Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ECS] Upgrade modules to 1.8 #23118

Closed
86 of 89 tasks
andrewstucki opened this issue Dec 14, 2020 · 3 comments · Fixed by #23465
Closed
86 of 89 tasks

[ECS] Upgrade modules to 1.8 #23118

andrewstucki opened this issue Dec 14, 2020 · 3 comments · Fixed by #23465
Labels
7.13 candidate ecs enhancement Theme: just_ingest_it v7.12.0

Comments

@andrewstucki
Copy link
Contributor

andrewstucki commented Dec 14, 2020
edited by marc-gr
Loading

This is to track changes needed to upgrade modules to ECS 1.8:

  • After 1.8 is released, update ecs dependency to 1.8

Carry-over from 1.7 upgrade:

Add os.type field:

New event.category value registry:

New event.category value session:

Multiple users in an event elastic/ecs#914:
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@navilg

This comment has been minimized.

Sign in to view
@andrewstucki
Copy link
Contributor Author

@navilg thanks for your interest in beats. A couple of things.

  1. AFAIK we migrated all of our tooling to Python 3 some months back, just prior to Python 2 being EOL, so I don't believe this is a problem.
  2. This issue is unrelated to to Python and has to do with schema changes from Elastic Common Schema being incorporated into the project.
  3. If, on the off chance you wish to disclose any security issues, please follow the guide at https://www.elastic.co/community/security and email [email protected] for responsible disclosure

Thank you!

@adriansr adriansr mentioned this issue Jan 13, 2021
Merged
28 tasks
adriansr added a commit to adriansr/beats that referenced this issue Feb 2, 2021
@adriansr
add_host_metadata: populate host.os.type
fa42ee7 
Adds the host.os.type field introduced by ECS 1.8.0.

Possible values for this field are:
- linux
- macos
- unix
- windows

The field will be missing for OSes not in the list.

Related elastic#23118
adriansr added a commit that referenced this issue Feb 2, 2021
@adriansr
Add os.type field from ECS 1.8 (#23513)
d8cfad6 
Adds the host.os.type field introduced by ECS 1.8.0.

Possible values for this field are:
- linux
- macos
- unix
- windows

The field will be missing for OSes not in the list.

Related #23118
@ebeahan ebeahan mentioned this issue Feb 2, 2021
Merged
@adriansr adriansr mentioned this issue Feb 8, 2021
Merged
4 tasks
adriansr added a commit that referenced this issue Feb 16, 2021
@adriansr @marc-gr
Update Beats to ECS 1.8.0 (#23465)
048c3cc 
Incorporates ECS 1.8 changes from the following PRs:

Support host.type field in add_host_metadata processor and Auditbeat's system/host #23513

Winlogbeat #23563

Auditbeat auditd #23594

Journalbeat #23737

Packetbeat #23783

Filebeat:
    auditd #23723
    cisco #23819
    cef #23832
    crowdstrike falcon #23875
    fortinet firewall #23902
    microsoft #23897
    elasticsearch/audit #24000
    Gsuite/Workspace #23709
    o365 #23896
    zoom #23904
    okta #23929
    aws/cloudtrail #23911
    aws/s3access #23920
    azure #23927
    juniper/srx #23936
    panw #23931
    sophos/xg #23967
    system/auth #23961
    mysqlenterprise #23978
    zeek #23847

Make all Beats and modules report ECS 1.8.0 #23992

Closes #23118

Co-authored-by: Marc Guasch <[email protected]>
@adriansr adriansr mentioned this issue Feb 16, 2021
Merged
28 tasks
adriansr added a commit to adriansr/beats that referenced this issue Feb 17, 2021
@adriansr
Update Beats to ECS 1.8.0 (elastic#23465)
5ca7510 
Incorporates ECS 1.8 changes from the following PRs:

Support host.type field in add_host_metadata processor and Auditbeat's system/host elastic#23513

Winlogbeat elastic#23563

Auditbeat auditd elastic#23594

Journalbeat elastic#23737

Packetbeat elastic#23783

Filebeat:
    auditd elastic#23723
    cisco elastic#23819
    cef elastic#23832
    crowdstrike falcon elastic#23875
    fortinet firewall elastic#23902
    microsoft elastic#23897
    elasticsearch/audit elastic#24000
    Gsuite/Workspace elastic#23709
    o365 elastic#23896
    zoom elastic#23904
    okta elastic#23929
    aws/cloudtrail elastic#23911
    aws/s3access elastic#23920
    azure elastic#23927
    juniper/srx elastic#23936
    panw elastic#23931
    sophos/xg elastic#23967
    system/auth elastic#23961
    mysqlenterprise elastic#23978
    zeek elastic#23847

Make all Beats and modules report ECS 1.8.0 elastic#23992

Closes elastic#23118

Co-authored-by: Marc Guasch <[email protected]>
(cherry picked from commit 048c3cc)
adriansr added a commit that referenced this issue Feb 17, 2021
@adriansr
Cherry-pick #23465 to 7.x: Update Beats to ECS 1.8.0 (#24072)
9d1db61 
Incorporates ECS 1.8 changes from the following PRs:

Support host.type field in add_host_metadata processor and Auditbeat's system/host #23513

Winlogbeat #23563

Auditbeat auditd #23594

Journalbeat #23737

Packetbeat #23783

Filebeat:
    auditd #23723
    cisco #23819
    cef #23832
    crowdstrike falcon #23875
    fortinet firewall #23902
    microsoft #23897
    elasticsearch/audit #24000
    Gsuite/Workspace #23709
    o365 #23896
    zoom #23904
    okta #23929
    aws/cloudtrail #23911
    aws/s3access #23920
    azure #23927
    juniper/srx #23936
    panw #23931
    sophos/xg #23967
    system/auth #23961
    mysqlenterprise #23978
    zeek #23847

Make all Beats and modules report ECS 1.8.0 #23992

Closes #23118

Co-authored-by: Marc Guasch <[email protected]>

(cherry picked from commit 048c3cc)
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
@adriansr
Add os.type field from ECS 1.8 (elastic#23513)
1495059 
Adds the host.os.type field introduced by ECS 1.8.0.

Possible values for this field are:
- linux
- macos
- unix
- windows

The field will be missing for OSes not in the list.

Related elastic#23118
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
7.13 candidate ecs enhancement Theme: just_ingest_it v7.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Beats to ECS 1.8.0 elastic/beats
4 participants
@andrewstucki @elasticmachine @navilg @jamiehynds