-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Auditbeat] File Integrity ECS update #18012
[Auditbeat] File Integrity ECS update #18012
Conversation
Pinging @elastic/siem (Team:SIEM) |
WRT the huge diff--looks like running |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. Couple small suggestions.
@andrewstucki Can you run |
Ah, looks like that's what I was missing and why the huge diff :) didn't see the custom stuff in |
💔 Build FailedExpand to view the summary
Build stats
Test stats 🧪
Test errorsExpand to view the tests failures
--------------------- >> end captured stdout << ----------------------
Steps errorsExpand to view the steps failures
Log outputExpand to view the last 100 lines of log output
|
Chatted about the requested change offline, came to consensus and addressed
* Add extension, mime_type and drive_letter * run go mod vendor * Add ECS categorization fields * mage fmt * Update hash and NOTICE * Update test * Run mage vendor * Add changelog entry * Extract isASCIILetter * switch over to godoc style comment (cherry picked from commit 56ba9d0)
* Add extension, mime_type and drive_letter * run go mod vendor * Add ECS categorization fields * mage fmt * Update hash and NOTICE * Update test * Run mage vendor * Add changelog entry * Extract isASCIILetter * switch over to godoc style comment (cherry picked from commit 56ba9d0)
What does this PR do?
Updates ECS fields to be 1.5 (categorization) compatible. It also adds some basic mime-type detection for the given files and a couple of fields that we could have shipped previously.
So, added fields:
event.kind
event.category
event.type
file.mime_type
file.extension
file.drive_letter
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Related issues