Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] File Integrity ECS update #18012

Merged
merged 12 commits into from
May 5, 2020
Merged

[Auditbeat] File Integrity ECS update #18012

merged 12 commits into from
May 5, 2020

Conversation

andrewstucki
Copy link

@andrewstucki andrewstucki commented Apr 27, 2020
edited
Loading

What does this PR do?

Updates ECS fields to be 1.5 (categorization) compatible. It also adds some basic mime-type detection for the given files and a couple of fields that we could have shipped previously.

So, added fields:

  • event.kind
  • event.category
  • event.type
  • file.mime_type
  • file.extension
  • file.drive_letter

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewstucki andrewstucki requested a review from a team as a code owner April 27, 2020 14:46
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 27, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@andrewstucki andrewstucki added Auditbeat enhancement and removed needs_team Indicates that the issue/PR needs a Team:* label labels Apr 27, 2020
@andrewstucki
Copy link
Author

WRT the huge diff--looks like running go mod vendor to pull in the added module pruned github.com/godror/godror and synced the vendor directory with the proper versions of github.com/tsg/go-daemon and github.com/yuin/gopher-lua

leehinman
leehinman previously requested changes Apr 27, 2020
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good. Couple small suggestions.

auditbeat/module/file_integrity/event.go Outdated Show resolved Hide resolved
auditbeat/module/file_integrity/event.go Show resolved Hide resolved
auditbeat/module/file_integrity/event_test.go Show resolved Hide resolved
@andrewkroh
Copy link
Member

@andrewstucki Can you run mage vendor on this and then make notice.

@andrewstucki
Copy link
Author

@andrewstucki Can you run mage vendor on this and then make notice.

Ah, looks like that's what I was missing and why the huge diff :) didn't see the custom stuff in gomod.go previously. Thanks for the tip!

@elasticmachine
Copy link
Collaborator

💔 Build Failed

Pipeline View Test View Changes Artifacts preview stats

Expand to view the summary

Build stats

Test stats 🧪

Test Results
Failed 12
Passed 7725
Skipped 1212
Total 8949

Test errors

Expand to view the tests failures

  • Name: Build and Test / Filebeat Mac OS X / test_file_disappear – test_crawler.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.329
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_file_disappear_appear – test_crawler.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.49
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_clean_removed_with_clean_inactive – test_registrar.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.096
    • Error Details:
      -------------------- >> begin captured stdout << ---------------------
      registry size: 2
      registry size after remove: 2

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat Mac OS X / test_registrar_files_with_input_level_processors – test_registrar.Test

    • Status: FAILED
    • Age: 1
    • Duration: 3.536
    • Error Details: Mismatched values: 'offset', expected: 60, actual: 48

  • Name: Build and Test / Filebeat Mac OS X / test_registrar_meta – test_registrar.Test

    • Status: FAILED
    • Age: 1
    • Duration: 1.818
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_rotating_file_with_restart – test_registrar.Test

    • Status: FAILED
    • Age: 1
    • Duration: 6.253
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_upgrade_from_6_3_0 – test_registrar_upgrade.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.183
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_upgrade_from_6_3_1 – test_registrar_upgrade.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.157
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_upgrade_from_faulty_6_3_1 – test_registrar_upgrade.Test

    • Status: FAILED
    • Age: 1
    • Duration: 2.565
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_upgrade_from_latest – test_registrar_upgrade.Test

    • Status: FAILED
    • Age: 1
    • Duration: 1.879
    • Error Details:

  • Name: Build and Test / Filebeat Mac OS X / test_upgrade_from_single_file_to_folder_hierarchy – test_registrar_upgrade.Test

    • Status: FAILED
    • Age: 1
    • Duration: 1.891
    • Error Details:

