pipeline/test-agent-security.log-expected.json | 12 ++++++------ .../pipeline/test-agent-system.log-expected.json | 2 +- .../pipeline/test-agent-traffic.log-expected.json | 6 +++--- .../_dev/test/pipeline/test-policy.log-expected.json | 2 +- .../test-remove-mapped-fields.log-expected.json | 4 ++-- .../test/pipeline/test-rfc3164.log-expected.json | 2 +- .../test/pipeline/test-rfc5424.log-expected.json | 2 +- .../_dev/test/pipeline/test-system.log-expected.json | 8 ++++---- .../pipeline/test-text-log-dump.log-expected.json | 2 +- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- packages/symantec_endpoint/docs/README.md | 2 +- packages/symantec_endpoint/manifest.yml | 2 +- 22 files changed, 41 insertions(+), 36 deletions(-) diff --git a/packages/symantec_endpoint/_dev/build/build.yml b/packages/symantec_endpoint/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/symantec_endpoint/_dev/build/build.yml +++ b/packages/symantec_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index 4e223951572..8639360bd5c 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json index 53a617662f7..6e53fd63e1a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -37,7 +37,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json index 173135b39cd..de5f0c0a782 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json index e7a8914d69b..019f4f4247d 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json index 5649f706e91..7d7d1f45b5b 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json @@ -6,7 +6,7 @@ "port": 138 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json index f48cd5d1a37..93d1297a46a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-02-16T08:01:33.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Left alone", @@ -82,7 +82,7 @@ { "@timestamp": "2020-05-04T06:57:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Left alone", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json index b9a6c554953..52daab12cec 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-03T08:12:25.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "All actions failed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json index bad411801e6..4f5ac79455e 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "started", @@ -55,7 +55,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "completed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json index 14df9240569..8b74cce228c 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -106,7 +106,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -195,7 +195,7 @@ "mac": "2D-FF-88-AA-BB-DC" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 5985 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "ip": "216.160.83.61" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -487,7 +487,7 @@ "port": 5112 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json index 869fda0e7e7..9429c6856b7 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-08-19T07:14:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json index 4d34f1784b0..accfa2b4761 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -121,7 +121,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -201,7 +201,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json index e0331c6b85c..638bac7778a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json index 5dec3691a9a..c5e66886998 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -91,7 +91,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json index c5a54ee096d..9dafbb23f73 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json @@ -15,7 +15,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json index 576d63ad0ed..49f9b585d47 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json @@ -12,7 +12,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json index 5b5b36a4157..1c098c6843a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -24,7 +24,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -68,7 +68,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json index 73aa6e59da2..c0e037d77c7 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json @@ -8,7 +8,7 @@ "port": 5112 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 11ec2605613..8037901fbf9 100644 --- a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - grok: description: Parse syslog header. diff --git a/packages/symantec_endpoint/data_stream/log/sample_event.json b/packages/symantec_endpoint/data_stream/log/sample_event.json index b7e183d7494..c44d1fbda94 100644 --- a/packages/symantec_endpoint/data_stream/log/sample_event.json +++ b/packages/symantec_endpoint/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/symantec_endpoint/docs/README.md b/packages/symantec_endpoint/docs/README.md index 66f0766b00c..cea7537c28f 100644 --- a/packages/symantec_endpoint/docs/README.md +++ b/packages/symantec_endpoint/docs/README.md @@ -367,7 +367,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index 21788573c03..17f2453f665 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -1,6 +1,6 @@ name: symantec_endpoint title: Symantec Endpoint Protection -version: "2.3.1" +version: "2.4.0" release: ga description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration From 78a47c6c5729edb6b4f0ed7aa156c150bb745105 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:01 +0530 Subject: [PATCH 104/137] [sysmon_linux] - update ECS to 8.7.0 from 8.5.0 This updates the sysmon_linux integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/sysmon_linux --- packages/sysmon_linux/_dev/build/build.yml | 2 +- packages/sysmon_linux/changelog.yml | 5 +++++ .../log/_dev/test/pipeline/test-sysmon.json-expected.json | 4 ++-- .../log/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/sysmon_linux/data_stream/log/sample_event.json | 2 +- packages/sysmon_linux/docs/README.md | 2 +- packages/sysmon_linux/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/sysmon_linux/_dev/build/build.yml b/packages/sysmon_linux/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/sysmon_linux/_dev/build/build.yml +++ b/packages/sysmon_linux/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/sysmon_linux/changelog.yml b/packages/sysmon_linux/changelog.yml index 0a46effaebb..acecdedef90 100644 --- a/packages/sysmon_linux/changelog.yml +++ b/packages/sysmon_linux/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.1.0" changes: - description: initial release diff --git a/packages/sysmon_linux/data_stream/log/_dev/test/pipeline/test-sysmon.json-expected.json b/packages/sysmon_linux/data_stream/log/_dev/test/pipeline/test-sysmon.json-expected.json index bb0e0e3ea42..b50108b9682 100644 --- a/packages/sysmon_linux/data_stream/log/_dev/test/pipeline/test-sysmon.json-expected.json +++ b/packages/sysmon_linux/data_stream/log/_dev/test/pipeline/test-sysmon.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "log", @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "action": "log", diff --git a/packages/sysmon_linux/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sysmon_linux/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ca55b6f1e44..990b4882dbe 100644 --- a/packages/sysmon_linux/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sysmon_linux/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - script: description: Remove all empty values from event_data. lang: painless diff --git a/packages/sysmon_linux/data_stream/log/sample_event.json b/packages/sysmon_linux/data_stream/log/sample_event.json index 8cd6665f6fa..9e7c83c6b74 100644 --- a/packages/sysmon_linux/data_stream/log/sample_event.json +++ b/packages/sysmon_linux/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "af423af4-492e-4074-bae6-f31a40d3fd91", diff --git a/packages/sysmon_linux/docs/README.md b/packages/sysmon_linux/docs/README.md index 0adb4ad5607..0831f2f17fd 100644 --- a/packages/sysmon_linux/docs/README.md +++ b/packages/sysmon_linux/docs/README.md @@ -39,7 +39,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "af423af4-492e-4074-bae6-f31a40d3fd91", diff --git a/packages/sysmon_linux/manifest.yml b/packages/sysmon_linux/manifest.yml index 50ab6273b36..254f9e7d40d 100644 --- a/packages/sysmon_linux/manifest.yml +++ b/packages/sysmon_linux/manifest.yml @@ -1,6 +1,6 @@ name: sysmon_linux title: Sysmon for Linux -version: 0.1.0 +version: "0.2.0" description: Collect Sysmon Linux logs with Elastic Agent. type: integration categories: From 3535390effb2baf6f519e5b58aaa5fdbd8bb442d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:02 +0530 Subject: [PATCH 105/137] [system_audit] - update ECS to 8.7.0 from 8.5.1 This updates the system_audit integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/system_audit --- packages/system_audit/_dev/build/build.yml | 2 +- packages/system_audit/changelog.yml | 5 +++++ .../pipeline/test-system-package-dpkg.json-expected.json | 2 +- .../pipeline/test-system-package-homebrew.json-expected.json | 2 +- .../package/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/system_audit/data_stream/package/sample_event.json | 2 +- packages/system_audit/docs/README.md | 4 ++-- packages/system_audit/manifest.yml | 2 +- 8 files changed, 13 insertions(+), 8 deletions(-) diff --git a/packages/system_audit/_dev/build/build.yml b/packages/system_audit/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/system_audit/_dev/build/build.yml +++ b/packages/system_audit/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/system_audit/changelog.yml b/packages/system_audit/changelog.yml index 9e277577dea..e64560aa31a 100644 --- a/packages/system_audit/changelog.yml +++ b/packages/system_audit/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.1" changes: - description: Fix documentation bug diff --git a/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-dpkg.json-expected.json b/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-dpkg.json-expected.json index addec9786e1..cd0b0032e08 100644 --- a/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-dpkg.json-expected.json +++ b/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-dpkg.json-expected.json @@ -10,7 +10,7 @@ "version": "8.5.1" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "1fbd99b1-3367-4109-826b-07c8a7e01f6b", diff --git a/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-homebrew.json-expected.json b/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-homebrew.json-expected.json index e230c2ad55e..3c89a8f5b2d 100644 --- a/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-homebrew.json-expected.json +++ b/packages/system_audit/data_stream/package/_dev/test/pipeline/test-system-package-homebrew.json-expected.json @@ -10,7 +10,7 @@ "version": "8.7.0" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "action": "existing_package", diff --git a/packages/system_audit/data_stream/package/elasticsearch/ingest_pipeline/default.yml b/packages/system_audit/data_stream/package/elasticsearch/ingest_pipeline/default.yml index bbcb9709ba0..0b90931daa4 100644 --- a/packages/system_audit/data_stream/package/elasticsearch/ingest_pipeline/default.yml +++ b/packages/system_audit/data_stream/package/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing System Audit - Package logs processors: - set: field: ecs.version - value: "8.5.1" + value: "8.7.0" - set: field: event.dataset value: system_audit.package diff --git a/packages/system_audit/data_stream/package/sample_event.json b/packages/system_audit/data_stream/package/sample_event.json index e96f1019fbd..d58cf3f49ed 100644 --- a/packages/system_audit/data_stream/package/sample_event.json +++ b/packages/system_audit/data_stream/package/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "027bc354-85a6-40d6-be9d-7eb4533fbd18", diff --git a/packages/system_audit/docs/README.md b/packages/system_audit/docs/README.md index 9401af8d555..38592d3ed69 100644 --- a/packages/system_audit/docs/README.md +++ b/packages/system_audit/docs/README.md @@ -78,7 +78,7 @@ data stream are as follows :- | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | @@ -133,7 +133,7 @@ An example event for `package` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "027bc354-85a6-40d6-be9d-7eb4533fbd18", diff --git a/packages/system_audit/manifest.yml b/packages/system_audit/manifest.yml index 6a5a2e9264a..763090b2564 100644 --- a/packages/system_audit/manifest.yml +++ b/packages/system_audit/manifest.yml @@ -3,7 +3,7 @@ name: system_audit title: System Audit description: Collect various logs & metrics from System Audit modules with Elastic Agent. type: integration -version: 1.0.1 +version: "1.1.0" release: ga conditions: kibana.version: '^8.5.0' From e12e231f53324ae3366df49cd4c5ada38aacc040 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:04 +0530 Subject: [PATCH 106/137] [tanium] - update ECS to 8.7.0 from 8.6.0 This updates the tanium integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/tanium --- packages/tanium/_dev/build/build.yml | 2 +- packages/tanium/changelog.yml | 5 ++ .../test-action-history.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../action_history/sample_event.json | 2 +- .../test-client-status.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../client_status/sample_event.json | 2 +- .../pipeline/test-discover.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/discover/sample_event.json | 2 +- .../test-endpoint-config.log-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../endpoint_config/sample_event.json | 2 +- .../pipeline/test-reporting.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/reporting/sample_event.json | 2 +- .../test-threat-response.log-expected.json | 82 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../threat_response/sample_event.json | 2 +- packages/tanium/docs/README.md | 12 +-- packages/tanium/manifest.yml | 2 +- 22 files changed, 73 insertions(+), 68 deletions(-) diff --git a/packages/tanium/_dev/build/build.yml b/packages/tanium/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/tanium/_dev/build/build.yml +++ b/packages/tanium/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/tanium/changelog.yml b/packages/tanium/changelog.yml index 3baecadd10e..189b854f27d 100644 --- a/packages/tanium/changelog.yml +++ b/packages/tanium/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: 0.1.0 changes: - description: Initial release. diff --git a/packages/tanium/data_stream/action_history/_dev/test/pipeline/test-action-history.log-expected.json b/packages/tanium/data_stream/action_history/_dev/test/pipeline/test-action-history.log-expected.json index a428071e4d3..3b16ffa23a8 100644 --- a/packages/tanium/data_stream/action_history/_dev/test/pipeline/test-action-history.log-expected.json +++ b/packages/tanium/data_stream/action_history/_dev/test/pipeline/test-action-history.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "DeployClientConfigurationandSupport[Mac](universal)", diff --git a/packages/tanium/data_stream/action_history/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/action_history/elasticsearch/ingest_pipeline/default.yml index 70523176ae6..22a56c4984a 100644 --- a/packages/tanium/data_stream/action_history/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/action_history/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing action history logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: event diff --git a/packages/tanium/data_stream/action_history/sample_event.json b/packages/tanium/data_stream/action_history/sample_event.json index 38267edaeab..cbc093f4ceb 100644 --- a/packages/tanium/data_stream/action_history/sample_event.json +++ b/packages/tanium/data_stream/action_history/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", diff --git a/packages/tanium/data_stream/client_status/_dev/test/pipeline/test-client-status.log-expected.json b/packages/tanium/data_stream/client_status/_dev/test/pipeline/test-client-status.log-expected.json index 918836922b1..97dc0009733 100644 --- a/packages/tanium/data_stream/client_status/_dev/test/pipeline/test-client-status.log-expected.json +++ b/packages/tanium/data_stream/client_status/_dev/test/pipeline/test-client-status.log-expected.json @@ -5,7 +5,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": [ diff --git a/packages/tanium/data_stream/client_status/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/client_status/elasticsearch/ingest_pipeline/default.yml index 3dd3a205caa..27f4fc70e3d 100644 --- a/packages/tanium/data_stream/client_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/client_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Client Status logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: state diff --git a/packages/tanium/data_stream/client_status/sample_event.json b/packages/tanium/data_stream/client_status/sample_event.json index abde162514a..9c8204460da 100644 --- a/packages/tanium/data_stream/client_status/sample_event.json +++ b/packages/tanium/data_stream/client_status/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", diff --git a/packages/tanium/data_stream/discover/_dev/test/pipeline/test-discover.log-expected.json b/packages/tanium/data_stream/discover/_dev/test/pipeline/test-discover.log-expected.json index cc13089c0b9..2c6c870b58e 100644 --- a/packages/tanium/data_stream/discover/_dev/test/pipeline/test-discover.log-expected.json +++ b/packages/tanium/data_stream/discover/_dev/test/pipeline/test-discover.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-18T10:10:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "1", diff --git a/packages/tanium/data_stream/discover/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/discover/elasticsearch/ingest_pipeline/default.yml index 93e215b9b76..6fa5fd32d62 100644 --- a/packages/tanium/data_stream/discover/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/discover/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Discover logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: event diff --git a/packages/tanium/data_stream/discover/sample_event.json b/packages/tanium/data_stream/discover/sample_event.json index 3780ac9e7a4..7219ec843be 100644 --- a/packages/tanium/data_stream/discover/sample_event.json +++ b/packages/tanium/data_stream/discover/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c43758c9-08d7-42f2-b258-f39e4373d45a", diff --git a/packages/tanium/data_stream/endpoint_config/_dev/test/pipeline/test-endpoint-config.log-expected.json b/packages/tanium/data_stream/endpoint_config/_dev/test/pipeline/test-endpoint-config.log-expected.json index a66fd4b50d5..a4f506d969b 100644 --- a/packages/tanium/data_stream/endpoint_config/_dev/test/pipeline/test-endpoint-config.log-expected.json +++ b/packages/tanium/data_stream/endpoint_config/_dev/test/pipeline/test-endpoint-config.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AUDIT_ACTION_CREATED", @@ -66,7 +66,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "AUDIT_ACTION_CREATED", @@ -130,7 +130,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tanium/data_stream/endpoint_config/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/endpoint_config/elasticsearch/ingest_pipeline/default.yml index 919e68370c4..3bf71925adc 100644 --- a/packages/tanium/data_stream/endpoint_config/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/endpoint_config/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing endpoint config logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: state diff --git a/packages/tanium/data_stream/endpoint_config/sample_event.json b/packages/tanium/data_stream/endpoint_config/sample_event.json index 2fd0164a5bc..c29fab90478 100644 --- a/packages/tanium/data_stream/endpoint_config/sample_event.json +++ b/packages/tanium/data_stream/endpoint_config/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "7ac2bc6a-9f9b-4289-82db-ee2a0a7e6ef8", diff --git a/packages/tanium/data_stream/reporting/_dev/test/pipeline/test-reporting.log-expected.json b/packages/tanium/data_stream/reporting/_dev/test/pipeline/test-reporting.log-expected.json index 2a4404f1a8d..d691d7d581f 100644 --- a/packages/tanium/data_stream/reporting/_dev/test/pipeline/test-reporting.log-expected.json +++ b/packages/tanium/data_stream/reporting/_dev/test/pipeline/test-reporting.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": [ diff --git a/packages/tanium/data_stream/reporting/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/reporting/elasticsearch/ingest_pipeline/default.yml index cc269eaa605..0fa2e3fc806 100644 --- a/packages/tanium/data_stream/reporting/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/reporting/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing reporting logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: event diff --git a/packages/tanium/data_stream/reporting/sample_event.json b/packages/tanium/data_stream/reporting/sample_event.json index 96f3e53cfd6..3026a3a3fac 100644 --- a/packages/tanium/data_stream/reporting/sample_event.json +++ b/packages/tanium/data_stream/reporting/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json index 748130ae88a..a7f7a86c40c 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -63,7 +63,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -352,7 +352,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -629,7 +629,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -695,7 +695,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -975,7 +975,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1255,7 +1255,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1532,7 +1532,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1809,7 +1809,7 @@ { "@timestamp": "2023-01-18T10:13:28.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2086,7 +2086,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2363,7 +2363,7 @@ { "@timestamp": "2023-01-18T10:45:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2640,7 +2640,7 @@ { "@timestamp": "2023-01-18T10:34:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -2917,7 +2917,7 @@ { "@timestamp": "2023-01-18T10:45:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3194,7 +3194,7 @@ { "@timestamp": "2023-01-18T10:43:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3471,7 +3471,7 @@ { "@timestamp": "2023-01-18T10:44:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -3748,7 +3748,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4026,7 +4026,7 @@ { "@timestamp": "2023-01-18T10:55:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4304,7 +4304,7 @@ { "@timestamp": "2023-01-18T10:58:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4582,7 +4582,7 @@ { "@timestamp": "2023-01-18T10:45:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -4859,7 +4859,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -4920,7 +4920,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -5197,7 +5197,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "update", @@ -5258,7 +5258,7 @@ { "@timestamp": "2023-01-18T10:40:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -5535,7 +5535,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -5596,7 +5596,7 @@ { "@timestamp": "2023-01-18T11:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -5873,7 +5873,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -5934,7 +5934,7 @@ { "@timestamp": "2023-01-18T10:37:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6212,7 +6212,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6490,7 +6490,7 @@ { "@timestamp": "2023-01-18T10:23:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6767,7 +6767,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6833,7 +6833,7 @@ { "@timestamp": "2023-02-01T00:35:37.936Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6890,7 +6890,7 @@ { "@timestamp": "2023-01-31T23:35:33.445Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -6947,7 +6947,7 @@ { "@timestamp": "2023-01-31T23:35:33.060Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7004,7 +7004,7 @@ { "@timestamp": "2023-01-31T23:35:34.657Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7061,7 +7061,7 @@ { "@timestamp": "2023-01-31T23:35:34.285Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7118,7 +7118,7 @@ { "@timestamp": "2023-01-31T23:35:33.975Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7175,7 +7175,7 @@ { "@timestamp": "2023-01-31T23:35:33.958Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7232,7 +7232,7 @@ { "@timestamp": "2023-01-31T23:35:33.759Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7289,7 +7289,7 @@ { "@timestamp": "2023-01-31T23:35:33.570Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7346,7 +7346,7 @@ { "@timestamp": "2023-01-31T23:35:34.812Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -7403,7 +7403,7 @@ { "@timestamp": "2023-01-18T10:37:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml index ce853e6307c..9b6ce2512e0 100644 --- a/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing threat response logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.kind value: event diff --git a/packages/tanium/data_stream/threat_response/sample_event.json b/packages/tanium/data_stream/threat_response/sample_event.json index 9269581857e..86e259b801a 100644 --- a/packages/tanium/data_stream/threat_response/sample_event.json +++ b/packages/tanium/data_stream/threat_response/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "7ac2bc6a-9f9b-4289-82db-ee2a0a7e6ef8", diff --git a/packages/tanium/docs/README.md b/packages/tanium/docs/README.md index 0de9f567e2a..0b08205326a 100644 --- a/packages/tanium/docs/README.md +++ b/packages/tanium/docs/README.md @@ -87,7 +87,7 @@ An example event for `action_history` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", @@ -206,7 +206,7 @@ An example event for `client_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", @@ -309,7 +309,7 @@ An example event for `discover` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "c43758c9-08d7-42f2-b258-f39e4373d45a", @@ -429,7 +429,7 @@ An example event for `endpoint_config` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "7ac2bc6a-9f9b-4289-82db-ee2a0a7e6ef8", @@ -551,7 +551,7 @@ An example event for `reporting` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "2cc42030-c8c1-410b-8cef-c2db3ff157ec", @@ -663,7 +663,7 @@ An example event for `threat_response` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "7ac2bc6a-9f9b-4289-82db-ee2a0a7e6ef8", diff --git a/packages/tanium/manifest.yml b/packages/tanium/manifest.yml index 7d4f45f219d..927c2bb7df5 100644 --- a/packages/tanium/manifest.yml +++ b/packages/tanium/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: tanium title: Tanium -version: 0.1.0 +version: "0.2.0" description: This Elastic integration collects logs from Tanium with Elastic Agent. type: integration categories: From e3b9c255ed298271b9404ec493b84a8e188005e4 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:04 +0530 Subject: [PATCH 107/137] [tcp] - update ECS to 8.7.0 This updates the tcp integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/tcp --- packages/tcp/_dev/build/build.yml | 2 +- packages/tcp/changelog.yml | 5 +++++ packages/tcp/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/tcp/_dev/build/build.yml b/packages/tcp/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/tcp/_dev/build/build.yml +++ b/packages/tcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index 3ae715f3e4e..b9ea3bc02a3 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/tcp/manifest.yml b/packages/tcp/manifest.yml index 0b574f25dfa..ed8234bc2fe 100644 --- a/packages/tcp/manifest.yml +++ b/packages/tcp/manifest.yml @@ -3,7 +3,7 @@ name: tcp title: Custom TCP Logs description: Collect raw TCP data from listening TCP port with Elastic Agent. type: integration -version: "1.7.1" +version: "1.8.0" release: ga conditions: kibana.version: "^8.2.1" From 390b57c7f5689bf53c3ff6fa86b960729ed6c22d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:05 +0530 Subject: [PATCH 108/137] [tenable_io] - update ECS to 8.7.0 from 8.5.0 This updates the tenable_io integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/tenable_io --- packages/tenable_io/_dev/build/build.yml | 2 +- packages/tenable_io/changelog.yml | 5 +++++ .../asset/_dev/test/pipeline/test-asset.log-expected.json | 2 +- .../asset/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/tenable_io/data_stream/asset/sample_event.json | 2 +- .../plugin/_dev/test/pipeline/test-plugin.log-expected.json | 4 ++-- .../plugin/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/tenable_io/data_stream/plugin/sample_event.json | 2 +- .../_dev/test/pipeline/test-vulnerability.log-expected.json | 2 +- .../vulnerability/elasticsearch/ingest_pipeline/default.yml | 2 +- .../tenable_io/data_stream/vulnerability/sample_event.json | 2 +- packages/tenable_io/docs/README.md | 6 +++--- packages/tenable_io/manifest.yml | 2 +- 13 files changed, 20 insertions(+), 15 deletions(-) diff --git a/packages/tenable_io/_dev/build/build.yml b/packages/tenable_io/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/tenable_io/_dev/build/build.yml +++ b/packages/tenable_io/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/tenable_io/changelog.yml b/packages/tenable_io/changelog.yml index ef431fa1028..ca8100a9460 100644 --- a/packages/tenable_io/changelog.yml +++ b/packages/tenable_io/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.2.1" changes: - description: Added response.save_first_response parameter to hbs.yml files to support latest httpjson change. diff --git a/packages/tenable_io/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_io/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index e474aa81c8d..d0474f6ebb6 100644 --- a/packages/tenable_io/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_io/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 48ab51d4279..a63f2f298d7 100644 --- a/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Tenable.io asset logs. processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - set: field: event.category value: [host] diff --git a/packages/tenable_io/data_stream/asset/sample_event.json b/packages/tenable_io/data_stream/asset/sample_event.json index fc4c7528501..1c954ea9d2e 100644 --- a/packages/tenable_io/data_stream/asset/sample_event.json +++ b/packages/tenable_io/data_stream/asset/sample_event.json @@ -22,7 +22,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", diff --git a/packages/tenable_io/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_io/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index bc0df8b80ce..00f7aafaf5e 100644 --- a/packages/tenable_io/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_io/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-07-19T00:00:00.000Z", "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -140,7 +140,7 @@ { "@timestamp": "2019-09-30T00:00:00.000Z", "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 7bbf42e4bb3..6630ca0686f 100644 --- a/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Tenable.io plugin logs. processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - set: field: event.type value: [info] diff --git a/packages/tenable_io/data_stream/plugin/sample_event.json b/packages/tenable_io/data_stream/plugin/sample_event.json index 4858b79a95e..291db8b0296 100644 --- a/packages/tenable_io/data_stream/plugin/sample_event.json +++ b/packages/tenable_io/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", diff --git a/packages/tenable_io/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_io/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index 8a5f77d63cc..63606a509c9 100644 --- a/packages/tenable_io/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_io/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-30T14:09:12.061Z", "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index e704095140e..2b5b4964d3a 100644 --- a/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Tenable.io vulnerability logs. processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' - set: field: event.category value: [threat] diff --git a/packages/tenable_io/data_stream/vulnerability/sample_event.json b/packages/tenable_io/data_stream/vulnerability/sample_event.json index 655e47ba944..1e0fc7696b6 100644 --- a/packages/tenable_io/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_io/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", diff --git a/packages/tenable_io/docs/README.md b/packages/tenable_io/docs/README.md index 11219cb4898..72ef65998a2 100644 --- a/packages/tenable_io/docs/README.md +++ b/packages/tenable_io/docs/README.md @@ -76,7 +76,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", @@ -373,7 +373,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", @@ -678,7 +678,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "39d1a649-4366-4665-95b2-4ddc2432d4d8", diff --git a/packages/tenable_io/manifest.yml b/packages/tenable_io/manifest.yml index 4e069bf55a5..239dbe78303 100644 --- a/packages/tenable_io/manifest.yml +++ b/packages/tenable_io/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: tenable_io title: Tenable.io -version: 0.2.1 +version: "0.3.0" description: Collect logs from Tenable.io with Elastic Agent. type: integration categories: From 20fe61edcda2ab24d99faf06edcba24479469a5a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:06 +0530 Subject: [PATCH 109/137] [tenable_sc] - update ECS to 8.7.0 from 8.6.0 This updates the tenable_sc integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/tenable_sc --- packages/tenable_sc/_dev/build/build.yml | 2 +- packages/tenable_sc/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-asset.log-expected.json | 8 ++++---- .../asset/elasticsearch/ingest_pipeline/default.yml | 2 +- .../tenable_sc/data_stream/asset/sample_event.json | 2 +- .../_dev/test/pipeline/test-plugin.log-expected.json | 8 ++++---- .../plugin/elasticsearch/ingest_pipeline/default.yml | 2 +- .../tenable_sc/data_stream/plugin/sample_event.json | 2 +- .../test/pipeline/test-vulnerability.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/vulnerability/sample_event.json | 2 +- packages/tenable_sc/docs/README.md | 6 +++--- packages/tenable_sc/manifest.yml | 2 +- 13 files changed, 29 insertions(+), 24 deletions(-) diff --git a/packages/tenable_sc/_dev/build/build.yml b/packages/tenable_sc/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/tenable_sc/_dev/build/build.yml +++ b/packages/tenable_sc/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index 5ccf8d52299..f8273b92151 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Drop empty event sets. diff --git a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 74f8cf42282..881785a9057 100644 --- a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -82,7 +82,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -162,7 +162,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -243,7 +243,7 @@ { "@timestamp": "2022-11-15T09:28:32.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index e88cab5778a..c362c5a5ee3 100644 --- a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc asset logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json index b937a63b8f5..59008e87479 100644 --- a/packages/tenable_sc/data_stream/asset/sample_event.json +++ b/packages/tenable_sc/data_stream/asset/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index b1b3fd5f713..6ed1da16a99 100644 --- a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -97,7 +97,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -244,7 +244,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", @@ -374,7 +374,7 @@ { "@timestamp": "2021-09-27T01:33:53.