Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert the Filebeat auditd module to ECS #10192

Merged
merged 22 commits into from
Jan 30, 2019
Merged

Convert the Filebeat auditd module to ECS #10192

merged 22 commits into from
Jan 30, 2019

Commits on Jan 29, 2019

  1. First draft at migrating Filebeat's auditd module to ECS

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    1cd825c View commit details
    Browse the repository at this point in the history

  2. Add missing coercions for process ids

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    269dc62 View commit details
    Browse the repository at this point in the history

  3. Add log file with more exciting content

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    8f4d3fb View commit details
    Browse the repository at this point in the history

  4. Update the user structure to represent what was discussed with @cwurm: 

    Caveat: defining temp field `user.group_` to avoid mapping error vs `user.group` which right now is a keyword field.
    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    a1c57a1 View commit details
    Browse the repository at this point in the history

  5. Turn fields that were defined into aliases... 

    Not all fields are defined. Tsk tsk tsk!
    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    8941175 View commit details
    Browse the repository at this point in the history

  6. Add a bunch of fields that weren't defined, but are being migrated. 

    Adding as aliases, of course.
    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    395b076 View commit details
    Browse the repository at this point in the history

  7. Add missing migration: true to the fields.yml

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    ce10c80 View commit details
    Browse the repository at this point in the history

  8. Get rid of the user.group_ workaround.

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    1f981f9 View commit details
    Browse the repository at this point in the history

  9. Arch goes to host.architecture, not host.os.architecture.

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    6770379 View commit details
    Browse the repository at this point in the history

  10. Document the field migrations in ecs-migration

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    d638458 View commit details
    Browse the repository at this point in the history

  11. Changelog

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    c33fd94 View commit details
    Browse the repository at this point in the history

  12. Define the fields representing the various permissions considered for… 

    … an action in Linux
    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    c233180 View commit details
    Browse the repository at this point in the history

  13. tty and terminal are mapped to user.terminal instead of process.terminal

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    4917ea2 View commit details
    Browse the repository at this point in the history

  14. Add a few more interesting logs to the main test log

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    6482222 View commit details
    Browse the repository at this point in the history

  15. Dig up a few more fields to transition.

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    40963c2 View commit details
    Browse the repository at this point in the history

  16. Fix big mistake: module's main fields def must end with opening of th… 

    …e field group
    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    b45465a View commit details
    Browse the repository at this point in the history

  17. Update test files with all of tonight's changes

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    b5753d5 View commit details
    Browse the repository at this point in the history

  18. Update reference documentation vs the auditd/_meta/fields.yml fix

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    3c762dc View commit details
    Browse the repository at this point in the history

  19. Try getting the fields.yml right

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    adca8c8 View commit details
    Browse the repository at this point in the history

  20. Revert the tty => terminal mapping

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    3aa9189 View commit details
    Browse the repository at this point in the history

  21. Undo another dubious translation: the local/remote address details

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    b8e7a76 View commit details
    Browse the repository at this point in the history

  22. 2nd changelog for the improvements

    Mathieu Martin committed Jan 29, 2019
    Configuration menu
    Copy the full SHA
    3b9eaf6 View commit details
    Browse the repository at this point in the history