  • Name: Build and Test / Metricbeat OSS Integration tests / TestFetch – activity

    • Status: FAILED
    • Age: 1
    • Duration: 33.86
    • Error Details: Failed

Steps errors

Expand to view the steps failures

  • Name: Mage build unitTest

    • Description: mage build unitTest

    • Result: FAILURE

    • Duration: 19 min 51 sec<

    • Start Time: 2020-05-05T14:07:55.718+0000

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Result: FAILURE

    • Duration: 1 min 28 sec<

    • Start Time: 2020-05-05T14:28:26.249+0000

  • Name: Mage goIntegTest

    • Description: mage goIntegTest

    • Result: FAILURE

    • Duration: 32 min 54 sec<

    • Start Time: 2020-05-05T14:05:36.222+0000

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Result: FAILURE

    • Duration: 1 min 2 sec<

    • Start Time: 2020-05-05T14:55:50.165+0000

Log output

Expand to view the last 100 lines of log output 

[2020-05-05T15:03:14.737Z] + FILE=libbeat/build/coverage/full.cov
[2020-05-05T15:03:14.737Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-05-05T15:03:14.737Z] + FILE=metricbeat/build/coverage/full.cov
[2020-05-05T15:03:14.737Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-05-05T15:03:14.737Z] + FILE=packetbeat/build/coverage/full.cov
[2020-05-05T15:03:14.737Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-05-05T15:03:14.737Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-05-05T15:03:14.737Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-05-05T15:03:14.737Z] + FILE=journalbeat/build/coverage/full.cov
[2020-05-05T15:03:14.737Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-05-05T15:03:15.355Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats
[2020-05-05T15:03:15.698Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-05-05T15:03:15.718Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Lint
[2020-05-05T15:03:15.829Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-05-05T15:03:15.947Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-05-05T15:03:16.075Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Winlogbeat-oss
[2020-05-05T15:03:16.211Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Dockerlogbeat
[2020-05-05T15:03:16.298Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Journalbeat-oss
[2020-05-05T15:03:16.381Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-05-05T15:03:16.489Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-05-05T15:03:16.583Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-05-05T15:03:16.659Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-05-05T15:03:16.740Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-05-05T15:03:16.829Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-05-05T15:03:16.927Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Heartbeat-oss
[2020-05-05T15:03:17.001Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-05-05T15:03:17.184Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-05-05T15:03:17.265Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Auditbeat-Linux
[2020-05-05T15:03:17.343Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Libbeat-x-pack
[2020-05-05T15:03:17.438Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Packetbeat-oss
[2020-05-05T15:03:17.539Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Filebeat-Windows
[2020-05-05T15:03:17.616Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-05-05T15:03:17.694Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-05-05T15:03:17.763Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-05-05T15:03:17.834Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-Windows
[2020-05-05T15:03:17.907Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-05-05T15:03:17.975Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-05-05T15:03:18.045Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Filebeat-x-pack
[2020-05-05T15:03:18.116Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Auditbeat-Mac-OS-X
[2020-05-05T15:03:18.199Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-05-05T15:03:18.271Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Filebeat-oss
[2020-05-05T15:03:18.341Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Heartbeat-Windows
[2020-05-05T15:03:18.428Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Functionbeat-Windows
[2020-05-05T15:03:18.511Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-05-05T15:03:18.610Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-05-05T15:03:18.693Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Auditbeat-Windows
[2020-05-05T15:03:18.765Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Libbeat-oss
[2020-05-05T15:03:18.861Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Libbeat-crosscompile
[2020-05-05T15:03:18.958Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Generators-Metricbeat-Mac-OS-X
[2020-05-05T15:03:19.096Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Libbeat-stress-tests
[2020-05-05T15:03:19.206Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Generators-Beat-Mac-OS-X
[2020-05-05T15:03:19.335Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-05-05T15:03:19.730Z] + cat
[2020-05-05T15:03:19.731Z] + /usr/local/bin/runbld ./runbld-script
[2020-05-05T15:03:19.731Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-05-05T15:03:26.349Z] runbld>>> runbld started
[2020-05-05T15:03:26.350Z] runbld>>> 1.6.11/a66728ff8f4356963772e6e6d2069392fa06acbe
[2020-05-05T15:03:27.766Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-18012' in order of occurrence in the config (last value wins).
[2020-05-05T15:03:29.153Z] runbld>>> Debug logging enabled.
[2020-05-05T15:03:29.153Z] runbld>>> Storing result
[2020-05-05T15:03:29.153Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-05-05T15:03:29.153Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200505150328-3C9A7D50
[2020-05-05T15:03:29.153Z] runbld>>> Adding system facts.
[2020-05-05T15:03:30.099Z] runbld>>> Adding vcs info for the latest commit:  debec45b69a713324770c053a1fa82f04764a797
[2020-05-05T15:03:30.360Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-05-05T15:03:30.360Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-05-05T15:03:30.361Z] + echo 'Processing JUnit reports with runbld...'
[2020-05-05T15:03:30.361Z] Processing JUnit reports with runbld...
[2020-05-05T15:03:30.935Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-05-05T15:03:30.935Z] runbld>>> DURATION: 14ms
[2020-05-05T15:03:30.935Z] runbld>>> STDOUT: 40 bytes
[2020-05-05T15:03:30.935Z] runbld>>> STDERR: 49 bytes
[2020-05-05T15:03:30.935Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-05-05T15:03:30.935Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats
[2020-05-05T15:03:32.322Z] runbld>>> Storing build metadata: 
[2020-05-05T15:03:32.322Z] runbld>>> Adding test report.
[2020-05-05T15:03:32.322Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats
[2020-05-05T15:03:33.273Z] runbld>>> Found 102 test output files
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-05-05T15:03:33.848Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-cloudfoundry.xml
[2020-05-05T15:03:34.425Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-05-05T15:03:34.694Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-05-05T15:03:34.955Z] runbld>>> Test output logs contained: Errors: 0 Failures: 12 Tests: 8799 Skipped: 1008
[2020-05-05T15:03:35.217Z] runbld>>> Storing result
[2020-05-05T15:03:35.217Z] runbld>>> FAILURES: 12
[2020-05-05T15:03:37.765Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-05-05T15:03:37.765Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200505150328-3C9A7D50
[2020-05-05T15:03:37.765Z] runbld>>> Email notification disabled by environment variable.
[2020-05-05T15:03:37.765Z] runbld>>> Slack notification disabled by environment variable.
[2020-05-05T15:03:43.334Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18012
[2020-05-05T15:03:43.465Z] [INFO] getVaultSecret: Getting secrets
[2020-05-05T15:03:43.541Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-05-05T15:03:44.200Z] + chmod 755 generate-build-data.sh
[2020-05-05T15:03:44.200Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18012/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18012/runs/9 FAILURE 5535151
[2020-05-05T15:03:44.751Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18012/runs/9/steps/?limit=10000 -o steps-info.json
[2020-05-05T15:03:45.662Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18012/runs/9/tests/?status=FAILED -o tests-errors.json

