[8.0] [RAC,Security Solution]Update alerts mappings to ECS 1.12 (#118812)#119874
Merged
rylnd merged 1 commit intoelastic:8.0from Nov 29, 2021
Merged
[8.0] [RAC,Security Solution]Update alerts mappings to ECS 1.12 (#118812)#119874rylnd merged 1 commit intoelastic:8.0from
rylnd merged 1 commit intoelastic:8.0from
Conversation
…8812) * Update output directory for generative script These files were moved in elastic#98935 but the script has become out of date. * Update ECS fieldmap with ECS 1.12 This fieldmap was missing fields from ECS 1.11+. Notable ommissions were the threat.indicator and threat.enrichments fieldsets. * Remove non-additive mappings changes These are incompatible with the current alerts framework. * Add only necessary threat fields for CTI features This could probably be pared down further, as most of these fields are not critical for CTI features. Additionally, these additions now exceed the limit of 1000 fields and is causing an error in the ruleRegistry bootstrapping. * Remove file.pe threat fields * Remove geo threat indicator fields * Remove all threat.indicator mappings These are not relevant for alerts, which will only have enrichments. * increments index mappings total fields limit to 1200 Co-authored-by: Ece Ozalp <ozale272@newschool.edu> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Build Succeeded
Metrics [docs]Async chunks
To update your PR or re-run it, just comment with: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports the following commits to 8.0: