[AWS] Migrate AWS package to ecs@mappings (#10223)

* [aws] - change to ECS version [email protected] * update changelog.yml * update readme * update readme * update event.category and event.type values from string to array * update sample_event.json for cloudfront_logs, s3access and waf data streams * update allowed and denied values in event.type field * revert event.category changes from ecs.yml file and add api value to event.category * update event.category for waf data stream from api to network * remove error and cloud fields from ecs.yml --------- Co-authored-by: niraj-elastic <[email protected]>
elastic · Jul 5, 2024 · 185d530 · 185d530
1 parent 84c4e32
commit 185d530
Show file tree

Hide file tree

Showing 223 changed files with 3,246 additions and 8,047 deletions.
diff --git a/packages/aws/_dev/build/build.yml b/packages/aws/_dev/build/build.yml
@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: git@v8.10.0
+ reference: "git@v8.11.0"
diff --git a/packages/aws/_dev/build/docs/apigateway.md b/packages/aws/_dev/build/docs/apigateway.md
@@ -65,10 +65,18 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "apigateway_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "apigateway_metrics"}}
 
 ## Logs reference
 
 {{event "apigateway_logs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "apigateway_logs"}}
diff --git a/packages/aws/_dev/build/docs/billing.md b/packages/aws/_dev/build/docs/billing.md
@@ -51,4 +51,8 @@ An example event for `billing` looks as following:
 
 {{event "billing"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "billing"}}
diff --git a/packages/aws/_dev/build/docs/cloudfront.md b/packages/aws/_dev/build/docs/cloudfront.md
@@ -46,6 +46,10 @@ For step-by-step instructions on how to set up an integration, see the
 The `cloudfront` data stream collects standard logs (also called access logs) from AWS CloudFront.
 CloudFront standard logs provide detailed records about every request that’s made to a distribution.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "cloudfront_logs"}}
 
 {{event "cloudfront_logs"}}
diff --git a/packages/aws/_dev/build/docs/cloudtrail.md b/packages/aws/_dev/build/docs/cloudtrail.md
@@ -68,6 +68,10 @@ files to a specific Amazon S3 bucket.
 of the CloudTrail Digest S3 Objects you'd like to read.
 If blank, CloudTrail Digest logs will be skipped.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "cloudtrail"}}
 
 {{event "cloudtrail"}}
diff --git a/packages/aws/_dev/build/docs/cloudwatch.md b/packages/aws/_dev/build/docs/cloudwatch.md
@@ -63,6 +63,10 @@ The `number_of_workers` setting defines the number of workers assigned to readin
 The `cloudwatch` data stream collects CloudWatch logs. Users can use Amazon
 CloudWatch logs to monitor, store, and access log files from different sources.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "cloudwatch_logs"}}
 
 {{event "cloudwatch_logs"}}
@@ -71,4 +75,8 @@ CloudWatch logs to monitor, store, and access log files from different sources.
 
 {{event "cloudwatch_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "cloudwatch_metrics"}}
diff --git a/packages/aws/_dev/build/docs/dynamodb.md b/packages/aws/_dev/build/docs/dynamodb.md
@@ -45,4 +45,8 @@ An example event for `dynamodb` looks like this:
 
 {{event "dynamodb"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "dynamodb"}}
diff --git a/packages/aws/_dev/build/docs/ebs.md b/packages/aws/_dev/build/docs/ebs.md
@@ -45,4 +45,8 @@ An example event for `ebs` looks like this:
 
 {{event "ebs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "ebs"}}
diff --git a/packages/aws/_dev/build/docs/ec2.md b/packages/aws/_dev/build/docs/ec2.md
@@ -66,6 +66,10 @@ For logs stored in S3, you must export logs from log groups to an Amazon S3 buck
 With this data stream, EC2 logs will be parsed into fields like `ip_address`
 and `process.name`. For logs from other services, please use the **AWS CloudWatch** integration.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "ec2_logs"}}
 
 {{event "ec2_logs"}}
@@ -74,4 +78,8 @@ and `process.name`. For logs from other services, please use the **AWS CloudWatc
 
 {{event "ec2_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "ec2_metrics"}}
diff --git a/packages/aws/_dev/build/docs/ecs.md b/packages/aws/_dev/build/docs/ecs.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "ecs_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "ecs_metrics"}}
diff --git a/packages/aws/_dev/build/docs/elb.md b/packages/aws/_dev/build/docs/elb.md
@@ -69,6 +69,10 @@ The `number_of_workers` setting defines the number of workers assigned to readin
 
 The `elb` dataset collects logs from AWS ELBs.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "elb_logs"}}
 
 {{event "elb_logs"}}
@@ -77,4 +81,8 @@ The `elb` dataset collects logs from AWS ELBs.
 
 {{event "elb_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "elb_metrics"}}
diff --git a/packages/aws/_dev/build/docs/emr.md b/packages/aws/_dev/build/docs/emr.md
@@ -44,10 +44,18 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "emr_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "emr_metrics"}}
 
 ## Logs reference
 
 {{event "emr_logs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "emr_logs"}}
diff --git a/packages/aws/_dev/build/docs/firewall.md b/packages/aws/_dev/build/docs/firewall.md
@@ -65,6 +65,10 @@ monitor network activity.
 
