From 499d5b80e70f1e7eefe37d3552dedd8974cb1c58 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Fri, 8 Sep 2023 13:13:21 +0930 Subject: [PATCH] hid_bravura_monitor: make winlog.time_created a date --- packages/hid_bravura_monitor/changelog.yml | 5 +++++ .../hid_bravura_monitor/data_stream/winlog/fields/winlog.yml | 2 +- packages/hid_bravura_monitor/docs/README.md | 2 +- packages/hid_bravura_monitor/manifest.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index ac9cf651cc4d..316871f54c05 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Make `winlog.time_created` a date. + type: enhancement + link: https://github.com/elastic/integrations/pull/7714 - version: "1.10.0" changes: - description: Update package to ECS 8.9.0. diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml index a692142e5e29..41148c7735ce 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml @@ -276,7 +276,7 @@ The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: time_created - type: keyword + type: date description: > Time event was created diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index 5d1faa508160..03300fb972b9 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -715,7 +715,7 @@ An example event for `winlog` looks as following: | winlog.related_activity_id | A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. | keyword | | winlog.symbolic_id | Symbolic event id | keyword | | winlog.task | The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. | keyword | -| winlog.time_created | Time event was created | keyword | +| winlog.time_created | Time event was created | date | | winlog.trustAttribute | | keyword | | winlog.trustDirection | | keyword | | winlog.trustType | | keyword | diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index eb7913701727..5ba8c4674e95 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Bravura Monitor -version: "1.10.0" +version: "1.11.0" categories: ["security", "iam"] description: Collect logs from Bravura Security Fabric with Elastic Agent. type: integration