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "kind": "event", diff --git a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 24341d0ae9a..d7a4d788c10 100644 --- a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc plugin logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json index eca4347bf8a..3c3b3226fb3 100644 --- a/packages/tenable_sc/data_stream/plugin/sample_event.json +++ b/packages/tenable_sc/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index d2055648f57..f2045e359f4 100644 --- a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -127,7 +127,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -251,7 +251,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -439,7 +439,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -661,7 +661,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index f878d53e260..b8b1759315c 100644 --- a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc vulnerability logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json index 0ce34c8b08d..ae3715b02a4 100644 --- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md index e88d75a61f2..ad5eeb101a9 100644 --- a/packages/tenable_sc/docs/README.md +++ b/packages/tenable_sc/docs/README.md @@ -43,7 +43,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -239,7 +239,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", @@ -504,7 +504,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "94011a8e-8b26-4bce-a627-d54316798b52", diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index 99ac88be66e..d6c658883d5 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: "1.7.1" +version: "1.8.0" license: basic description: | Collect logs from Tenable.sc with Elastic Agent. From d2978ea56c75bfcc2d419a82cb55c54dce8e1074 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:07 +0530 Subject: [PATCH 110/137] [thycotic_ss] - update ECS to 8.7.0 from 8.5.0 This updates the thycotic_ss integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/thycotic_ss --- packages/thycotic_ss/_dev/build/build.yml | 2 +- packages/thycotic_ss/changelog.yml | 5 ++ .../test-thycotic-ss.json-expected.json | 66 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/logs/sample_event.json | 2 +- packages/thycotic_ss/docs/README.md | 4 +- packages/thycotic_ss/manifest.yml | 2 +- 7 files changed, 44 insertions(+), 39 deletions(-) diff --git a/packages/thycotic_ss/_dev/build/build.yml b/packages/thycotic_ss/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/thycotic_ss/_dev/build/build.yml +++ b/packages/thycotic_ss/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/thycotic_ss/changelog.yml b/packages/thycotic_ss/changelog.yml index 371dc6769c7..3b20c21e756 100644 --- a/packages/thycotic_ss/changelog.yml +++ b/packages/thycotic_ss/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.0.1" changes: - description: Initial draft of the package diff --git a/packages/thycotic_ss/data_stream/logs/_dev/test/pipeline/test-thycotic-ss.json-expected.json b/packages/thycotic_ss/data_stream/logs/_dev/test/pipeline/test-thycotic-ss.json-expected.json index 0f29a053121..a2d0c20356f 100644 --- a/packages/thycotic_ss/data_stream/logs/_dev/test/pipeline/test-thycotic-ss.json-expected.json +++ b/packages/thycotic_ss/data_stream/logs/_dev/test/pipeline/test-thycotic-ss.json-expected.json @@ -1,18 +1,21 @@ { "expected": [ { - "source": { - "ip": "172.16.1.116" + "ecs": { + "version": "8.7.0" }, - "thycotic_ss": { - "event": { - "secret": { - "folder": "Admin User", - "name": "Admin User Personal Admin Account - example\\adminuser", - "id": "12" - }, - "time": "2022-11-10T13:13:23.000Z" - } + "event": { + "action": "view", + "category": [ + "iam" + ], + "code": "10004", + "kind": "event", + "original": "Nov 10 13:13:32 THYCOTICSS02 CEF:0|Thycotic Software|Secret Server|11.3.000001|10004|SECRET - VIEW|2|msg=[[SecretServer]] Event: [Secret] Action: [View] By User: U.Admin Item Name: Admin User Personal Admin Account - example\\adminuser (Item Id: 12) Container Name: Admin User (Container Id: 11) suid=2 suser=U.Admin cs4=Unlimited Administrator cs4Label=suser Display Name src=172.16.1.116 rt=Nov 10 2022 13:13:23 fname=Admin User Personal Admin Account - example\\adminuser fileType=Secret fileId=12 cs3Label=Folder cs3=Admin User", + "provider": "secret", + "type": [ + "info" + ] }, "message": "[[SecretServer]] Event: [Secret] Action: [View] By User: U.Admin Item Name: Admin User Personal Admin Account - example\\adminuser (Item Id: 12) Container Name: Admin User (Container Id: 11)", "observer": { @@ -20,9 +23,6 @@ "vendor": "Thycotic Software", "version": "11.3.000001" }, - "ecs": { - "version": "8.5.0" - }, "related": { "ip": [ "172.16.1.116" @@ -31,27 +31,27 @@ "U.Admin" ] }, - "event": { - "code": "10004", - "provider": "secret", - "action": "view", - "category": [ - "iam" - ], - "original": "Nov 10 13:13:32 THYCOTICSS02 CEF:0|Thycotic Software|Secret Server|11.3.000001|10004|SECRET - VIEW|2|msg=[[SecretServer]] Event: [Secret] Action: [View] By User: U.Admin Item Name: Admin User Personal Admin Account - example\\adminuser (Item Id: 12) Container Name: Admin User (Container Id: 11) suid=2 suser=U.Admin cs4=Unlimited Administrator cs4Label=suser Display Name src=172.16.1.116 rt=Nov 10 2022 13:13:23 fname=Admin User Personal Admin Account - example\\adminuser fileType=Secret fileId=12 cs3Label=Folder cs3=Admin User", - "kind": "event", - "type": [ - "info" - ] - }, - "user": { - "full_name": "Unlimited Administrator", - "name": "U.Admin", - "id": "2" + "source": { + "ip": "172.16.1.116" }, "tags": [ "preserve_original_event" - ] + ], + "thycotic_ss": { + "event": { + "secret": { + "folder": "Admin User", + "id": "12", + "name": "Admin User Personal Admin Account - example\\adminuser" + }, + "time": "2022-11-10T13:13:23.000Z" + } + }, + "user": { + "full_name": "Unlimited Administrator", + "id": "2", + "name": "U.Admin" + } } ] -} +} \ No newline at end of file diff --git a/packages/thycotic_ss/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/thycotic_ss/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index 09e1836e8d0..b5c3bc826b6 100644 --- a/packages/thycotic_ss/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/thycotic_ss/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline to process Thycotic Secret Server logs processors: - set: field: ecs.version - value: '8.5.0' + value: '8.7.0' ######################### ## ECS event fields ## diff --git a/packages/thycotic_ss/data_stream/logs/sample_event.json b/packages/thycotic_ss/data_stream/logs/sample_event.json index 214a212356b..1ba68502abd 100644 --- a/packages/thycotic_ss/data_stream/logs/sample_event.json +++ b/packages/thycotic_ss/data_stream/logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "21fd6389-bda5-46dd-9abe-cc77aef72e44", diff --git a/packages/thycotic_ss/docs/README.md b/packages/thycotic_ss/docs/README.md index fe2a22a2940..456176b2fcd 100644 --- a/packages/thycotic_ss/docs/README.md +++ b/packages/thycotic_ss/docs/README.md @@ -101,7 +101,7 @@ An example event for `logs` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "21fd6389-bda5-46dd-9abe-cc77aef72e44", @@ -205,7 +205,7 @@ The following fields may be used by the package: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.ip | Host ip addresses. | ip | | host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | input.type | | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.syslog.facility.code | The Syslog numeric facility of the log event, if available. According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. | long | diff --git a/packages/thycotic_ss/manifest.yml b/packages/thycotic_ss/manifest.yml index 86caf67fc20..5f1c9e03462 100644 --- a/packages/thycotic_ss/manifest.yml +++ b/packages/thycotic_ss/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: thycotic_ss title: "Thycotic Secret Server" -version: 0.0.1 +version: "0.1.0" source: license: "Elastic-2.0" description: "Thycotic Secret Server logs" From 6fda579f7faf1b013d477ca916c11e952728edac Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:10 +0530 Subject: [PATCH 111/137] [ti_abusech] - update ECS to 8.7.0 from 8.6.0 This updates the ti_abusech integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_abusech --- packages/ti_abusech/_dev/build/build.yml | 2 +- packages/ti_abusech/changelog.yml | 5 + .../test-malware-ndjson.log-expected.json | 50 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/malware/sample_event.json | 2 +- ...est-malwarebazaar-ndjson.log-expected.json | 20 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../malwarebazaar/sample_event.json | 2 +- .../test-threatfox-ndjson.log-expected.json | 150 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threatfox/sample_event.json | 2 +- .../test-abusechurl-ndjson.log-expected.json | 1340 ++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/url/sample_event.json | 2 +- packages/ti_abusech/manifest.yml | 2 +- 15 files changed, 795 insertions(+), 790 deletions(-) diff --git a/packages/ti_abusech/_dev/build/build.yml b/packages/ti_abusech/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_abusech/_dev/build/build.yml +++ b/packages/ti_abusech/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 892ef27f462..3dd805ff346 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index b4e088faf14..45647022c74 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -5,7 +5,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -50,7 +50,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -146,7 +146,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -191,7 +191,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -284,7 +284,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -421,7 +421,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -466,7 +466,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -511,7 +511,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -601,7 +601,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -693,7 +693,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -785,7 +785,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -830,7 +830,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -875,7 +875,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -922,7 +922,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -967,7 +967,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1012,7 +1012,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1102,7 +1102,7 @@ "malware": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index 5b7b331eff4..140d5f6b480 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malware/sample_event.json b/packages/ti_abusech/data_stream/malware/sample_event.json index f3fecb96ca3..98485b5ac0a 100644 --- a/packages/ti_abusech/data_stream/malware/sample_event.json +++ b/packages/ti_abusech/data_stream/malware/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index 15cd4257afc..da33ddafb9a 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -406,7 +406,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -547,7 +547,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -628,7 +628,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index 7b858199f35..7ae607f797e 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json index bd00fdbd877..416da0e09a6 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json b/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json index f52f4330947..976f21207b3 100644 --- a/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -55,7 +55,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -267,7 +267,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -312,7 +312,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -403,7 +403,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -456,7 +456,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -654,7 +654,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -707,7 +707,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -755,7 +755,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -807,7 +807,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -854,7 +854,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -901,7 +901,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1003,7 +1003,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1101,7 +1101,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1150,7 +1150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1199,7 +1199,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1248,7 +1248,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1297,7 +1297,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1396,7 +1396,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1497,7 +1497,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1550,7 +1550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1598,7 +1598,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1651,7 +1651,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1699,7 +1699,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1751,7 +1751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1852,7 +1852,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1898,7 +1898,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1940,7 +1940,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1985,7 +1985,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2027,7 +2027,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2072,7 +2072,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2161,7 +2161,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2205,7 +2205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2259,7 +2259,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2300,7 +2300,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2386,7 +2386,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2433,7 +2433,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2474,7 +2474,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2515,7 +2515,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2557,7 +2557,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2599,7 +2599,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2646,7 +2646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2791,7 +2791,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2838,7 +2838,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2890,7 +2890,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2938,7 +2938,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2986,7 +2986,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3038,7 +3038,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3086,7 +3086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3138,7 +3138,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3190,7 +3190,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3237,7 +3237,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3284,7 +3284,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3336,7 +3336,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3384,7 +3384,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3436,7 +3436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3487,7 +3487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml index 4d408e1ec1b..a405894012c 100644 --- a/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/threatfox/sample_event.json b/packages/ti_abusech/data_stream/threatfox/sample_event.json index 6dd6b689d37..e86ee0b1ea9 100644 --- a/packages/ti_abusech/data_stream/threatfox/sample_event.json +++ b/packages/ti_abusech/data_stream/threatfox/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json index a901920dca8..d4fbd2a1cf4 100644 --- a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -498,7 +498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -546,7 +546,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -594,7 +594,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -642,7 +642,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -690,7 +690,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -834,7 +834,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -930,7 +930,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -978,7 +978,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1074,7 +1074,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1122,7 +1122,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1216,7 +1216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1263,7 +1263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1310,7 +1310,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1357,7 +1357,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1501,7 +1501,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1549,7 +1549,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1596,7 +1596,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1690,7 +1690,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1784,7 +1784,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1833,7 +1833,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1975,7 +1975,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2071,7 +2071,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2119,7 +2119,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2215,7 +2215,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2263,7 +2263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2311,7 +2311,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2359,7 +2359,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2407,7 +2407,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2455,7 +2455,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2503,7 +2503,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2550,7 +2550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2595,7 +2595,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2640,7 +2640,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2685,7 +2685,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2730,7 +2730,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2775,7 +2775,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2865,7 +2865,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2910,7 +2910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2955,7 +2955,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3000,7 +3000,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3090,7 +3090,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3135,7 +3135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3180,7 +3180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3225,7 +3225,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3270,7 +3270,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3450,7 +3450,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3495,7 +3495,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3540,7 +3540,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3585,7 +3585,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3630,7 +3630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3675,7 +3675,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3765,7 +3765,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3810,7 +3810,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3855,7 +3855,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3945,7 +3945,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3990,7 +3990,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4035,7 +4035,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4080,7 +4080,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4125,7 +4125,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4170,7 +4170,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4260,7 +4260,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4305,7 +4305,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4350,7 +4350,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4395,7 +4395,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4485,7 +4485,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4530,7 +4530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4575,7 +4575,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4620,7 +4620,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4665,7 +4665,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4710,7 +4710,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4755,7 +4755,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4845,7 +4845,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4890,7 +4890,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4935,7 +4935,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5025,7 +5025,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5070,7 +5070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5160,7 +5160,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5205,7 +5205,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5295,7 +5295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5340,7 +5340,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5385,7 +5385,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5430,7 +5430,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5475,7 +5475,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5520,7 +5520,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5565,7 +5565,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5655,7 +5655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5700,7 +5700,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5745,7 +5745,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5790,7 +5790,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5880,7 +5880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5925,7 +5925,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5970,7 +5970,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6015,7 +6015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6105,7 +6105,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6150,7 +6150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6195,7 +6195,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6240,7 +6240,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6330,7 +6330,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6375,7 +6375,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6420,7 +6420,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6465,7 +6465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6510,7 +6510,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6555,7 +6555,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6600,7 +6600,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6645,7 +6645,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6692,7 +6692,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6740,7 +6740,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6788,7 +6788,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6836,7 +6836,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6884,7 +6884,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6932,7 +6932,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -6980,7 +6980,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7028,7 +7028,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7076,7 +7076,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7124,7 +7124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7172,7 +7172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7220,7 +7220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7268,7 +7268,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7316,7 +7316,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7364,7 +7364,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7412,7 +7412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7460,7 +7460,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7508,7 +7508,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7556,7 +7556,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7652,7 +7652,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7700,7 +7700,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7748,7 +7748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7796,7 +7796,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7844,7 +7844,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7892,7 +7892,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7941,7 +7941,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -7988,7 +7988,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8036,7 +8036,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8084,7 +8084,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8132,7 +8132,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8180,7 +8180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8228,7 +8228,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8276,7 +8276,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8324,7 +8324,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8372,7 +8372,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8420,7 +8420,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8468,7 +8468,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8517,7 +8517,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8564,7 +8564,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8612,7 +8612,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8660,7 +8660,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8708,7 +8708,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8756,7 +8756,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8804,7 +8804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8852,7 +8852,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8900,7 +8900,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8948,7 +8948,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -8996,7 +8996,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9044,7 +9044,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9092,7 +9092,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9140,7 +9140,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9188,7 +9188,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9236,7 +9236,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9284,7 +9284,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9332,7 +9332,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9380,7 +9380,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9428,7 +9428,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9476,7 +9476,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9574,7 +9574,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9622,7 +9622,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9670,7 +9670,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9718,7 +9718,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9766,7 +9766,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9814,7 +9814,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9862,7 +9862,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9910,7 +9910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -9958,7 +9958,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10006,7 +10006,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10054,7 +10054,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10102,7 +10102,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10150,7 +10150,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10198,7 +10198,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10246,7 +10246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10294,7 +10294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10342,7 +10342,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10390,7 +10390,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10438,7 +10438,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10486,7 +10486,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10534,7 +10534,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10582,7 +10582,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10630,7 +10630,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10678,7 +10678,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10726,7 +10726,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10774,7 +10774,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10823,7 +10823,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10872,7 +10872,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10919,7 +10919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -10967,7 +10967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11015,7 +11015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11063,7 +11063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11111,7 +11111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11159,7 +11159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11207,7 +11207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11255,7 +11255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11303,7 +11303,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11351,7 +11351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11399,7 +11399,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11447,7 +11447,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11495,7 +11495,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11543,7 +11543,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11591,7 +11591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11639,7 +11639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11687,7 +11687,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11735,7 +11735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11783,7 +11783,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11831,7 +11831,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11880,7 +11880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11928,7 +11928,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -11976,7 +11976,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12022,7 +12022,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12070,7 +12070,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12118,7 +12118,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12166,7 +12166,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12214,7 +12214,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12262,7 +12262,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12310,7 +12310,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12358,7 +12358,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12406,7 +12406,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12454,7 +12454,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12550,7 +12550,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12646,7 +12646,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12694,7 +12694,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12742,7 +12742,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12790,7 +12790,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12838,7 +12838,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12886,7 +12886,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12934,7 +12934,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -12982,7 +12982,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13030,7 +13030,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13078,7 +13078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13127,7 +13127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13175,7 +13175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13223,7 +13223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13271,7 +13271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13319,7 +13319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13367,7 +13367,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13415,7 +13415,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13463,7 +13463,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13511,7 +13511,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13559,7 +13559,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13607,7 +13607,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13655,7 +13655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13703,7 +13703,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13751,7 +13751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13799,7 +13799,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13847,7 +13847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13895,7 +13895,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13943,7 +13943,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -13991,7 +13991,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14039,7 +14039,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14087,7 +14087,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14135,7 +14135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14183,7 +14183,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14231,7 +14231,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14279,7 +14279,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14327,7 +14327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14375,7 +14375,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14424,7 +14424,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14473,7 +14473,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14520,7 +14520,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14568,7 +14568,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14616,7 +14616,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14664,7 +14664,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14712,7 +14712,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14760,7 +14760,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14808,7 +14808,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14856,7 +14856,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14904,7 +14904,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -14952,7 +14952,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15000,7 +15000,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15048,7 +15048,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15096,7 +15096,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15144,7 +15144,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15192,7 +15192,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15240,7 +15240,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15288,7 +15288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15336,7 +15336,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15384,7 +15384,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15432,7 +15432,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15480,7 +15480,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15529,7 +15529,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15574,7 +15574,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15621,7 +15621,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15668,7 +15668,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15716,7 +15716,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15764,7 +15764,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15812,7 +15812,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15860,7 +15860,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15908,7 +15908,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -15956,7 +15956,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16004,7 +16004,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16052,7 +16052,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16100,7 +16100,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16148,7 +16148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16196,7 +16196,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16244,7 +16244,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16292,7 +16292,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16340,7 +16340,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16388,7 +16388,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16436,7 +16436,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16484,7 +16484,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16532,7 +16532,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16581,7 +16581,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16629,7 +16629,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16677,7 +16677,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16725,7 +16725,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16773,7 +16773,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16822,7 +16822,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16871,7 +16871,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16918,7 +16918,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -16967,7 +16967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17015,7 +17015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17063,7 +17063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17111,7 +17111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17159,7 +17159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17207,7 +17207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17255,7 +17255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17303,7 +17303,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17351,7 +17351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17399,7 +17399,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17447,7 +17447,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17495,7 +17495,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17543,7 +17543,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17591,7 +17591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17639,7 +17639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17688,7 +17688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17735,7 +17735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17784,7 +17784,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17832,7 +17832,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17880,7 +17880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17928,7 +17928,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -17976,7 +17976,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18024,7 +18024,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18072,7 +18072,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18120,7 +18120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18168,7 +18168,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18216,7 +18216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18263,7 +18263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18310,7 +18310,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18357,7 +18357,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18404,7 +18404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18451,7 +18451,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18498,7 +18498,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18546,7 +18546,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18593,7 +18593,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18640,7 +18640,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18688,7 +18688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18735,7 +18735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18782,7 +18782,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18830,7 +18830,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18877,7 +18877,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18924,7 +18924,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -18972,7 +18972,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19020,7 +19020,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19068,7 +19068,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19116,7 +19116,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19163,7 +19163,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19212,7 +19212,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19260,7 +19260,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19308,7 +19308,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19356,7 +19356,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19404,7 +19404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19452,7 +19452,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19500,7 +19500,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19548,7 +19548,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19596,7 +19596,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19644,7 +19644,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19692,7 +19692,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19740,7 +19740,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19788,7 +19788,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19836,7 +19836,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19884,7 +19884,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19932,7 +19932,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19980,7 +19980,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20028,7 +20028,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20076,7 +20076,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20124,7 +20124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20172,7 +20172,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20220,7 +20220,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20268,7 +20268,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20316,7 +20316,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20364,7 +20364,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20412,7 +20412,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20460,7 +20460,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20508,7 +20508,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20556,7 +20556,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20604,7 +20604,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20652,7 +20652,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20700,7 +20700,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20748,7 +20748,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20796,7 +20796,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20845,7 +20845,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20894,7 +20894,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20942,7 +20942,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -20990,7 +20990,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21038,7 +21038,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21086,7 +21086,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21134,7 +21134,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21182,7 +21182,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21230,7 +21230,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21278,7 +21278,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21326,7 +21326,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21374,7 +21374,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21422,7 +21422,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21470,7 +21470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21518,7 +21518,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21566,7 +21566,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21614,7 +21614,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21662,7 +21662,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21710,7 +21710,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21758,7 +21758,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21806,7 +21806,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21854,7 +21854,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21902,7 +21902,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21951,7 +21951,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -21999,7 +21999,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22047,7 +22047,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22095,7 +22095,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22143,7 +22143,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22191,7 +22191,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22239,7 +22239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22287,7 +22287,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22335,7 +22335,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22383,7 +22383,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22431,7 +22431,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22479,7 +22479,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22527,7 +22527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22575,7 +22575,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22623,7 +22623,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22671,7 +22671,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22719,7 +22719,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22767,7 +22767,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22815,7 +22815,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22863,7 +22863,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22911,7 +22911,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -22959,7 +22959,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23007,7 +23007,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23055,7 +23055,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23103,7 +23103,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23151,7 +23151,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23199,7 +23199,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23247,7 +23247,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23295,7 +23295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23343,7 +23343,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23392,7 +23392,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23440,7 +23440,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23487,7 +23487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23535,7 +23535,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23583,7 +23583,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23631,7 +23631,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23679,7 +23679,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23727,7 +23727,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23775,7 +23775,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23823,7 +23823,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23871,7 +23871,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23919,7 +23919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23967,7 +23967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24015,7 +24015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24063,7 +24063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24111,7 +24111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24159,7 +24159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24207,7 +24207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24255,7 +24255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24303,7 +24303,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24351,7 +24351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24400,7 +24400,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24449,7 +24449,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24496,7 +24496,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24544,7 +24544,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24592,7 +24592,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24640,7 +24640,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24688,7 +24688,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24736,7 +24736,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24784,7 +24784,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24832,7 +24832,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24880,7 +24880,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24928,7 +24928,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -24976,7 +24976,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25024,7 +25024,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25072,7 +25072,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25120,7 +25120,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25168,7 +25168,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25216,7 +25216,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25264,7 +25264,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25313,7 +25313,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25361,7 +25361,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25409,7 +25409,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25505,7 +25505,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25554,7 +25554,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25601,7 +25601,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25647,7 +25647,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25695,7 +25695,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25743,7 +25743,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25791,7 +25791,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25839,7 +25839,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25887,7 +25887,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25935,7 +25935,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -25983,7 +25983,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26032,7 +26032,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26079,7 +26079,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26127,7 +26127,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26175,7 +26175,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26223,7 +26223,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26271,7 +26271,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26319,7 +26319,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26367,7 +26367,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26415,7 +26415,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26463,7 +26463,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26511,7 +26511,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26559,7 +26559,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26607,7 +26607,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26655,7 +26655,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26703,7 +26703,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26751,7 +26751,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26799,7 +26799,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26847,7 +26847,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26895,7 +26895,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26943,7 +26943,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -26991,7 +26991,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27039,7 +27039,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27087,7 +27087,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27135,7 +27135,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27184,7 +27184,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27231,7 +27231,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27279,7 +27279,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27327,7 +27327,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27375,7 +27375,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27423,7 +27423,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27471,7 +27471,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27519,7 +27519,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27568,7 +27568,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27615,7 +27615,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27663,7 +27663,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27711,7 +27711,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27759,7 +27759,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27807,7 +27807,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27855,7 +27855,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27903,7 +27903,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27951,7 +27951,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -27999,7 +27999,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28047,7 +28047,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28095,7 +28095,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28143,7 +28143,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28191,7 +28191,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28239,7 +28239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28287,7 +28287,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28335,7 +28335,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28383,7 +28383,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28432,7 +28432,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28479,7 +28479,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28527,7 +28527,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28576,7 +28576,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28624,7 +28624,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28672,7 +28672,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28720,7 +28720,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28766,7 +28766,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28812,7 +28812,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28858,7 +28858,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28906,7 +28906,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -28954,7 +28954,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29002,7 +29002,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29050,7 +29050,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29098,7 +29098,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29146,7 +29146,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29194,7 +29194,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29242,7 +29242,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29290,7 +29290,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29338,7 +29338,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29386,7 +29386,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29434,7 +29434,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29482,7 +29482,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29530,7 +29530,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29578,7 +29578,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29626,7 +29626,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29674,7 +29674,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29722,7 +29722,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29770,7 +29770,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29818,7 +29818,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29867,7 +29867,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29914,7 +29914,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -29962,7 +29962,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30008,7 +30008,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30055,7 +30055,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30103,7 +30103,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30151,7 +30151,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30199,7 +30199,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30247,7 +30247,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30295,7 +30295,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30344,7 +30344,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30391,7 +30391,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30439,7 +30439,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30487,7 +30487,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30535,7 +30535,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30583,7 +30583,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30631,7 +30631,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30679,7 +30679,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30727,7 +30727,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30775,7 +30775,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30823,7 +30823,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30871,7 +30871,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30919,7 +30919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -30967,7 +30967,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31015,7 +31015,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31063,7 +31063,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31111,7 +31111,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31159,7 +31159,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31207,7 +31207,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31255,7 +31255,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31303,7 +31303,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31351,7 +31351,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31400,7 +31400,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31447,7 +31447,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31495,7 +31495,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31543,7 +31543,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31591,7 +31591,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31639,7 +31639,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31687,7 +31687,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31735,7 +31735,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31783,7 +31783,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -31831,7 +31831,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml index b3cf56d001f..855ca4efd5c 100644 --- a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/url/sample_event.json b/packages/ti_abusech/data_stream/url/sample_event.json index 8192559415f..6d2ffac42b9 100644 --- a/packages/ti_abusech/data_stream/url/sample_event.json +++ b/packages/ti_abusech/data_stream/url/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index 3d11dd7a933..d9f22e3531a 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: "1.9.0" +version: "1.10.0" release: ga description: Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent. type: integration From be923d9691dd519a8c52b3c2a4d06a06ac229ba8 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:11 +0530 Subject: [PATCH 112/137] [ti_anomali] - update ECS to 8.7.0 from 8.6.0 This updates the ti_anomali integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_anomali --- packages/ti_anomali/_dev/build/build.yml | 2 +- packages/ti_anomali/changelog.yml | 5 + ...st-anomali-threatstream.json-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../threatstream/sample_event.json | 2 +- packages/ti_anomali/docs/README.md | 2 +- packages/ti_anomali/manifest.yml | 2 +- 7 files changed, 110 insertions(+), 105 deletions(-) diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index c11911823de..1d7e3edda05 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index cdf24b1337e..43d33eb5f58 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -326,7 +326,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -389,7 +389,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -448,7 +448,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -501,7 +501,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -563,7 +563,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1014,7 +1014,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1069,7 +1069,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1124,7 +1124,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1289,7 +1289,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1460,7 +1460,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1515,7 +1515,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1569,7 +1569,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1621,7 +1621,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1744,7 +1744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1855,7 +1855,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1963,7 +1963,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2018,7 +2018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2126,7 +2126,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2180,7 +2180,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2293,7 +2293,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2465,7 +2465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2520,7 +2520,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2580,7 +2580,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2641,7 +2641,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2695,7 +2695,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2749,7 +2749,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2859,7 +2859,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2973,7 +2973,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3192,7 +3192,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3246,7 +3246,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3355,7 +3355,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3470,7 +3470,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3525,7 +3525,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3579,7 +3579,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3689,7 +3689,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3744,7 +3744,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3798,7 +3798,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3851,7 +3851,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3912,7 +3912,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3965,7 +3965,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4072,7 +4072,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4132,7 +4132,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4186,7 +4186,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4239,7 +4239,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4294,7 +4294,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4410,7 +4410,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4531,7 +4531,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4592,7 +4592,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4644,7 +4644,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4702,7 +4702,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4763,7 +4763,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4825,7 +4825,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4892,7 +4892,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4953,7 +4953,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5010,7 +5010,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5190,7 +5190,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5309,7 +5309,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5369,7 +5369,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5418,7 +5418,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5465,7 +5465,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5514,7 +5514,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5562,7 +5562,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -5611,7 +5611,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index ab5d40e86ae..ee49552c66f 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - fingerprint: fields: - event.dataset diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index e435d4ce40d..25cb970c978 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -32,7 +32,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "83b444a9-8a29-4729-964a-a91e7b770094", diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index 3be2ea33ea5..19045e895c6 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -53,7 +53,7 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "83b444a9-8a29-4729-964a-a91e7b770094", diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 91d5ff6221f..97a65e88339 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: "1.9.0" +version: "1.10.0" release: ga description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration From 837289a5900bfefc4f18da97ac465786a17cfe22 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:11 +0530 Subject: [PATCH 113/137] [ti_cif3] - update ECS to 8.7.0 from 8.6.0 This updates the ti_cif3 integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_cif3 --- packages/ti_cif3/_dev/build/build.yml | 2 +- packages/ti_cif3/changelog.yml | 5 +++++ .../pipeline/test-cif3-no-preserve-ndjson.log-expected.json | 2 +- .../test/pipeline/test-cif3-sample-ndjson.log-expected.json | 2 +- .../feed/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/ti_cif3/data_stream/feed/sample_event.json | 2 +- packages/ti_cif3/docs/README.md | 2 +- packages/ti_cif3/manifest.yml | 2 +- 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/ti_cif3/_dev/build/build.yml b/packages/ti_cif3/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_cif3/_dev/build/build.yml +++ b/packages/ti_cif3/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_cif3/changelog.yml b/packages/ti_cif3/changelog.yml index 79c7b2f7f5e..eea0b8abcf7 100644 --- a/packages/ti_cif3/changelog.yml +++ b/packages/ti_cif3/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.4.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-no-preserve-ndjson.log-expected.json b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-no-preserve-ndjson.log-expected.json index d047b4b2dd1..a8a8ec31774 100644 --- a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-no-preserve-ndjson.log-expected.json +++ b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-no-preserve-ndjson.log-expected.json @@ -7,7 +7,7 @@ "uuid": "3fbdd654-b2b0-498c-8e20-ef87bce73672" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json index 0e69ad64bd6..400fe12638d 100644 --- a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json +++ b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json @@ -7,7 +7,7 @@ "uuid": "3fbdd654-b2b0-498c-8e20-ef87bce73672" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml index 48b14ddf23f..597eb1e1995 100644 --- a/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_cif3/data_stream/feed/sample_event.json b/packages/ti_cif3/data_stream/feed/sample_event.json index c59876a900b..cd5975b44fb 100755 --- a/packages/ti_cif3/data_stream/feed/sample_event.json +++ b/packages/ti_cif3/data_stream/feed/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "f599fd51-b36d-45b4-a90f-4d63240b8477", diff --git a/packages/ti_cif3/docs/README.md b/packages/ti_cif3/docs/README.md index 2db186c72f5..0e600f35ac6 100644 --- a/packages/ti_cif3/docs/README.md +++ b/packages/ti_cif3/docs/README.md @@ -139,7 +139,7 @@ An example event for `feed` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "f599fd51-b36d-45b4-a90f-4d63240b8477", diff --git a/packages/ti_cif3/manifest.yml b/packages/ti_cif3/manifest.yml index a9987f54cfc..1aef98c2e0d 100644 --- a/packages/ti_cif3/manifest.yml +++ b/packages/ti_cif3/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: ti_cif3 title: "Collective Intelligence Framework v3" -version: "0.4.1" +version: "0.5.0" release: beta license: basic description: "Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent." From 4dc3bcbc5c0e5fe421d3eaf3a5cd16bbdae01205 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:12 +0530 Subject: [PATCH 114/137] [ti_cybersixgill] - update ECS to 8.7.0 from 8.6.0 This updates the ti_cybersixgill integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_cybersixgill --- packages/ti_cybersixgill/_dev/build/build.yml | 2 +- packages/ti_cybersixgill/changelog.yml | 5 +++++ .../pipeline/test-cybersixgill-ndjson.log-expected.json | 8 ++++---- .../threat/elasticsearch/ingest_pipeline/default.yml | 2 +- .../ti_cybersixgill/data_stream/threat/sample_event.json | 2 +- packages/ti_cybersixgill/docs/README.md | 2 +- packages/ti_cybersixgill/manifest.yml | 2 +- 7 files changed, 14 insertions(+), 9 deletions(-) diff --git a/packages/ti_cybersixgill/_dev/build/build.yml b/packages/ti_cybersixgill/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_cybersixgill/_dev/build/build.yml +++ b/packages/ti_cybersixgill/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 639cb2e3791..4f2946eb484 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json index 1778e8157e6..3574f50179d 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -63,7 +63,7 @@ "virustotal": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -111,7 +111,7 @@ "virustotal": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -157,7 +157,7 @@ "virustotal": {} }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 4884e629f22..c58890e6219 100644 --- a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Initial pipeline for parsing Cybersixgill webhooks processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_cybersixgill/data_stream/threat/sample_event.json b/packages/ti_cybersixgill/data_stream/threat/sample_event.json index 66b30603f0d..fca1c1def1a 100644 --- a/packages/ti_cybersixgill/data_stream/threat/sample_event.json +++ b/packages/ti_cybersixgill/data_stream/threat/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/docs/README.md b/packages/ti_cybersixgill/docs/README.md index 403f472ae9c..449c24ebf06 100644 --- a/packages/ti_cybersixgill/docs/README.md +++ b/packages/ti_cybersixgill/docs/README.md @@ -126,7 +126,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 545ecf11a89..d637336c71f 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: "1.9.0" +version: "1.10.0" release: ga description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. type: integration From dd6680f6611359374e11ea5906f73583c0169c5a Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:13 +0530 Subject: [PATCH 115/137] [ti_misp] - update ECS to 8.7.0 from 8.6.0 This updates the ti_misp integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_misp --- packages/ti_misp/_dev/build/build.yml | 2 +- packages/ti_misp/changelog.yml | 5 ++ ...t-misp-attributes-ndjson.log-expected.json | 52 +++++++++---------- .../test-misp-long-ndjson.log-expected.json | 4 +- .../test-misp-sample-ndjson.log-expected.json | 30 +++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_misp/docs/README.md | 2 +- packages/ti_misp/manifest.yml | 2 +- 9 files changed, 53 insertions(+), 48 deletions(-) diff --git a/packages/ti_misp/_dev/build/build.yml b/packages/ti_misp/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_misp/_dev/build/build.yml +++ b/packages/ti_misp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 8ae797c872b..654dc5a488a 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.10.1" changes: - description: Drop empty event sets. diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index 6f8327238f1..cc17487a403 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-21T09:09:22.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -78,7 +78,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -153,7 +153,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -226,7 +226,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -368,7 +368,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -457,7 +457,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -546,7 +546,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -640,7 +640,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -734,7 +734,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -826,7 +826,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -897,7 +897,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -973,7 +973,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1047,7 +1047,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1118,7 +1118,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1189,7 +1189,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1260,7 +1260,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1336,7 +1336,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1410,7 +1410,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1499,7 +1499,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1588,7 +1588,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1677,7 +1677,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1766,7 +1766,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1855,7 +1855,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1949,7 +1949,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2043,7 +2043,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-long-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-long-ndjson.log-expected.json index 09139c3a3e9..dd93073cfee 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-long-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-long-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -88,7 +88,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index 43af80e8ec8..aafcf13a206 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -82,7 +82,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -160,7 +160,7 @@ { "@timestamp": "2017-04-28T18:23:44.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -238,7 +238,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -314,7 +314,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -386,7 +386,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -460,7 +460,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -531,7 +531,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -607,7 +607,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -681,7 +681,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -761,7 +761,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -833,7 +833,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -911,7 +911,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -984,7 +984,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ { "@timestamp": "2020-12-13T14:03:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 292b362eda3..434ce105d66 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_misp/data_stream/threat/sample_event.json b/packages/ti_misp/data_stream/threat/sample_event.json index d590d8cb00e..d6188e9cd36 100644 --- a/packages/ti_misp/data_stream/threat/sample_event.json +++ b/packages/ti_misp/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a9ed3a26-d251-4762-9aff-8a96dde62342", diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index e77734cbc94..a2f7867f486 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -174,7 +174,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a9ed3a26-d251-4762-9aff-8a96dde62342", diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index 6c21dfc0d84..b145a022708 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: "1.10.1" +version: "1.11.0" release: ga description: Ingest threat intelligence indicators from MISP platform with Elastic Agent. type: integration From 8049d83854770f49f993ac1913938e736e15bac5 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:14 +0530 Subject: [PATCH 116/137] [ti_otx] - update ECS to 8.7.0 from 8.6.0 This updates the ti_otx integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_otx --- packages/ti_otx/_dev/build/build.yml | 2 +- packages/ti_otx/changelog.yml | 5 + ...t-otx-no-preserve-ndjson.log-expected.json | 12 +- .../test-otx-sample-ndjson.log-expected.json | 166 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_otx/docs/README.md | 2 +- packages/ti_otx/manifest.yml | 2 +- 8 files changed, 99 insertions(+), 94 deletions(-) diff --git a/packages/ti_otx/_dev/build/build.yml b/packages/ti_otx/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_otx/_dev/build/build.yml +++ b/packages/ti_otx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index e7666882968..1ac4a63a2b3 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-no-preserve-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-no-preserve-ndjson.log-expected.json index 5095e27fa1c..e627caabce7 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-no-preserve-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-no-preserve-ndjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -19,7 +19,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -43,7 +43,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -79,7 +79,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -100,7 +100,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 345e653f284..08edc13de4e 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -23,7 +23,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -51,7 +51,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -95,7 +95,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -120,7 +120,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -172,7 +172,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -199,7 +199,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -220,7 +220,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -270,7 +270,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -322,7 +322,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -347,7 +347,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -372,7 +372,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -397,7 +397,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -561,7 +561,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -586,7 +586,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -611,7 +611,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -691,7 +691,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -719,7 +719,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -846,7 +846,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -871,7 +871,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -925,7 +925,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -977,7 +977,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1004,7 +1004,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1029,7 +1029,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1085,7 +1085,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1113,7 +1113,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1141,7 +1141,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1185,7 +1185,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1233,7 +1233,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1260,7 +1260,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1287,7 +1287,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1314,7 +1314,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1341,7 +1341,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1368,7 +1368,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1395,7 +1395,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1416,7 +1416,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1437,7 +1437,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1458,7 +1458,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1479,7 +1479,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1500,7 +1500,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1525,7 +1525,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1546,7 +1546,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1567,7 +1567,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1588,7 +1588,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1611,7 +1611,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1634,7 +1634,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1657,7 +1657,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1680,7 +1680,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1703,7 +1703,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1726,7 +1726,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1749,7 +1749,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1772,7 +1772,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1795,7 +1795,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1822,7 +1822,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1849,7 +1849,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1876,7 +1876,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1903,7 +1903,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1926,7 +1926,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1947,7 +1947,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1968,7 +1968,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1996,7 +1996,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2050,7 +2050,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 74fec74f0d7..ed4e95e4465 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index 2f69b39b074..a26f3e1c268 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a7d83bcb-0b6d-41f4-8edf-aa29923f67ec", diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index 1bb266cf453..5ba1e13959a 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -115,7 +115,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a7d83bcb-0b6d-41f4-8edf-aa29923f67ec", diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 79f638da78c..d852a985cea 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: "1.7.1" +version: "1.8.0" release: ga description: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. type: integration From b035dc0918dee62081531ca926bae7ef9524de82 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:15 +0530 Subject: [PATCH 117/137] [ti_rapid7_threat_command] - update ECS to 8.7.0 from 8.4.0 This updates the ti_rapid7_threat_command integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.4.0 and using 8.4.