Add tags.yml file so that integration's dashboards and saved searches…

… are tagged with 'Security Solution'

packages/aws/changelog.yml

@@ -1,4 +1,15 @@
 # newer versions go on top
+- version: "2.3.0"
+  changes:
+    - description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/7955
+    - description: Upgrade package spec to 2.11.0.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7955
+    - description: Fix duplicated field definitions.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7955
 - version: "2.2.1"
   changes:
     - description: Fix GuardDuty API call parameter.

packages/aws/data_stream/apigateway_logs/fields/fields.yml

@@ -82,5 +82,5 @@
         The full domain name used to invoke the API.
     - name: stage
       type: keyword
-      description: |
-        The deployment stage of the API call (for example, beta or prod).
+      description: |-
+        The deployment stage of the API call (for example, beta or prod).

packages/aws/data_stream/apigateway_metrics/fields/base-fields.yml

@@ -17,4 +17,4 @@
 - name: event.dataset
   type: constant_keyword
   description: Event dataset
-  value: aws.apigateway_metrics
+  value: aws.apigateway_metrics

packages/aws/data_stream/apigateway_metrics/fields/fields.yml

@@ -23,10 +23,6 @@
               type: long
               description: The number of server-side errors captured in a given period.
               metric_type: gauge
-            - name: Count.sum
-              type: long
-              description: The total number API requests in a given period.
-              metric_type: gauge
             - name: IntegrationLatency.avg
               type: long
               description: The time between when API Gateway relays a request to the backend and when it receives a response from the backend.
@@ -106,4 +102,4 @@
       fields:
         - name: namespace
           type: keyword
-          description: The namespace specified when query cloudwatch api.
+          description: The namespace specified when query cloudwatch api.

packages/aws/data_stream/billing/fields/package-fields.yml

@@ -20,6 +20,7 @@
           type: keyword
           description: >
             ID used to identify linked account.
+
         - name: name
           type: keyword
           description: >

packages/aws/data_stream/cloudwatch_logs/manifest.yml

@@ -128,6 +128,7 @@ streams:
         title: Dataset name
         description: >
           Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html).
+
 # Ensures agents have permissions to write data to `logs-*-*`
 elasticsearch.dynamic_dataset: true
 elasticsearch.dynamic_namespace: true

packages/aws/data_stream/dynamodb/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/ebs/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/ecs_metrics/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/elb_metrics/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/emr_logs/_dev/test/pipeline/test-common-config.yml

@@ -4,4 +4,4 @@ fields:
 multiline:
   first_line_pattern: '^[0-9]'
   negate: true
-  match: after
+  match: after

packages/aws/data_stream/emr_logs/fields/ecs.yml

@@ -57,4 +57,4 @@
 - external: ecs
   name: container.name
 - external: ecs
-  name: log.level
+  name: log.level

packages/aws/data_stream/emr_logs/fields/fields.yml

@@ -25,4 +25,4 @@
   description: Process entrypoint.
 - name: process.message
   type: keyword
-  description: Process message.
+  description: Process message.

packages/aws/data_stream/emr_metrics/fields/fields.yml

@@ -1,6 +1,5 @@
 - name: aws
   type: group
-  release: beta
   fields:
     - name: elasticmapreduce
       type: group
@@ -272,4 +271,4 @@
         - name: JobFlowId
           type: keyword
           dimension: true
-          description: Filters metrics by cluster ID.
+          description: Filters metrics by cluster ID.

packages/aws/data_stream/kinesis/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.id
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/lambda/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/natgateway/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/redshift/fields/ecs.yml

@@ -52,4 +52,4 @@
   name: host.type
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/route53_public_logs/fields/ecs.yml

@@ -30,36 +30,14 @@
   name: related.ip
 - external: ecs
   name: related.hosts
-- external: ecs
-  name: source.address
-- external: ecs
-  name: source.ip
-- external: ecs
-  name: source.as.number
-- external: ecs
-  name: source.as.organization.name
-- name: source.geo.city_name
-  external: ecs
 - name: source.geo.continent_name
   external: ecs
 - name: source.geo.country_iso_code
   external: ecs
-- name: source.geo.country_name
-  external: ecs
-- name: source.geo.location
-  external: ecs
-- name: source.geo.region_iso_code
-  external: ecs
-- name: source.geo.region_name
-  external: ecs
 - external: ecs
   name: cloud.account.id
 - external: ecs
   name: cloud.region
-- external: ecs
-  name: ecs.version
-- external: ecs
-  name: error.message
 - external: ecs
   name: source.address
 - external: ecs
@@ -68,10 +46,6 @@
   name: source.as.organization.name
 - external: ecs
   name: source.geo.city_name
-- external: ecs
-  name: source.geo.continent_name
-- external: ecs
-  name: source.geo.country_iso_code
 - external: ecs
   name: source.geo.country_name
 - description: Longitude and latitude.
@@ -84,8 +58,6 @@
   name: source.geo.region_name
 - external: ecs
   name: source.ip
-- external: ecs
-  name: tags
 - external: ecs
   name: host.architecture
 - external: ecs

packages/aws/data_stream/route53_resolver_logs/fields/ecs.yml

@@ -36,24 +36,12 @@
   name: related.hosts
 - external: ecs
   name: source.port
-- external: ecs
-  name: source.address
 - external: ecs
   name: source.ip
-- external: ecs
-  name: source.as.number
 - external: ecs
   name: source.as.organization.name
-- name: source.geo.city_name
-  external: ecs
-- name: source.geo.continent_name
-  external: ecs
 - name: source.geo.country_iso_code
   external: ecs
-- name: source.geo.country_name
-  external: ecs
-- name: source.geo.location
-  external: ecs
 - name: source.geo.region_iso_code
   external: ecs
 - name: source.geo.region_name
@@ -62,36 +50,20 @@
   name: cloud.account.id
 - external: ecs
   name: cloud.region
-- external: ecs
-  name: ecs.version
-- external: ecs
-  name: error.message
 - external: ecs
   name: source.address
 - external: ecs
   name: source.as.number
-- external: ecs
-  name: source.as.organization.name
 - external: ecs
   name: source.geo.city_name
 - external: ecs
   name: source.geo.continent_name
-- external: ecs
-  name: source.geo.country_iso_code
 - external: ecs
   name: source.geo.country_name
 - description: Longitude and latitude.
   level: core
   name: source.geo.location
   type: geo_point
-- external: ecs
-  name: source.geo.region_iso_code
-- external: ecs
-  name: source.geo.region_name
-- external: ecs
-  name: source.ip
-- external: ecs
-  name: tags
 - external: ecs
   name: host.architecture
 - external: ecs

packages/aws/data_stream/s3_storage_lens/fields/fields.yml

@@ -1,6 +1,5 @@
 - name: aws
   type: group
-  release: experimental
   fields:
     - name: s3_storage_lens
       type: group

packages/aws/data_stream/s3access/fields/ecs.yml

@@ -4,8 +4,6 @@
   name: client.ip
 - external: ecs
   name: client.user.id
-- external: ecs
-  name: cloud.provider
 - external: ecs
   name: ecs.version
 - external: ecs

packages/aws/data_stream/sqs/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/usage/fields/ecs.yml

@@ -64,4 +64,4 @@
   name: container.name
 - name: agent.id
   external: ecs
-  dimension: true
+  dimension: true

packages/aws/data_stream/vpcflow/fields/ecs.yml

@@ -78,8 +78,6 @@
   external: ecs
 - name: source.as.organization.name
   external: ecs
-- name: source.as.organization.name
-  external: ecs
 - name: source.bytes
   external: ecs
 - name: source.geo.city_name

packages/aws/data_stream/vpcflow/fields/fields.yml

@@ -93,4 +93,3 @@
       type: keyword
       description: |
         The ID of the sublocation that contains the network interface for which traffic is recorded. If the traffic is not from a sublocation, the field is removed.
-

packages/aws/data_stream/waf/fields/ecs.yml

@@ -2,8 +2,6 @@
   name: source.address
 - external: ecs
   name: source.ip
-- external: ecs
-  name: cloud.provider
 - external: ecs
   name: ecs.version
 - external: ecs

packages/aws/kibana/tags.yml

@@ -0,0 +1,21 @@
+- text: Security Solution
+  asset_ids:
+    - aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb
+    - aws-562bdea0-4ba7-11ec-8282-5342b8988acc
+    - aws-383d4630-63df-11ed-be08-4b4db5223139
+    - aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b
+    - aws-68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c
+    - aws-2ba11b50-4b9d-11ec-8282-5342b8988acc
+    - aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267
+    - aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267
+    - aws-9d21f520-6a36-11ed-b880-2f1b70138655
+    - aws-401261a0-6a39-11ed-b880-2f1b70138655
+    - aws-c9f103d0-5f63-11ed-bd69-473ce047ef30
+    - aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4
+    - aws-f890a5b0-6a3a-11ed-b880-2f1b70138655
+    - aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5
+    - aws-b3169d70-6a38-11ed-b880-2f1b70138655
+    - aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5
+    - aws-df758050-6a49-11ed-b880-2f1b70138655
+    - aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b
+    - aws-15503340-4488-11ea-ad63-791a5dc86f10

packages/aws/manifest.yml

@@ -1,13 +1,11 @@
-format_version: 1.0.0
+format_version: 2.11.0
 name: aws
 title: AWS
-version: 2.2.1
-license: basic
+version: 2.3.0
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories:
   - aws
-release: ga
 conditions:
   kibana.version: "^8.9.0"
 screenshots:

packages/system/data_stream/process/fields/fields.yml

@@ -178,6 +178,7 @@
                   metric_type: counter
                   description: >
                     Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed.
+
                 - name: throttled.periods
                   type: long
                   metric_type: counter
@@ -195,6 +196,7 @@
                   metric_type: counter
                   description: >
                     The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled.
+
             - name: cfs.period.us
               type: long
               metric_type: gauge