Update Deployment and Devices integrations to ECS 8.16.0 (part 1) #12119
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/arista_ngfw
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cef
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/checkpoint
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_aironet
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_asa
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_ftd
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_ios
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_ise
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_nexus
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/cisco_secure_email_gateway
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.16.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.16.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.16.0 [email protected] -pr=999999 packages/citrix_waf
taylor-swanson
added
enhancement
🚀 Benchmarks reportTo see the full report comment with |
|
💚 Build Succeeded
|
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
dwhyrock
reviewed
Dec 17, 2024
| @@ -793,5 +793,5 @@ An example event for `firewall` looks as following: | |||
| | user_agent.name | Name of the user agent. | keyword | | |||
| | user_agent.original | Unparsed user_agent string. | keyword | | |||
| | user_agent.original.text | Multi-field of `user_agent.original`. | match_only_text | | |||
| | vulnerability.id | The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] | keyword | | |||
| | vulnerability.id | The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id[Common Vulnerabilities and Exposure CVE ID]) | keyword | | |||
There was a problem hiding this comment.
This doesn't look correct in the rich diff.
Shouldn't it be something like [Common Vulnerabilities and Exposure CVE ID](https://cve.mitre.org/about/faqs.html#what_is_cve_id) ?
There was a problem hiding this comment.
Oh good catch.
Let me go check ECS, I didn't hand write that, that's pulled directly from the ECS definition (but this could also be an issue with how elastic-package is rendering the markdown).
There was a problem hiding this comment.
Here's the related PR: elastic/ecs#2328
The links render correctly for the ECS docs, but the syntax used for the link is not valid markdown. The integrations doc site seems to use the readme markdown more or less directly, so that will have problems, too.
For comparison, the threat fields do not use a special markup, but rather use the link directly. The ECS docs and the integration readme page in Kibana (Suricata is an example), and the integrations doc site all enrich the URL into a link. Seems like we don't need any special markup here (unless you want to hide the URL behind friendly text, but that doesn't work if it doesn't render correctly).
Unfortunately, this would need to be fixed in ECS, first. Manually fixing it here won't help, since any re-render of the readme from here will just bring the issue back. It just so happens there's an ECS meeting today. I'll bring this issue up there and see where we go from here.
andrewkroh
added
Integration:arista_ngfw
andrewkroh
added
Integration:checkpoint
dwhyrock
approved these changes
Dec 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Updates the following integrations to ECS 8.16.0:
Checklist
changelog.ymlfile.[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practicesRelated issues