Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Beats to ECS 1.8.0 #23465

Merged
merged 43 commits into from
Feb 16, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
c9d51a4
Update fields.ecs.yml from ECS 1.8-dev branch
adriansr Jan 12, 2021
1d6b885
make update
adriansr Jan 12, 2021
fc89c23
Update ecs dependency to 1.8 branch
adriansr Jan 14, 2021
58c1b12
Fix packetbeat's test after ECS update
adriansr Jan 14, 2021
e1670c8
fix linting of go.sum
adriansr Jan 15, 2021
394d596
Update NOTICE
adriansr Jan 29, 2021
795e788
Remove colliding fields in Auditbeat
adriansr Feb 1, 2021
376b26f
Remove colliding fields from filebeat
adriansr Feb 1, 2021
d8cfad6
Add os.type field from ECS 1.8 (#23513)
adriansr Feb 2, 2021
0522fec
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 2, 2021
cd4bcb2
[ECS] Winlogbeat ecs 1.8 changes (#23563)
marc-gr Feb 3, 2021
ee8edd0
[Journalbeat][ecs] Journalbeat ecs 1.8 (#23737)
marc-gr Feb 3, 2021
1685e84
Upgrade cisco modules to ecs 1.8 (#23819)
marc-gr Feb 3, 2021
0d45c3f
[ECS][Filebeat] Gsuite/Google Workspace ECS 1.8 (#23709)
marc-gr Feb 4, 2021
d837c3e
[ECS] Packetbeat ecs 1.8 (#23783)
marc-gr Feb 4, 2021
60ac401
Merge remote-tracking branch 'upstream/master' into feature-ecs-1.8
adriansr Feb 4, 2021
c51272d
Update Auditbeat auditd module to ECS 1.8 (#23594)
adriansr Feb 8, 2021
005266e
Move logic to ingest pipeline nad upgrade ECS to 1.8.0 (#23875)
marc-gr Feb 8, 2021
5e868f8
Update filebeat auditd module to ECS 1.8 (#23723)
adriansr Feb 8, 2021
40c47b9
Update Microsoft module to ECS 1.8 (#23897)
adriansr Feb 8, 2021
ac2de72
Update o365 module to ECS 1.8 (#23896)
adriansr Feb 8, 2021
3d31953
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 8, 2021
0f50842
Upgrade cef to ecs 1.8.0. (#23832)
marc-gr Feb 9, 2021
fa2980d
Upgrade fortinet/firewall to ECS 1.8 (#23902)
marc-gr Feb 9, 2021
8cb2be2
[ECS] Zeek upgrade to ecs 1.8.0 (#23847)
marc-gr Feb 9, 2021
696c30c
Update Filebeat azure module to ECS 1.8 (#23927)
adriansr Feb 9, 2021
c957e58
Update Filebeat aws/s3access dataset to ECS 1.8 (#23920)
adriansr Feb 9, 2021
80123fb
Upgrade panw module to ecs 1.8 (#23931)
marc-gr Feb 10, 2021
0b27310
Filebeat: Update aws/cloudtrail dataset to ECS 1.8 (#23911)
adriansr Feb 10, 2021
a68ad55
Upgrade juniper/srx to ecs 1.8.0 (#23936)
marc-gr Feb 11, 2021
52b7fd0
Update mysqlenterprise module to ECS 1.8 (#23978)
adriansr Feb 11, 2021
35b196b
Update sophos/xg to ECS 1.8 (#23967)
adriansr Feb 11, 2021
b050cd0
Upgrade to ecs 1.8 (#23961)
marc-gr Feb 11, 2021
632408c
Update all Beats to report ECS version 1.8.0 (#23992)
adriansr Feb 11, 2021
e8f8c87
Upgrade elasticsearch/audit to ECS 1.8 (#24000)
marc-gr Feb 11, 2021
ee269f0
[ecs] Upgrade okta to ecs 1.8.0 and move js processor to ingest pipel…
marc-gr Feb 12, 2021
c4b6fd2
Update zoom module to ECS 1.8 (#23904)
adriansr Feb 12, 2021
4c884ad
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 12, 2021
9b415d6
Missing changelog entry
adriansr Feb 12, 2021
65aa885
Fetch latest changes from ecs 1.8 branch
adriansr Feb 12, 2021
d67a7dd
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 15, 2021
7eb07ca
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 16, 2021
b94a9ad
Merge branch 'master' into feature-ecs-1.8
adriansr Feb 16, 2021
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
32 changes: 28 additions & 4 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -381,6 +381,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972]
- Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025]
- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709]
- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920]
- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904]

