diff --git a/package.json b/package.json index 4899afb66cee7..787b352327ebb 100644 --- a/package.json +++ b/package.json @@ -129,7 +129,7 @@ "@elastic/charts": "71.1.2", "@elastic/datemath": "5.0.3", "@elastic/ebt": "1.4.1", - "@elastic/ecs": "9.2.0", + "@elastic/ecs": "9.3.0", "@elastic/elasticsearch": "9.3.2", "@elastic/ems-client": "8.6.3", "@elastic/eui": "113.0.0", @@ -1220,7 +1220,7 @@ "@langchain/langgraph": "0.4.9", "@langchain/langgraph-checkpoint": "0.1.1", "@langchain/openai": "0.6.14", - "@launchdarkly/node-server-sdk": "9.10.6", + "@launchdarkly/node-server-sdk": "9.10.5", "@launchdarkly/openfeature-node-server": "1.1.0", "@loaders.gl/core": "3.4.7", "@loaders.gl/json": "3.4.7", @@ -2056,7 +2056,7 @@ "mochawesome-merge": "4.3.0", "mock-fs": "5.1.2", "ms-chromium-edge-driver": "0.5.1", - "msw": "2.12.9", + "msw": "2.12.8", "mutation-observer": "1.0.3", "nock": "12.0.3", "node-stdlib-browser": "1.3.1", diff --git a/src/core/packages/logging/server-internal/src/__snapshots__/logging_system.test.ts.snap b/src/core/packages/logging/server-internal/src/__snapshots__/logging_system.test.ts.snap index 74e0bbf7b1730..1efda845b2277 100644 --- a/src/core/packages/logging/server-internal/src/__snapshots__/logging_system.test.ts.snap +++ b/src/core/packages/logging/server-internal/src/__snapshots__/logging_system.test.ts.snap @@ -16,7 +16,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 1`] = ` Object { "@timestamp": "2012-01-30T22:33:22.011-05:00", "ecs": Object { - "version": "9.3.0-dev", + "version": "9.3.0", }, "log": Object { "level": "TRACE", @@ -34,7 +34,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 2`] = ` Object { "@timestamp": "2012-01-30T17:33:22.011-05:00", "ecs": Object { - "version": "9.3.0-dev", + "version": "9.3.0", }, "log": Object { "level": "INFO", @@ -53,7 +53,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 3`] = ` Object { "@timestamp": "2012-01-30T12:33:22.011-05:00", "ecs": Object { - "version": "9.3.0-dev", + "version": "9.3.0", }, "log": Object { "level": "FATAL", @@ -71,7 +71,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is Object { "@timestamp": "2012-02-01T09:33:22.011-05:00", "ecs": Object { - "version": "9.3.0-dev", + "version": "9.3.0", }, "log": Object { "level": "INFO", @@ -90,7 +90,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is Object { "@timestamp": "2012-01-31T23:33:22.011-05:00", "ecs": Object { - "version": "9.3.0-dev", + "version": "9.3.0", }, "log": Object { "level": "INFO", diff --git a/src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/generated/ecs_schema.ts b/src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/generated/ecs_schema.ts index bc1424904dc5d..5ddf9a041db07 100644 --- a/src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/generated/ecs_schema.ts +++ b/src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/generated/ecs_schema.ts @@ -318,6 +318,32 @@ const EcsOptional = rt.partial({ 'email.subject': schemaString, 'email.to.address': schemaStringArray, 'email.x_mailer': schemaString, + 'entity.attributes': schemaUnknown, + 'entity.behavior': schemaUnknown, + 'entity.display_name': schemaString, + 'entity.id': schemaString, + 'entity.last_seen_timestamp': schemaDate, + 'entity.lifecycle': schemaUnknown, + 'entity.metrics': schemaUnknown, + 'entity.name': schemaString, + 'entity.raw': schemaUnknown, + 'entity.reference': schemaString, + 