From 55899507981764ffc78e0155142f738c0effd8b4 Mon Sep 17 00:00:00 2001 From: Gus Carlock <10844131+jmcarlock@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:02:43 -0500 Subject: [PATCH] Add back custom.yml files to LotL, DGA packages (#10823) * Add back custom.yml files to LotL, DGA packages * add to changelog, bump package manifest version * add `base-fields.yml` to pass tests --- packages/dga/changelog.yml | 5 +++++ packages/dga/fields/base-fields.yml | 12 ++++++++++++ packages/dga/fields/custom.yml | 4 ++++ packages/dga/manifest.yml | 2 +- packages/problemchild/changelog.yml | 5 +++++ packages/problemchild/fields/base-fields.yml | 12 ++++++++++++ packages/problemchild/fields/custom.yml | 6 ++++++ packages/problemchild/manifest.yml | 2 +- 8 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 packages/dga/fields/base-fields.yml create mode 100644 packages/dga/fields/custom.yml create mode 100644 packages/problemchild/fields/base-fields.yml create mode 100644 packages/problemchild/fields/custom.yml diff --git a/packages/dga/changelog.yml b/packages/dga/changelog.yml index 7f34bdd0d1b..4fe69851804 100644 --- a/packages/dga/changelog.yml +++ b/packages/dga/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.4" + changes: + - description: Add fields for integration package testing + type: bugfix + link: https://github.com/elastic/integrations/pull/10823 - version: "2.0.3" changes: - description: Add mapping instructions diff --git a/packages/dga/fields/base-fields.yml b/packages/dga/fields/base-fields.yml new file mode 100644 index 00000000000..4da5428ca93 --- /dev/null +++ b/packages/dga/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. \ No newline at end of file diff --git a/packages/dga/fields/custom.yml b/packages/dga/fields/custom.yml new file mode 100644 index 00000000000..099269908a8 --- /dev/null +++ b/packages/dga/fields/custom.yml @@ -0,0 +1,4 @@ +- name: ml_is_dga.malicious_prediction + type: long +- name: ml_is_dga.malicious_probability + type: float \ No newline at end of file diff --git a/packages/dga/manifest.yml b/packages/dga/manifest.yml index 1a73360443a..931ef24ce7a 100644 --- a/packages/dga/manifest.yml +++ b/packages/dga/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.2.0 name: dga title: "Domain Generation Algorithm Detection" -version: 2.0.3 +version: 2.0.4 source: license: "Elastic-2.0" description: "ML solution package to detect domain generation algorithm (DGA) activity in your network data." diff --git a/packages/problemchild/changelog.yml b/packages/problemchild/changelog.yml index ff4fe21a325..e9193a0405d 100644 --- a/packages/problemchild/changelog.yml +++ b/packages/problemchild/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.5" + changes: + - description: Add fields for integration package testing + type: bugfix + link: https://github.com/elastic/integrations/pull/10823 - version: "2.1.4" changes: - description: Add mapping instructions diff --git a/packages/problemchild/fields/base-fields.yml b/packages/problemchild/fields/base-fields.yml new file mode 100644 index 00000000000..4da5428ca93 --- /dev/null +++ b/packages/problemchild/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. \ No newline at end of file diff --git a/packages/problemchild/fields/custom.yml b/packages/problemchild/fields/custom.yml new file mode 100644 index 00000000000..5efea275ecf --- /dev/null +++ b/packages/problemchild/fields/custom.yml @@ -0,0 +1,6 @@ +- name: problemchild.prediction + type: long +- name: problemchild.prediction_probability + type: float +- name: blocklist_label + type: long \ No newline at end of file diff --git a/packages/problemchild/manifest.yml b/packages/problemchild/manifest.yml index 09879df7484..fa9cdb2c76f 100644 --- a/packages/problemchild/manifest.yml +++ b/packages/problemchild/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: problemchild title: "Living off the Land Attack Detection" -version: 2.1.4 +version: 2.1.5 source: license: "Elastic-2.0" description: "ML solution package to detect Living off the Land (LotL) attacks in your environment. Requires a Platinum subscription."