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_rapid7_threat_command --- .../ti_rapid7_threat_command/_dev/build/build.yml | 2 +- packages/ti_rapid7_threat_command/changelog.yml | 5 +++++ .../pipeline/test-alert-event.json-expected.json | 6 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alert/sample_event.json | 2 +- .../pipeline/test-ioc-event.json-expected.json | 14 +++++++------- .../ioc/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ioc/sample_event.json | 2 +- .../test-vulnerability-event.json-expected.json | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/vulnerability/sample_event.json | 2 +- packages/ti_rapid7_threat_command/docs/README.md | 6 +++--- packages/ti_rapid7_threat_command/manifest.yml | 2 +- 13 files changed, 28 insertions(+), 23 deletions(-) diff --git a/packages/ti_rapid7_threat_command/_dev/build/build.yml b/packages/ti_rapid7_threat_command/_dev/build/build.yml index 8d9e4bf7ac8..9da3f46d46b 100644 --- a/packages/ti_rapid7_threat_command/_dev/build/build.yml +++ b/packages/ti_rapid7_threat_command/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@8.7 diff --git a/packages/ti_rapid7_threat_command/changelog.yml b/packages/ti_rapid7_threat_command/changelog.yml index 6e61c507cb7..2d839b45fd0 100644 --- a/packages/ti_rapid7_threat_command/changelog.yml +++ b/packages/ti_rapid7_threat_command/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Rapid7 Threat Command as GA. diff --git a/packages/ti_rapid7_threat_command/data_stream/alert/_dev/test/pipeline/test-alert-event.json-expected.json b/packages/ti_rapid7_threat_command/data_stream/alert/_dev/test/pipeline/test-alert-event.json-expected.json index 142839e9482..99f4be93649 100644 --- a/packages/ti_rapid7_threat_command/data_stream/alert/_dev/test/pipeline/test-alert-event.json-expected.json +++ b/packages/ti_rapid7_threat_command/data_stream/alert/_dev/test/pipeline/test-alert-event.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-17T11:45:27.029Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "id": "abcd9050d69f4fd6260a0012", @@ -46,7 +46,7 @@ { "@timestamp": "2022-10-18T12:20:32.071Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "id": "634eabcdde6e197a886412ce", @@ -114,7 +114,7 @@ { "@timestamp": "2022-11-01T04:02:09.021Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "id": "634e6b1234e63137869e6e12", diff --git a/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 2bc63be3920..9ce111f5d76 100644 --- a/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: 8.4.0 + value: 8.7.0 - set: field: event.kind value: alert diff --git a/packages/ti_rapid7_threat_command/data_stream/alert/sample_event.json b/packages/ti_rapid7_threat_command/data_stream/alert/sample_event.json index 00a5ead341d..9913fb404e3 100644 --- a/packages/ti_rapid7_threat_command/data_stream/alert/sample_event.json +++ b/packages/ti_rapid7_threat_command/data_stream/alert/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", diff --git a/packages/ti_rapid7_threat_command/data_stream/ioc/_dev/test/pipeline/test-ioc-event.json-expected.json b/packages/ti_rapid7_threat_command/data_stream/ioc/_dev/test/pipeline/test-ioc-event.json-expected.json index 038f729d350..c2e9f3794b9 100644 --- a/packages/ti_rapid7_threat_command/data_stream/ioc/_dev/test/pipeline/test-ioc-event.json-expected.json +++ b/packages/ti_rapid7_threat_command/data_stream/ioc/_dev/test/pipeline/test-ioc-event.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-26T00:42:52.707Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -71,7 +71,7 @@ { "@timestamp": "2022-05-02T12:46:58.392Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -141,7 +141,7 @@ { "@timestamp": "2022-05-02T12:46:58.391Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ { "@timestamp": "2022-05-02T12:12:52.797Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -274,7 +274,7 @@ { "@timestamp": "2022-05-02T12:07:13.029Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -345,7 +345,7 @@ { "@timestamp": "2022-05-03T11:42:22.219Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -425,7 +425,7 @@ { "@timestamp": "2022-05-04T18:45:30.843Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml index 0e46b37fc70..0c09ff8d12c 100644 --- a/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: 8.4.0 + value: 8.7.0 - set: field: event.type value: ["indicator"] diff --git a/packages/ti_rapid7_threat_command/data_stream/ioc/sample_event.json b/packages/ti_rapid7_threat_command/data_stream/ioc/sample_event.json index bac7031e14b..25e40ca634b 100644 --- a/packages/ti_rapid7_threat_command/data_stream/ioc/sample_event.json +++ b/packages/ti_rapid7_threat_command/data_stream/ioc/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", diff --git a/packages/ti_rapid7_threat_command/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability-event.json-expected.json b/packages/ti_rapid7_threat_command/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability-event.json-expected.json index 282875df378..0921d63bb2b 100644 --- a/packages/ti_rapid7_threat_command/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability-event.json-expected.json +++ b/packages/ti_rapid7_threat_command/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability-event.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-11-17T02:40:47.077Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ @@ -105,7 +105,7 @@ { "@timestamp": "2020-08-24T21:46:48.619Z", "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index c26f4d8ff7f..840108fabfe 100644 --- a/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: 8.4.0 + value: 8.7.0 - set: field: event.kind value: event diff --git a/packages/ti_rapid7_threat_command/data_stream/vulnerability/sample_event.json b/packages/ti_rapid7_threat_command/data_stream/vulnerability/sample_event.json index 0150ed555f0..430e86c1002 100644 --- a/packages/ti_rapid7_threat_command/data_stream/vulnerability/sample_event.json +++ b/packages/ti_rapid7_threat_command/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", diff --git a/packages/ti_rapid7_threat_command/docs/README.md b/packages/ti_rapid7_threat_command/docs/README.md index 82d7bee207d..977233288a0 100644 --- a/packages/ti_rapid7_threat_command/docs/README.md +++ b/packages/ti_rapid7_threat_command/docs/README.md @@ -227,7 +227,7 @@ An example event for `ioc` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", @@ -465,7 +465,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", @@ -643,7 +643,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.7.0" }, "elastic_agent": { "id": "11119654-0c23-4f69-bf69-62e3eeb94a21", diff --git a/packages/ti_rapid7_threat_command/manifest.yml b/packages/ti_rapid7_threat_command/manifest.yml index 373b026351b..12583b2f875 100644 --- a/packages/ti_rapid7_threat_command/manifest.yml +++ b/packages/ti_rapid7_threat_command/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: ti_rapid7_threat_command title: Rapid7 Threat Command # The version must be updated manually in the transform.yml files and transform APIs mentioned in README. -version: 1.0.0 +version: "1.1.0" release: ga license: basic description: Collect threat intelligence from Threat Command API with Elastic Agent. From 43379e48913d18276357f44c4f818ead0c5a3a37 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:16 +0530 Subject: [PATCH 118/137] [ti_recordedfuture] - update ECS to 8.7.0 from 8.6.0 This updates the ti_recordedfuture integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_recordedfuture --- .../ti_recordedfuture/_dev/build/build.yml | 2 +- packages/ti_recordedfuture/changelog.yml | 5 ++ .../test-domain-default.log-expected.json | 18 ++--- .../test-hash-default.log-expected.json | 18 ++--- .../pipeline/test-httpjson.log-expected.json | 80 +++++++++---------- .../test-ip-default.log-expected.json | 18 ++--- .../test-url-default.log-expected.json | 20 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_recordedfuture/docs/README.md | 2 +- packages/ti_recordedfuture/manifest.yml | 2 +- 11 files changed, 87 insertions(+), 82 deletions(-) diff --git a/packages/ti_recordedfuture/_dev/build/build.yml b/packages/ti_recordedfuture/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_recordedfuture/_dev/build/build.yml +++ b/packages/ti_recordedfuture/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml index 0e3ea5b0e7d..931d90dfa68 100644 --- a/packages/ti_recordedfuture/changelog.yml +++ b/packages/ti_recordedfuture/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.5.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json index 364397985c5..05e632dc09d 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -99,7 +99,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -203,7 +203,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -307,7 +307,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -399,7 +399,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -491,7 +491,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -583,7 +583,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -675,7 +675,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json index 3131f815894..ad7876aa2e3 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -192,7 +192,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -549,7 +549,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -911,7 +911,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1028,7 +1028,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1327,7 +1327,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1426,7 +1426,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json index 3d5d13cc9e3..5c6f2f50d12 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -202,7 +202,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -306,7 +306,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -490,7 +490,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -582,7 +582,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -766,7 +766,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -858,7 +858,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1139,7 +1139,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1313,7 +1313,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1496,7 +1496,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1858,7 +1858,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -1975,7 +1975,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2089,7 +2089,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2274,7 +2274,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2373,7 +2373,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2488,7 +2488,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2607,7 +2607,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2688,7 +2688,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2793,7 +2793,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -2897,7 +2897,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3057,7 +3057,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3124,7 +3124,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3240,7 +3240,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3321,7 +3321,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3459,7 +3459,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3563,7 +3563,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3687,7 +3687,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3767,7 +3767,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3868,7 +3868,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -3941,7 +3941,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4013,7 +4013,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4096,7 +4096,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4186,7 +4186,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4258,7 +4258,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4338,7 +4338,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -4417,7 +4417,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json index c5d3915226e..44d9c16aa70 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -84,7 +84,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -174,7 +174,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -279,7 +279,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -383,7 +383,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -543,7 +543,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -610,7 +610,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -726,7 +726,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -807,7 +807,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json index 1a8af89068d..a1689967dcd 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -257,7 +257,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -412,7 +412,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -502,7 +502,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -574,7 +574,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -654,7 +654,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -733,7 +733,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 4d424922fff..1dd2643b0e1 100644 --- a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.dataset value: "ti_recordedfuture.threat" diff --git a/packages/ti_recordedfuture/data_stream/threat/sample_event.json b/packages/ti_recordedfuture/data_stream/threat/sample_event.json index 8f0b1df6282..4b202416c2c 100644 --- a/packages/ti_recordedfuture/data_stream/threat/sample_event.json +++ b/packages/ti_recordedfuture/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/ti_recordedfuture/docs/README.md b/packages/ti_recordedfuture/docs/README.md index 0191819f91e..d35398c9ad1 100644 --- a/packages/ti_recordedfuture/docs/README.md +++ b/packages/ti_recordedfuture/docs/README.md @@ -30,7 +30,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml index ce8a61ef9d6..474655c5e32 100644 --- a/packages/ti_recordedfuture/manifest.yml +++ b/packages/ti_recordedfuture/manifest.yml @@ -1,6 +1,6 @@ name: ti_recordedfuture title: Recorded Future -version: "1.5.0" +version: "1.6.0" release: ga description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent. type: integration From 94085206587e423003957bc19178a9a5490f6068 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:17 +0530 Subject: [PATCH 119/137] [ti_threatq] - update ECS to 8.7.0 from 8.6.0 This updates the ti_threatq integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/ti_threatq --- packages/ti_threatq/_dev/build/build.yml | 2 +- packages/ti_threatq/changelog.yml | 5 +++++ ...reatq-no-preserve-ndjson.log-expected.json | 6 +++--- ...st-threatq-sample-ndjson.log-expected.json | 20 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_threatq/docs/README.md | 2 +- packages/ti_threatq/manifest.yml | 2 +- 8 files changed, 23 insertions(+), 18 deletions(-) diff --git a/packages/ti_threatq/_dev/build/build.yml b/packages/ti_threatq/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/ti_threatq/_dev/build/build.yml +++ b/packages/ti_threatq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 015d3d20f63..1fc2c85f2a5 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.8.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-no-preserve-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-no-preserve-ndjson.log-expected.json index 4c619044dce..a1ff3d7fb46 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-no-preserve-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-no-preserve-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -93,7 +93,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index ebe2151ce42..d62966fa14d 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -52,7 +52,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -150,7 +150,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -193,7 +193,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -242,7 +242,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -294,7 +294,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -343,7 +343,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -392,7 +392,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", @@ -441,7 +441,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "threat", diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index ffe5e592b91..ae76227ffb0 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_threatq/data_stream/threat/sample_event.json b/packages/ti_threatq/data_stream/threat/sample_event.json index 1bd818eb899..ac6f62b3882 100644 --- a/packages/ti_threatq/data_stream/threat/sample_event.json +++ b/packages/ti_threatq/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a7be703c-0d78-40ea-8ad7-a02245cca635", diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index eb8121e50f2..8e0fd93342d 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -118,7 +118,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "a7be703c-0d78-40ea-8ad7-a02245cca635", diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index 1b59dd6689d..22ec91b63c7 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: "1.8.1" +version: "1.9.0" release: ga description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. type: integration From 6f82abff7eb7f8d2ec2a813c4c3a94cba7efc978 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:17 +0530 Subject: [PATCH 120/137] [tines] - update ECS to 8.7.0 This updates the tines integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/tines --- packages/tines/_dev/build/build.yml | 2 +- packages/tines/changelog.yml | 5 +++++ packages/tines/manifest.yml | 3 +-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/tines/_dev/build/build.yml b/packages/tines/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/tines/_dev/build/build.yml +++ b/packages/tines/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/tines/changelog.yml b/packages/tines/changelog.yml index 9bf7536f79a..f821b8e30c6 100644 --- a/packages/tines/changelog.yml +++ b/packages/tines/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.0.4" changes: - description: Make input object arrays flattnened. diff --git a/packages/tines/manifest.yml b/packages/tines/manifest.yml index d3e5eca6510..95e4fb21bf7 100644 --- a/packages/tines/manifest.yml +++ b/packages/tines/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: tines title: "Tines" -version: 0.0.4 +version: "0.1.0" description: "Tines Logs & Time Saved Reports" type: integration categories: @@ -50,6 +50,5 @@ policy_templates: title: Tines API User Account API Key show_user: true required: true - owner: github: elastic/security-external-integrations From 0a880e554231a52054f223fc0ebe4694df847623 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:19 +0530 Subject: [PATCH 121/137] [trend_micro_vision_one] - update ECS to 8.7.0 from 8.6.0 This updates the trend_micro_vision_one integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/trend_micro_vision_one --- packages/trend_micro_vision_one/_dev/build/build.yml | 2 +- packages/trend_micro_vision_one/changelog.yml | 5 +++++ .../test/pipeline/test-pipeline-alert.log-expected.json | 8 ++++---- .../alert/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alert/sample_event.json | 2 +- .../test/pipeline/test-pipeline-audit.log-expected.json | 4 ++-- .../audit/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../pipeline/test-pipeline-detection.log-expected.json | 4 ++-- .../detection/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/detection/sample_event.json | 2 +- packages/trend_micro_vision_one/docs/README.md | 6 +++--- packages/trend_micro_vision_one/manifest.yml | 2 +- 13 files changed, 24 insertions(+), 19 deletions(-) diff --git a/packages/trend_micro_vision_one/_dev/build/build.yml b/packages/trend_micro_vision_one/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/trend_micro_vision_one/_dev/build/build.yml +++ b/packages/trend_micro_vision_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/trend_micro_vision_one/changelog.yml b/packages/trend_micro_vision_one/changelog.yml index 5386a28ea07..09dcd4040a8 100644 --- a/packages/trend_micro_vision_one/changelog.yml +++ b/packages/trend_micro_vision_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.0.0" changes: - description: Release Trend Micro Vision One as GA. diff --git a/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json b/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json index fe270c198c4..97d0bc4acfb 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -115,7 +115,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "id": "WB-9002-20200427-0002", @@ -235,7 +235,7 @@ { "@timestamp": "2022-07-15T12:46:13.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -504,7 +504,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 6dc12af7d0f..333b255732e 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/alert/sample_event.json b/packages/trend_micro_vision_one/data_stream/alert/sample_event.json index f79510398eb..f4376bb930a 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/alert/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", diff --git a/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index 60070827e79..d3470a94ce4 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-02-24T07:29:48.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2022-07-16T04:30:04.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f63099dd01f..5f8c716ab7f 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/audit/sample_event.json b/packages/trend_micro_vision_one/data_stream/audit/sample_event.json index d90184318d6..3fcb5253063 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", diff --git a/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json b/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json index 348cca43037..654fe71a141 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "clean", @@ -300,7 +300,7 @@ ] }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": [ diff --git a/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml index 98bfe3d54d2..1e66164d44f 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/detection/sample_event.json b/packages/trend_micro_vision_one/data_stream/detection/sample_event.json index 0bc2376a39b..8ba397f0784 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/detection/sample_event.json @@ -20,7 +20,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", diff --git a/packages/trend_micro_vision_one/docs/README.md b/packages/trend_micro_vision_one/docs/README.md index f2f789a4daa..f4d6f69eea3 100644 --- a/packages/trend_micro_vision_one/docs/README.md +++ b/packages/trend_micro_vision_one/docs/README.md @@ -61,7 +61,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", @@ -318,7 +318,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", @@ -470,7 +470,7 @@ An example event for `detection` looks as following: "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "6d1daf8c-cf74-431d-829c-3dedd9bd2ced", diff --git a/packages/trend_micro_vision_one/manifest.yml b/packages/trend_micro_vision_one/manifest.yml index a16ffc91026..962b01014de 100644 --- a/packages/trend_micro_vision_one/manifest.yml +++ b/packages/trend_micro_vision_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: trend_micro_vision_one title: Trend Micro Vision One -version: "1.0.0" +version: "1.1.0" release: ga license: basic description: Collect logs from Trend Micro Vision One with Elastic Agent. From af78352650281b16364e0686e4891ad717e3432d Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:20 +0530 Subject: [PATCH 122/137] [trendmicro] - update ECS to 8.7.0 from 8.6.0 This updates the trendmicro integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/trendmicro --- packages/trendmicro/_dev/build/build.yml | 2 +- packages/trendmicro/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-trendmicro.json-expected.json | 6 +++--- .../deep_security/elasticsearch/ingest_pipeline/default.yml | 2 +- .../trendmicro/data_stream/deep_security/sample_event.json | 2 +- packages/trendmicro/manifest.yml | 2 +- 6 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/trendmicro/_dev/build/build.yml b/packages/trendmicro/_dev/build/build.yml index 4ed337a4188..9da3f46d46b 100644 --- a/packages/trendmicro/_dev/build/build.yml +++ b/packages/trendmicro/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 diff --git a/packages/trendmicro/changelog.yml b/packages/trendmicro/changelog.yml index 4f9a6222c4d..ecdd2448b0e 100644 --- a/packages/trendmicro/changelog.yml +++ b/packages/trendmicro/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json b/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json index 56d242687dc..2e0fce2f9fc 100644 --- a/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json +++ b/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-06T08:29:43.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-06T08:34:40.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -104,7 +104,7 @@ { "@timestamp": "2021-10-09T08:54:56.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml index d18b0d6db82..968f7fa5b9a 100644 --- a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for trendmicro deep security logs. processors: - set: field: ecs.version - value: "8.6.0" + value: "8.7.0" - set: field: event.category value: [network] diff --git a/packages/trendmicro/data_stream/deep_security/sample_event.json b/packages/trendmicro/data_stream/deep_security/sample_event.json index b1763c792d0..ef4bb495f89 100644 --- a/packages/trendmicro/data_stream/deep_security/sample_event.json +++ b/packages/trendmicro/data_stream/deep_security/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "b66dfb26-fbfb-425e-b205-5c4651dbee3a", diff --git a/packages/trendmicro/manifest.yml b/packages/trendmicro/manifest.yml index 9076f4b366c..aead3e14ea9 100644 --- a/packages/trendmicro/manifest.yml +++ b/packages/trendmicro/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.0.0 name: trendmicro title: "Trendmicro" -version: 0.1.0 +version: "0.2.0" description: "collect Trendmicro Deep Security events with elastic agent." type: integration categories: From 460f0105d7c814b026ce4bf29bef29b8a02f6787 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:20 +0530 Subject: [PATCH 123/137] [udp] - update ECS to 8.7.0 This updates the udp integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/udp --- packages/udp/_dev/build/build.yml | 2 +- packages/udp/changelog.yml | 5 +++++ packages/udp/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/udp/_dev/build/build.yml b/packages/udp/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/udp/_dev/build/build.yml +++ b/packages/udp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index cff16ea7812..13abfa9cd68 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index 41a3ab67378..4a5881bfb7c 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -3,7 +3,7 @@ name: udp title: Custom UDP Logs description: Collect raw UDP data from listening UDP port with Elastic Agent. type: integration -version: "1.7.1" +version: "1.8.0" release: ga conditions: kibana.version: "^8.2.1" From ca9edb14701b754b29d121f791199ffc7f6eaea5 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:21 +0530 Subject: [PATCH 124/137] [winlog] - update ECS to 8.7.0 This updates the winlog integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and no pipelines set ecs.version. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/winlog --- packages/winlog/_dev/build/build.yml | 2 +- packages/winlog/changelog.yml | 5 +++++ packages/winlog/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/winlog/_dev/build/build.yml b/packages/winlog/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/winlog/_dev/build/build.yml +++ b/packages/winlog/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 67d4024f20c..c59c53f6051 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.13.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.12.4" changes: - description: Improve documentation for listing event log channels. diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 5f700c10bce..72a054d8239 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: "1.12.4" +version: "1.13.0" release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' From d5d2b44bc5c2bae4b884314629521e8877caef98 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:32 +0530 Subject: [PATCH 125/137] [zeek] - update ECS to 8.7.0 from 8.6.0 This updates the zeek integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/zeek --- packages/zeek/_dev/build/build.yml | 2 +- packages/zeek/changelog.yml | 5 +++ .../test-capture-loss.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../capture_loss/sample_event.json | 2 +- .../test/pipeline/test-conn.log-expected.json | 36 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-dce-rpc.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dhcp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dnp3.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dns.log-expected.json | 16 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dpd.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-files.log-expected.json | 18 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ftp.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-http.log-expected.json | 18 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-intel.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-irc.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-kerberos.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-known-certs.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-known-hosts.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-known-services.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-modbus.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-mysql.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-notice.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ntlm.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ntp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ocsp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-pe.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-radius.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-rdp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-rfb.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-signature.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-sip.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-smb-cmd.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-smb-files.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-smb-mapping.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-smtp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-snmp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-socks.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-software.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ssh.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ssl.log-expected.json | 24 ++++++------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-stats.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-syslog.log-expected.json | 20 +++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-traceroute.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-tunnel.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-weird.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-x509.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zeek/manifest.yml | 2 +- 90 files changed, 214 insertions(+), 209 deletions(-) diff --git a/packages/zeek/_dev/build/build.yml b/packages/zeek/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/zeek/_dev/build/build.yml +++ b/packages/zeek/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 9fd3ba954ca..20fd905465b 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json index 24b4928351a..04131ad3581 100644 --- a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json +++ b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -27,7 +27,7 @@ { "@timestamp": "2021-03-30T00:04:00.941Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -51,7 +51,7 @@ { "@timestamp": "2021-03-30T00:19:00.942Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -75,7 +75,7 @@ { "@timestamp": "2021-03-30T00:34:00.942Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -99,7 +99,7 @@ { "@timestamp": "2021-03-30T00:49:00.942Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -123,7 +123,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml index 15eec1db3f3..9cade7b58c7 100644 --- a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - date: field: zeek.capture_loss.ts formats: diff --git a/packages/zeek/data_stream/capture_loss/sample_event.json b/packages/zeek/data_stream/capture_loss/sample_event.json index 09e92fdb4cb..b8986024496 100644 --- a/packages/zeek/data_stream/capture_loss/sample_event.json +++ b/packages/zeek/data_stream/capture_loss/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.0" + "version": "8.7.0" }, "elastic_agent": { "id": "df514182-bb0b-40b5-96d1-14197e409254", diff --git a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json index 81bcce77e5d..1f5e8afa08e 100644 --- a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json +++ b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -91,7 +91,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -172,7 +172,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -269,7 +269,7 @@ "packets": 0 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -427,7 +427,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -506,7 +506,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -585,7 +585,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -646,7 +646,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -708,7 +708,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -770,7 +770,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -832,7 +832,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -894,7 +894,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -956,7 +956,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1016,7 +1016,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1076,7 +1076,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1154,7 +1154,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -1242,7 +1242,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml index d1609660b7e..41eb7b31ed4 100644 --- a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json index 55131da3097..7a89466ff3a 100644 --- a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json +++ b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BrowserrQueryOtherDomains", @@ -62,7 +62,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "BrowserrQueryOtherDomains", diff --git a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml index 54d13d1d99c..0b507090663 100644 --- a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json index e8da19d2f75..ebe1ff5a250 100644 --- a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json @@ -11,7 +11,7 @@ "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ "port": 67 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index a918e57001b..9bc6634fd6c 100644 --- a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json index c0003d9a04c..02f9f3ab55d 100644 --- a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json +++ b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json @@ -8,7 +8,7 @@ "port": 20000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", @@ -60,7 +60,7 @@ "port": 20000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "read", diff --git a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml index b52b2df70f9..5f90ba14bc2 100644 --- a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 8cb10652f73..2b15e80c3be 100644 --- a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -42,7 +42,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -534,7 +534,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -650,7 +650,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "type": "answer" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 977627808ad..3f7597538bc 100644 --- a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json index abe3fe6fa4f..eeffc2cc2f3 100644 --- a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json +++ b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml index 8ccce6cd231..34feb6c98ba 100644 --- a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json index 6cb514d10b8..b9de3ebdc4d 100644 --- a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json +++ b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -150,7 +150,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -298,7 +298,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -522,7 +522,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml index 882f1e1fd17..4de31049f60 100644 --- a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json index 7e5c9367dd3..2157b62f963 100644 --- a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json +++ b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "EPSV", @@ -77,7 +77,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "RETR", @@ -144,7 +144,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "STOR", @@ -208,7 +208,7 @@ "port": 21 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "STOR", diff --git a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml index cd9bb9f050d..b5371806f6a 100644 --- a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json index 4a5bb4c0ea0..9cc0370066c 100644 --- a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json +++ b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json @@ -26,7 +26,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GET", @@ -138,7 +138,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GET", @@ -244,7 +244,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -335,7 +335,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -426,7 +426,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -608,7 +608,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ "port": 80 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GET", @@ -795,7 +795,7 @@ "port": 7000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "GET", diff --git a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml index 5e8c4737154..e98130c5203 100644 --- a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 14dafb0d5a3..c30a66e6dce 100644 --- a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -26,7 +26,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -123,7 +123,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -312,7 +312,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 5cd6ff2b8da..4a0e8f77c0b 100644 --- a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: enrichment - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: threat diff --git a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json index 428a75bd71e..9fd6eac557e 100644 --- a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json +++ b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json @@ -26,7 +26,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "USER", @@ -97,7 +97,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NICK", @@ -174,7 +174,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "JOIN", @@ -252,7 +252,7 @@ "port": 8000 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "JOIN", diff --git a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml index 4a095c4be0c..7ab38d76443 100644 --- a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json index 4b367665e51..0686a6b8a2b 100644 --- a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json +++ b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json @@ -11,7 +11,7 @@ "port": 88 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TGS", @@ -118,7 +118,7 @@ "port": 88 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "TGS", diff --git a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml index 88671e2f244..56601cd456b 100644 --- a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: ["network", "authentication"] diff --git a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json index b57adb54973..e067963a43c 100644 --- a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json +++ b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-31T15:15:53.690Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml index 4bd68a4e14f..2037f520a1a 100644 --- a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json index d59e54c80ed..e4bca62f3c7 100644 --- a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json +++ b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:26.260Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -35,7 +35,7 @@ { "@timestamp": "2021-01-03T01:19:27.353Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ { "@timestamp": "2021-01-03T01:19:32.488Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -99,7 +99,7 @@ { "@timestamp": "2021-01-03T01:19:58.792Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -131,7 +131,7 @@ { "@timestamp": "2021-01-03T12:17:22.496Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml index 2233abe94bc..4b9d22fad6b 100644 --- a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json index a03858a0a7a..e1a14ec195f 100644 --- a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json +++ b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:36.242Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml index 690f1a636c7..800273868d9 100644 --- a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json index 95bbaf05bf1..404355d176c 100644 --- a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json +++ b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json @@ -8,7 +8,7 @@ "port": 502 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "READ_COILS", @@ -59,7 +59,7 @@ "port": 502 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "READ_COILS", diff --git a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml index 7ecd3278cb7..2a00543f66b 100644 --- a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json index 244dec953cb..5a6111d0c5d 100644 --- a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json +++ b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json @@ -8,7 +8,7 @@ "port": 3306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "query", @@ -63,7 +63,7 @@ "port": 3306 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "query", diff --git a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index 636d4b4251b..01872073f4b 100644 --- a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json index 9e749283de4..594f81e4730 100644 --- a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json +++ b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-11-04T19:44:35.879Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ { "@timestamp": "2021-03-30T09:49:00.958Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml index 8a98cc6e439..8c89763112e 100644 --- a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: alert - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: intrusion_detection diff --git a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json index d779094d424..6b07c0e4178 100644 --- a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json +++ b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml index 28999fadb5d..71a33ea62d2 100644 --- a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json index 8baa48ff728..08ede03c468 100644 --- a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json +++ b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json @@ -26,7 +26,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", @@ -122,7 +122,7 @@ "port": 123 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml index 8f7b2b580e5..34b6d29a5b8 100644 --- a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json index f3f0ff62048..a25b9f11364 100644 --- a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json +++ b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-06-10T13:27:01.847Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -41,7 +41,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -76,7 +76,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml index 62ddac96c7a..8af791374a8 100644 --- a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: network.transport value: tcp diff --git a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json index 7f53f17f9e6..53d2054664e 100644 --- a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json +++ b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml index 8f28385bbc4..2d21706e459 100644 --- a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json index b7327713e57..7fcec6e6aa6 100644 --- a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json +++ b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json @@ -8,7 +8,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 1812 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml index 148930842f3..07e255495c9 100644 --- a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json index af7d9900b51..5c1ede9de32 100644 --- a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json +++ b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json @@ -8,7 +8,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -65,7 +65,7 @@ "port": 3389 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml index 99510897f35..49fa304ea66 100644 --- a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json index 35684f7c493..d3f5f293dbf 100644 --- a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json +++ b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json @@ -8,7 +8,7 @@ "port": 5900 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 5900 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml index a3ec31994ca..fc4b7664570 100644 --- a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json index 1be4a7305b5..20585361a8e 100644 --- a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json +++ b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json @@ -26,7 +26,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml index c2abc62002e..bdc634b8b18 100644 --- a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: alert diff --git a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json index 67b8f922530..b5ad55e3f40 100644 --- a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json @@ -26,7 +26,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REGISTER", @@ -126,7 +126,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "INVITE", @@ -245,7 +245,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REGISTER", @@ -343,7 +343,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OPTIONS", @@ -432,7 +432,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "OPTIONS", @@ -539,7 +539,7 @@ "port": 5060 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "REGISTER", diff --git a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 51c9c717f61..c1909518887 100644 --- a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json index 54e2f3fb7b1..130d9326702 100644 --- a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json +++ b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NT_CREATE_ANDX", @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "NT_CREATE_ANDX", diff --git a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml index 49ce17ebcbb..a5f4d4ca155 100644 --- a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json index a415d29fdff..cf07721cccb 100644 --- a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json +++ b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SMB::FILE_OPEN", @@ -78,7 +78,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "SMB::FILE_OPEN", diff --git a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml index 2683f39c315..6e0b08793e8 100644 --- a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json index 16807e93a2c..b691a914073 100644 --- a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json +++ b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -58,7 +58,7 @@ "port": 445 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml index 41d07aa5bd0..140019dd585 100644 --- a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json index db26674da14..74cf9f48389 100644 --- a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json +++ b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json @@ -8,7 +8,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 25 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml index c5b32e5e8b0..0ab4d4cf4a9 100644 --- a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json index 0fd8590a0a8..dd7cecfdbd7 100644 --- a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json +++ b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json @@ -8,7 +8,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ "port": 161 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml index 855582a6a10..603dccd9eec 100644 --- a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json index 0c8e03282eb..359f7e5ea6c 100644 --- a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json +++ b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -66,7 +66,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml index 715871aae1a..8de50e99796 100644 --- a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json index cdbeef66e3a..c1c9d6f97ad 100644 --- a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json +++ b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T00:16:22.694Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml index f23a5a58f9a..b479a6e7fb1 100644 --- a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml @@ -21,7 +21,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json index 9ce62907909..bd6af57d792 100644 --- a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json +++ b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -285,7 +285,7 @@ "port": 22 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml index cfc52726230..f3a68df8b65 100644 --- a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json index 5a781884e4a..4c37c9485fe 100644 --- a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json +++ b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json @@ -29,7 +29,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -386,7 +386,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -523,7 +523,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -587,7 +587,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -747,7 +747,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -845,7 +845,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1017,7 +1017,7 @@ "port": 9243 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -1124,7 +1124,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml index 4339fb86f8a..dd23d71e0e5 100644 --- a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json index a652282d802..3c4754c0aab 100644 --- a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json +++ b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -65,7 +65,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml index 4421c501083..93b867357c5 100644 --- a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: zeek.stats.mem target_field: zeek.stats.memory diff --git a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json index 9285dd4ce5c..c65a07abc80 100644 --- a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -64,7 +64,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -120,7 +120,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -176,7 +176,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -232,7 +232,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -288,7 +288,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -344,7 +344,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -400,7 +400,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -456,7 +456,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -512,7 +512,7 @@ "port": 514 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml index 14c6da921b1..11325490e2e 100644 --- a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - set: field: network.protocol value: syslog diff --git a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json index b804fd38831..ffb73365342 100644 --- a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json +++ b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml index 70bb2e56dd4..aa3943c97f4 100644 --- a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index d06985a7a5a..b83263b114f 100644 --- a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -26,7 +26,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Tunnel::DISCOVER", @@ -104,7 +104,7 @@ "port": 8080 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "Tunnel::DISCOVER", diff --git a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index ebe579a1815..fd947844596 100644 --- a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json index 9ac5c1ea8d1..a9ce4a822bc 100644 --- a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json +++ b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json @@ -8,7 +8,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -48,7 +48,7 @@ { "@timestamp": "2020-01-28T16:00:59.342Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 53 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml index 05ed203c393..f50cac586ed 100644 --- a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json index aae401829a2..3fd8cc5d2c7 100644 --- a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json +++ b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -225,7 +225,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml index 66cc7aaae1a..4088d27897d 100644 --- a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - append: field: event.type value: info diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 0ef97d82890..9f5abf7747a 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: "2.7.1" +version: "2.8.0" release: ga description: Collect logs from Zeek with Elastic Agent. type: integration From 182d0fc970b1695ba788099c0cf2f7de802ea76b Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:33 +0530 Subject: [PATCH 126/137] [zerofox] - update ECS to 8.7.0 from 8.6.0 This updates the zerofox integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/zerofox --- packages/zerofox/_dev/build/build.yml | 2 +- packages/zerofox/changelog.yml | 5 +++++ .../alerts/_dev/test/pipeline/test-alert.json-expected.json | 6 +++--- .../alerts/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zerofox/manifest.yml | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/zerofox/_dev/build/build.yml b/packages/zerofox/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/zerofox/_dev/build/build.yml +++ b/packages/zerofox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index 19e6bd333c9..0a58ad641cf 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index 728a320b0d6..382553f25f3 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-04-29T18:56:51.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2017-01-10T11:00:00.000Z", @@ -60,7 +60,7 @@ { "@timestamp": "2021-05-06T13:50:48.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2021-05-06T13:29:27.000Z", @@ -126,7 +126,7 @@ { "@timestamp": "2021-05-05T19:22:00.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "created": "2014-08-09T16:00:16.000Z", diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 3246f48caf2..ed4e9af8016 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: ## ECS version. - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' ## Event JSON decoding. - rename: diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index 96c26ea3e06..f073df3e60c 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from ZeroFox with Elastic Agent. type: integration From e0ba6e41a77802905924850a344c222d1871f1f9 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:35 +0530 Subject: [PATCH 127/137] [zoom] - update ECS to 8.7.0 from 8.6.0 This updates the zoom integration to ECS 8.7.0. It was referencing elastic/ecs git@8.6 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/zoom --- packages/zoom/_dev/build/build.yml | 2 +- packages/zoom/changelog.yml | 5 ++++ .../pipeline/test-account.json-expected.json | 6 ++-- .../test-chat-channel.json-expected.json | 12 ++++---- .../test-chat-message.json-expected.json | 6 ++-- .../pipeline/test-meeting.json-expected.json | 30 +++++++++---------- .../pipeline/test-phone.json-expected.json | 22 +++++++------- .../test-recording.json-expected.json | 26 ++++++++-------- .../pipeline/test-user.json-expected.json | 26 ++++++++-------- .../pipeline/test-webinar.json-expected.json | 28 ++++++++--------- .../pipeline/test-zoomroom.json-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zoom/manifest.yml | 2 +- 13 files changed, 90 insertions(+), 85 deletions(-) diff --git a/packages/zoom/_dev/build/build.yml b/packages/zoom/_dev/build/build.yml index ca551c032a8..9da3f46d46b 100644 --- a/packages/zoom/_dev/build/build.yml +++ b/packages/zoom/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.6 + reference: git@8.7 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index b1aee78403d..a06e1d5ec9c 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index e717087b81d..f1ff42e0d98 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account.created", @@ -49,7 +49,7 @@ { "@timestamp": "2019-07-01T17:03:04.527Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account.updated", @@ -103,7 +103,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "account.disassociated", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 5eb714a6c78..7906d45baf4 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.created", @@ -44,7 +44,7 @@ { "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.updated", @@ -82,7 +82,7 @@ { "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.deleted", @@ -120,7 +120,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.member_invited", @@ -160,7 +160,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.member_joined", @@ -198,7 +198,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_channel.member_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index a06ffbd6bf1..142dee07e30 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-11T22:02:11.930Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_message.sent", @@ -45,7 +45,7 @@ { "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_message.updated", @@ -87,7 +87,7 @@ { "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "chat_message.updated", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index 2cc715387e6..8f0cc9f454b 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.alert", @@ -41,7 +41,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.created", @@ -84,7 +84,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.updated", @@ -141,7 +141,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.deleted", @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.started", @@ -223,7 +223,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.ended", @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.registration_created", @@ -313,7 +313,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.registration_approved", @@ -363,7 +363,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.registration_cancelled", @@ -409,7 +409,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.sharing_started", @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.sharing_ended", @@ -514,7 +514,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.participant_jbh_waiting", @@ -556,7 +556,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.participant_jbh_joined", @@ -598,7 +598,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.participant_joined", @@ -644,7 +644,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "meeting.participant_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index 6b6536cf4dc..39821680e5e 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.caller_ringing", @@ -49,7 +49,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.caller_connected", @@ -97,7 +97,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.caller_ringing", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.callee_answered", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.callee_missed", @@ -240,7 +240,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.callee_ended", @@ -288,7 +288,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.caller_ended", @@ -336,7 +336,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.callee_rejected", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.voicemail_received", @@ -429,7 +429,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.caller_call_log_completed", @@ -453,7 +453,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "phone.callee_call_log_completed", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index ef3f705bdc9..7276d260679 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.started", @@ -46,7 +46,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.paused", @@ -89,7 +89,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.resumed", @@ -132,7 +132,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.stopped", @@ -177,7 +177,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.completed", @@ -224,7 +224,7 @@ { "@timestamp": "2019-12-04T23:00:57.395Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.renamed", @@ -269,7 +269,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.trashed", @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.deleted", @@ -359,7 +359,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.recovered", @@ -404,7 +404,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.transcript_completed", @@ -449,7 +449,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.registration_created", @@ -498,7 +498,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.registration_approved", @@ -547,7 +547,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "recording.registration_denied", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index 7c25a2b1e99..741c6bbaf4d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.created", @@ -45,7 +45,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.invitation_accepted", @@ -87,7 +87,7 @@ { "@timestamp": "2019-07-19T18:10:54.861Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.updated", @@ -136,7 +136,7 @@ { "@timestamp": "2019-07-19T21:47:06.929Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.settings_updated", @@ -194,7 +194,7 @@ { "@timestamp": "2020-06-29T17:32:19.427Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.settings_updated", @@ -247,7 +247,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.deactivated", @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.activated", @@ -345,7 +345,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.disassociated", @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.deleted", @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.presence_status_updated", @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.personal_notes_updated", @@ -528,7 +528,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.signed_in", @@ -568,7 +568,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "user.signed_out", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index a34be5ee6d9..428c998e86a 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.created", @@ -45,7 +45,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.updated", @@ -99,7 +99,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.deleted", @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.started", @@ -183,7 +183,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.ended", @@ -224,7 +224,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.alert", @@ -260,7 +260,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.sharing_started", @@ -313,7 +313,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.sharing_started", @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.registration_created", @@ -417,7 +417,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.registration_approved", @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.registration_denied", @@ -521,7 +521,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.registration_cancelled", @@ -571,7 +571,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.participant_joined", @@ -619,7 +619,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "webinar.participant_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index 92ddf0ef0bf..e9b41d28b87 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "zoomroom.alert", @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "zoomroom.delayed_alert", @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "zoomroom.checked_in", @@ -90,7 +90,7 @@ }, { "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "zoomroom.checked_in", diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 9842a6a4bad..6c6fe7a7cea 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: Webhook - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - script: description: Drops null/empty values recursively lang: painless diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index 5da2e45ce97..85b3459804d 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from Zoom with Elastic Agent. type: integration From 007a85384c011be7f187cdf7a137054329181818 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:36 +0530 Subject: [PATCH 128/137] [zscaler_zia] - update ECS to 8.7.0 from 8.6.0 This updates the zscaler_zia integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/zscaler_zia --- packages/zscaler_zia/_dev/build/build.yml | 2 +- packages/zscaler_zia/changelog.yml | 5 +++++ .../test/pipeline/test-alerts.log-expected.json | 6 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/alerts/sample_event.json | 2 +- .../test-dns-http-endpoint.log-expected.json | 2 +- .../_dev/test/pipeline/test-dns.log-expected.json | 2 +- .../dns/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zia/data_stream/dns/sample_event.json | 2 +- .../test-firewall-http-endpoint.log-expected.json | 2 +- .../test/pipeline/test-firewall.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/firewall/sample_event.json | 2 +- .../test-tunnel-http-endpoint.log-expected.json | 2 +- .../test/pipeline/test-tunnel.log-expected.json | 6 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/tunnel/sample_event.json | 2 +- .../test-web-http-endpoint.log-expected.json | 4 ++-- .../_dev/test/pipeline/test-web.log-expected.json | 14 +++++++------- .../web/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zia/data_stream/web/sample_event.json | 2 +- packages/zscaler_zia/docs/README.md | 10 +++++----- packages/zscaler_zia/manifest.yml | 2 +- 23 files changed, 42 insertions(+), 37 deletions(-) diff --git a/packages/zscaler_zia/_dev/build/build.yml b/packages/zscaler_zia/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/zscaler_zia/_dev/build/build.yml +++ b/packages/zscaler_zia/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 9cb876a379e..e2d1015c565 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "2.7.3" changes: - description: Map web login user details to ECS. diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index e98beb378c6..15e683bc355 100644 --- a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "\u003c114\u003eDec 31 12:01:04 [175.16.199.1] ZscalerNSS: Zscaler cloud configuration connection to 175.16.199.1:443 lost and unavailable for the past 2325.00 minutes" @@ -41,7 +41,7 @@ "port": 9012 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "\u003c114\u003eDec 31 13:02:05 [81.2.69.193] ZscalerNSS: SIEM Feed connection \"DNS Logs Feed\" to 81.2.69.193:9012 lost and unavailable for the past 2440.00 minutes" @@ -74,7 +74,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "original": "\u003c114\u003eDec 31 14:03:06 [81.2.69.193] Hey, that's a new type of alert. Isn't it?" diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 3f641fd5e30..96b7bf20bda 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler alert logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/alerts/sample_event.json b/packages/zscaler_zia/data_stream/alerts/sample_event.json index dbf3cc3a147..eceab9db53c 100644 --- a/packages/zscaler_zia/data_stream/alerts/sample_event.json +++ b/packages/zscaler_zia/data_stream/alerts/sample_event.json @@ -18,7 +18,7 @@ "port": 9012 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json index d6cf10426df..9cc40468595 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 5c151ccdc94..07f51c49aed 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 17f4d5f58ce..f6cdbe990e9 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler dns logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/dns/sample_event.json b/packages/zscaler_zia/data_stream/dns/sample_event.json index 8206cdff9c6..283a9a3b7e5 100644 --- a/packages/zscaler_zia/data_stream/dns/sample_event.json +++ b/packages/zscaler_zia/data_stream/dns/sample_event.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json index dabef8ea106..91482af32ee 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json @@ -8,7 +8,7 @@ "port": 456 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "outofrange", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index ebe7e68295f..fdfdf3febac 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -11,7 +11,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "drop", diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index c63801e0e09..4335d8dc681 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler firewall logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/firewall/sample_event.json b/packages/zscaler_zia/data_stream/firewall/sample_event.json index 42afa9832a2..b37c967fb05 100644 --- a/packages/zscaler_zia/data_stream/firewall/sample_event.json +++ b/packages/zscaler_zia/data_stream/firewall/sample_event.json @@ -21,7 +21,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json index fc56ca0f6dc..cf6616d6fab 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json @@ -7,7 +7,7 @@ "ip": "0.0.0.0" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index cec855962bb..1f98d2284cb 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 500 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -166,7 +166,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "IPsec tunnel is up", diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 314466b3080..98ed786f69b 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler tunnel logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/tunnel/sample_event.json b/packages/zscaler_zia/data_stream/tunnel/sample_event.json index ce039137ecf..6f7f4542530 100644 --- a/packages/zscaler_zia/data_stream/tunnel/sample_event.json +++ b/packages/zscaler_zia/data_stream/tunnel/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json index acadfa04376..7368f9ceef1 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -129,7 +129,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json index 93b61f7620c..85838fa6f5c 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -129,7 +129,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -247,7 +247,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -370,7 +370,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -493,7 +493,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", @@ -612,7 +612,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "allowed", @@ -736,7 +736,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index 87b4357152c..03df4dc7a88 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler web logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/web/sample_event.json b/packages/zscaler_zia/data_stream/web/sample_event.json index a14986aa415..e4efe96c638 100644 --- a/packages/zscaler_zia/data_stream/web/sample_event.json +++ b/packages/zscaler_zia/data_stream/web/sample_event.json @@ -16,7 +16,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "08fc14c0-5a92-4649-93f3-68fb5d6c5fbc", diff --git a/packages/zscaler_zia/docs/README.md b/packages/zscaler_zia/docs/README.md index 1a8c51f23b5..ac1a858a030 100644 --- a/packages/zscaler_zia/docs/README.md +++ b/packages/zscaler_zia/docs/README.md @@ -194,7 +194,7 @@ An example event for `alerts` looks as following: "port": 9012 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", @@ -309,7 +309,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", @@ -466,7 +466,7 @@ An example event for `firewall` looks as following: "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", @@ -640,7 +640,7 @@ An example event for `tunnel` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "fc4affb9-ab52-48ec-b9ce-f65f4390f0b9", @@ -809,7 +809,7 @@ An example event for `web` looks as following: "ip": "1.128.3.4" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "08fc14c0-5a92-4649-93f3-68fb5d6c5fbc", diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 332abb2e1ae..4d15bea1171 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: zscaler_zia title: Zscaler Internet Access -version: "2.7.3" +version: "2.8.0" description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration categories: From e0a29c2db9e28a6c7dee07e3eeb69f54a169e8b6 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:00:38 +0530 Subject: [PATCH 129/137] [zscaler_zpa] - update ECS to 8.7.0 from 8.6.0 This updates the zscaler_zpa integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.6.0 and using 8.6.0 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0packages/zscaler_zpa --- packages/zscaler_zpa/_dev/build/build.yml | 2 +- packages/zscaler_zpa/changelog.yml | 5 +++++ .../test-app-connector-status.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/app_connector_status/sample_event.json | 2 +- .../_dev/test/pipeline/test-audit.log-expected.json | 4 ++-- .../audit/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zpa/data_stream/audit/sample_event.json | 2 +- .../pipeline/test-browser-access.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/browser_access/sample_event.json | 2 +- .../test/pipeline/test-user-activity.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/user_activity/sample_event.json | 2 +- .../test/pipeline/test-user-status.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/user_status/sample_event.json | 2 +- packages/zscaler_zpa/docs/README.md | 10 +++++----- packages/zscaler_zpa/manifest.yml | 2 +- 19 files changed, 28 insertions(+), 23 deletions(-) diff --git a/packages/zscaler_zpa/_dev/build/build.yml b/packages/zscaler_zpa/_dev/build/build.yml index fcd61c363f1..45fb1cc4269 100644 --- a/packages/zscaler_zpa/_dev/build/build.yml +++ b/packages/zscaler_zpa/_dev/build/build.yml @@ -1,4 +1,4 @@ dependencies: ecs: - reference: git@v8.6.0 + reference: git@8.7 import_mappings: true diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index 8827633997b..c7c00ce9935 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} - version: "1.5.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json index 3e8de584092..458206caa6f 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml index 4d95649bb68..a531ac64a78 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler app connector status logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json index cbdebbb5cd2..602c3eed4a1 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index f73ea55db22..900e7dd3274 100644 --- a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 434d8232a93..7f407942bd9 100644 --- a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler audit logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/audit/sample_event.json b/packages/zscaler_zpa/data_stream/audit/sample_event.json index db93848055f..273a24354c3 100644 --- a/packages/zscaler_zpa/data_stream/audit/sample_event.json +++ b/packages/zscaler_zpa/data_stream/audit/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json index a3844f996b6..75bea405a8b 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json +++ b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json @@ -19,7 +19,7 @@ "port": 60006 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml index fc3d2ccc489..8f426f53c73 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler browser access logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json index 619a46a247e..fd5a6c4b15c 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json +++ b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json index 0279c032778..26c5489dcea 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml index d8ee4f818b4..05b5e530d23 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user activity logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json index e63154d1f3d..aaca6771be8 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json index bbcf9c18eaa..af0fc497ba5 100644 --- a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml index 351f5481215..36c775bb4ba 100644 --- a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user status logs. processors: - set: field: ecs.version - value: '8.6.0' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_status/sample_event.json b/packages/zscaler_zpa/data_stream/user_status/sample_event.json index 9898ce70cd2..7178f682924 100644 --- a/packages/zscaler_zpa/data_stream/user_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_status/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/docs/README.md b/packages/zscaler_zpa/docs/README.md index d516a7d96e6..ea977d814ea 100644 --- a/packages/zscaler_zpa/docs/README.md +++ b/packages/zscaler_zpa/docs/README.md @@ -181,7 +181,7 @@ An example event for `app_connector_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", @@ -347,7 +347,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", @@ -503,7 +503,7 @@ An example event for `browser_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", @@ -731,7 +731,7 @@ An example event for `user_activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", @@ -940,7 +940,7 @@ An example event for `user_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "elastic_agent": { "id": "8b86614c-cda7-40f1-9823-ea2294fa4abf", diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index f57b3826f9e..37985f40770 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: zscaler_zpa title: Zscaler Private Access -version: 1.5.2 +version: "1.6.0" source: license: Elastic-2.0 description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. From 9fb2d327da5282fe60e6e65669895c36ae994a73 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:11:52 +0530 Subject: [PATCH 130/137] [activemq] - update ECS to 8.7.0 from 8.5.1 This updates the activemq integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0 -pr=5765 packages/activemq --- packages/activemq/_dev/build/build.yml | 2 +- packages/activemq/changelog.yml | 5 ++ .../pipeline/test-audit.log-expected.json | 16 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/broker/sample_event.json | 2 +- .../pipeline/test-activemq.log-expected.json | 68 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/queue/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/topic/sample_event.json | 2 +- packages/activemq/docs/README.md | 10 +-- packages/activemq/manifest.yml | 2 +- 16 files changed, 64 insertions(+), 59 deletions(-) diff --git a/packages/activemq/_dev/build/build.yml b/packages/activemq/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/activemq/_dev/build/build.yml +++ b/packages/activemq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index 3428a199450..9b7f444e6cc 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/5765 - version: "0.7.0" changes: - description: Migrate visualizations to lens. diff --git a/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 49ee287dda8..7e2d8a3dbf0 100644 --- a/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -8,10 +8,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.692324051Z", + "ingested": "2023-03-31T13:41:51.724977666Z", "kind": "event", "module": "activemq", "original": "INFO | anonymous called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213 | qtp443290224-47", @@ -38,10 +38,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.692336343Z", + "ingested": "2023-03-31T13:41:51.724987791Z", "kind": "event", "module": "activemq", "original": "INFO | admin called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229 | qtp443290224-45", @@ -68,10 +68,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.692337760Z", + "ingested": "2023-03-31T13:41:51.724988666Z", "kind": "event", "module": "activemq", "original": "WARN | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1 | qtp12205619-39", @@ -98,10 +98,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.692338926Z", + "ingested": "2023-03-31T13:41:51.724989416Z", "kind": "event", "module": "activemq", "original": "INFO | guest requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1 | qtp12205619-36", diff --git a/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 539c87a6744..a3e82a30333 100644 --- a/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -31,7 +31,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.7.0 ignore_empty_value: true ignore_failure: true - script: diff --git a/packages/activemq/data_stream/audit/sample_event.json b/packages/activemq/data_stream/audit/sample_event.json index d24bf103c79..612305261f9 100644 --- a/packages/activemq/data_stream/audit/sample_event.json +++ b/packages/activemq/data_stream/audit/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml index cc1f10e2eeb..1ede92df8f5 100644 --- a/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ broker metrics. processors: - set: field: ecs.version - value: 8.5.1 + value: 8.7.0 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/broker/sample_event.json b/packages/activemq/data_stream/broker/sample_event.json index 8306a274dcb..1a1ef5d168c 100644 --- a/packages/activemq/data_stream/broker/sample_event.json +++ b/packages/activemq/data_stream/broker/sample_event.json @@ -48,7 +48,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json b/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json index 873ebe2d2c2..3c47e1172c7 100644 --- a/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json +++ b/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json @@ -9,10 +9,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818887635Z", + "ingested": "2023-03-31T13:41:51.863319958Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,491 | INFO | KahaDB is version 6 | org.apache.activemq.store.kahadb.MessageDatabase | main", @@ -37,10 +37,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818898093Z", + "ingested": "2023-03-31T13:41:51.863331208Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,531 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] started | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main", @@ -65,10 +65,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818899385Z", + "ingested": "2023-03-31T13:41:51.863331958Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,538 | INFO | Page File: /opt/activemq/data/kahadb/db.data. Recovered pageFile free list of size: 0 | org.apache.activemq.store.kahadb.disk.page.PageFile | KahaDB Index Free Page Recovery", @@ -93,10 +93,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818900385Z", + "ingested": "2023-03-31T13:41:51.863332541Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,690 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is starting | org.apache.activemq.broker.BrokerService | main", @@ -121,13 +121,13 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "error": { "stack_trace": "at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]" }, "event": { - "ingested": "2022-12-08T15:06:10.818901468Z", + "ingested": "2023-03-31T13:41:51.863333208Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,712 | ERROR | Failed to start Apache ActiveMQ (localhost, ID:5338986a6080-37033-1574867374550-0:1) | org.apache.activemq.broker.BrokerService | main\n\tat org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]", @@ -152,10 +152,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818902343Z", + "ingested": "2023-03-31T13:41:51.863333708Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,716 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is shutting down | org.apache.activemq.broker.BrokerService | main", @@ -180,10 +180,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818903260Z", + "ingested": "2023-03-31T13:41:51.863334166Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,718 | INFO | Connector openwire stopped | org.apache.activemq.broker.TransportConnector | main", @@ -208,10 +208,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818904218Z", + "ingested": "2023-03-31T13:41:51.863334666Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,719 | INFO | Connector amqp stopped | org.apache.activemq.broker.TransportConnector | main", @@ -236,10 +236,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818905135Z", + "ingested": "2023-03-31T13:41:51.863335208Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,721 | INFO | Connector stomp stopped | org.apache.activemq.broker.TransportConnector | main", @@ -264,10 +264,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818906093Z", + "ingested": "2023-03-31T13:41:51.863335666Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,722 | INFO | Connector mqtt stopped | org.apache.activemq.broker.TransportConnector | main", @@ -292,10 +292,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818907051Z", + "ingested": "2023-03-31T13:41:51.863336250Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,723 | INFO | Connector ws stopped | org.apache.activemq.broker.TransportConnector | main", @@ -320,10 +320,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818908260Z", + "ingested": "2023-03-31T13:41:51.863337Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,727 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] stopped | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main", @@ -348,10 +348,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818909218Z", + "ingested": "2023-03-31T13:41:51.863337708Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,728 | INFO | Stopping async queue tasks | org.apache.activemq.store.kahadb.KahaDBStore | main", @@ -376,10 +376,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818910135Z", + "ingested": "2023-03-31T13:41:51.863338250Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,730 | INFO | Stopping async topic tasks | org.apache.activemq.store.kahadb.KahaDBStore | main", @@ -404,10 +404,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818911010Z", + "ingested": "2023-03-31T13:41:51.863338708Z", "kind": "event", "module": "activemq", "original": "2019-11-29 10:59:49,515 | INFO | No Spring WebApplicationInitializer types detected on classpath | /admin | main", @@ -432,10 +432,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818911885Z", + "ingested": "2023-03-31T13:41:51.863339166Z", "kind": "event", "module": "activemq", "original": "2019-11-29 10:59:49,779 | INFO | Initializing Spring FrameworkServlet 'dispatcher' | /admin | main", @@ -460,10 +460,10 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { - "ingested": "2022-12-08T15:06:10.818913051Z", + "ingested": "2023-03-31T13:41:51.863339625Z", "kind": "event", "module": "activemq", "original": "2022-06-17 12:19:13,443 | ERROR | Failed to load: class path resource [activemq.xml], reason: Configuration problem: Unexpected failure during bean definition parsing\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host' | org.apache.activemq.xbean.XBeanBrokerFactory | main org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unexpected failure during bean definition parsing\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host'\\n\\tat org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:118)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error(BeanDefinitionParserDelegate.java:308)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:561)\\n\\tat org.apache.xbean.spring.context.v2c.XBeanBeanDefinitionParserDelegate.parseBeanDefinitionElement(XBeanBeanDefinitionParserDelegate.java:58)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:459)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:428)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.processBeanDefinition(XBeanBeanDefinitionDocumentReader.java:188)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseDefaultElement(XBeanBeanDefinitionDocumentReader.java:115)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseBeanDefinitions(XBeanBeanDefinitionDocumentReader.java:95)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)\\n\\tat org.apache.xbean.spring.context.v2.XBeanXmlBeanDefinitionReader.registerBeanDefinitions(XBeanXmlBeanDefinitionReader.java:79)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.importBeanDefinitionResource(XBeanBeanDefinitionDocumentReader.java:143)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseDefaultElement(XBeanBeanDefinitionDocumentReader.java:109)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseBeanDefinitions(XBeanBeanDefinitionDocumentReader.java:95)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)\\n\\tat org.apache.xbean.spring.context.v2.XBeanXmlBeanDefinitionReader.registerBeanDefinitions(XBeanXmlBeanDefinitionReader.java:79)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.loadBeanDefinitions(ResourceXmlApplicationContext.java:116)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.loadBeanDefinitions(ResourceXmlApplicationContext.java:104)\\n\\tat org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:126)\\n\\tat org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:614)\\n\\tat org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:514)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.\u003cinit\u003e(ResourceXmlApplicationContext.java:64)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.\u003cinit\u003e(ResourceXmlApplicationContext.java:52)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory$1.\u003cinit\u003e(XBeanBrokerFactory.java:104)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:104)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:67)\\n\\tat org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)\\n\\tat org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)\\n\\tat org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:87)\\n\\tat org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:63)\\n\\tat org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:154)\\n\\tat org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:63)\\n\\tat org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:104)\\n\\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\\n\\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\\n\\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\\n\\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\\n\\tat org.apache.activemq.console.Main.runTaskClass(Main.java:262)\\n\\tat org.apache.activemq.console.Main.main(Main.java:115)\\nCaused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host'\\n\\tat org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:118)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:110)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error(BeanDefinitionParserDelegate.java:301)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parsePropertyElement(BeanDefinitionParserDelegate.java:897)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parsePropertyElements(BeanDefinitionParserDelegate.java:761)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:546)\\n\\t... 46 more", diff --git a/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml index fe24f752b19..6c020afc407 100644 --- a/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -46,7 +46,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.7.0 ignore_empty_value: true ignore_failure: true - script: diff --git a/packages/activemq/data_stream/log/sample_event.json b/packages/activemq/data_stream/log/sample_event.json index c40d3831ef6..7bba428d1f5 100644 --- a/packages/activemq/data_stream/log/sample_event.json +++ b/packages/activemq/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml index fa105e90c9d..ada9911fe11 100644 --- a/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ queue metrics. processors: - set: field: ecs.version - value: 8.5.1 + value: 8.7.0 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/queue/sample_event.json b/packages/activemq/data_stream/queue/sample_event.json index 43108185247..d5c95756f1c 100644 --- a/packages/activemq/data_stream/queue/sample_event.json +++ b/packages/activemq/data_stream/queue/sample_event.json @@ -56,7 +56,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml index 2df4b3781df..2e8ca78db3c 100644 --- a/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ topic metrics. processors: - set: field: ecs.version - value: 8.5.1 + value: 8.7.0 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/topic/sample_event.json b/packages/activemq/data_stream/topic/sample_event.json index 6a58f772182..6b3ef8ed2ab 100644 --- a/packages/activemq/data_stream/topic/sample_event.json +++ b/packages/activemq/data_stream/topic/sample_event.json @@ -55,7 +55,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/docs/README.md b/packages/activemq/docs/README.md index 251daa33ee2..b79286c6454 100644 --- a/packages/activemq/docs/README.md +++ b/packages/activemq/docs/README.md @@ -37,7 +37,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -128,7 +128,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -282,7 +282,7 @@ An example event for `broker` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -438,7 +438,7 @@ An example event for `queue` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -597,7 +597,7 @@ An example event for `topic` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 2f0ac9466e0..8bed0993935 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: 0.7.0 +version: "0.8.0" description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration icons: From ae2d6b75669b7db3b608b923d28d95fdb2ed3e55 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:11:53 +0530 Subject: [PATCH 131/137] [airflow] - update ECS to 8.7.0 from 8.5.1 This updates the airflow integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0 -pr=5765 packages/airflow --- packages/airflow/_dev/build/build.yml | 2 +- packages/airflow/changelog.yml | 5 +++++ .../statsd/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/airflow/manifest.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/airflow/_dev/build/build.yml b/packages/airflow/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/airflow/_dev/build/build.yml +++ b/packages/airflow/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/airflow/changelog.yml b/packages/airflow/changelog.yml index 0ad22ea9e6c..43681800721 100644 --- a/packages/airflow/changelog.yml +++ b/packages/airflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/5765 - version: 0.0.3 changes: - description: Added categories and/or subcategories. diff --git a/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml b/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml index ae7ab121b91..735ecbb522d 100644 --- a/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing airflow data processors: - set: field: ecs.version - value: "8.5.1" + value: "8.7.0" - rename: field: statsd target_field: airflow diff --git a/packages/airflow/manifest.yml b/packages/airflow/manifest.yml index 1690f118928..f5df5d21ded 100644 --- a/packages/airflow/manifest.yml +++ b/packages/airflow/manifest.yml @@ -1,6 +1,6 @@ name: airflow title: Airflow -version: 0.0.3 +version: "0.1.0" description: Airflow Integration. type: integration format_version: 1.0.0 From 9857d664b094a87e1624580f2dc0c4b4f3622ea3 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:11:54 +0530 Subject: [PATCH 132/137] [apache] - update ECS to 8.7.0 from 8.5.1 This updates the apache integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0 -pr=5765 packages/apache --- packages/apache/_dev/build/build.yml | 2 +- packages/apache/changelog.yml | 5 +++ .../test-access-basic.log-expected.json | 40 +++++++++---------- .../test-access-darwin.log-expected.json | 24 +++++------ .../test-access-ssl-request.log-expected.json | 8 ++-- .../test-access-ubuntu.log-expected.json | 36 ++++++++--------- .../test-access-vhost.log-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/access/sample_event.json | 2 +- .../test-error-basic.log-expected.json | 16 ++++---- .../test-error-darwin.log-expected.json | 8 ++-- .../test-error-trace.log-expected.json | 4 +- .../test-error-ubuntu.log-expected.json | 28 ++++++------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/error/sample_event.json | 2 +- packages/apache/manifest.yml | 2 +- 16 files changed, 95 insertions(+), 90 deletions(-) diff --git a/packages/apache/_dev/build/build.yml b/packages/apache/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/apache/_dev/build/build.yml +++ b/packages/apache/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/apache/changelog.yml b/packages/apache/changelog.yml index 02c4743b6a2..68a6e76469d 100644 --- a/packages/apache/changelog.yml +++ b/packages/apache/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/5765 - version: "1.8.2" changes: - description: Fix a bug that may blank three visualizations diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json index 539f364378f..002f37aa454 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409634501Z", + "ingested": "2023-03-31T13:41:53.901813834Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209", "outcome": "failure" @@ -58,12 +58,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409644668Z", + "ingested": "2023-03-31T13:41:53.901823209Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -119,12 +119,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409645876Z", + "ingested": "2023-03-31T13:41:53.901824084Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -", "outcome": "failure" @@ -155,12 +155,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409646876Z", + "ingested": "2023-03-31T13:41:53.901824709Z", "kind": "event", "original": "172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "failure" @@ -216,12 +216,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409647793Z", + "ingested": "2023-03-31T13:41:53.901825209Z", "kind": "event", "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /status HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "success" @@ -277,12 +277,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409648793Z", + "ingested": "2023-03-31T13:41:53.901825709Z", "kind": "event", "original": "127.0.0.1 - - [02/Feb/2019:05:38:45 +0100] \"-\" 408 152 \"-\" \"-\"", "outcome": "failure" @@ -326,12 +326,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409649793Z", + "ingested": "2023-03-31T13:41:53.901826209Z", "kind": "event", "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"-\"", "outcome": "success" @@ -393,12 +393,12 @@ "ip": "10.0.0.2" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409650668Z", + "ingested": "2023-03-31T13:41:53.901826667Z", "kind": "event", "original": "89.160.20.112 - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"10.0.0.2,10.0.0.1\"", "outcome": "success" @@ -481,12 +481,12 @@ "ip": "10.225.192.17" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409651543Z", + "ingested": "2023-03-31T13:41:53.901827209Z", "kind": "event", "original": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"10.225.192.17, 10.2.2.121\"", "outcome": "success" @@ -559,12 +559,12 @@ "ip": "192.168.0.2" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.409652876Z", + "ingested": "2023-03-31T13:41:53.901827709Z", "kind": "event", "original": "monitoring-server - - [17/May/2022:21:41:43 +0000] \"GET / HTTP/1.1\" 200 45 \"-\" \"curl/7.79.1\" X-Forwarded-For=\"192.168.0.2\"", "outcome": "success" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json index 04feb1dc8ae..cd67380e90a 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483539043Z", + "ingested": "2023-03-31T13:41:53.977815251Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:28 +0200] \"GET / HTTP/1.1\" 200 45", "outcome": "success" @@ -57,12 +57,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483550209Z", + "ingested": "2023-03-31T13:41:53.977824084Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209", "outcome": "failure" @@ -105,12 +105,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483551501Z", + "ingested": "2023-03-31T13:41:53.977824751Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -", "outcome": "failure" @@ -141,12 +141,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483552501Z", + "ingested": "2023-03-31T13:41:53.977825292Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:35 +0200] \"GET / HTTP/1.1\" 200 45", "outcome": "success" @@ -206,12 +206,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483553418Z", + "ingested": "2023-03-31T13:41:53.977825834Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:41 +0200] \"GET /notfound HTTP/1.1\" 404 206", "outcome": "failure" @@ -271,12 +271,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.483554501Z", + "ingested": "2023-03-31T13:41:53.977826376Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:45 +0200] \"GET /hmm HTTP/1.1\" 404 201", "outcome": "failure" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json index 6c618cc5793..4887e5a3135 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json @@ -14,12 +14,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.533303168Z", + "ingested": "2023-03-31T13:41:54.027841292Z", "kind": "event", "original": "[10/Aug/2018:09:45:56 +0200] 172.30.0.119 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 \"GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax\u0026amp;opts=%7B%22func%22%3A%22get_admin_tasks_html%22%2C%22args%22%3A%22%22%7D\u0026amp;nsp=b5c7d5d4b6f7d0cf0c92f9cbdf737f6a5c838218425e6ae21 HTTP/1.1\" 1375" }, @@ -67,12 +67,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.533318376Z", + "ingested": "2023-03-31T13:41:54.027853084Z", "kind": "event", "original": "[16/Oct/2019:11:53:47 +0200] 89.160.20.156 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 \"GET /appl/ajaxhelper.php?cmd=getxicoreajax\u0026opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D\u0026nsp=c2700eab9797eda8a9f65a3ab17a6adbceccd60a6cca7708650a5923950d HTTP/1.1\" -" }, diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json index 50a75ea6b31..4a9b642b3b5 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577647543Z", + "ingested": "2023-03-31T13:41:54.074516501Z", "kind": "event", "original": "127.0.0.1 - - [26/Dec/2016:16:18:09 +0000] \"GET / HTTP/1.1\" 200 491 \"-\" \"Wget/1.13.4 (linux-gnu)\"", "outcome": "success" @@ -69,12 +69,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577659626Z", + "ingested": "2023-03-31T13:41:54.074527792Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] \"GET / HTTP/1.1\" 200 484 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "success" @@ -130,12 +130,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577660959Z", + "ingested": "2023-03-31T13:41:54.074528584Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"http://192.168.33.72/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure" @@ -192,12 +192,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577662126Z", + "ingested": "2023-03-31T13:41:54.074529251Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET / HTTP/1.1\" 200 484 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "success" @@ -253,12 +253,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577663126Z", + "ingested": "2023-03-31T13:41:54.074529751Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -315,12 +315,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577664043Z", + "ingested": "2023-03-31T13:41:54.074530334Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -377,12 +377,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577664918Z", + "ingested": "2023-03-31T13:41:54.074530959Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:10 +0000] \"GET /test HTTP/1.1\" 404 498 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -438,12 +438,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577665918Z", + "ingested": "2023-03-31T13:41:54.074531417Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -499,12 +499,12 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.577666793Z", + "ingested": "2023-03-31T13:41:54.074531876Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:17 +0000] \"GET /crap HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json index 84b329493a6..4a8d2da537a 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json @@ -13,12 +13,12 @@ "domain": "vhost1.domaine.fr" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2022-12-08T15:09:52.634020126Z", + "ingested": "2023-03-31T13:41:54.135480667Z", "kind": "event", "original": "vhost1.domaine.fr 192.168.33.2 - - [26/Dec/2016:16:22:14 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" diff --git a/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml index 574d5cbdbff..2ed914ade04 100644 --- a/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/apache/data_stream/access/sample_event.json b/packages/apache/data_stream/access/sample_event.json index 24a799813f9..43fe577c7dc 100644 --- a/packages/apache/data_stream/access/sample_event.json +++ b/packages/apache/data_stream/access/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json index ed45807b94b..7bfd8808839 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json @@ -6,11 +6,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.825498793Z", + "ingested": "2023-03-31T13:41:54.343342751Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -39,11 +39,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.825508126Z", + "ingested": "2023-03-31T13:41:54.343353001Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", "timezone": "GMT+2", @@ -68,11 +68,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.825509418Z", + "ingested": "2023-03-31T13:41:54.343353959Z", "kind": "event", "original": "[Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416] [client 89.160.20.156] File does not exist: /usr/local/apache2/htdocs/favicon.ico", "timezone": "GMT+2", @@ -125,11 +125,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.825510418Z", + "ingested": "2023-03-31T13:41:54.343354709Z", "kind": "event", "original": "[Thu Jun 27 06:58:09.169510 2019] [include:warn] [pid 15934] [client 89.160.20.156:12345] AH01374: mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed: /test.html", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json index 8a83ef808e7..1c0b41c17b0 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json @@ -8,11 +8,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.868538751Z", + "ingested": "2023-03-31T13:41:54.389050626Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103522 2016] [mpm_prefork:notice] [pid 11379] AH00163: Apache/2.4.23 (Unix) configured -- resuming normal operations", "timezone": "GMT+2", @@ -37,11 +37,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.868553459Z", + "ingested": "2023-03-31T13:41:54.389061376Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json index 05034d75a48..cbb582fa19f 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json @@ -8,11 +8,11 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.909886710Z", + "ingested": "2023-03-31T13:41:54.429940209Z", "kind": "event", "original": "[Wed Oct 20 19:20:59.121211 2021] [rewrite:trace3] [pid 121591:tid 140413273032448] mod_rewrite.c(470): [client 10.121.192.8:38350] 10.121.192.8 - - [dev.elastic.co/sid#55a374e851c8][rid#7fb438083ac0/initial] applying pattern '^/import/?(.*)$' to uri '/'", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json index 904ed8dff95..7ba26fb8047 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json @@ -6,11 +6,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947748626Z", + "ingested": "2023-03-31T13:41:54.468103001Z", "kind": "event", "original": "[Mon Dec 26 16:17:53 2016] [notice] Apache/2.2.22 (Ubuntu) configured -- resuming normal operations", "timezone": "GMT+2", @@ -30,11 +30,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947760501Z", + "ingested": "2023-03-31T13:41:54.468113126Z", "kind": "event", "original": "[Mon Dec 26 16:22:00 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico, referer: http://192.168.33.72/", "timezone": "GMT+2", @@ -66,11 +66,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947761668Z", + "ingested": "2023-03-31T13:41:54.468113834Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -97,11 +97,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947762626Z", + "ingested": "2023-03-31T13:41:54.468114584Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -128,11 +128,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947763501Z", + "ingested": "2023-03-31T13:41:54.468115084Z", "kind": "event", "original": "[Mon Dec 26 16:22:10 2016] [error] [client 192.168.33.1] File does not exist: /var/www/test", "timezone": "GMT+2", @@ -159,11 +159,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947764335Z", + "ingested": "2023-03-31T13:41:54.468115501Z", "kind": "event", "original": "[Mon Dec 26 16:22:13 2016] [error] [client 192.168.33.1] File does not exist: /var/www/hello", "timezone": "GMT+2", @@ -190,11 +190,11 @@ "error": {} }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "event": { "category": "web", - "ingested": "2022-12-08T15:09:52.947765251Z", + "ingested": "2023-03-31T13:41:54.468116001Z", "kind": "event", "original": "[Mon Dec 26 16:22:17 2016] [error] [client 192.168.33.1] File does not exist: /var/www/crap", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml b/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml index 1b9a29043f1..dff5df6c0b6 100644 --- a/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: message target_field: event.original diff --git a/packages/apache/data_stream/error/sample_event.json b/packages/apache/data_stream/error/sample_event.json index 8d23ed3e8b6..b89ea72734f 100644 --- a/packages/apache/data_stream/error/sample_event.json +++ b/packages/apache/data_stream/error/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/apache/manifest.yml b/packages/apache/manifest.yml index 05bfa417c3c..0cd03d5a9e2 100644 --- a/packages/apache/manifest.yml +++ b/packages/apache/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache title: Apache HTTP Server -version: 1.8.2 +version: "1.9.0" license: basic source: license: Elastic-2.0 From 05cbcbe51d6008c05370472ab854885aa7dce073 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:11:55 +0530 Subject: [PATCH 133/137] [apache_spark] - update ECS to 8.7.0 from 8.5.1 This updates the apache_spark integration to ECS 8.7.0. It was referencing elastic/ecs git@v8.5.1 and using 8.5.1 in ingest pipelines. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.7.0 -pr=5765 packages/apache_spark --- packages/apache_spark/_dev/build/build.yml | 2 +- packages/apache_spark/changelog.yml | 5 +++++ .../application/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/application/sample_event.json | 2 +- .../driver/elasticsearch/ingest_pipeline/default.yml | 2 +- .../apache_spark/data_stream/driver/sample_event.json | 2 +- .../executor/elasticsearch/ingest_pipeline/default.yml | 2 +- .../apache_spark/data_stream/executor/sample_event.json | 2 +- .../node/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/apache_spark/data_stream/node/sample_event.json | 2 +- packages/apache_spark/docs/README.md | 8 ++++---- packages/apache_spark/manifest.yml | 2 +- 12 files changed, 19 insertions(+), 14 deletions(-) diff --git a/packages/apache_spark/_dev/build/build.yml b/packages/apache_spark/_dev/build/build.yml index aaafc5d833b..9da3f46d46b 100644 --- a/packages/apache_spark/_dev/build/build.yml +++ b/packages/apache_spark/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: git@8.7 diff --git a/packages/apache_spark/changelog.yml b/packages/apache_spark/changelog.yml index a1e42ed8f82..74c436e45d5 100644 --- a/packages/apache_spark/changelog.yml +++ b/packages/apache_spark/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.0" + changes: + - description: Update package to ECS 8.7.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/5765 - version: "0.5.0" changes: - description: Migrate visualizations to lens. diff --git a/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml index 2f42c89896f..bef155ce37f 100644 --- a/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark application metrics. processors: - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/application/sample_event.json b/packages/apache_spark/data_stream/application/sample_event.json index 8e3492844a1..6022b1151b6 100644 --- a/packages/apache_spark/data_stream/application/sample_event.json +++ b/packages/apache_spark/data_stream/application/sample_event.json @@ -21,7 +21,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "e7990c69-6909-48d1-be06-89dbe36d302c", diff --git a/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml index 076508d6b8e..17487d2f742 100644 --- a/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark driver metrics. processors: - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/driver/sample_event.json b/packages/apache_spark/data_stream/driver/sample_event.json index 4dbb1ff92d0..58ded6486a5 100644 --- a/packages/apache_spark/data_stream/driver/sample_event.json +++ b/packages/apache_spark/data_stream/driver/sample_event.json @@ -25,7 +25,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", diff --git a/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml index 47cb26d9056..75f1390dd52 100644 --- a/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark executor metrics. processors: - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/executor/sample_event.json b/packages/apache_spark/data_stream/executor/sample_event.json index 9044b9b7476..6bb177a1960 100644 --- a/packages/apache_spark/data_stream/executor/sample_event.json +++ b/packages/apache_spark/data_stream/executor/sample_event.json @@ -24,7 +24,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", diff --git a/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml index b2a7cf86a9e..7970ad280f5 100644 --- a/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark node metrics. processors: - set: field: ecs.version - value: '8.5.1' + value: '8.7.0' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/node/sample_event.json b/packages/apache_spark/data_stream/node/sample_event.json index f3cc37d90e6..e34456c15d2 100644 --- a/packages/apache_spark/data_stream/node/sample_event.json +++ b/packages/apache_spark/data_stream/node/sample_event.json @@ -27,7 +27,7 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "f051059f-86be-46d5-896d-ff1b2cdab179", diff --git a/packages/apache_spark/docs/README.md b/packages/apache_spark/docs/README.md index 35b69abb1de..69e8de4e897 100644 --- a/packages/apache_spark/docs/README.md +++ b/packages/apache_spark/docs/README.md @@ -95,7 +95,7 @@ An example event for `application` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "e7990c69-6909-48d1-be06-89dbe36d302c", @@ -197,7 +197,7 @@ An example event for `driver` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", @@ -365,7 +365,7 @@ An example event for `executor` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", @@ -534,7 +534,7 @@ An example event for `node` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.7.0" }, "elastic_agent": { "id": "f051059f-86be-46d5-896d-ff1b2cdab179", diff --git a/packages/apache_spark/manifest.yml b/packages/apache_spark/manifest.yml index ab9d981c59a..ea770c8324e 100644 --- a/packages/apache_spark/manifest.yml +++ b/packages/apache_spark/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache_spark title: Apache Spark -version: 0.5.0 +version: "0.6.0" license: basic description: Collect metrics from Apache Spark with Elastic Agent. type: integration From 13d53633fec22162a248151fb5eb5c4f3d37fd1c Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Fri, 31 Mar 2023 19:14:44 +0530 Subject: [PATCH 134/137] updated PR in changelogs --- packages/1password/changelog.yml | 2 +- packages/akamai/changelog.yml | 2 +- packages/atlassian_bitbucket/changelog.yml | 2 +- packages/atlassian_confluence/changelog.yml | 2 +- packages/atlassian_jira/changelog.yml | 2 +- packages/auditd/changelog.yml | 2 +- packages/auditd_manager/changelog.yml | 2 +- packages/auth0/changelog.yml | 2 +- packages/azure_blob_storage/changelog.yml | 2 +- packages/azure_frontdoor/changelog.yml | 2 +- packages/barracuda/changelog.yml | 2 +- packages/barracuda_cloudgen_firewall/changelog.yml | 2 +- packages/bluecoat/changelog.yml | 2 +- packages/box_events/changelog.yml | 2 +- packages/carbon_black_cloud/changelog.yml | 2 +- packages/carbonblack_edr/changelog.yml | 2 +- packages/cef/changelog.yml | 2 +- packages/checkpoint/changelog.yml | 2 +- packages/cisco_aironet/changelog.yml | 2 +- packages/cisco_asa/changelog.yml | 2 +- packages/cisco_duo/changelog.yml | 2 +- packages/cisco_ftd/changelog.yml | 2 +- packages/cisco_ios/changelog.yml | 2 +- packages/cisco_ise/changelog.yml | 2 +- packages/cisco_meraki/changelog.yml | 2 +- packages/cisco_nexus/changelog.yml | 2 +- packages/cisco_secure_email_gateway/changelog.yml | 2 +- packages/cisco_secure_endpoint/changelog.yml | 2 +- packages/cisco_umbrella/changelog.yml | 2 +- packages/citrix_waf/changelog.yml | 2 +- packages/cloudflare/changelog.yml | 2 +- packages/cloudflare_logpush/changelog.yml | 2 +- packages/crowdstrike/changelog.yml | 2 +- packages/cyberark_pta/changelog.yml | 2 +- packages/cyberarkpas/changelog.yml | 2 +- packages/cylance/changelog.yml | 2 +- packages/darktrace/changelog.yml | 2 +- packages/f5/changelog.yml | 2 +- packages/f5_bigip/changelog.yml | 2 +- packages/fim/changelog.yml | 2 +- packages/fireeye/changelog.yml | 2 +- packages/forcepoint_web/changelog.yml | 2 +- packages/forgerock/changelog.yml | 2 +- packages/fortinet_forticlient/changelog.yml | 2 +- packages/fortinet_fortiedr/changelog.yml | 2 +- packages/fortinet_fortigate/changelog.yml | 2 +- packages/fortinet_fortimail/changelog.yml | 2 +- packages/fortinet_fortimanager/changelog.yml | 2 +- packages/gcp/changelog.yml | 2 +- packages/gcp_pubsub/changelog.yml | 2 +- packages/github/changelog.yml | 2 +- packages/google_cloud_storage/changelog.yml | 2 +- packages/google_workspace/changelog.yml | 2 +- packages/hashicorp_vault/changelog.yml | 2 +- packages/hid_bravura_monitor/changelog.yml | 2 +- packages/http_endpoint/changelog.yml | 2 +- packages/httpjson/changelog.yml | 2 +- packages/imperva/changelog.yml | 2 +- packages/infoblox_bloxone_ddi/changelog.yml | 2 +- packages/infoblox_nios/changelog.yml | 2 +- packages/iptables/changelog.yml | 2 +- packages/jamf_compliance_reporter/changelog.yml | 2 +- packages/jumpcloud/changelog.yml | 2 +- packages/juniper_junos/changelog.yml | 2 +- packages/juniper_netscreen/changelog.yml | 2 +- packages/juniper_srx/changelog.yml | 2 +- packages/keycloak/changelog.yml | 2 +- packages/lastpass/changelog.yml | 2 +- packages/lyve_cloud/changelog.yml | 2 +- packages/m365_defender/changelog.yml | 2 +- packages/mattermost/changelog.