'entity.source': schemaString, + 'entity.sub_type': schemaString, + 'entity.target.attributes': schemaUnknown, + 'entity.target.behavior': schemaUnknown, + 'entity.target.display_name': schemaString, + 'entity.target.id': schemaString, + 'entity.target.last_seen_timestamp': schemaDate, + 'entity.target.lifecycle': schemaUnknown, + 'entity.target.metrics': schemaUnknown, + 'entity.target.name': schemaString, + 'entity.target.raw': schemaUnknown, + 'entity.target.reference': schemaString, + 'entity.target.source': schemaString, + 'entity.target.sub_type': schemaString, + 'entity.target.type': schemaStringArray, + 'entity.type': schemaStringArray, 'error.code': schemaString, 'error.id': schemaString, 'error.message': schemaString, @@ -544,6 +570,61 @@ const EcsOptional = rt.partial({ 'host.risk.static_level': schemaString, 'host.risk.static_score': schemaNumber, 'host.risk.static_score_norm': schemaNumber, + 'host.target.architecture': schemaString, + 'host.target.boot.id': schemaString, + 'host.target.cpu.usage': schemaStringOrNumber, + 'host.target.disk.read.bytes': schemaStringOrNumber, + 'host.target.disk.write.bytes': schemaStringOrNumber, + 'host.target.domain': schemaString, + 'host.target.entity.attributes': schemaUnknown, + 'host.target.entity.behavior': schemaUnknown, + 'host.target.entity.display_name': schemaString, + 'host.target.entity.id': schemaString, + 'host.target.entity.last_seen_timestamp': schemaDate, + 'host.target.entity.lifecycle': schemaUnknown, + 'host.target.entity.metrics': schemaUnknown, + 'host.target.entity.name': schemaString, + 'host.target.entity.raw': schemaUnknown, + 'host.target.entity.reference': schemaString, + 'host.target.entity.source': schemaString, + 'host.target.entity.sub_type': schemaString, + 'host.target.entity.type': schemaStringArray, + 'host.target.geo.city_name': schemaString, + 'host.target.geo.continent_code': schemaString, + 'host.target.geo.continent_name': schemaString, + 'host.target.geo.country_iso_code': schemaString, + 'host.target.geo.country_name': schemaString, + 'host.target.geo.location': schemaGeoPoint, + 'host.target.geo.name': schemaString, + 'host.target.geo.postal_code': schemaString, + 'host.target.geo.region_iso_code': schemaString, + 'host.target.geo.region_name': schemaString, + 'host.target.geo.timezone': schemaString, + 'host.target.hostname': schemaString, + 'host.target.id': schemaString, + 'host.target.ip': schemaStringArray, + 'host.target.mac': schemaStringArray, + 'host.target.name': schemaString, + 'host.target.network.egress.bytes': schemaStringOrNumber, + 'host.target.network.egress.packets': schemaStringOrNumber, + 'host.target.network.ingress.bytes': schemaStringOrNumber, + 'host.target.network.ingress.packets': schemaStringOrNumber, + 'host.target.os.family': schemaString, + 'host.target.os.full': schemaString, + 'host.target.os.kernel': schemaString, + 'host.target.os.name': schemaString, + 'host.target.os.platform': schemaString, + 'host.target.os.type': schemaString, + 'host.target.os.version': schemaString, + 'host.target.pid_ns_ino': schemaString, + 'host.target.risk.calculated_level': schemaString, + 'host.target.risk.calculated_score': schemaNumber, + 'host.target.risk.calculated_score_norm': schemaNumber, + 'host.target.risk.static_level': schemaString, + 'host.target.risk.static_score': schemaNumber, + 'host.target.risk.static_score_norm': schemaNumber, + 