diff --git a/packages/cloud_security_posture/_dev/build/build.yml b/packages/cloud_security_posture/_dev/build/build.yml index 4ed337a4188..fcd61c363f1 100644 --- a/packages/cloud_security_posture/_dev/build/build.yml +++ b/packages/cloud_security_posture/_dev/build/build.yml @@ -1,3 +1,4 @@ dependencies: ecs: reference: git@v8.6.0 + import_mappings: true diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml index af6c19fca1d..56895d6728b 100644 --- a/packages/cloud_security_posture/changelog.yml +++ b/packages/cloud_security_posture/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.12" + changes: + - description: Enable auto import for ecs fields + type: enhancement + link: https://github.com/elastic/integrations/pull/6239 - version: "1.4.0-preview2" changes: - description: Populate new CloudFormation param ElasticArtifactServer diff --git a/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml b/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml deleted file mode 100644 index 643941576f3..00000000000 --- a/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml +++ /dev/null @@ -1,128 +0,0 @@ -- name: agent.ephemeral_id - external: ecs -- name: agent.id - external: ecs -- name: agent.name - external: ecs -- name: agent.type - external: ecs -- name: agent.version - external: ecs -- name: ecs.version - external: ecs -- name: event.agent_id_status - external: ecs -- name: event.ingested - external: ecs -- name: file.accessed - external: ecs -- name: file.ctime - external: ecs -- name: file.directory - external: ecs -- name: file.extension - external: ecs -- name: file.gid - external: ecs -- name: file.group - external: ecs -- name: file.inode - external: ecs -- name: file.mode - external: ecs -- name: file.mtime - external: ecs -- name: file.name - external: ecs -- name: file.owner - external: ecs -- name: file.path - external: ecs -- name: file.size - external: ecs -- name: file.type - external: ecs -- name: file.uid - external: ecs -- name: host.architecture - external: ecs -- name: host.hostname - external: ecs -- name: host.ip - external: ecs -- name: host.mac - external: ecs -- name: host.name - external: ecs -- name: host.os.family - external: ecs -- name: host.os.full - external: ecs -- name: host.os.kernel - external: ecs -- name: host.os.name - external: ecs -- name: host.os.platform - external: ecs -- name: host.os.type - external: ecs -- name: host.os.version - external: ecs -- name: message - external: ecs -- name: process.args - external: ecs -- name: process.args_count - external: ecs -- name: process.command_line - external: ecs -- name: process.name - external: ecs -- name: process.parent.pid - external: ecs -- name: process.parent.start - external: ecs -- name: process.pgid - external: ecs -- name: process.pid - external: ecs -- name: process.start - external: ecs -- name: process.title - external: ecs -- name: process.uptime - external: ecs -- name: rule.description - external: ecs -- name: rule.id - external: ecs -- name: rule.name - external: ecs -- name: rule.version - external: ecs -- name: event.category - external: ecs -- name: event.created - external: ecs -- name: event.id - external: ecs -- name: event.kind - external: ecs -- name: event.sequence - external: ecs -- name: event.outcome - external: ecs -- name: event.type - external: ecs -- name: orchestrator.cluster.id - external: ecs -- name: orchestrator.cluster.name - external: ecs -- name: cloud.account.id - external: ecs -- name: cloud.account.name - external: ecs -- name: cloud.provider - external: ecs -- name: cloud.region - external: ecs diff --git a/packages/cloud_security_posture/data_stream/findings/manifest.yml b/packages/cloud_security_posture/data_stream/findings/manifest.yml index b780c587ca1..ce37175ec55 100644 --- a/packages/cloud_security_posture/data_stream/findings/manifest.yml +++ b/packages/cloud_security_posture/data_stream/findings/manifest.yml @@ -5,7 +5,7 @@ ilm_policy: logs-cloud_security_posture.findings-default_policy elasticsearch: index_template: mappings: - dynamic: false + dynamic: true # IMPORTANT: set all streams as disabled by default streams: - input: cloudbeat/cis_k8s diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml deleted file mode 100644 index a58b8a3064a..00000000000 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml +++ /dev/null @@ -1,94 +0,0 @@ -- name: agent.ephemeral_id - external: ecs -- name: agent.id - external: ecs -- name: agent.name - external: ecs -- name: agent.type - external: ecs -- name: agent.version - external: ecs -- name: ecs.version - external: ecs -- name: event.agent_id_status - external: ecs -- name: event.ingested - external: ecs -- name: host.architecture - external: ecs -- name: host.hostname - external: ecs -- name: host.ip - external: ecs -- name: host.mac - external: ecs -- name: host.name - external: ecs -- name: host.os.family - external: ecs -- name: host.os.full - external: ecs -- name: host.os.kernel - external: ecs -- name: host.os.name - external: ecs -- name: host.os.platform - external: ecs -- name: host.os.type - external: ecs -- name: host.os.version - external: ecs -- name: message - external: ecs -- name: vulnerability.category - external: ecs -- name: vulnerability.classification - external: ecs -- name: vulnerability.description - external: ecs -- name: vulnerability.enumeration - external: ecs -- name: vulnerability.id - external: ecs -- name: vulnerability.reference - external: ecs -- name: vulnerability.report_id - external: ecs -- name: vulnerability.scanner.vendor - external: ecs -- name: vulnerability.score.base - external: ecs -- name: vulnerability.score.version - external: ecs -- name: vulnerability.severity - external: ecs -- name: event.category - external: ecs -- name: event.created - external: ecs -- name: event.id - external: ecs -- name: event.kind - external: ecs -- name: event.sequence - external: ecs -- name: event.outcome - external: ecs -- name: event.type - external: ecs -- name: cloud.account.id - external: ecs -- name: cloud.account.name - external: ecs -- name: cloud.provider - external: ecs -- name: cloud.region - external: ecs -- name: package.name - external: ecs -- name: package.type - external: ecs -- name: package.path - external: ecs -- name: package.version - external: ecs diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/manifest.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/manifest.yml index 1ad8cd7b51e..a9c28a9ce6a 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/manifest.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/manifest.yml @@ -4,7 +4,7 @@ dataset: cloud_security_posture.vulnerabilities elasticsearch: index_template: mappings: - dynamic: false + dynamic: true # IMPORTANT: set all streams as disabled by default streams: - input: cloudbeat/vuln_mgmt_aws diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml index 6f4303f9e12..6657ff0941f 100644 --- a/packages/cloud_security_posture/manifest.yml +++ b/packages/cloud_security_posture/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: cloud_security_posture title: "Security Posture Management" -version: "1.4.0-preview2" +version: "1.2.12" source: license: "Elastic-2.0" description: "Identify & remediate configuration risks in your Cloud infrastructure"