*Heartbeat*

Expand Down Expand Up @@ -604,6 +606,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629]
- Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678]
- Add deployment name in pod's meta. {pull}23610[23610]
- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513]
- Add `selector` information in kubernetes services' metadata. {pull}23730[23730]

*Auditbeat*
Expand All @@ -625,6 +628,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647]
- Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000]
- Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170]
- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513]
- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118]

*Filebeat*

Expand Down Expand Up @@ -835,6 +840,26 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724]
- Added string splitting for httpjson input {pull}24022[24022]
- Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771]
- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819]
- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709]
- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875]
- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118]
- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118]
- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896]
- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832]
- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902]
- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847]
- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927]
- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920]
- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931]
- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911]
- Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936]
- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978]
- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967]
- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961]
- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000]
- Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929]
- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118]

*Heartbeat*

Expand All @@ -843,6 +868,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d

*Journalbeat*

- Update Journalbeat to ECS 1.8. {pull}23737[23737]

*Metricbeat*

Expand Down Expand Up @@ -978,6 +1004,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Change build process for x-pack distribution {pull}21979[21979]
- Tuned the internal queue size to reduce the chances of events being dropped. {pull}22650[22650]
- Add support for "http.request.mime_type" and "http.response.mime_type". {pull}22940[22940]
- Upgrade to ECS 1.8.0. {pull}23783[23783]

*Functionbeat*

Expand All @@ -1004,6 +1031,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999]
- Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046]
- Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684]
- Add new ECS 1.8 improvements. {pull}23563[23563]

*Elastic Log Driver*

Expand Down Expand Up @@ -1038,7 +1066,3 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
==== Known Issue

*Journalbeat*




12 changes: 6 additions & 6 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5891,11 +5891,11 @@ This Agreement is governed by the laws of the State of New York and the intellec

--------------------------------------------------------------------------------
Dependency : github.com/elastic/ecs
Version: v1.6.0
Version: v1.0.0-beta2.0.20210202203518-638aa2bb5271
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.6.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.0.0-beta2.0.20210202203518-638aa2bb5271/LICENSE.txt:


Apache License
Expand Down Expand Up @@ -6547,11 +6547,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.1

--------------------------------------------------------------------------------
Dependency : github.com/elastic/go-libaudit/v2
Version: v2.1.0
Version: v2.2.0
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.1.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.2.0/LICENSE.txt:


Apache License
Expand Down Expand Up @@ -7665,11 +7665,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-structform@v

--------------------------------------------------------------------------------
Dependency : github.com/elastic/go-sysinfo
Version: v1.3.0
Version: v1.5.0
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.3.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.5.0/LICENSE.txt:


Apache License
Expand Down
21 changes: 0 additions & 21 deletions auditbeat/_meta/fields.common.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,27 +66,6 @@
type: keyword
description: Audit user name.

- name: effective
type: group
description: Effective user information.
fields:
- name: id
type: keyword
description: Effective user ID.
- name: name
type: keyword
description: Effective user name.
- name: group
type: group
description: Effective group information.
fields:
- name: id
type: keyword
description: Effective group ID.
- name: name
type: keyword
description: Effective group name.

- name: filesystem
type: group
description: Filesystem user information.
Expand Down
2 changes: 1 addition & 1 deletion auditbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ const (
Name = "auditbeat"

// ecsVersion specifies the version of ECS that Auditbeat is implementing.
ecsVersion = "1.7.0"
ecsVersion = "1.8.0"
)

// RootCmd for running auditbeat.
Expand Down
Loading