'host.target.type': schemaString, + 'host.target.uptime': schemaStringOrNumber, 'host.type': schemaString, 'host.uptime': schemaStringOrNumber, 'http.request.body.bytes': schemaStringOrNumber, diff --git a/x-pack/platform/plugins/shared/stack_alerts/server/rule_types/es_query/util.test.ts b/x-pack/platform/plugins/shared/stack_alerts/server/rule_types/es_query/util.test.ts index 388822e443c21..b61f6d02b41ff 100644 --- a/x-pack/platform/plugins/shared/stack_alerts/server/rule_types/es_query/util.test.ts +++ b/x-pack/platform/plugins/shared/stack_alerts/server/rule_types/es_query/util.test.ts @@ -1231,6 +1231,110 @@ describe('es_query utils', () => { "label": "email.x_mailer", "searchPath": "email.x_mailer", }, + Object { + "label": "entity.attributes", + "searchPath": "entity.attributes", + }, + Object { + "label": "entity.behavior", + "searchPath": "entity.behavior", + }, + Object { + "label": "entity.display_name", + "searchPath": "entity.display_name", + }, + Object { + "label": "entity.id", + "searchPath": "entity.id", + }, + Object { + "label": "entity.last_seen_timestamp", + "searchPath": "entity.last_seen_timestamp", + }, + Object { + "label": "entity.lifecycle", + "searchPath": "entity.lifecycle", + }, + Object { + "label": "entity.metrics", + "searchPath": "entity.metrics", + }, + Object { + "label": "entity.name", + "searchPath": "entity.name", + }, + Object { + "label": "entity.raw", + "searchPath": "entity.raw", + }, + Object { + "label": "entity.reference", + "searchPath": "entity.reference", + }, + Object { + "label": "entity.source", + "searchPath": "entity.source", + }, + Object { + "label": "entity.sub_type", + "searchPath": "entity.sub_type", + }, + Object { + "label": "entity.target.attributes", + "searchPath": "entity.target.attributes", + }, + Object { + "label": "entity.target.behavior", + "searchPath": "entity.target.behavior", + }, + Object { + "label": "entity.target.display_name", + "searchPath": "entity.target.display_name", + }, + Object { + "label": "entity.target.id", + "searchPath": "entity.target.id", + }, + Object { + "label": "entity.target.last_seen_timestamp", + "searchPath": "entity.target.last_seen_timestamp", + }, + Object { + "label": "entity.target.lifecycle", + "searchPath": "entity.target.lifecycle", + }, + Object { + "label": "entity.target.metrics", + "searchPath": "entity.target.metrics", + }, + Object { + "label": "entity.target.name", + "searchPath": "entity.target.name", + }, + Object { + "label": "entity.target.raw", + "searchPath": "entity.target.raw", + }, + Object { + "label": "entity.target.reference", + "searchPath": "entity.target.reference", + }, + Object { + "label": "entity.target.source", + "searchPath": "entity.target.source", + }, + Object { + "label": "entity.target.sub_type", + "searchPath": "entity.target.sub_type", + }, + Object { + "label": "entity.target.type", + "searchPath": "entity.target.type", + }, + Object { + "label": "entity.type", + "searchPath": "entity.type", + }, Object { "label": "error.code", "searchPath": "error.code", @@ -2123,6 +2227,226 @@ describe('es_query utils', () => { "label": "host.risk.static_score_norm", "searchPath": "host.risk.static_score_norm", }, + Object { + "label": "host.target.architecture", + "searchPath": "host.target.architecture", + }, + Object { + "label": "host.target.boot.id", + "searchPath": "host.target.boot.id", + }, + Object { + "label": "host.target.cpu.usage", + "searchPath": "host.target.cpu.usage", + }, + Object { + "label": "host.target.disk.read.bytes", + "searchPath": "host.target.disk.read.bytes", + }, + Object { + "label": "host.target.disk.write.bytes", + "searchPath": "host.target.disk.write.bytes", + }, + Object { + "label": "host.target.domain", + "searchPath": "host.target.domain", + }, + Object { + "label": "host.target.entity.attributes", + "searchPath": "host.target.entity.attributes", + }, + Object { + "label": "host.target.entity.behavior", + "searchPath": "host.target.entity.behavior", + }, + Object { + "label": "host.target.entity.display_name", + "searchPath": "host.target.entity.display_name", + }, + Object { + "label": "host.target.entity.id", + "searchPath": "host.target.entity.id", + }, + Object { + "label": "host.target.entity.last_seen_timestamp", + "searchPath": "host.target.entity.last_seen_timestamp", + }, + Object { + "label": "host.target.entity.lifecycle", + "searchPath": "host.target.entity.lifecycle", + }, + Object { + "label": "host.target.entity.metrics", + "searchPath": "host.target.entity.metrics", + }, + Object { + "label": "host.target.entity.name", + "searchPath": "host.target.entity.name", + }, + Object { + "label": "host.target.entity.raw", + "searchPath": "host.target.entity.raw", + }, + Object { + "label": "host.target.entity.reference", + "searchPath": "host.target.entity.reference", + }, + Object { + "label": "host.target.entity.source", + "searchPath": "host.target.entity.source", + }, + Object { + "label": "host.target.entity.sub_type", + "searchPath": "host.target.entity.sub_type", + }, + Object { + "label": "host.target.entity.type", + "searchPath": "host.target.entity.type", + }, + Object { + "label": "host.target.geo.city_name", + "searchPath": "host.target.geo.city_name", + }, + Object { + "label": "host.target.geo.continent_code", + "searchPath": "host.target.geo.continent_code", + }, + Object { + "label": "host.target.geo.continent_name", + "searchPath": "host.target.geo.continent_name", + }, + Object { + "label": "host.target.geo.country_iso_code", + "searchPath": "host.target.geo.country_iso_code", + }, + Object { + "label": "host.target.geo.country_name", + "searchPath": "host.target.geo.country_name", + }, + Object { + "label": "host.target.geo.location", + "searchPath": "host.target.geo.location", + }, + Object { + "label": "host.target.geo.name", + "searchPath": "host.target.geo.name", + }, + Object { + "label": "host.target.geo.postal_code", + "searchPath": "host.target.geo.postal_code", + }, + Object { + "label": "host.target.geo.region_iso_code", + "searchPath": "host.target.geo.region_iso_code", + }, + Object { + "label": "host.target.geo.region_name", + "searchPath": "host.target.geo.region_name", + }, + Object { + "label": "host.target.geo.timezone", + "searchPath": "host.target.geo.timezone", + }, + Object { + "label": "host.target.hostname", + "searchPath": "host.target.hostname", + }, + Object { + "label": "host.target.id", + "searchPath": "host.target.id", + }, + Object { + "label": "host.target.ip", + "searchPath": "host.target.ip", + }, + Object { + "label": "host.target.mac", + "searchPath": "host.target.mac", + }, + Object { + "label": "host.target.name", + "searchPath": "host.target.name", + }, + Object { + "label": "host.target.network.egress.bytes", + "searchPath": "host.target.network.egress.bytes", + }, + Object { + "label": "host.target.network.egress.packets", + "searchPath": "host.target.network.egress.packets", + }, + Object { + "label": "host.target.network.ingress.bytes", + "searchPath": "host.target.network.ingress.bytes", + }, + Object { + "label": "host.target.network.ingress.packets", + "searchPath": "host.target.network.ingress.packets", + }, + Object { + "label": "host.target.os.family", + "searchPath": "host.target.os.family", + }, + Object { + "label": "host.target.os.full", + "searchPath": "host.target.os.full", + }, + Object { + "label": "host.target.os.kernel", + "searchPath": "host.target.os.kernel", + }, + Object { + "label": "host.target.os.name", + "searchPath": "host.target.os.name", + }, + Object { + "label": "host.target.os.platform", + "searchPath": "host.target.os.platform", + }, + Object { + "label": "host.target.os.type", + "searchPath": "host.target.os.type", + }, + Object { + "label": "host.target.os.version", + "searchPath": "host.target.os.version", + }, + Object { + "label": "host.target.pid_ns_ino", + "searchPath": "host.target.pid_ns_ino", + }, + Object { + "label": "host.target.risk.calculated_level", + "searchPath": "host.target.risk.calculated_level", + }, + Object { + "label": "host.target.risk.calculated_score", + "searchPath": "host.target.risk.calculated_score", + }, + Object { + "label": "host.target.risk.calculated_score_norm", + "searchPath": "host.target.risk.calculated_score_norm", + }, + Object { + "label": "host.target.risk.static_level", + "searchPath": "host.target.risk.static_level", + }, + Object { + "label": "host.target.risk.static_score", + "searchPath": "host.target.risk.static_score", + }, + Object { + "label": "host.target.risk.static_score_norm", + "searchPath": "host.target.risk.static_score_norm", + }, + Object { + "label": "host.target.type", + "searchPath": "host.target.type", + }, + Object { + "label": "host.target.uptime", + "searchPath": "host.target.uptime", + }, Object { "label": "host.type", "searchPath": "host.type", diff --git a/x-pack/platform/test/api_integration/apis/maps/maps_telemetry.ts b/x-pack/platform/test/api_integration/apis/maps/maps_telemetry.ts index 46955837d7a50..90549e7a2ece0 100644 --- a/x-pack/platform/test/api_integration/apis/maps/maps_telemetry.ts +++ b/x-pack/platform/test/api_integration/apis/maps/maps_telemetry.ts @@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) { return fieldStat.name === 'geo_point'; } ); - expect(geoPointFieldStats.count).to.be(63); + expect(geoPointFieldStats.count).to.be(71); expect(geoPointFieldStats.index_count).to.be(14); const geoShapeFieldStats = apiResponse.cluster_stats.indices.mappings.field_types.find( diff --git a/x-pack/solutions/security/test/fixtures/es_archives/security_solution/alerts/8.1.0/mappings.json.gz b/x-pack/solutions/security/test/fixtures/es_archives/security_solution/alerts/8.1.0/mappings.json.gz index f50ef0418afd4..4c9b980797422 100644 Binary files a/x-pack/solutions/security/test/fixtures/es_archives/security_solution/alerts/8.1.0/mappings.json.gz and b/x-pack/solutions/security/test/fixtures/es_archives/security_solution/alerts/8.1.0/mappings.json.gz differ diff --git a/yarn.lock b/yarn.lock index d16ac5e502960..2e1b7be6c15b0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2395,10 +2395,10 @@ dependencies: "@elastic/ecs-helpers" "^2.1.1" -"@elastic/ecs@9.2.0": - version "9.2.0" - resolved "https://registry.yarnpkg.com/@elastic/ecs/-/ecs-9.2.0.tgz#9b2b19b6c829192edcd79a1f0df348ccd633b3e6" - integrity sha512-qYPncAQYJa+PgZT0S0JE2tvaPnxxGx7sUhICMmk9NGkJeeEko6GQ24XLKxaDLFxr4DuYVf/0EOaRX39OENqxwA== +"@elastic/ecs@9.3.0": + version "9.3.0" + resolved "https://registry.yarnpkg.com/@elastic/ecs/-/ecs-9.3.0.tgz#78724aa765434950a2bec527853f48f21d5f6072" + integrity sha512-wMsDIj0/FfqQsj9GHjtBjWyMhlX48BsaNKYFPHg+8j+7ON3MO0zOCYURtFn/R80wBPcyQbhfcMGVU19RqG/lQA== "@elastic/elasticsearch-types@npm:@elastic/elasticsearch@^8.2.1": version "8.6.0" @@ -9743,20 +9743,20 @@ resolved "https://registry.yarnpkg.com/@launchdarkly/js-sdk-common/-/js-sdk-common-2.20.0.tgz#1e9f762cc5c9d707003af173176ca5d5dc1a144f" integrity sha512-g1Lyi5xL7AXAP6BP8BzRcqVqIhqOSVpA5Bx8Vvj8A/4A6sIHVz2vIZluykD/bJiKg1+G9ojm+OCfdL/c0ebi0A== -"@launchdarkly/js-server-sdk-common@2.17.2": - version "2.17.2" - resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.17.2.tgz#c5dfa9468335264a15640e8ea25387309944eb73" - integrity sha512-0BOdfrJ+jU2rDqbr3Saf5T6KsPIzhRHi7mAhqS7lxXbkL9cBIafNLIbXcv+O+9e4QQX88J6K8OdhOs7+/OrlkQ== +"@launchdarkly/js-server-sdk-common@2.17.1": + version "2.17.1" + resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.17.1.tgz#53eefbb5a7475264f08faac7e9d0c983a85f045d" + integrity sha512-rAFzuBgYFhF/R6N26403J79T7wJ0nBXfdxfnS3gKMcQm+n/oioiZBes5MbrHk8Q4JAZYYhlBCL80xxsoBFPxdg== dependencies: "@launchdarkly/js-sdk-common" "2.20.0" semver "7.5.4" -"@launchdarkly/node-server-sdk@9.10.6": - version "9.10.6" - resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.10.6.tgz#1ef63ad3dadae266ba1940ce6f15a43bd4a16efa" - integrity sha512-mxvyeknuWZ4DLPSe8FqtzfSBsmvMU1SfSCv9s4rnpALFOgHQX+jMYEfLDy7GpkScriClu8soekYRhPeQamqB6A== +"@launchdarkly/node-server-sdk@9.10.5": + version "9.10.5" + resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.10.5.tgz#3500b35eb164d5da04178785cabc72a242c328a0" + integrity sha512-vsq+afEcbC3UNd7XXC0ZNwjP0pU9jpO7Jx+m2OO2csFeWLf6HBoIVSABbY/1A0iIUuBIjj6OeuZWWhMYXF98bg== dependencies: - "@launchdarkly/js-server-sdk-common" "2.17.2" + "@launchdarkly/js-server-sdk-common" "2.17.1" https-proxy-agent "^7.0.6" launchdarkly-eventsource "2.2.0" @@ -10179,7 +10179,7 @@ express "^4.18.2" strict-event-emitter "^0.5.1" -"@mswjs/interceptors@^0.41.2": +"@mswjs/interceptors@^0.41.0": version "0.41.3" resolved "https://registry.yarnpkg.com/@mswjs/interceptors/-/interceptors-0.41.3.tgz#d766dc1a168aa315a6a0b2d0f2e0cf1b74f23c82" integrity sha512-cXu86tF4VQVfwz8W1SPbhoRyHJkti6mjH/XJIxp40jhO4j2k1m4KYrEykxqWPkFF3vrK4rgQppBh//AwyGSXPA== @@ -26908,13 +26908,13 @@ msgpackr@^1.11.2: optionalDependencies: msgpackr-extract "^3.0.2" -msw@2.12.9: - version "2.12.9" - resolved "https://registry.yarnpkg.com/msw/-/msw-2.12.9.tgz#bc7508c8b1241f791c5d558e25fe489172e608df" - integrity sha512-NYbi51C6M3dujGmcmuGemu68jy12KqQPoVWGeroKToLGsBgrwG5ErM8WctoIIg49/EV49SEvYM9WSqO4G7kNeQ== +msw@2.12.8: + version "2.12.8" + resolved "https://registry.yarnpkg.com/msw/-/msw-2.12.8.tgz#3cd23324c73cba70f8adef6c03bbd402c77bc6bf" + integrity sha512-KOriJUhjefCO+liF7Ie1KlSXcBAQEzuLhPZ4EKuEUSEmAR4YhuuzT9YuGxTipjqDrg6eWQ6oMoGVhvEnqukFGg== dependencies: "@inquirer/confirm" "^5.0.0" - "@mswjs/interceptors" "^0.41.2" + "@mswjs/interceptors" "^0.41.0" "@open-draft/deferred-promise" "^2.2.0" "@types/statuses" "^2.0.6" cookie "^1.0.2"