@andrewstucki andrewstucki dismissed leehinman’s stale review May 5, 2020 19:26

Chatted about the requested change offline, came to consensus and addressed

@andrewstucki andrewstucki merged commit 56ba9d0 into elastic:master May 5, 2020
@andrewstucki andrewstucki deleted the auditbeat-fim-update branch May 5, 2020 19:26
@andrewstucki andrewstucki mentioned this pull request May 5, 2020
Merged
4 tasks
andrewstucki pushed a commit to andrewstucki/beats that referenced this pull request May 5, 2020
[Auditbeat] File Integrity ECS update (elastic#18012)
50b424e 
* Add extension, mime_type and drive_letter

* run go mod vendor

* Add ECS categorization fields

* mage fmt

* Update hash and NOTICE

* Update test

* Run mage vendor

* Add changelog entry

* Extract isASCIILetter

* switch over to godoc style comment

(cherry picked from commit 56ba9d0)
andrewstucki pushed a commit that referenced this pull request May 5, 2020
[Auditbeat] File Integrity ECS update (#18012) (#18267)
f58b33c 
* Add extension, mime_type and drive_letter

* run go mod vendor

* Add ECS categorization fields

* mage fmt

* Update hash and NOTICE

* Update test

* Run mage vendor

* Add changelog entry

* Extract isASCIILetter

* switch over to godoc style comment

(cherry picked from commit 56ba9d0)
@andrewstucki andrewstucki mentioned this pull request Aug 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman left review comments

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
Auditbeat enhancement v7.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Auditbeat] Update OSS Audibeat FIM module to ECS 1.4
4 participants
@andrewstucki @elasticmachine @andrewkroh @leehinman