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 2 +- packages/microsoft_dhcp/changelog.yml | 2 +- packages/microsoft_exchange_online_message_trace/changelog.yml | 2 +- packages/mimecast/changelog.yml | 2 +- packages/modsecurity/changelog.yml | 2 +- packages/mysql_enterprise/changelog.yml | 2 +- packages/netflow/changelog.yml | 2 +- packages/netscout/changelog.yml | 2 +- packages/netskope/changelog.yml | 2 +- packages/network_traffic/changelog.yml | 2 +- packages/o365/changelog.yml | 2 +- packages/okta/changelog.yml | 2 +- packages/osquery/changelog.yml | 2 +- packages/panw/changelog.yml | 2 +- packages/panw_cortex_xdr/changelog.yml | 2 +- packages/pfsense/changelog.yml | 2 +- packages/ping_one/changelog.yml | 2 +- packages/proofpoint_tap/changelog.yml | 2 +- packages/pulse_connect_secure/changelog.yml | 2 +- packages/qnap_nas/changelog.yml | 2 +- packages/radware/changelog.yml | 2 +- packages/santa/changelog.yml | 2 +- packages/sentinel_one/changelog.yml | 2 +- packages/slack/changelog.yml | 2 +- packages/snort/changelog.yml | 2 +- packages/snyk/changelog.yml | 2 +- packages/sonicwall_firewall/changelog.yml | 2 +- packages/sophos/changelog.yml | 2 +- packages/sophos_central/changelog.yml | 2 +- packages/squid/changelog.yml | 2 +- packages/suricata/changelog.yml | 2 +- packages/symantec_endpoint/changelog.yml | 2 +- packages/sysmon_linux/changelog.yml | 2 +- packages/system_audit/changelog.yml | 2 +- packages/tanium/changelog.yml | 2 +- packages/tcp/changelog.yml | 2 +- packages/tenable_io/changelog.yml | 2 +- packages/tenable_sc/changelog.yml | 2 +- packages/thycotic_ss/changelog.yml | 2 +- packages/ti_abusech/changelog.yml | 2 +- packages/ti_anomali/changelog.yml | 2 +- packages/ti_cif3/changelog.yml | 2 +- packages/ti_cybersixgill/changelog.yml | 2 +- packages/ti_misp/changelog.yml | 2 +- packages/ti_otx/changelog.yml | 2 +- packages/ti_rapid7_threat_command/changelog.yml | 2 +- packages/ti_recordedfuture/changelog.yml | 2 +- packages/ti_threatq/changelog.yml | 2 +- packages/tines/changelog.yml | 2 +- packages/trend_micro_vision_one/changelog.yml | 2 +- packages/trendmicro/changelog.yml | 2 +- packages/udp/changelog.yml | 2 +- packages/winlog/changelog.yml | 2 +- packages/zeek/changelog.yml | 2 +- packages/zerofox/changelog.yml | 2 +- packages/zoom/changelog.yml | 2 +- packages/zscaler_zia/changelog.yml | 2 +- packages/zscaler_zpa/changelog.yml | 2 +- 129 files changed, 129 insertions(+), 129 deletions(-) diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 19415285073..20de4e6d5d5 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.10.0" changes: - description: Add audit events to 1Password Events Reporting diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 2f4c735d84d..aee7ba5ca9c 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index 96e5e3786e2..45fe08c0537 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index 2014f794a36..1100ea144df 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index a6d9397dd38..e80275cdaae 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index d2a14721ac9..81507a3e128 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "3.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 0e207b17d01..03a1922f343 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index 1dad1869ee8..9eec0307418 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/azure_blob_storage/changelog.yml b/packages/azure_blob_storage/changelog.yml index a6633c1ecd4..45884f1dfe7 100644 --- a/packages/azure_blob_storage/changelog.yml +++ b/packages/azure_blob_storage/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.1.0" changes: - description: Initial Release diff --git a/packages/azure_frontdoor/changelog.yml b/packages/azure_frontdoor/changelog.yml index 39ebdff6f77..af1d60b01e7 100644 --- a/packages/azure_frontdoor/changelog.yml +++ b/packages/azure_frontdoor/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.0.2" changes: - description: Modify default storage container name to avoid collisions diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index a26c5877321..9ee8399ce25 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.1.0" changes: - description: Add system log and audit log support diff --git a/packages/barracuda_cloudgen_firewall/changelog.yml b/packages/barracuda_cloudgen_firewall/changelog.yml index a3b664271c0..45be5d88a23 100644 --- a/packages/barracuda_cloudgen_firewall/changelog.yml +++ b/packages/barracuda_cloudgen_firewall/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Barracuda CloudGen Firewall as GA. diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index a3122448394..25dd3db5b6f 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/box_events/changelog.yml b/packages/box_events/changelog.yml index 7329640b066..f8816516d7d 100644 --- a/packages/box_events/changelog.yml +++ b/packages/box_events/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Box Events as GA. diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 3ccfded1601..c10d914aafb 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 442a55fb24c..8e9144a0408 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index ace9a658634..bb3a60eb519 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index f1e785bdca9..c02e7745581 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.18.0" changes: - description: Improve documentation. diff --git a/packages/cisco_aironet/changelog.yml b/packages/cisco_aironet/changelog.yml index 1acee04af98..2dbfd44f01d 100644 --- a/packages/cisco_aironet/changelog.yml +++ b/packages/cisco_aironet/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Cisco Aironet as GA. diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index ef11ec6773e..15ff97aad76 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.14.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 6ded297a8a4..4b5558b22b5 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.8.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 1dc17ab092f..f93e3c56d2f 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.9.2" changes: - description: Add network.bytes and dns.question.registered_name diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 15bc9224dc6..e5bb139863e 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.12.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 35b98feed0f..577c4bb3306 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 8f397492495..4d25f922b5a 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.0" changes: - description: Capture firewall rules from flows. diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index b7e44980b8c..0a2d70ece26 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 129072a9207..2f985279283 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.2" changes: - description: Fix grok pattern in AMP pipeline. diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 8978719df47..dd88583e7e5 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.8.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index bc19fa03ee4..b05bdc6136d 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.8.0" changes: - description: Release Cisco Umbrella datastream as GA. diff --git a/packages/citrix_waf/changelog.yml b/packages/citrix_waf/changelog.yml index 82c74dfff91..4287337c444 100644 --- a/packages/citrix_waf/changelog.yml +++ b/packages/citrix_waf/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 081af319aee..ef88a81f0db 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.4.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/cloudflare_logpush/changelog.yml b/packages/cloudflare_logpush/changelog.yml index abbd6bf577c..36f408e6e5a 100644 --- a/packages/cloudflare_logpush/changelog.yml +++ b/packages/cloudflare_logpush/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Cloudflare Logpush as GA. diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index a6396ff1938..a075a25bc19 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.11.2" changes: - description: Reduce duplicate document ingestion. diff --git a/packages/cyberark_pta/changelog.yml b/packages/cyberark_pta/changelog.yml index 1676d5fd8f8..9c079857369 100644 --- a/packages/cyberark_pta/changelog.yml +++ b/packages/cyberark_pta/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Cyberark Privileged Threat Analytics as GA. diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 6b3a931b3aa..3f00252da02 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index f7b2e408499..52718fb50e0 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/darktrace/changelog.yml b/packages/darktrace/changelog.yml index 51cf203f55f..bbd599652da 100644 --- a/packages/darktrace/changelog.yml +++ b/packages/darktrace/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Darktrace as GA. diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index 69ccef23d38..a8ca46c0d9c 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.13.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/f5_bigip/changelog.yml b/packages/f5_bigip/changelog.yml index cafdb3bf311..98db5f45df2 100644 --- a/packages/f5_bigip/changelog.yml +++ b/packages/f5_bigip/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release F5 BIG-IP as GA. diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index ff8d22dae95..b08def7557c 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.3" changes: - description: Added categories and/or subcategories. diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index 9f8c0625cff..da8dd6f8d33 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/forcepoint_web/changelog.yml b/packages/forcepoint_web/changelog.yml index b45b3bc632a..ab4fd135fc4 100644 --- a/packages/forcepoint_web/changelog.yml +++ b/packages/forcepoint_web/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.0.1" changes: - description: Initial draft of the package diff --git a/packages/forgerock/changelog.yml b/packages/forgerock/changelog.yml index 59000c70a4e..4a9f604654b 100644 --- a/packages/forgerock/changelog.yml +++ b/packages/forgerock/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Initial draft of the package diff --git a/packages/fortinet_forticlient/changelog.yml b/packages/fortinet_forticlient/changelog.yml index b0fafe76dbb..1460e7a97d7 100644 --- a/packages/fortinet_forticlient/changelog.yml +++ b/packages/fortinet_forticlient/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/fortinet_fortiedr/changelog.yml b/packages/fortinet_fortiedr/changelog.yml index 24cc49825fc..a17fd622758 100644 --- a/packages/fortinet_fortiedr/changelog.yml +++ b/packages/fortinet_fortiedr/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/fortinet_fortigate/changelog.yml b/packages/fortinet_fortigate/changelog.yml index 3b837d4100f..694f5aabbf3 100644 --- a/packages/fortinet_fortigate/changelog.yml +++ b/packages/fortinet_fortigate/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.0" changes: - description: Add user.name, host.name and dns.question.registered_domain diff --git a/packages/fortinet_fortimail/changelog.yml b/packages/fortinet_fortimail/changelog.yml index 052af26840c..839152882cb 100644 --- a/packages/fortinet_fortimail/changelog.yml +++ b/packages/fortinet_fortimail/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.0.0" changes: - description: Replace RSA2ELK with Syslog integration. diff --git a/packages/fortinet_fortimanager/changelog.yml b/packages/fortinet_fortimanager/changelog.yml index 4320d04df6e..fd48ba768e5 100644 --- a/packages/fortinet_fortimanager/changelog.yml +++ b/packages/fortinet_fortimanager/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.0.0" changes: - description: Replace RSA2ELK with Syslog integration. diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 559491e9f33..383cf903a66 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.19.1" changes: - description: Migrate compute dashboard to lens and add datastream filter. diff --git a/packages/gcp_pubsub/changelog.yml b/packages/gcp_pubsub/changelog.yml index 4a7cead43a1..0f5499ce2a9 100644 --- a/packages/gcp_pubsub/changelog.yml +++ b/packages/gcp_pubsub/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index de5a6f52e45..fe7668df00b 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.0" changes: - description: Release Github datastreams as GA. diff --git a/packages/google_cloud_storage/changelog.yml b/packages/google_cloud_storage/changelog.yml index 163016767ae..58c55102fc5 100644 --- a/packages/google_cloud_storage/changelog.yml +++ b/packages/google_cloud_storage/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.1.0" changes: - description: Initial Release diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 4c5aeeef892..921556de870 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.4.0" changes: - description: Add support for new Access Transparency, Context Aware Access, Device, GCP, Group Enterprise and Token Data Streams. diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 60aa7b658b6..c2c65757fb7 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index f0594d185b9..5d77754a0c4 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/http_endpoint/changelog.yml b/packages/http_endpoint/changelog.yml index 54f1482ddbb..4a459a7a900 100644 --- a/packages/http_endpoint/changelog.yml +++ b/packages/http_endpoint/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml index f7b72c62b73..80cfc4a4bcf 100644 --- a/packages/httpjson/changelog.yml +++ b/packages/httpjson/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 783f4920258..d96625abc6d 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.12.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/infoblox_bloxone_ddi/changelog.yml b/packages/infoblox_bloxone_ddi/changelog.yml index c62a3ce627c..674209837d4 100644 --- a/packages/infoblox_bloxone_ddi/changelog.yml +++ b/packages/infoblox_bloxone_ddi/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Infoblox BloxOne DDI as GA. diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 705e5172dbe..23dc9cf79ff 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 7f30fba6e7c..60026289d68 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/jamf_compliance_reporter/changelog.yml b/packages/jamf_compliance_reporter/changelog.yml index 738685e0c7e..0bcc9652660 100644 --- a/packages/jamf_compliance_reporter/changelog.yml +++ b/packages/jamf_compliance_reporter/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Jamf Compliance Reporter as GA. diff --git a/packages/jumpcloud/changelog.yml b/packages/jumpcloud/changelog.yml index c2f1e638a0a..6a2b9575e66 100644 --- a/packages/jumpcloud/changelog.yml +++ b/packages/jumpcloud/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.0.2" changes: - description: Fix img links in readme diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index 12b0cbfe170..4ef7e0d71e7 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.6.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 37c739abb77..4127351528d 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 846d5749ee6..1fb6a53ebcf 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index f053c55f250..6fdedab0a57 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/lastpass/changelog.yml b/packages/lastpass/changelog.yml index 0728619a768..ca9ab220e40 100644 --- a/packages/lastpass/changelog.yml +++ b/packages/lastpass/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release LastPass as GA. diff --git a/packages/lyve_cloud/changelog.yml b/packages/lyve_cloud/changelog.yml index 76077e8ef84..c4499cae6e5 100644 --- a/packages/lyve_cloud/changelog.yml +++ b/packages/lyve_cloud/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 6f17b62ecfc..1bad1550e63 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index 225c9fcbb2d..20aa465d1aa 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 14faa3bf77a..f5c3bf815f8 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.8.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/microsoft_dhcp/changelog.yml b/packages/microsoft_dhcp/changelog.yml index dae1f66a8e1..7d076a906fd 100644 --- a/packages/microsoft_dhcp/changelog.yml +++ b/packages/microsoft_dhcp/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.10.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/microsoft_exchange_online_message_trace/changelog.yml b/packages/microsoft_exchange_online_message_trace/changelog.yml index 496fcab7b31..9d25add9461 100644 --- a/packages/microsoft_exchange_online_message_trace/changelog.yml +++ b/packages/microsoft_exchange_online_message_trace/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Microsoft Exchange Online Message Trace as GA. diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 8d15f64075e..44c45ecc5b4 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.5" changes: - description: Added categories and/or subcategories. diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 37b804497a6..912894b8591 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/mysql_enterprise/changelog.yml b/packages/mysql_enterprise/changelog.yml index f9fdeb66e8d..5a5306f3d3a 100644 --- a/packages/mysql_enterprise/changelog.yml +++ b/packages/mysql_enterprise/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index ea2ff5ad4f1..f06f8bef988 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.6.1" changes: - description: Add UDP read buffer configuration option. diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index b02edfcb9a9..3e8956054f8 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index 6dd6bbb3990..433541007ab 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 550150dfa4e..72098b9e447 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.3" changes: - description: Added categories and/or subcategories. diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index b3bec9005a4..dda85a1fc73 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.13.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 63557030b20..1a3aeaff2fa 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.17.0" changes: - description: Extract username from email diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index 4f8917d5db5..d6acfe6762c 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 36995ac3a30..f4d16ca0cad 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "3.5.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index d2fa59c2d1f..e7f96e48926 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index 39d442d06de..adc5df66a5f 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.4" changes: - description: Fix squid GROK pattern diff --git a/packages/ping_one/changelog.yml b/packages/ping_one/changelog.yml index 86b22daf517..c1e6487548a 100644 --- a/packages/ping_one/changelog.yml +++ b/packages/ping_one/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release PingOne as GA. diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index ed742fa6fa7..202171905d2 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index e6c22ce8188..62056f31779 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.0" changes: - description: Handle user domain for SAML events. diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index eca0d87a5e0..31500b87a1f 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Ensure numeric timezones are correctly interpreted. diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index c6f69e5bd70..f66e54d8a2d 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.11.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 90c71fee826..18f43febbea 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "3.5.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index 2a1a7f09c97..67f0d6df223 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.5.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/slack/changelog.yml b/packages/slack/changelog.yml index 26ec3ba5836..af8c1e27554 100644 --- a/packages/slack/changelog.yml +++ b/packages/slack/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Slack as GA. diff --git a/packages/snort/changelog.yml b/packages/snort/changelog.yml index 7ed6fa866ad..79fb321d287 100644 --- a/packages/snort/changelog.yml +++ b/packages/snort/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.4.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/snyk/changelog.yml b/packages/snyk/changelog.yml index 81059d47cb4..d26d887e5e5 100644 --- a/packages/snyk/changelog.yml +++ b/packages/snyk/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.6.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 452d77ceefd..cd6edc9b869 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.3.2" changes: - description: Added categories and/or subcategories. diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 56851ffbd5f..038e74b6ef0 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/sophos_central/changelog.yml b/packages/sophos_central/changelog.yml index 11eafb9d5a7..c34acbe2c48 100644 --- a/packages/sophos_central/changelog.yml +++ b/packages/sophos_central/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Sophos Central as GA. diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index 690fc7043f8..ca3bee1095b 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.12.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 76394ec55e0..28f512a468b 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.6.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index 8639360bd5c..4934e411dbe 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.3.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/sysmon_linux/changelog.yml b/packages/sysmon_linux/changelog.yml index acecdedef90..807355e8ce1 100644 --- a/packages/sysmon_linux/changelog.yml +++ b/packages/sysmon_linux/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.1.0" changes: - description: initial release diff --git a/packages/system_audit/changelog.yml b/packages/system_audit/changelog.yml index e64560aa31a..9a25c4bb618 100644 --- a/packages/system_audit/changelog.yml +++ b/packages/system_audit/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.1" changes: - description: Fix documentation bug diff --git a/packages/tanium/changelog.yml b/packages/tanium/changelog.yml index 189b854f27d..77bd7dcc71e 100644 --- a/packages/tanium/changelog.yml +++ b/packages/tanium/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: 0.1.0 changes: - description: Initial release. diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index b9ea3bc02a3..5bf00694265 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/tenable_io/changelog.yml b/packages/tenable_io/changelog.yml index ca8100a9460..117d87162e1 100644 --- a/packages/tenable_io/changelog.yml +++ b/packages/tenable_io/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.2.1" changes: - description: Added response.save_first_response parameter to hbs.yml files to support latest httpjson change. diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index f8273b92151..3fff48b5ce2 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Drop empty event sets. diff --git a/packages/thycotic_ss/changelog.yml b/packages/thycotic_ss/changelog.yml index 3b20c21e756..2c84cda5dc8 100644 --- a/packages/thycotic_ss/changelog.yml +++ b/packages/thycotic_ss/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.0.1" changes: - description: Initial draft of the package diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 3dd805ff346..03a59d3d995 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 1d7e3edda05..a0a87e82b22 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_cif3/changelog.yml b/packages/ti_cif3/changelog.yml index eea0b8abcf7..604fc53b1eb 100644 --- a/packages/ti_cif3/changelog.yml +++ b/packages/ti_cif3/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.4.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 4f2946eb484..f73d5317c21 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.9.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 654dc5a488a..754ad84eab3 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.10.1" changes: - description: Drop empty event sets. diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index 1ac4a63a2b3..1147170e14f 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/ti_rapid7_threat_command/changelog.yml b/packages/ti_rapid7_threat_command/changelog.yml index 2d839b45fd0..7f4fdd01ed6 100644 --- a/packages/ti_rapid7_threat_command/changelog.yml +++ b/packages/ti_rapid7_threat_command/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Rapid7 Threat Command as GA. diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml index 931d90dfa68..dd61a4fdeea 100644 --- a/packages/ti_recordedfuture/changelog.yml +++ b/packages/ti_recordedfuture/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.5.0" changes: - description: Update package to ECS 8.6.0. diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 1fc2c85f2a5..6b890287c17 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.8.1" changes: - description: Honor `preserve_original_event` setting. diff --git a/packages/tines/changelog.yml b/packages/tines/changelog.yml index f821b8e30c6..4583362f878 100644 --- a/packages/tines/changelog.yml +++ b/packages/tines/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.0.4" changes: - description: Make input object arrays flattnened. diff --git a/packages/trend_micro_vision_one/changelog.yml b/packages/trend_micro_vision_one/changelog.yml index 09dcd4040a8..eabdb717c6d 100644 --- a/packages/trend_micro_vision_one/changelog.yml +++ b/packages/trend_micro_vision_one/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.0.0" changes: - description: Release Trend Micro Vision One as GA. diff --git a/packages/trendmicro/changelog.yml b/packages/trendmicro/changelog.yml index ecdd2448b0e..6b1cd2efee0 100644 --- a/packages/trendmicro/changelog.yml +++ b/packages/trendmicro/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index 13abfa9cd68..b3964db2ec5 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index c59c53f6051..d3b6b557a10 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.12.4" changes: - description: Improve documentation for listing event log channels. diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 20fd905465b..a6572a04011 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index 0a58ad641cf..63d5eaedeba 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index a06e1d5ec9c..50ace68e9b0 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.7.1" changes: - description: Added categories and/or subcategories. diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index e2d1015c565..ec32b6a7716 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "2.7.3" changes: - description: Map web login user details to ECS. diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index c7c00ce9935..0ea5b14dd6d 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update package to ECS 8.7.0. type: enhancement - link: https://github.com/elastic/integrations/pull/{{ PULL_REQUEST_NUMBER }} + link: https://github.com/elastic/integrations/pull/5765 - version: "1.5.2" changes: - description: Added categories and/or subcategories. From 2ff8466016b0ed72747ffb676ba34a03b042093f Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Wed, 5 Apr 2023 11:24:46 +0530 Subject: [PATCH 135/137] reverted ecs update for packages activemq,airflow,apache & apache_spark --- packages/activemq/_dev/build/build.yml | 2 +- packages/activemq/changelog.yml | 5 -- .../pipeline/test-audit.log-expected.json | 16 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/broker/sample_event.json | 2 +- .../pipeline/test-activemq.log-expected.json | 68 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/log/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/queue/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/topic/sample_event.json | 2 +- packages/activemq/docs/README.md | 10 +-- packages/activemq/manifest.yml | 2 +- packages/airflow/_dev/build/build.yml | 2 +- packages/airflow/changelog.yml | 5 -- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/airflow/manifest.yml | 2 +- packages/apache/_dev/build/build.yml | 2 +- packages/apache/changelog.yml | 5 -- .../test-access-basic.log-expected.json | 40 +++++------ .../test-access-darwin.log-expected.json | 24 +++---- .../test-access-ssl-request.log-expected.json | 8 +-- .../test-access-ubuntu.log-expected.json | 36 +++++----- .../test-access-vhost.log-expected.json | 4 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/access/sample_event.json | 2 +- .../test-error-basic.log-expected.json | 16 ++--- .../test-error-darwin.log-expected.json | 8 +-- .../test-error-trace.log-expected.json | 4 +- .../test-error-ubuntu.log-expected.json | 28 ++++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/error/sample_event.json | 2 +- packages/apache/manifest.yml | 2 +- packages/apache_spark/_dev/build/build.yml | 2 +- packages/apache_spark/changelog.yml | 5 -- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/application/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/driver/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/executor/sample_event.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/node/sample_event.json | 2 +- packages/apache_spark/docs/README.md | 8 +-- packages/apache_spark/manifest.yml | 2 +- 48 files changed, 166 insertions(+), 186 deletions(-) diff --git a/packages/activemq/_dev/build/build.yml b/packages/activemq/_dev/build/build.yml index 9da3f46d46b..aaafc5d833b 100644 --- a/packages/activemq/_dev/build/build.yml +++ b/packages/activemq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.7 + reference: git@v8.5.1 diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index 9b7f444e6cc..3428a199450 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "0.8.0" - changes: - - description: Update package to ECS 8.7.0. - type: enhancement - link: https://github.com/elastic/integrations/pull/5765 - version: "0.7.0" changes: - description: Migrate visualizations to lens. diff --git a/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 7e2d8a3dbf0..49ee287dda8 100644 --- a/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/activemq/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -8,10 +8,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.724977666Z", + "ingested": "2022-12-08T15:06:10.692324051Z", "kind": "event", "module": "activemq", "original": "INFO | anonymous called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213 | qtp443290224-47", @@ -38,10 +38,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.724987791Z", + "ingested": "2022-12-08T15:06:10.692336343Z", "kind": "event", "module": "activemq", "original": "INFO | admin called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229 | qtp443290224-45", @@ -68,10 +68,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.724988666Z", + "ingested": "2022-12-08T15:06:10.692337760Z", "kind": "event", "module": "activemq", "original": "WARN | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1 | qtp12205619-39", @@ -98,10 +98,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.724989416Z", + "ingested": "2022-12-08T15:06:10.692338926Z", "kind": "event", "module": "activemq", "original": "INFO | guest requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1 | qtp12205619-36", diff --git a/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index a3e82a30333..539c87a6744 100644 --- a/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -31,7 +31,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.7.0 + value: 8.5.1 ignore_empty_value: true ignore_failure: true - script: diff --git a/packages/activemq/data_stream/audit/sample_event.json b/packages/activemq/data_stream/audit/sample_event.json index 612305261f9..d24bf103c79 100644 --- a/packages/activemq/data_stream/audit/sample_event.json +++ b/packages/activemq/data_stream/audit/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml index 1ede92df8f5..cc1f10e2eeb 100644 --- a/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/broker/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ broker metrics. processors: - set: field: ecs.version - value: 8.7.0 + value: 8.5.1 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/broker/sample_event.json b/packages/activemq/data_stream/broker/sample_event.json index 1a1ef5d168c..8306a274dcb 100644 --- a/packages/activemq/data_stream/broker/sample_event.json +++ b/packages/activemq/data_stream/broker/sample_event.json @@ -48,7 +48,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json b/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json index 3c47e1172c7..873ebe2d2c2 100644 --- a/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json +++ b/packages/activemq/data_stream/log/_dev/test/pipeline/test-activemq.log-expected.json @@ -9,10 +9,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863319958Z", + "ingested": "2022-12-08T15:06:10.818887635Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,491 | INFO | KahaDB is version 6 | org.apache.activemq.store.kahadb.MessageDatabase | main", @@ -37,10 +37,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863331208Z", + "ingested": "2022-12-08T15:06:10.818898093Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,531 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] started | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main", @@ -65,10 +65,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863331958Z", + "ingested": "2022-12-08T15:06:10.818899385Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,538 | INFO | Page File: /opt/activemq/data/kahadb/db.data. Recovered pageFile free list of size: 0 | org.apache.activemq.store.kahadb.disk.page.PageFile | KahaDB Index Free Page Recovery", @@ -93,10 +93,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863332541Z", + "ingested": "2022-12-08T15:06:10.818900385Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,690 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is starting | org.apache.activemq.broker.BrokerService | main", @@ -121,13 +121,13 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "error": { "stack_trace": "at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]" }, "event": { - "ingested": "2023-03-31T13:41:51.863333208Z", + "ingested": "2022-12-08T15:06:10.818901468Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,712 | ERROR | Failed to start Apache ActiveMQ (localhost, ID:5338986a6080-37033-1574867374550-0:1) | org.apache.activemq.broker.BrokerService | main\n\tat org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]", @@ -152,10 +152,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863333708Z", + "ingested": "2022-12-08T15:06:10.818902343Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,716 | INFO | Apache ActiveMQ 5.15.9 (localhost, ID:5338986a6080-37033-1574867374550-0:1) is shutting down | org.apache.activemq.broker.BrokerService | main", @@ -180,10 +180,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863334166Z", + "ingested": "2022-12-08T15:06:10.818903260Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,718 | INFO | Connector openwire stopped | org.apache.activemq.broker.TransportConnector | main", @@ -208,10 +208,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863334666Z", + "ingested": "2022-12-08T15:06:10.818904218Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,719 | INFO | Connector amqp stopped | org.apache.activemq.broker.TransportConnector | main", @@ -236,10 +236,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863335208Z", + "ingested": "2022-12-08T15:06:10.818905135Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,721 | INFO | Connector stomp stopped | org.apache.activemq.broker.TransportConnector | main", @@ -264,10 +264,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863335666Z", + "ingested": "2022-12-08T15:06:10.818906093Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,722 | INFO | Connector mqtt stopped | org.apache.activemq.broker.TransportConnector | main", @@ -292,10 +292,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863336250Z", + "ingested": "2022-12-08T15:06:10.818907051Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,723 | INFO | Connector ws stopped | org.apache.activemq.broker.TransportConnector | main", @@ -320,10 +320,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863337Z", + "ingested": "2022-12-08T15:06:10.818908260Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,727 | INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] stopped | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main", @@ -348,10 +348,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863337708Z", + "ingested": "2022-12-08T15:06:10.818909218Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,728 | INFO | Stopping async queue tasks | org.apache.activemq.store.kahadb.KahaDBStore | main", @@ -376,10 +376,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863338250Z", + "ingested": "2022-12-08T15:06:10.818910135Z", "kind": "event", "module": "activemq", "original": "2019-11-27 15:09:34,730 | INFO | Stopping async topic tasks | org.apache.activemq.store.kahadb.KahaDBStore | main", @@ -404,10 +404,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863338708Z", + "ingested": "2022-12-08T15:06:10.818911010Z", "kind": "event", "module": "activemq", "original": "2019-11-29 10:59:49,515 | INFO | No Spring WebApplicationInitializer types detected on classpath | /admin | main", @@ -432,10 +432,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863339166Z", + "ingested": "2022-12-08T15:06:10.818911885Z", "kind": "event", "module": "activemq", "original": "2019-11-29 10:59:49,779 | INFO | Initializing Spring FrameworkServlet 'dispatcher' | /admin | main", @@ -460,10 +460,10 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { - "ingested": "2023-03-31T13:41:51.863339625Z", + "ingested": "2022-12-08T15:06:10.818913051Z", "kind": "event", "module": "activemq", "original": "2022-06-17 12:19:13,443 | ERROR | Failed to load: class path resource [activemq.xml], reason: Configuration problem: Unexpected failure during bean definition parsing\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host' | org.apache.activemq.xbean.XBeanBrokerFactory | main org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unexpected failure during bean definition parsing\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host'\\n\\tat org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:118)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error(BeanDefinitionParserDelegate.java:308)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:561)\\n\\tat org.apache.xbean.spring.context.v2c.XBeanBeanDefinitionParserDelegate.parseBeanDefinitionElement(XBeanBeanDefinitionParserDelegate.java:58)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:459)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:428)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.processBeanDefinition(XBeanBeanDefinitionDocumentReader.java:188)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseDefaultElement(XBeanBeanDefinitionDocumentReader.java:115)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseBeanDefinitions(XBeanBeanDefinitionDocumentReader.java:95)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)\\n\\tat org.apache.xbean.spring.context.v2.XBeanXmlBeanDefinitionReader.registerBeanDefinitions(XBeanXmlBeanDefinitionReader.java:79)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.importBeanDefinitionResource(XBeanBeanDefinitionDocumentReader.java:143)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseDefaultElement(XBeanBeanDefinitionDocumentReader.java:109)\\n\\tat org.apache.xbean.spring.context.v2.XBeanBeanDefinitionDocumentReader.parseBeanDefinitions(XBeanBeanDefinitionDocumentReader.java:95)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)\\n\\tat org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)\\n\\tat org.apache.xbean.spring.context.v2.XBeanXmlBeanDefinitionReader.registerBeanDefinitions(XBeanXmlBeanDefinitionReader.java:79)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)\\n\\tat org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.loadBeanDefinitions(ResourceXmlApplicationContext.java:116)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.loadBeanDefinitions(ResourceXmlApplicationContext.java:104)\\n\\tat org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:126)\\n\\tat org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:614)\\n\\tat org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:514)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.