Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ECS] Update SEI packages to ECS 8.11.0 (Part 3) #8436

Merged
merged 49 commits into from Nov 10, 2023
Merged

[ECS] Update SEI packages to ECS 8.11.0 (Part 3) #8436

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
de64917
[qualys_vmdr] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
4ab85f9
[radware] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
ae82f8c
[rapid7_insightvm] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
a06c360
[santa] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
ee180e0
[sentinel_one] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
9b3bb42
[sentinel_one_cloud_funnel] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
ce55d24
[slack] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
3ef5c51
[snort] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
2a96923
[snyk] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
0c47729
[sonicwall_firewall] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
580e9ed
[sophos] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
911bfa0
[sophos_central] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
db9e7d7
[squid] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
7ae23c9
[suricata] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
b88ce78
[symantec_edr_cloud] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
0808d85
[symantec_endpoint] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
cd09928
[sysmon_linux] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
1b33307
[system_audit] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
e09c865
[tanium] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
cae3bce
[tcp] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
fdaf7b0
[tenable_io] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
37627d9
[tenable_sc] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
a40042c
[thycotic_ss] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
87657ff
[ti_abusech] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
b3d8603
[ti_anomali] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
0c4fcb3
[ti_cif3] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
ecc2833
[ti_cybersixgill] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
f219bb3
[ti_maltiverse] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
7c5ac84
[ti_misp] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
03493f5
[ti_opencti] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
6343807
[ti_otx] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
767017d
[ti_rapid7_threat_command] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
fdf3d28
[ti_recordedfuture] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
87a4619
[ti_threatq] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
ea6cc7d
[tines] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
b1867d8
[trellix_edr_cloud] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
7c516d3
[trellix_epo_cloud] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
b2e6df2
[trend_micro_vision_one] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
f351a78
[trendmicro] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
0aae7e5
[udp] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
3e69781
[vectra_detect] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
9817b10
[winlog] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
c97a9aa
[wiz] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
3725def
[zeek] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
0971eb3
[zerofox] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
bae80b9
[zeronetworks] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
b2e3b33
[zoom] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
9d02ae6
[zscaler_zia] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
a596e76
[zscaler_zpa] - change to ECS version git@v8.11.0
chemamartinez Nov 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion packages/qualys_vmdr/_dev/build/build.yml
View file
Open in desktop
@@ -1,4 +1,4 @@
dependencies:
ecs:
reference: "git@v8.10.0"
reference: "git@v8.11.0"
import_mappings: true
5 changes: 5 additions & 0 deletions packages/qualys_vmdr/changelog.yml
View file
Open in desktop
@@ -1,4 +1,9 @@
# newer versions go on top
- version: 0.7.0
changes:
- description: ECS version updated to 8.11.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/8436
- version: 0.6.0
changes:
- description: Add request tracer logging to integration.
Expand Down
14 changes: 7 additions & 7 deletions ...tream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log-expected.json
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@
}
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -222,7 +222,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -335,7 +335,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -453,7 +453,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -565,7 +565,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -635,7 +635,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -731,7 +731,7 @@
}
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down
2 changes: 1 addition & 1 deletion ...es/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Expand Up @@ -4,7 +4,7 @@ processors:
- set:
field: ecs.version
tag: set_ecs_version
value: 8.10.0
value: 8.11.0
- set:
field: event.kind
tag: set_event_kind_1
Expand Down
1 change: 1 addition & 0 deletions packages/qualys_vmdr/data_stream/asset_host_detection/manifest.yml
View file
Open in desktop
Expand Up @@ -77,3 +77,4 @@ streams:
show_user: false
description: >
The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.

