Skip to content

Commit

Permalink
Update Beats to ECS 1.8.0 (elastic#23465)
Browse files Browse the repository at this point in the history
Incorporates ECS 1.8 changes from the following PRs:

Support host.type field in add_host_metadata processor and Auditbeat's system/host elastic#23513

Winlogbeat elastic#23563

Auditbeat auditd elastic#23594

Journalbeat elastic#23737

Packetbeat elastic#23783

Filebeat:
    auditd elastic#23723
    cisco elastic#23819
    cef elastic#23832
    crowdstrike falcon elastic#23875
    fortinet firewall elastic#23902
    microsoft elastic#23897
    elasticsearch/audit elastic#24000
    Gsuite/Workspace elastic#23709
    o365 elastic#23896
    zoom elastic#23904
    okta elastic#23929
    aws/cloudtrail elastic#23911
    aws/s3access elastic#23920
    azure elastic#23927
    juniper/srx elastic#23936
    panw elastic#23931
    sophos/xg elastic#23967
    system/auth elastic#23961
    mysqlenterprise elastic#23978
    zeek elastic#23847

Make all Beats and modules report ECS 1.8.0 elastic#23992

Closes elastic#23118

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
(cherry picked from commit 048c3cc)
  • Loading branch information
adriansr committed Feb 17, 2021
1 parent 94b6732 commit 5ca7510
Show file tree
Hide file tree
Showing 504 changed files with 26,491 additions and 3,810 deletions.
32 changes: 28 additions & 4 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972]
- Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025]
- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709]
- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920]
- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904]

*Heartbeat*

Expand Down Expand Up @@ -390,6 +392,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629]
- Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678]
- Add deployment name in pod's meta. {pull}23610[23610]
- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513]
- Add `selector` information in kubernetes services' metadata. {pull}23730[23730]

*Auditbeat*
Expand All @@ -402,6 +405,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647]
- Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000]
- Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170]
- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513]
- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118]

*Filebeat*

Expand Down Expand Up @@ -543,6 +548,26 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Move aws-s3 input to GA. {pull}23631[23631]
- Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721]
- Added string splitting for httpjson input {pull}24022[24022]
- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819]
- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709]
- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875]
- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118]
- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118]
- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896]
- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832]
- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902]
- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847]
- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927]
- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920]
- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931]
- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911]
- Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936]
- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978]
- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967]
- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961]
- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000]
- Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929]
- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118]

*Heartbeat*

Expand All @@ -551,6 +576,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d

*Heartbeat*

- Update Journalbeat to ECS 1.8. {pull}23737[23737]

*Heartbeat*

Expand Down Expand Up @@ -632,6 +658,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
*Packetbeat*


- Upgrade to ECS 1.8.0. {pull}23783[23783]

*Functionbeat*

Expand All @@ -652,6 +679,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add additional event categorization for security and sysmon modules. {pull}22988[22988]
- Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046]
- Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684]
- Add new ECS 1.8 improvements. {pull}23563[23563]

*Elastic Log Driver*

Expand Down Expand Up @@ -685,7 +713,3 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
==== Known Issue

*Journalbeat*




12 changes: 6 additions & 6 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5891,11 +5891,11 @@ This Agreement is governed by the laws of the State of New York and the intellec

--------------------------------------------------------------------------------
Dependency : github.com/elastic/ecs
Version: v1.6.0
Version: v1.0.0-beta2.0.20210202203518-638aa2bb5271
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.6.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.0.0-beta2.0.20210202203518-638aa2bb5271/LICENSE.txt:


Apache License
Expand Down Expand Up @@ -6547,11 +6547,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.0

--------------------------------------------------------------------------------
Dependency : github.com/elastic/go-libaudit/v2
Version: v2.1.0
Version: v2.2.0
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.1.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.2.0/LICENSE.txt:


Apache License
Expand Down Expand Up @@ -7665,11 +7665,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-structform@v

--------------------------------------------------------------------------------
Dependency : github.com/elastic/go-sysinfo
Version: v1.3.0
Version: v1.5.0
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.3.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.5.0/LICENSE.txt:


Apache License
Expand Down
21 changes: 0 additions & 21 deletions auditbeat/_meta/fields.common.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,27 +66,6 @@
type: keyword
description: Audit user name.

- name: effective
type: group
description: Effective user information.
fields:
- name: id
type: keyword
description: Effective user ID.
- name: name
type: keyword
description: Effective user name.
- name: group
type: group
description: Effective group information.
fields:
- name: id
type: keyword
description: Effective group ID.
- name: name
type: keyword
description: Effective group name.

- name: filesystem
type: group
description: Filesystem user information.
Expand Down
2 changes: 1 addition & 1 deletion auditbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ const (
Name = "auditbeat"

// ecsVersion specifies the version of ECS that Auditbeat is implementing.
ecsVersion = "1.7.0"
ecsVersion = "1.8.0"
)

// RootCmd for running auditbeat.
Expand Down
Loading

0 comments on commit 5ca7510

Please sign in to comment.