\u003cinit\u003e(ResourceXmlApplicationContext.java:64)\\n\\tat org.apache.xbean.spring.context.ResourceXmlApplicationContext.\u003cinit\u003e(ResourceXmlApplicationContext.java:52)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory$1.\u003cinit\u003e(XBeanBrokerFactory.java:104)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:104)\\n\\tat org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:67)\\n\\tat org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)\\n\\tat org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)\\n\\tat org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:87)\\n\\tat org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:63)\\n\\tat org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:154)\\n\\tat org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:63)\\n\\tat org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:104)\\n\\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\\n\\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\\n\\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\\n\\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\\n\\tat org.apache.activemq.console.Main.runTaskClass(Main.java:262)\\n\\tat org.apache.activemq.console.Main.main(Main.java:115)\\nCaused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Multiple 'property' definitions for property 'host'\\nOffending resource: class path resource [jetty.xml]\\nBean 'jettyPort'\\n\\t-\u003e Property 'host'\\n\\tat org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:118)\\n\\tat org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:110)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error(BeanDefinitionParserDelegate.java:301)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parsePropertyElement(BeanDefinitionParserDelegate.java:897)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parsePropertyElements(BeanDefinitionParserDelegate.java:761)\\n\\tat org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseBeanDefinitionElement(BeanDefinitionParserDelegate.java:546)\\n\\t... 46 more", diff --git a/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 6c020afc407..fe24f752b19 100644 --- a/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -46,7 +46,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.7.0 + value: 8.5.1 ignore_empty_value: true ignore_failure: true - script: diff --git a/packages/activemq/data_stream/log/sample_event.json b/packages/activemq/data_stream/log/sample_event.json index 7bba428d1f5..c40d3831ef6 100644 --- a/packages/activemq/data_stream/log/sample_event.json +++ b/packages/activemq/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml index ada9911fe11..fa105e90c9d 100644 --- a/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/queue/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ queue metrics. processors: - set: field: ecs.version - value: 8.7.0 + value: 8.5.1 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/queue/sample_event.json b/packages/activemq/data_stream/queue/sample_event.json index d5c95756f1c..43108185247 100644 --- a/packages/activemq/data_stream/queue/sample_event.json +++ b/packages/activemq/data_stream/queue/sample_event.json @@ -56,7 +56,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml b/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml index 2e8ca78db3c..2df4b3781df 100644 --- a/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml +++ b/packages/activemq/data_stream/topic/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing ActiveMQ topic metrics. processors: - set: field: ecs.version - value: 8.7.0 + value: 8.5.1 - set: field: event.category value: [web] diff --git a/packages/activemq/data_stream/topic/sample_event.json b/packages/activemq/data_stream/topic/sample_event.json index 6b3ef8ed2ab..6a58f772182 100644 --- a/packages/activemq/data_stream/topic/sample_event.json +++ b/packages/activemq/data_stream/topic/sample_event.json @@ -55,7 +55,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/docs/README.md b/packages/activemq/docs/README.md index b79286c6454..251daa33ee2 100644 --- a/packages/activemq/docs/README.md +++ b/packages/activemq/docs/README.md @@ -37,7 +37,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -128,7 +128,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -282,7 +282,7 @@ An example event for `broker` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -438,7 +438,7 @@ An example event for `queue` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", @@ -597,7 +597,7 @@ An example event for `topic` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 8bed0993935..2f0ac9466e0 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: "0.8.0" +version: 0.7.0 description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration icons: diff --git a/packages/airflow/_dev/build/build.yml b/packages/airflow/_dev/build/build.yml index 9da3f46d46b..aaafc5d833b 100644 --- a/packages/airflow/_dev/build/build.yml +++ b/packages/airflow/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.7 + reference: git@v8.5.1 diff --git a/packages/airflow/changelog.yml b/packages/airflow/changelog.yml index 43681800721..0ad22ea9e6c 100644 --- a/packages/airflow/changelog.yml +++ b/packages/airflow/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "0.1.0" - changes: - - description: Update package to ECS 8.7.0. - type: enhancement - link: https://github.com/elastic/integrations/pull/5765 - version: 0.0.3 changes: - description: Added categories and/or subcategories. diff --git a/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml b/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml index 735ecbb522d..ae7ab121b91 100644 --- a/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/airflow/data_stream/statsd/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing airflow data processors: - set: field: ecs.version - value: "8.7.0" + value: "8.5.1" - rename: field: statsd target_field: airflow diff --git a/packages/airflow/manifest.yml b/packages/airflow/manifest.yml index f5df5d21ded..1690f118928 100644 --- a/packages/airflow/manifest.yml +++ b/packages/airflow/manifest.yml @@ -1,6 +1,6 @@ name: airflow title: Airflow -version: "0.1.0" +version: 0.0.3 description: Airflow Integration. type: integration format_version: 1.0.0 diff --git a/packages/apache/_dev/build/build.yml b/packages/apache/_dev/build/build.yml index 9da3f46d46b..aaafc5d833b 100644 --- a/packages/apache/_dev/build/build.yml +++ b/packages/apache/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.7 + reference: git@v8.5.1 diff --git a/packages/apache/changelog.yml b/packages/apache/changelog.yml index 68a6e76469d..02c4743b6a2 100644 --- a/packages/apache/changelog.yml +++ b/packages/apache/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "1.9.0" - changes: - - description: Update package to ECS 8.7.0. - type: enhancement - link: https://github.com/elastic/integrations/pull/5765 - version: "1.8.2" changes: - description: Fix a bug that may blank three visualizations diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json index 002f37aa454..539f364378f 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-basic.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901813834Z", + "ingested": "2022-12-08T15:09:52.409634501Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209", "outcome": "failure" @@ -58,12 +58,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901823209Z", + "ingested": "2022-12-08T15:09:52.409644668Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -119,12 +119,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901824084Z", + "ingested": "2022-12-08T15:09:52.409645876Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -", "outcome": "failure" @@ -155,12 +155,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901824709Z", + "ingested": "2022-12-08T15:09:52.409646876Z", "kind": "event", "original": "172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "failure" @@ -216,12 +216,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901825209Z", + "ingested": "2022-12-08T15:09:52.409647793Z", "kind": "event", "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /status HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"", "outcome": "success" @@ -277,12 +277,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901825709Z", + "ingested": "2022-12-08T15:09:52.409648793Z", "kind": "event", "original": "127.0.0.1 - - [02/Feb/2019:05:38:45 +0100] \"-\" 408 152 \"-\" \"-\"", "outcome": "failure" @@ -326,12 +326,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901826209Z", + "ingested": "2022-12-08T15:09:52.409649793Z", "kind": "event", "original": "monitoring-server - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"-\"", "outcome": "success" @@ -393,12 +393,12 @@ "ip": "10.0.0.2" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901826667Z", + "ingested": "2022-12-08T15:09:52.409650668Z", "kind": "event", "original": "89.160.20.112 - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"10.0.0.2,10.0.0.1\"", "outcome": "success" @@ -481,12 +481,12 @@ "ip": "10.225.192.17" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901827209Z", + "ingested": "2022-12-08T15:09:52.409651543Z", "kind": "event", "original": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 - - [29/May/2017:19:02:48 +0000] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" X-Forwarded-For=\"10.225.192.17, 10.2.2.121\"", "outcome": "success" @@ -559,12 +559,12 @@ "ip": "192.168.0.2" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.901827709Z", + "ingested": "2022-12-08T15:09:52.409652876Z", "kind": "event", "original": "monitoring-server - - [17/May/2022:21:41:43 +0000] \"GET / HTTP/1.1\" 200 45 \"-\" \"curl/7.79.1\" X-Forwarded-For=\"192.168.0.2\"", "outcome": "success" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json index cd67380e90a..04feb1dc8ae 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-darwin.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977815251Z", + "ingested": "2022-12-08T15:09:52.483539043Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:28 +0200] \"GET / HTTP/1.1\" 200 45", "outcome": "success" @@ -57,12 +57,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977824084Z", + "ingested": "2022-12-08T15:09:52.483550209Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:29 +0200] \"GET /favicon.ico HTTP/1.1\" 404 209", "outcome": "failure" @@ -105,12 +105,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977824751Z", + "ingested": "2022-12-08T15:09:52.483551501Z", "kind": "event", "original": "::1 - - [26/Dec/2016:16:16:48 +0200] \"-\" 408 -", "outcome": "failure" @@ -141,12 +141,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977825292Z", + "ingested": "2022-12-08T15:09:52.483552501Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:35 +0200] \"GET / HTTP/1.1\" 200 45", "outcome": "success" @@ -206,12 +206,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977825834Z", + "ingested": "2022-12-08T15:09:52.483553418Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:41 +0200] \"GET /notfound HTTP/1.1\" 404 206", "outcome": "failure" @@ -271,12 +271,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:53.977826376Z", + "ingested": "2022-12-08T15:09:52.483554501Z", "kind": "event", "original": "89.160.20.156 - - [26/Dec/2016:18:23:45 +0200] \"GET /hmm HTTP/1.1\" 404 201", "outcome": "failure" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json index 4887e5a3135..6c618cc5793 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ssl-request.log-expected.json @@ -14,12 +14,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.027841292Z", + "ingested": "2022-12-08T15:09:52.533303168Z", "kind": "event", "original": "[10/Aug/2018:09:45:56 +0200] 172.30.0.119 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 \"GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax\u0026amp;opts=%7B%22func%22%3A%22get_admin_tasks_html%22%2C%22args%22%3A%22%22%7D\u0026amp;nsp=b5c7d5d4b6f7d0cf0c92f9cbdf737f6a5c838218425e6ae21 HTTP/1.1\" 1375" }, @@ -67,12 +67,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.027853084Z", + "ingested": "2022-12-08T15:09:52.533318376Z", "kind": "event", "original": "[16/Oct/2019:11:53:47 +0200] 89.160.20.156 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 \"GET /appl/ajaxhelper.php?cmd=getxicoreajax\u0026opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D\u0026nsp=c2700eab9797eda8a9f65a3ab17a6adbceccd60a6cca7708650a5923950d HTTP/1.1\" -" }, diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json index 4a9b642b3b5..50a75ea6b31 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-ubuntu.log-expected.json @@ -10,12 +10,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074516501Z", + "ingested": "2022-12-08T15:09:52.577647543Z", "kind": "event", "original": "127.0.0.1 - - [26/Dec/2016:16:18:09 +0000] \"GET / HTTP/1.1\" 200 491 \"-\" \"Wget/1.13.4 (linux-gnu)\"", "outcome": "success" @@ -69,12 +69,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074527792Z", + "ingested": "2022-12-08T15:09:52.577659626Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] \"GET / HTTP/1.1\" 200 484 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "success" @@ -130,12 +130,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074528584Z", + "ingested": "2022-12-08T15:09:52.577660959Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:00 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"http://192.168.33.72/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"", "outcome": "failure" @@ -192,12 +192,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074529251Z", + "ingested": "2022-12-08T15:09:52.577662126Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET / HTTP/1.1\" 200 484 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "success" @@ -253,12 +253,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074529751Z", + "ingested": "2022-12-08T15:09:52.577663126Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -315,12 +315,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074530334Z", + "ingested": "2022-12-08T15:09:52.577664043Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:08 +0000] \"GET /favicon.ico HTTP/1.1\" 404 504 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -377,12 +377,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074530959Z", + "ingested": "2022-12-08T15:09:52.577664918Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:10 +0000] \"GET /test HTTP/1.1\" 404 498 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -438,12 +438,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074531417Z", + "ingested": "2022-12-08T15:09:52.577665918Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" @@ -499,12 +499,12 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.074531876Z", + "ingested": "2022-12-08T15:09:52.577666793Z", "kind": "event", "original": "192.168.33.1 - - [26/Dec/2016:16:22:17 +0000] \"GET /crap HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" diff --git a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json index 4a8d2da537a..84b329493a6 100644 --- a/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json +++ b/packages/apache/data_stream/access/_dev/test/pipeline/test-access-vhost.log-expected.json @@ -13,12 +13,12 @@ "domain": "vhost1.domaine.fr" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", "created": "2020-04-28T11:07:58.223Z", - "ingested": "2023-03-31T13:41:54.135480667Z", + "ingested": "2022-12-08T15:09:52.634020126Z", "kind": "event", "original": "vhost1.domaine.fr 192.168.33.2 - - [26/Dec/2016:16:22:14 +0000] \"GET /hello HTTP/1.1\" 404 499 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0\"", "outcome": "failure" diff --git a/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml index 2ed914ade04..574d5cbdbff 100644 --- a/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: message target_field: event.original diff --git a/packages/apache/data_stream/access/sample_event.json b/packages/apache/data_stream/access/sample_event.json index 43fe577c7dc..24a799813f9 100644 --- a/packages/apache/data_stream/access/sample_event.json +++ b/packages/apache/data_stream/access/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json index 7bfd8808839..ed45807b94b 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-basic.log-expected.json @@ -6,11 +6,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.343342751Z", + "ingested": "2022-12-08T15:09:52.825498793Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -39,11 +39,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.343353001Z", + "ingested": "2022-12-08T15:09:52.825508126Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", "timezone": "GMT+2", @@ -68,11 +68,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.343353959Z", + "ingested": "2022-12-08T15:09:52.825509418Z", "kind": "event", "original": "[Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416] [client 89.160.20.156] File does not exist: /usr/local/apache2/htdocs/favicon.ico", "timezone": "GMT+2", @@ -125,11 +125,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.343354709Z", + "ingested": "2022-12-08T15:09:52.825510418Z", "kind": "event", "original": "[Thu Jun 27 06:58:09.169510 2019] [include:warn] [pid 15934] [client 89.160.20.156:12345] AH01374: mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed: /test.html", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json index 1c0b41c17b0..8a83ef808e7 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-darwin.log-expected.json @@ -8,11 +8,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.389050626Z", + "ingested": "2022-12-08T15:09:52.868538751Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103522 2016] [mpm_prefork:notice] [pid 11379] AH00163: Apache/2.4.23 (Unix) configured -- resuming normal operations", "timezone": "GMT+2", @@ -37,11 +37,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.389061376Z", + "ingested": "2022-12-08T15:09:52.868553459Z", "kind": "event", "original": "[Mon Dec 26 16:15:55.103786 2016] [core:notice] [pid 11379] AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json index cbb582fa19f..05034d75a48 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-trace.log-expected.json @@ -8,11 +8,11 @@ } }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.429940209Z", + "ingested": "2022-12-08T15:09:52.909886710Z", "kind": "event", "original": "[Wed Oct 20 19:20:59.121211 2021] [rewrite:trace3] [pid 121591:tid 140413273032448] mod_rewrite.c(470): [client 10.121.192.8:38350] 10.121.192.8 - - [dev.elastic.co/sid#55a374e851c8][rid#7fb438083ac0/initial] applying pattern '^/import/?(.*)$' to uri '/'", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json index 7ba26fb8047..904ed8dff95 100644 --- a/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json +++ b/packages/apache/data_stream/error/_dev/test/pipeline/test-error-ubuntu.log-expected.json @@ -6,11 +6,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468103001Z", + "ingested": "2022-12-08T15:09:52.947748626Z", "kind": "event", "original": "[Mon Dec 26 16:17:53 2016] [notice] Apache/2.2.22 (Ubuntu) configured -- resuming normal operations", "timezone": "GMT+2", @@ -30,11 +30,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468113126Z", + "ingested": "2022-12-08T15:09:52.947760501Z", "kind": "event", "original": "[Mon Dec 26 16:22:00 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico, referer: http://192.168.33.72/", "timezone": "GMT+2", @@ -66,11 +66,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468113834Z", + "ingested": "2022-12-08T15:09:52.947761668Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -97,11 +97,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468114584Z", + "ingested": "2022-12-08T15:09:52.947762626Z", "kind": "event", "original": "[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico", "timezone": "GMT+2", @@ -128,11 +128,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468115084Z", + "ingested": "2022-12-08T15:09:52.947763501Z", "kind": "event", "original": "[Mon Dec 26 16:22:10 2016] [error] [client 192.168.33.1] File does not exist: /var/www/test", "timezone": "GMT+2", @@ -159,11 +159,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468115501Z", + "ingested": "2022-12-08T15:09:52.947764335Z", "kind": "event", "original": "[Mon Dec 26 16:22:13 2016] [error] [client 192.168.33.1] File does not exist: /var/www/hello", "timezone": "GMT+2", @@ -190,11 +190,11 @@ "error": {} }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "event": { "category": "web", - "ingested": "2023-03-31T13:41:54.468116001Z", + "ingested": "2022-12-08T15:09:52.947765251Z", "kind": "event", "original": "[Mon Dec 26 16:22:17 2016] [error] [client 192.168.33.1] File does not exist: /var/www/crap", "timezone": "GMT+2", diff --git a/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml b/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml index dff5df6c0b6..1b9a29043f1 100644 --- a/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache/data_stream/error/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: message target_field: event.original diff --git a/packages/apache/data_stream/error/sample_event.json b/packages/apache/data_stream/error/sample_event.json index b89ea72734f..8d23ed3e8b6 100644 --- a/packages/apache/data_stream/error/sample_event.json +++ b/packages/apache/data_stream/error/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "46343e0c-0d8c-464b-a216-cacf63027d6f", diff --git a/packages/apache/manifest.yml b/packages/apache/manifest.yml index 0cd03d5a9e2..05bfa417c3c 100644 --- a/packages/apache/manifest.yml +++ b/packages/apache/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache title: Apache HTTP Server -version: "1.9.0" +version: 1.8.2 license: basic source: license: Elastic-2.0 diff --git a/packages/apache_spark/_dev/build/build.yml b/packages/apache_spark/_dev/build/build.yml index 9da3f46d46b..aaafc5d833b 100644 --- a/packages/apache_spark/_dev/build/build.yml +++ b/packages/apache_spark/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.7 + reference: git@v8.5.1 diff --git a/packages/apache_spark/changelog.yml b/packages/apache_spark/changelog.yml index 74c436e45d5..a1e42ed8f82 100644 --- a/packages/apache_spark/changelog.yml +++ b/packages/apache_spark/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "0.6.0" - changes: - - description: Update package to ECS 8.7.0. - type: enhancement - link: https://github.com/elastic/integrations/pull/5765 - version: "0.5.0" changes: - description: Migrate visualizations to lens. diff --git a/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml index bef155ce37f..2f42c89896f 100644 --- a/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark application metrics. processors: - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/application/sample_event.json b/packages/apache_spark/data_stream/application/sample_event.json index 6022b1151b6..8e3492844a1 100644 --- a/packages/apache_spark/data_stream/application/sample_event.json +++ b/packages/apache_spark/data_stream/application/sample_event.json @@ -21,7 +21,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "e7990c69-6909-48d1-be06-89dbe36d302c", diff --git a/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml index 17487d2f742..076508d6b8e 100644 --- a/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark driver metrics. processors: - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/driver/sample_event.json b/packages/apache_spark/data_stream/driver/sample_event.json index 58ded6486a5..4dbb1ff92d0 100644 --- a/packages/apache_spark/data_stream/driver/sample_event.json +++ b/packages/apache_spark/data_stream/driver/sample_event.json @@ -25,7 +25,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", diff --git a/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml index 75f1390dd52..47cb26d9056 100644 --- a/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark executor metrics. processors: - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/executor/sample_event.json b/packages/apache_spark/data_stream/executor/sample_event.json index 6bb177a1960..9044b9b7476 100644 --- a/packages/apache_spark/data_stream/executor/sample_event.json +++ b/packages/apache_spark/data_stream/executor/sample_event.json @@ -24,7 +24,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", diff --git a/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml index 7970ad280f5..b2a7cf86a9e 100644 --- a/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_spark/data_stream/node/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Apache Spark node metrics. processors: - set: field: ecs.version - value: '8.7.0' + value: '8.5.1' - rename: field: jolokia.metrics target_field: apache_spark diff --git a/packages/apache_spark/data_stream/node/sample_event.json b/packages/apache_spark/data_stream/node/sample_event.json index e34456c15d2..f3cc37d90e6 100644 --- a/packages/apache_spark/data_stream/node/sample_event.json +++ b/packages/apache_spark/data_stream/node/sample_event.json @@ -27,7 +27,7 @@ "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "f051059f-86be-46d5-896d-ff1b2cdab179", diff --git a/packages/apache_spark/docs/README.md b/packages/apache_spark/docs/README.md index 69e8de4e897..35b69abb1de 100644 --- a/packages/apache_spark/docs/README.md +++ b/packages/apache_spark/docs/README.md @@ -95,7 +95,7 @@ An example event for `application` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "e7990c69-6909-48d1-be06-89dbe36d302c", @@ -197,7 +197,7 @@ An example event for `driver` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", @@ -365,7 +365,7 @@ An example event for `executor` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", @@ -534,7 +534,7 @@ An example event for `node` looks as following: "type": "metrics" }, "ecs": { - "version": "8.7.0" + "version": "8.5.1" }, "elastic_agent": { "id": "f051059f-86be-46d5-896d-ff1b2cdab179", diff --git a/packages/apache_spark/manifest.yml b/packages/apache_spark/manifest.yml index ea770c8324e..ab9d981c59a 100644 --- a/packages/apache_spark/manifest.yml +++ b/packages/apache_spark/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache_spark title: Apache Spark -version: "0.6.0" +version: 0.5.0 license: basic description: Collect metrics from Apache Spark with Elastic Agent. type: integration From 84210cbfc7e4eb8ecb5ce1ef58f488e264f379e5 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Wed, 5 Apr 2023 12:29:59 +0530 Subject: [PATCH 136/137] updated version in cisco_umbrella --- packages/cisco_umbrella/changelog.yml | 2 +- packages/cisco_umbrella/manifest.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index ea7cdb8076b..6686cde8e9b 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,5 +1,5 @@ # newer versions go on top -- version: "2.0.0" +- version: "1.10.0" changes: - description: Update package to ECS 8.7.0. type: enhancement diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index b67da85ca27..b403bfa2fdc 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: "2.0.0" +version: "1.10.0" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration From b993128e93209832e2f428ea7bfc3dd8dbf43dc0 Mon Sep 17 00:00:00 2001 From: Shourie Ganguly Date: Wed, 5 Apr 2023 16:03:03 +0530 Subject: [PATCH 137/137] updated cisco_umbrella and zeek package --- .../test-umbrella-auditlogs.log-expected.json | 4 +- ...brella-cloudfirewalllogs.log-expected.json | 2 +- .../test-umbrella-dlplogs.log-expected.json | 2 +- .../test-umbrella-dnslogs.log-expected.json | 12 +- ...t-umbrella-intrusionlogs.log-expected.json | 2 +- .../test-umbrella-proxylogs.log-expected.json | 2 +- ...-7cbb5410-3700-11e9-aa6d-ff445a78330c.json | 1324 ++++++++--------- 7 files changed, 674 insertions(+), 674 deletions(-) diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json index 6293c44eeee..cdfa4b0f2e2 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "create", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "delete", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index f02d8598a97..8db69f6c7a5 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -194,7 +194,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "fw-connection-ALLOW", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dlplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dlplogs.log-expected.json index 275147e990f..9784f36d618 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dlplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dlplogs.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dlp-BLOCK", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index aaa1a1c1362..f96d287f630 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -296,7 +296,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", @@ -380,7 +380,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", @@ -468,7 +468,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", @@ -552,7 +552,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", @@ -638,7 +638,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Blocked", @@ -716,7 +716,7 @@ "type": "query" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-intrusionlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-intrusionlogs.log-expected.json index 53eaeb87149..cd2a5d82daf 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-intrusionlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-intrusionlogs.log-expected.json @@ -37,7 +37,7 @@ "port": 443 }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "ips-Would-Block", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index cf74b1721e7..d89da39b325 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -1408,7 +1408,7 @@ "ip": "67.43.156.204" }, "ecs": { - "version": "8.6.0" + "version": "8.7.0" }, "event": { "action": "proxy-request-GET", diff --git a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json index b9f4f707146..d90574a1283 100644 --- a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json +++ b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json @@ -1,690 +1,690 @@ { - "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-11-23T07:48:08.211Z", - "version": "WzU4MywxXQ==", - "attributes": { - "description": "Overview of Zeek", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Network Transport [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { + "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T07:48:08.211Z", + "version": "WzU4MywxXQ==", + "attributes": { + "description": "Overview of Zeek", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + "language": "kuery", + "query": "" } - } } - } }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 20 + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true }, - "panelIndex": "2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Network Protocols [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Protocols [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - } - } - }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Network Traffic Direction [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Traffic Direction [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.direction", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - } - } - }, - "gridData": { - "h": 12, - "i": "4", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "4", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top DNS Domains [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top DNS Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.dns.query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.dns.query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - } - } - }, - "gridData": { - "h": 12, - "i": "5", - "w": 16, - "x": 0, - "y": 32 - }, - "panelIndex": "5", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top URL Domains [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "buckets": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - } - ], - "metric": { - "accessor": 1, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top URL Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - } - } - }, - "gridData": { - "h": 12, - "i": "6", - "w": 16, - "x": 16, - "y": 32 - }, - "panelIndex": "6", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Top SSL Servers [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" + "gridData": { + "h": 12, + "i": "6", + "w": 16, + "x": 16, + "y": 32 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" }, - "type": "pie", - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top SSL Servers [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.ssl.server.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.ssl.server.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "searchSource": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Number of Sessions Overtime [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 44 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Geo [Logs Zeek]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 3.3505, + "lon": 10.89865, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } - } } - } + ], + "timeRestore": false, + "title": "[Logs Zeek] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", + "type": "index-pattern" }, - "gridData": { - "h": 12, - "i": "7", - "w": 16, - "x": 32, - "y": 32 + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "7", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "title": "Number of Sessions Overtime [Logs Zeek]", - "description": "", - "uiState": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "type": "metrics", - "data": { - "aggs": [], - "searchSource": {} - } - } + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "gridData": { - "h": 12, - "i": "8", - "w": 48, - "x": 0, - "y": 44 + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "8", - "type": "visualization", - "version": "8.0.0" - }, - { - "version": "8.1.0", - "type": "map", - "gridData": { - "h": 20, - "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "w": 48, - "x": 0, - "y": 0 + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Geo [Logs Zeek]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 3.3505, - "lon": 10.89865, - "zoom": 1.78 - }, - "openTOCDetails": [], - "type": "map" + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" } - } ], - "timeRestore": false, - "title": "[Logs Zeek] Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "type": "index-pattern", - "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - }, - { - "type": "index-pattern", - "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.1.0" }, - { - "type": "index-pattern", - "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.1.0" - }, - "coreMigrationVersion": "8.1.0" + "coreMigrationVersion": "8.1.0" } \ No newline at end of file