4 changes: 2 additions & 2 deletions packages/qualys_vmdr/data_stream/asset_host_detection/sample_event.json
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "50e7e437-d3fc-4872-8bd1-0da718796b4a",
Expand Down Expand Up @@ -92,4 +92,4 @@
"forwarded",
"qualys_vmdr-asset_host_detection"
]
}
}
6 changes: 3 additions & 3 deletions ..._vmdr/data_stream/knowledge_base/_dev/test/pipeline/test-knowledge-base.log-expected.json
View file
Open in desktop
Expand Up @@ -3,7 +3,7 @@
{
"@timestamp": "2023-06-06T06:02:45.000Z",
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -209,7 +209,7 @@
{
"@timestamp": "2023-06-06T06:02:45.000Z",
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -319,7 +319,7 @@
{
"@timestamp": "2023-06-06T06:02:45.000Z",
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down
2 changes: 1 addition & 1 deletion packages/qualys_vmdr/data_stream/knowledge_base/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Expand Up @@ -4,7 +4,7 @@ processors:
- set:
field: ecs.version
tag: set_ecs_version
value: 8.10.0
value: 8.11.0
- set:
field: event.kind
tag: set_event_kind_1
Expand Down
1 change: 1 addition & 0 deletions packages/qualys_vmdr/data_stream/knowledge_base/manifest.yml
View file
Open in desktop
Expand Up @@ -77,3 +77,4 @@ streams:
show_user: false
description: >
The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.

4 changes: 2 additions & 2 deletions packages/qualys_vmdr/data_stream/knowledge_base/sample_event.json
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "09fa5e8b-ac5e-4ecf-a0cb-264fb54f1062",
Expand Down Expand Up @@ -71,4 +71,4 @@
],
"severity": "Low"
}
}
}
6 changes: 4 additions & 2 deletions packages/qualys_vmdr/docs/README.md
View file
Open in desktop
Expand Up @@ -102,7 +102,7 @@ An example event for `asset_host_detection` looks as following:
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "50e7e437-d3fc-4872-8bd1-0da718796b4a",
Expand Down Expand Up @@ -182,6 +182,7 @@ An example event for `asset_host_detection` looks as following:
"qualys_vmdr-asset_host_detection"
]
}

```

**Exported fields**
Expand Down Expand Up @@ -303,7 +304,7 @@ An example event for `knowledge_base` looks as following:
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "09fa5e8b-ac5e-4ecf-a0cb-264fb54f1062",
Expand Down Expand Up @@ -362,6 +363,7 @@ An example event for `knowledge_base` looks as following:
"severity": "Low"
}
}

