Add file.mime_type (elastic#760)

dcode · Apr 15, 2020 · c374202 · c374202
1 parent 91d6d85
commit c374202
Show file tree

Hide file tree

Showing 10 changed files with 239 additions and 163 deletions.
diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -21,6 +21,7 @@ Thanks, you're awesome :-) -->
 * Globally unique identifier `entity_id` for `process` and `process.parent`. #747
 * Added interface, vlan, observer zone fields #752
 * Added iam value for `event.category` and three related values for `event.type`. (#756)
+* Added `file.mime_type` to include MIME type information on file structures #760
 
 #### Improvements
 

diff --git a/code/go/ecs/file.go b/code/go/ecs/file.go
diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc
@@ -2004,6 +2004,19 @@ type: keyword
 
 example: `256383`
 
+| extended
+
+// ===============================================================
+
+| file.mime_type
+| MIME type should identify the format of the file or stream of bytes using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official types], where possible. When more than one type is applicable, the most specific type should be used.
+
+type: keyword
+
+
+
+
+
 | extended
 
 // ===============================================================

diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
@@ -1513,6 +1513,15 @@
       ignore_above: 1024
       description: Inode representing the file in the filesystem.
       example: '256383'
+    - name: mime_type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: MIME type should identify the format of the file or stream of bytes
+        using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA
+        official types], where possible. When more than one type is applicable, the
+        most specific type should be used.
+      default_field: false
     - name: mode
       level: extended
       type: keyword

diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
@@ -178,6 +178,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 1.5.0-dev,true,file,file.hash.sha256,keyword,extended,,,SHA256 hash.
 1.5.0-dev,true,file,file.hash.sha512,keyword,extended,,,SHA512 hash.
 1.5.0-dev,true,file,file.inode,keyword,extended,,256383,Inode representing the file in the filesystem.
+1.5.0-dev,true,file,file.mime_type,keyword,extended,,,"Media type of file, document, or arrangement of bytes."
 1.5.0-dev,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation.
 1.5.0-dev,true,file,file.mtime,date,extended,,,Last time the file content was modified.
 1.5.0-dev,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory."

diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
@@ -2704,6 +2704,20 @@ file.inode:
   order: 9
   short: Inode representing the file in the filesystem.
   type: keyword
+file.mime_type:
+  dashed_name: file-mime-type
+  description: MIME type should identify the format of the file or stream of bytes
+    using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official
+    types], where possible. When more than one type is applicable, the most specific
+    type should be used.
+  flat_name: file.mime_type
+  ignore_above: 1024
+  level: extended
+  name: mime_type
+  normalize: []
+  order: 20
+  short: Media type of file, document, or arrangement of bytes.
+  type: keyword
 file.mode:
   dashed_name: file-mode
   description: Mode of the file in octal representation.

diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
@@ -2984,6 +2984,20 @@ file:
       order: 9
       short: Inode representing the file in the filesystem.
       type: keyword
+    mime_type:
+      dashed_name: file-mime-type
+      description: MIME type should identify the format of the file or stream of bytes
+        using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA
+        official types], where possible. When more than one type is applicable, the
+        most specific type should be used.
+      flat_name: file.mime_type
+      ignore_above: 1024
+      level: extended
+      name: mime_type
+      normalize: []
+      order: 20
+      short: Media type of file, document, or arrangement of bytes.
+      type: keyword
     mode:
       dashed_name: file-mode
       description: Mode of the file in octal representation.

diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json
@@ -845,6 +845,10 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "mime_type": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "mode": {
               "ignore_above": 1024,
               "type": "keyword"

diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json
@@ -844,6 +844,10 @@
             "ignore_above": 1024,
             "type": "keyword"
           },
+          "mime_type": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "mode": {
             "ignore_above": 1024,
             "type": "keyword"