 {{event "firewall_logs" }}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "firewall_logs"}}
 
 ## Metrics reference
@@ -73,4 +77,8 @@ The `firewall_metrics` dataset collects AWS Network Firewall metrics.
 
 {{event "firewall_metrics" }}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "firewall_metrics"}}
diff --git a/packages/aws/_dev/build/docs/guardduty.md b/packages/aws/_dev/build/docs/guardduty.md
@@ -83,4 +83,8 @@ This is the [`GuardDuty`](https://docs.aws.amazon.com/guardduty/latest/APIRefere
 
 {{event "guardduty"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "guardduty"}}
diff --git a/packages/aws/_dev/build/docs/inspector.md b/packages/aws/_dev/build/docs/inspector.md
@@ -30,4 +30,8 @@ This is the [`Inspector`](https://docs.aws.amazon.com/inspector/v2/APIReference/
 
 {{event "inspector"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "inspector"}}
diff --git a/packages/aws/_dev/build/docs/kafka.md b/packages/aws/_dev/build/docs/kafka.md
@@ -45,4 +45,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "kafka_metrics"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "kafka_metrics"}}
diff --git a/packages/aws/_dev/build/docs/kinesis.md b/packages/aws/_dev/build/docs/kinesis.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "kinesis"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "kinesis"}}
diff --git a/packages/aws/_dev/build/docs/lambda.md b/packages/aws/_dev/build/docs/lambda.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "lambda"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "lambda"}}
diff --git a/packages/aws/_dev/build/docs/natgateway.md b/packages/aws/_dev/build/docs/natgateway.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "natgateway"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "natgateway"}}
diff --git a/packages/aws/_dev/build/docs/rds.md b/packages/aws/_dev/build/docs/rds.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "rds"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "rds"}}
diff --git a/packages/aws/_dev/build/docs/redshift.md b/packages/aws/_dev/build/docs/redshift.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the {{ url "g
 
 {{event "redshift" }}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "redshift"}}
diff --git a/packages/aws/_dev/build/docs/route53.md b/packages/aws/_dev/build/docs/route53.md
@@ -69,6 +69,10 @@ See the [Route 53 Documentation](https://docs.aws.amazon.com/Route53/latest/Deve
 
 {{event "route53_public_logs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "route53_public_logs"}}
 
 ### Resolver logs
@@ -87,4 +91,8 @@ See the [Route 53 Documentation](https://docs.aws.amazon.com/Route53/latest/Deve
 
 {{event "route53_resolver_logs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "route53_resolver_logs"}}
diff --git a/packages/aws/_dev/build/docs/s3.md b/packages/aws/_dev/build/docs/s3.md
@@ -51,6 +51,10 @@ Server access logs are useful for many applications. For example, access log
 information can be useful in security and access audits. It can also help users
 to learn about customer base and understand Amazon S3 bill.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "s3access"}}
 
 {{event "s3access"}}
@@ -61,10 +65,18 @@ to learn about customer base and understand Amazon S3 bill.
 
 {{event "s3_daily_storage"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "s3_daily_storage"}}
 
 ### s3_request
 
 {{event "s3_request"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "s3_request"}}
diff --git a/packages/aws/_dev/build/docs/s3_storage_lens.md b/packages/aws/_dev/build/docs/s3_storage_lens.md
@@ -40,4 +40,8 @@ For step-by-step instructions on how to set up an integration, see the {{ url "g
 
 {{event "s3_storage_lens"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "s3_storage_lens"}}
diff --git a/packages/aws/_dev/build/docs/securityhub.md b/packages/aws/_dev/build/docs/securityhub.md
@@ -31,6 +31,10 @@ This is the [`securityhub_findings`](https://docs.aws.amazon.com/securityhub/1.0
 
 {{event "securityhub_findings"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "securityhub_findings"}}
 
 ### Insights
@@ -39,4 +43,8 @@ This is the [`securityhub_insights`](https://docs.aws.amazon.com/securityhub/1.0
 
 {{event "securityhub_insights"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "securityhub_insights"}}
diff --git a/packages/aws/_dev/build/docs/sns.md b/packages/aws/_dev/build/docs/sns.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "sns"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "sns"}}
diff --git a/packages/aws/_dev/build/docs/sqs.md b/packages/aws/_dev/build/docs/sqs.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "sqs"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "sqs"}}
diff --git a/packages/aws/_dev/build/docs/transitgateway.md b/packages/aws/_dev/build/docs/transitgateway.md
@@ -41,4 +41,8 @@ For step-by-step instructions on how to set up an integration, see the
 
 {{event "transitgateway"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "transitgateway"}}
diff --git a/packages/aws/_dev/build/docs/usage.md b/packages/aws/_dev/build/docs/usage.md
@@ -43,4 +43,8 @@ An example event for `usage`looks like this:
 
 {{event "usage"}}
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "usage"}}
diff --git a/packages/aws/_dev/build/docs/vpcflow.md b/packages/aws/_dev/build/docs/vpcflow.md
@@ -80,6 +80,10 @@ The `number_of_workers` setting defines the number of workers assigned to readin
 
 > Note: The Parquet format is not supported.
 
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
 {{fields "vpcflow"}}
 
 {{event "vpcflow"}}