```

**Exported fields**
Expand Down
2 changes: 1 addition & 1 deletion packages/qualys_vmdr/manifest.yml
View file
Open in desktop
@@ -1,7 +1,7 @@
format_version: "3.0.0"
name: qualys_vmdr
title: Qualys VMDR
version: "0.6.0"
version: "0.7.0"
description: Collect data from Qualys VMDR platform with Elastic Agent.
type: integration
categories:
Expand Down
2 changes: 1 addition & 1 deletion packages/radware/_dev/build/build.yml
View file
Open in desktop
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: "git@v8.10.0"
reference: "git@v8.11.0"
5 changes: 5 additions & 0 deletions packages/radware/changelog.yml
View file
Open in desktop
@@ -1,4 +1,9 @@
# newer versions go on top
- version: 0.18.0
changes:
- description: ECS version updated to 8.11.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/8436
- version: 0.17.0
changes:
- description: ECS version updated to 8.10.0.
Expand Down
2 changes: 1 addition & 1 deletion packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Expand Up @@ -4,7 +4,7 @@ description: Pipeline for Radware DefensePro
processors:
- set:
field: ecs.version
value: '8.10.0'
value: '8.11.0'
# User agent
- user_agent:
field: user_agent.original
Expand Down
2 changes: 1 addition & 1 deletion packages/radware/manifest.yml
View file
Open in desktop
@@ -1,7 +1,7 @@
format_version: 2.7.0
name: radware
title: Radware DefensePro Logs
version: "0.17.0"
version: "0.18.0"
description: Collect defensePro logs from Radware devices with Elastic Agent.
categories: ["security"]
type: integration
Expand Down
2 changes: 1 addition & 1 deletion packages/rapid7_insightvm/_dev/build/build.yml
View file
Open in desktop
@@ -1,4 +1,4 @@
dependencies:
ecs:
reference: "git@v8.10.0"
reference: "git@v8.11.0"
import_mappings: true
5 changes: 5 additions & 0 deletions packages/rapid7_insightvm/changelog.yml
View file
Open in desktop
@@ -1,4 +1,9 @@
# newer versions go on top
- version: 1.7.0
changes:
- description: ECS version updated to 8.11.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/8436
- version: "1.6.0"
changes:
- description: Improve 'event.original' check to avoid errors if set.
Expand Down
4 changes: 2 additions & 2 deletions packages/rapid7_insightvm/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"expected": [
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -78,7 +78,7 @@
},
{
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down
2 changes: 1 addition & 1 deletion packages/rapid7_insightvm/data_stream/asset/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for processing Rapid7 InsightVM Asset logs.
processors:
- set:
field: ecs.version
value: '8.10.0'
value: '8.11.0'
- set:
field: event.kind
value: state
Expand Down
4 changes: 2 additions & 2 deletions packages/rapid7_insightvm/data_stream/asset/sample_event.json
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
Expand Down Expand Up @@ -100,4 +100,4 @@
"forwarded",
"rapid7_insightvm-asset"
]
}
}
4 changes: 2 additions & 2 deletions ...sightvm/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json
View file
Open in desktop
Expand Up @@ -3,7 +3,7 @@
{
"@timestamp": "2018-06-08T00:00:00.000Z",
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -172,7 +172,7 @@
{
"@timestamp": "2018-06-08T00:00:00.000Z",
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"event": {
"category": [
Expand Down
2 changes: 1 addition & 1 deletion ...ages/rapid7_insightvm/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for processing Rapid7 InsightVM Vulnerability logs.
processors:
- set:
field: ecs.version
value: '8.10.0'
value: '8.11.0'
- set:
field: event.kind
value: event
Expand Down
4 changes: 2 additions & 2 deletions packages/rapid7_insightvm/data_stream/vulnerability/sample_event.json
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
Expand Down Expand Up @@ -171,4 +171,4 @@
},
"severity": "critical"
}
}
}
6 changes: 4 additions & 2 deletions packages/rapid7_insightvm/docs/README.md
View file
Open in desktop
Expand Up @@ -52,7 +52,7 @@ An example event for `asset` looks as following:
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
Expand Down Expand Up @@ -140,6 +140,7 @@ An example event for `asset` looks as following:
"rapid7_insightvm-asset"
]
}

```

**Exported fields**
Expand Down Expand Up @@ -252,7 +253,7 @@ An example event for `vulnerability` looks as following:
"type": "logs"
},
"ecs": {
"version": "8.10.0"
"version": "8.11.0"
},
"elastic_agent": {
"id": "c157ef08-38bb-40dd-bae1-c6bc8c8f02fa",
Expand Down Expand Up @@ -411,6 +412,7 @@ An example event for `vulnerability` looks as following:
"severity": "critical"
}
}

```

**Exported fields**
Expand Down
2 changes: 1 addition & 1 deletion packages/rapid7_insightvm/manifest.yml
View file
Open in desktop
@@ -1,7 +1,7 @@
format_version: "3.0.0"
name: rapid7_insightvm
title: Rapid7 InsightVM
version: "1.6.0"
version: "1.7.0"
source:
license: "Elastic-2.0"
description: Collect logs from Rapid7 InsightVM with Elastic Agent.
Expand Down
2 changes: 1 addition & 1 deletion packages/santa/_dev/build/build.yml
View file
Open in desktop
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: "git@v8.10.0"
reference: "git@v8.11.0"