shimonmodi · shimonmodi · Nov 16, 2020 · Sep 29, 2020 · Sep 29, 2020 · Sep 30, 2020
diff --git a/.backportrc.json b/.backportrc.json
@@ -3,6 +3,7 @@
   "branches": [
     { "name": "master", "checked": true },
     { "name": "1.x", "checked": true },
+    "1.7",
     "1.6",
     "1.5",
     "1.4",

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
   - name: Question
-    url: https://discuss.elastic.co/tag/elastic-common-schema
+    url: https://discuss.elastic.co/tag/ecs-elastic-common-schema
     about: Ask (and answer) questions here.
diff --git a/.github/ISSUE_TEMPLATE/schema-issue.md b/.github/ISSUE_TEMPLATE/schema-issue.md
@@ -7,7 +7,7 @@ labels: "bug"
 <!--
 GitHub is reserved for bug reports and feature requests; it is not the place
 for general questions. If you have a general question, please visit the
-[forums](https://discuss.elastic.co/tag/elastic-common-schema).
+discuss forums: https://discuss.elastic.co/tag/ecs-elastic-common-schema.
 
 Please fill in the following details to help us triage the issue:
 -->

diff --git a/.github/ISSUE_TEMPLATE/tooling-bug.md b/.github/ISSUE_TEMPLATE/tooling-bug.md
@@ -7,7 +7,7 @@ labels: "bug"
 <!--
 GitHub is reserved for bug reports and feature requests; it is not the place
 for general questions. If you have a general question, please visit the
-[forums](https://discuss.elastic.co/tag/elastic-common-schema).
+discuss forums: https://discuss.elastic.co/tag/ecs-elastic-common-schema.
 
 Please fill in the following details to help us reproduce the bug:
 -->

diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,7 @@ build
 .idea
 *.iml
 .vscode/*
+
+# experimental exclusions
+experimental/generated/elasticsearch/6
+experimental/generated/docs
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,59 @@
 # CHANGELOG
 All notable changes to this project will be documented in this file based on the [Keep a Changelog](http://keepachangelog.com/) Standard. This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.7.0](https://github.com/elastic/ecs/compare/v1.6.0...v1.7.0)
+
+### Schema Changes
+
+#### Bugfixes
+
+* The `protocol` allowed value under `event.type` should not have the `expected_event_types` defined. #964
+* Clarify the definition of `file.extension` (no dots). #1016
+
+#### Added
+
+* Added Mime Type fields to HTTP request and response. #944
+* Added network directions ingress and egress. #945
+* Added `threat.technique.subtechnique` to capture MITRE ATT&CK® subtechniques. #951
+* Added `configuration` as an allowed `event.category`. #963
+* Added a new directory with experimental artifacts, which includes all changes
+  from RFCs that have reached stage 2. #993, #1053, #1115, #1117, #1118
+
+#### Improvements
+
+* Expanded field set definitions for `source.*` and `destination.*`. #967
+* Provided better guidance for mapping network events. #969
+* Added the field `.subdomain` under `client`, `destination`, `server`, `source`
+  and `url`, to match its presence at `dns.question.subdomain`. #981
+* Clarified ambiguity in guidance on how to use x509 fields for connections with
+  only one certificate. #1114
+
+### Tooling and Artifact Changes
+
+#### Breaking changes
+
+* Changed the index pattern of the sample Elasticsearch template from `ecs-*` to
+  `try-ecs-*` to avoid conflicting with Logstash' `ecs-logstash-*`. #1048
+
+#### Bugfixes
+
+* Addressed issue where foreign reuses weren't using the user-supplied `as` value for their destination. #960
+* Experimental artifacts failed to install due to `event.original` index setting. #1053
+
+#### Added
+
+* Introduced `--strict` flag to perform stricter schema validation when running the generator script. #937
+* Added check under `--strict` that ensures composite types in example fields are quoted. #966
+* Added `ignore_above` and `normalizer` support for keyword multi-fields. #971
+* Added `--oss` flag for users who want to generate ECS templates for use on OSS clusters. #991
+
+#### Improvements
+
+* Field details Jinja2 template components have been consolidated into one template #897
+* Add `[discrete]` marker before each section header in field details. #989
+* `--ref` now loads `experimental/schemas` based on git ref in addition to `schemas`. #1063
+
+
 ## [1.6.0](https://github.com/elastic/ecs/compare/v1.5.0...v1.6.0)
 
 ### Schema Changes

diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -14,18 +14,13 @@ Thanks, you're awesome :-) -->
 
 #### Bugfixes
 
-* The `protocol` allowed value under `event.type` should not have the `expected_event_types` defined. #964
-
 #### Added
 
-* Added Mime Type fields to HTTP request and response. #944
-* Added `threat.technique.subtechnique` to capture MITRE ATT&CK® subtechniques. #951
-* Added `configuration` as an allowed `event.category`. #963
+* Added `event.category` "registry". #1040
+* Added `event.category` "session". #1049
 
 #### Improvements
 
-* Expanded field set definitions for `source.*` and `destination.*`. #967
-
 #### Deprecated
 
 ### Tooling and Artifact Changes
@@ -34,18 +29,16 @@ Thanks, you're awesome :-) -->
 
 #### Bugfixes
 
-* Addressed issue where foreign reuses weren't using the user-supplied `as` value for their destination. #960
-
 #### Added
 
-* Introduced `--strict` flag to perform stricter schema validation when running the generator script. #937
-* Added check under `--strict` that ensures composite types in example fields are quoted. #966
-* Added `ignore_above` and `normalizer` support for keyword multi-fields. #971
+* Added ability to supply free-form usage documentation per fieldset. #988
+* Added the `path` key when type is `alias`, to support the [alias field type](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). #877
+* Added support for `scaled_float`'s mandatory parameter `scaling_factor`. #1042
+* Added ability for --oss flag to fall back `constant_keyword` to `keyword`. #1046
+* Added support in the generated Go source go for `wildcard`, `version`, and `constant_keyword` data types. #1050
 
 #### Improvements
 
-* Field details Jinja2 template components have been consolidated into one template #897
-
 #### Deprecated
 
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -151,7 +151,7 @@ The following files are generated based on the current schema using [Jinja](http
 | ------------------ | -------- |
 | [fields.asciidoc](docs/fields.asciidoc) | [fields_template.j2](scripts/templates/fields_template.j2) |
 | [fields-values.asciidoc](docs/field-values.asciidoc) | [field_values_template.j2](scripts/templates/field_values_template.j2) |
-| [field-details.asciidoc](docs/field-details.asciidoc) | [field_details directory](scripts/templates/field_details) |
+| [field-details.asciidoc](docs/field-details.asciidoc) | [field_details.j2](scripts/templates/field_details.j2) |
 
 Running `make` will update these files using the [scripts/generators/asciidoc_fields.py](scripts/generators/asciidoc_fields.py) generator. These doc files should *not* be modified directly. Any changes as a result of a schema update and subsequent run of `make` *should* be committed.
 

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 #
 # Variables
 #
-.DEFAULT_GOAL    := generate
+.DEFAULT_GOAL    := all
 FIND             := find . -type f -not -path './build/*' -not -path './.git/*'
 FORCE_GO_MODULES := GO111MODULE=on
 OPEN_DOCS        ?= "--open"
@@ -12,10 +12,14 @@ VERSION          := $(shell cat version)
 # Targets (sorted alphabetically)
 #
 
+# Default build generates main and experimental artifacts
+.PHONY: all
+all: generate experimental
+
 # Check verifies that all of the committed files that are generated are
 # up-to-date.
 .PHONY: check
-check: generate test fmt misspell makelint check-license-headers
+check: generate experimental test fmt misspell makelint check-license-headers
 	# Check if diff is empty.
 	git diff | cat
 	git update-index --refresh
@@ -44,7 +48,12 @@ docs:
 	if [ ! -d $(PWD)/build/docs ]; then \
 		git clone --depth=1 https://github.com/elastic/docs.git ./build/docs ; \
 	fi
-	./build/docs/build_docs --asciidoctor --doc ./docs/index.asciidoc --chunk=1 $(OPEN_DOCS) --out ./build/html_docs
+	./build/docs/build_docs --asciidoctor --doc ./docs/index.asciidoc --chunk=2 $(OPEN_DOCS) --out ./build/html_docs
+
+# Alias to generate experimental artifacts
+.PHONY: experimental
+experimental: ve
+	$(PYTHON) scripts/generator.py --include experimental/schemas --out experimental
 
 # Format code and files in the repo.
 .PHONY: fmt
@@ -55,7 +64,7 @@ fmt: ve
 
 # Alias to generate everything.
 .PHONY: generate
-generate: legacy_use_cases codegen generator
+generate: generator legacy_use_cases codegen
 	$(PYTHON) --version
 
 # Run the new generator
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,7 @@ @@
       "branches": [
         { "name": "master", "checked": true },
         { "name": "1.x", "checked": true },
+        "1.7",
         "1.6",
         "1.5",
         "1.4",
@@ Expand Down @@