cisco_asa,cisco_ftd,microsoft_defender_endpoint,proofpoint_tap,slack: ensure event.type holds ECS-compliant values

[efd6]

What does this PR do?

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Ref github: give greater instructions for commit messages #7904 (comment)

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-09-22T00:54:04.564+0000

• Duration: 17 min 14 sec

Test stats 🧪

Test	Results
Failed	0
Passed	94
Skipped	0
Total	94

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (9/9)	💚
Files	100.0% (55/55)	💚 1.481
Classes	100.0% (55/55)	💚 1.481
Methods	99.298% (283/285)	👍 1.65
Lines	85.41% (7909/9260)	👎 -8.209
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

What has me confused here is how we ended up with these in this state in the repo, unless it is because EP now tests this and previously (when they were last touched) did not. @jsoriano Does bumping the EP version not cause all packages to be tested? Oh, it seems it does, but failures are tolerated and no notification is sent to the package owners.

[jsoriano]

What has me confused here is how we ended up with these in this state in the repo

Hey @efd6, sorry for the confusion.

There was a regression in field values validation introduced in elastic-package 0.84.0, see elastic/elastic-package#1439.

When fixing it in elastic-package 0.87.1, we decided to force merge the update in the integrations repository, even if it was failing for a number of packages, to avoid introducing the issue in more packages. See these comments elastic/elastic-package#1439 (comment)

[andrewkroh]

Suggested change

	- description: Ensure `event.type` is not set to ECS-noncompliant values.
	- description: Ensure `event.type` is set to ECS-compliant values.

🤷 wdyt?

[efd6]

I was thinking about that, to avoid the double negative, but they're semantically non-overlapping. It looks like the point is moot, since I think this was fixed in work by @kgeller.

[kgeller]

Hey @efd6 I've been working through fixing these as I go through the ECS 8.10 updates, since they all cause the update tool to fail.

I merged PRs for cisco_asa and cisco_ftd already, and have several of the others up that are linked to the ECS update issue and the elastic-package issue. I think by the time I finish, it should encompass what you've got here.