Bruce changes no sync

packages/tychon/changelog.yml

@@ -1,6 +1,5 @@
-# newer versions go on top
-- version: "0.0.1"
+- version: "0.0.10"
   changes:
     - description: Fixed incorrect types in field.yml and cleaned up formatting
       type: enhancement
-      link: https://github.com/elastic/integrations/pull/6701
+      link: https://github.com/joeperuzzi/integrations/pull/5 # FIXME Replace with the real PR link

packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json

@@ -11,7 +11,7 @@
 			"host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb",
 			"host.hostname": "DESKTOP-TIUKL1R",
 			"host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
-			"host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645",
+			"host.ip": "10.1.9.112",
 			"host.ipv4": "10.1.9.112",
 			"host.ipv6": "fe80::40d1:5287:42b9:5645",
 			"host.mac": "00:0C:29:EF:9A:EB",

packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json

@@ -1,93 +1,88 @@
 {
-    "expected": [
-        {
-            "@timestamp": "2023-07-06T19:09:34.276302828Z",
-            "ecs": {
-                "version": "8.8.0"
-            },
-            "event": {
-                "category": [
-                    "vulnerability"
-                ],
-                "ingested": "2023-07-06T19:09:34.276302828Z",
-                "kind": "state",
-                "module": "tychon",
-                "outcome": "failure"
-            },
-            "host": {
-                "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
-                "domain": "",
-                "hardware": {
-                    "bios": {
-                        "name": "Phoenix Technologies LTD",
-                        "version": "6.00"
-                    },
-                    "cpu": {
-                        "caption": "Intel64 Family 6 Model 45 Stepping 7"
-                    },
-                    "manufacturer": "VMware, Inc.",
-                    "owner": "dcuser",
-                    "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb"
-                },
-                "hostname": "DESKTOP-TIUKL1R",
-                "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
-                "ip": [
-                    "10.1.9.112",
-                    "fe80::40d1:5287:42b9:5645"
-                ],
-                "mac": "00-0C-29-EF-9A-EB",
-                "oem": {
-                    "manufacturer": "",
-                    "model": ""
-                },
-                "os": {
-                    "build": "22000",
-                    "description": "",
-                    "family": "Windows",
-                    "name": "Microsoft Windows 11 Education N",
-                    "organization": "",
-                    "version": "10.0.22000"
-                },
-                "type": "Workstation",
-                "uptime": 145287,
-                "workgroup": "WORKGROUP"
-            },
-            "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900",
-            "script": {
-                "current_duration": 315381.28,
-                "current_time": "2023-06-15T21:58:02Z",
-                "name": "Invoke-CveScan.ps1",
-                "start": "2023-06-15T21:52:47Z",
-                "type": "powershell",
-                "version": "0.1.0"
-            },
-            "tychon": {
-                "ipv4": "10.1.9.112",
-                "ipv6": "fe80::40d1:5287:42b9:5645"
-            },
-            "vulnerability": {
-                "category": [
-                    "oval"
-                ],
-                "classification": "cvss",
-                "enumeration": "CVE",
-                "iava": "2013-A-0227",
-                "iava_severity": "CAT II",
-                "id": "CVE-2013-3900",
-                "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900",
-                "result": "fail",
-                "scanner": {
-                    "vendor": "tychon"
-                },
-                "score": {
-                    "base": 7.6,
-                    "version": "2.0"
-                },
-                "severity": "HIGH",
-                "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ",
-                "version": "1",
-                "year": 2013
-            }
-        }
-    ]
+	"expected": [
+		{
+			"@timestamp": "2023-07-28T18:14:38.394883461Z",
+			"ecs": {
+				"version": "8.8.0"
+			},
+			"event": {
+				"category": [
+					"vulnerability"
+				],
+				"ingested": "2023-07-28T18:14:38.394883461Z",
+				"kind": "state",
+				"module": "tychon",
+				"outcome": "failure"
+			},
+			"host": {
+				"biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+				"domain": "",
+				"hardware": {
+					"bios": {
+						"name": "Phoenix Technologies LTD",
+						"version": "6.00"
+					},
+					"cpu": {
+						"caption": "Intel64 Family 6 Model 45 Stepping 7"
+					},
+					"manufacturer": "VMware, Inc.",
+					"owner": "dcuser",
+					"serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb"
+				},
+				"hostname": "DESKTOP-TIUKL1R",
+				"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+				"ip": "10.1.9.112",
+				"ipv4": "10.1.9.112",
+				"ipv6": "fe80::40d1:5287:42b9:5645",
+				"mac": "00-0C-29-EF-9A-EB",
+				"oem": {
+					"manufacturer": "",
+					"model": ""
+				},
+				"os": {
+					"build": "22000",
+					"description": "",
+					"family": "Windows",
+					"name": "Microsoft Windows 11 Education N",
+					"organization": "",
+					"version": "10.0.22000"
+				},
+				"type": "Workstation",
+				"uptime": 145287,
+				"workgroup": "WORKGROUP"
+			},
+			"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900",
+			"script": {
+				"current_duration": 315381.28,
+				"current_time": "2023-06-15T21:58:02Z",
+				"name": "Invoke-CveScan.ps1",
+				"start": "2023-06-15T21:52:47Z",
+				"type": "powershell",
+				"version": "0.1.0"
+			},
+			"vulnerability": {
+				"category": [
+					"oval"
+				],
+				"classification": "cvss",
+				"enumeration": "CVE",
+				"iava": "2013-A-0227",
+				"iava_severity": "CAT II",
+				"id": "CVE-2013-3900",
+				"reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900",
+				"result": "fail",
+				"scanner": {
+					"vendor": "tychon"
+				},
+				"score": {
+					"base": 7.6,
+					"version": "2.0"
+				},
+				"severity": "HIGH",
+				"title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ",
+				"version": "1",
+				"year": 2013
+			}
+		}
+	]
 }

packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml

@@ -13,18 +13,6 @@ processors:
   - set:
       field: _id
       value: "{{id}}"
-  - set:
-      field: tychon.ipv4
-      value: "{{host.ipv4}}"
-  - set:
-      field: tychon.ipv6
-      value: "{{host.ipv6}}"
-  - remove:
-      ignore_missing: true
-      field: host.ipv4
-  - remove:
-      ignore_missing: true
-      field: host.ipv6
   - set:
       field: "@timestamp"
       value: "{{_ingest.timestamp}}"
@@ -40,19 +28,19 @@ processors:
   - set:
       field: event.category
       value: [vulnerability]
-  - split:
-      field: host.ip
-      separator: ","
   - script:
-      source: if(ctx.vulnerability?.result == 'fail'){
+      source: |
+              if(ctx.vulnerability?.result == 'fail'){
                 ctx.event.outcome = "failure"
               }else if(ctx.vulnerability?.result == 'pass'){
                 ctx.event.outcome = "success"
               }else{
                 ctx.event.outcome = "unknown"
               }
-  - script:
-      source: ctx.host.mac = ctx.host.mac.replace(':','-')
+  - gsub:
+      field: host.mac
+      pattern: ":"
+      replacement: "-"      
   - set:
       field: event.ingested
       value: "{{_ingest.timestamp}}"
@@ -87,4 +75,3 @@ on_failure:
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
-

packages/tychon/data_stream/tychon_cve/fields/agent.yml

@@ -111,6 +111,14 @@
       level: core
       type: ip
       description: Host ip addresses.
+    - name: ipv4      
+      level: core
+      type: keyword
+      description: Host ip v4 addresses.
+    - name: ipv6      
+      level: core
+      type: keyword
+      description: Host ip v6 addresses.
     - name: mac
       level: core
       type: keyword

packages/tychon/data_stream/tychon_cve/fields/fields.yml

@@ -61,12 +61,3 @@
     - name: version
       description: Elastic Agent Version.
       type: keyword
-- name: tychon
-  type: group
-  fields:
-    - name: ipv4
-      description: Ipv4 Address
-      type: ip
-    - name: ipv6
-      description: Ipv6 Address
-      type: ip

packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json

@@ -6,7 +6,7 @@
 			"windows_defender.service.antispyware.signature_version": "1.391.1546.0",
 			"script.type": "powershell",
 			"host.os.build": "22000",
-			"host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645",
+			"host.ip": "10.1.9.112",
 			"windows_defender.service.antivirus.quick_scan.signature_version": "1.391.1470.0",
 			"host.hostname": "DESKTOP-TIUKL1R",
 			"host.hardware.manufacturer": "VMware, Inc.",