-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convert the Filebeat auditd module to ECS #10192
Commits on Jan 29, 2019
-
First draft at migrating Filebeat's auditd module to ECS
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 1cd825c - Browse repository at this point
Copy the full SHA 1cd825cView commit details -
Add missing coercions for process ids
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 269dc62 - Browse repository at this point
Copy the full SHA 269dc62View commit details -
Add log file with more exciting content
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 8f4d3fb - Browse repository at this point
Copy the full SHA 8f4d3fbView commit details -
Update the user structure to represent what was discussed with @cwurm:
Caveat: defining temp field `user.group_` to avoid mapping error vs `user.group` which right now is a keyword field.
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for a1c57a1 - Browse repository at this point
Copy the full SHA a1c57a1View commit details -
Turn fields that were defined into aliases...
Not all fields are defined. Tsk tsk tsk!
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 8941175 - Browse repository at this point
Copy the full SHA 8941175View commit details -
Add a bunch of fields that weren't defined, but are being migrated.
Adding as aliases, of course.
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 395b076 - Browse repository at this point
Copy the full SHA 395b076View commit details -
Add missing
migration: true
to the fields.ymlMathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for ce10c80 - Browse repository at this point
Copy the full SHA ce10c80View commit details -
Get rid of the
user.group_
workaround.Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 1f981f9 - Browse repository at this point
Copy the full SHA 1f981f9View commit details -
Arch goes to host.architecture, not host.os.architecture.
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 6770379 - Browse repository at this point
Copy the full SHA 6770379View commit details -
Document the field migrations in ecs-migration
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for d638458 - Browse repository at this point
Copy the full SHA d638458View commit details -
Mathieu Martin committed
Jan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for c33fd94 - Browse repository at this point
Copy the full SHA c33fd94View commit details -
Define the fields representing the various permissions considered for…
… an action in Linux
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for c233180 - Browse repository at this point
Copy the full SHA c233180View commit details -
tty and terminal are mapped to user.terminal instead of process.terminal
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 4917ea2 - Browse repository at this point
Copy the full SHA 4917ea2View commit details -
Add a few more interesting logs to the main test log
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 6482222 - Browse repository at this point
Copy the full SHA 6482222View commit details -
Dig up a few more fields to transition.
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 40963c2 - Browse repository at this point
Copy the full SHA 40963c2View commit details -
Fix big mistake: module's main fields def must end with opening of th…
…e field group
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for b45465a - Browse repository at this point
Copy the full SHA b45465aView commit details -
Update test files with all of tonight's changes
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for b5753d5 - Browse repository at this point
Copy the full SHA b5753d5View commit details -
Update reference documentation vs the auditd/_meta/fields.yml fix
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 3c762dc - Browse repository at this point
Copy the full SHA 3c762dcView commit details -
Try getting the fields.yml right
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for adca8c8 - Browse repository at this point
Copy the full SHA adca8c8View commit details -
Revert the tty => terminal mapping
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 3aa9189 - Browse repository at this point
Copy the full SHA 3aa9189View commit details -
Undo another dubious translation: the local/remote address details
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for b8e7a76 - Browse repository at this point
Copy the full SHA b8e7a76View commit details -
2nd changelog for the improvements
Mathieu Martin committedJan 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 3b9eaf6 - Browse repository at this point
Copy the full SHA 3b9eaf6View commit details