Update file definition (elastic#196)

* Update file definition * Update CHANGELOG.md * Tweak CHANGELOG.md per suggestion Co-Authored-By: MikePaquette <mpaquette@elastic.co>
MikePaquette · Dec 4, 2018 · 2db2aee · 2db2aee
1 parent 80fa71a
commit 2db2aee
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@ All notable changes to this project will be documented in this file based on the
 
 ### Improvements
 * Improve and clarify the definition of Device fields #192
+* Improved the definition of the file fields #196
 
 ### Deprecated
 

diff --git a/README.md b/README.md
@@ -212,7 +212,7 @@ The event fields are used for context information about the data itself.
 
 ## <a name="file"></a> File fields
 
-File fields provide details about each file.
+A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.
 
 
 | Field  | Description  | Level  | Type  | Example  |

diff --git a/fields.yml b/fields.yml
@@ -527,7 +527,7 @@
       group: 2
       title: File
       description: >
-        File fields provide details about each file.
+         A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.
       type: group
       fields:
 

diff --git a/schemas/file.yml b/schemas/file.yml
@@ -3,7 +3,7 @@
   group: 2
   title: File
   description: >
-    File fields provide details about each file.
+     A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.
   type: group
   fields: