diff --git a/packages/1password/_dev/build/build.yml b/packages/1password/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/1password/_dev/build/build.yml +++ b/packages/1password/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index b50a7eb6dc8..13b8db26de5 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.6.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json index 58a81745ba2..fb6623ec394 100644 --- a/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json +++ b/packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-30T18:57:42.484Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reveal", @@ -76,7 +76,7 @@ { "@timestamp": "2021-08-30T19:10:00.123Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml index 44d9e7a97d0..505481fbd14 100644 --- a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/item_usages/sample_event.json b/packages/1password/data_stream/item_usages/sample_event.json index aee4d1ccdee..613e7e58a45 100644 --- a/packages/1password/data_stream/item_usages/sample_event.json +++ b/packages/1password/data_stream/item_usages/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json index aedb067a8d7..6e8c6f10bed 100644 --- a/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json +++ b/packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-11T14:28:03.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success", @@ -78,7 +78,7 @@ { "@timestamp": "2021-08-11T15:04:22.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "credentials_failed", diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml index 736569f15a9..bf0b03f4a30 100644 --- a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: ####################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down - set: field: event.created diff --git a/packages/1password/data_stream/signin_attempts/sample_event.json b/packages/1password/data_stream/signin_attempts/sample_event.json index ec1dadbdd78..fd26433090d 100644 --- a/packages/1password/data_stream/signin_attempts/sample_event.json +++ b/packages/1password/data_stream/signin_attempts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/docs/README.md b/packages/1password/docs/README.md index 8666140fa87..7427b398db9 100644 --- a/packages/1password/docs/README.md +++ b/packages/1password/docs/README.md @@ -91,7 +91,7 @@ An example event for `signin_attempts` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", @@ -233,7 +233,7 @@ An example event for `item_usages` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8652330e-4de6-4596-a16f-4463a6c56e9e", diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index 2c8be310255..5e00aefa6b5 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password" -version: 1.6.0 +version: "1.7.0" license: basic description: Collect logs from 1Password with Elastic Agent. type: integration diff --git a/packages/akamai/_dev/build/build.yml b/packages/akamai/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/akamai/_dev/build/build.yml +++ b/packages/akamai/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 63f8caba793..60e9c18d519 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.1.2" changes: - description: Remove duplicate fields. diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json index 877ad2b97b0..b8af9fa2f8d 100644 --- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json @@ -107,7 +107,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml index 22817fede0b..1081d7577d9 100644 --- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml +++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Akamai logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/akamai/data_stream/siem/sample_event.json b/packages/akamai/data_stream/siem/sample_event.json index 470e3d35885..10a0596ea69 100644 --- a/packages/akamai/data_stream/siem/sample_event.json +++ b/packages/akamai/data_stream/siem/sample_event.json @@ -107,7 +107,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8f529f3f-731a-445a-be12-a74c00235b26", diff --git a/packages/akamai/docs/README.md b/packages/akamai/docs/README.md index fc80fcad9ad..cae85c4c043 100644 --- a/packages/akamai/docs/README.md +++ b/packages/akamai/docs/README.md @@ -246,7 +246,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8f529f3f-731a-445a-be12-a74c00235b26", diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index a76497c0362..bd31534afbf 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: "2.1.2" +version: "2.2.0" release: ga description: Collect logs from Akamai with Elastic Agent. type: integration diff --git a/packages/atlassian_bitbucket/_dev/build/build.yml b/packages/atlassian_bitbucket/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/atlassian_bitbucket/_dev/build/build.yml +++ b/packages/atlassian_bitbucket/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index f5f7384cfb2..63fd96a7472 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index fbab2cc55b6..675381ccf3c 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -523,7 +523,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -688,7 +688,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -892,7 +892,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1016,7 +1016,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1202,7 +1202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1264,7 +1264,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1326,7 +1326,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1401,7 +1401,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1470,7 +1470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1539,7 +1539,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1608,7 +1608,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", @@ -1728,7 +1728,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", @@ -1874,7 +1874,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -2097,7 +2097,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.license.audit.action.licensechanged", @@ -2164,7 +2164,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.baseurlchanged", @@ -2230,7 +2230,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2283,7 +2283,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2336,7 +2336,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2389,7 +2389,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2442,7 +2442,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2495,7 +2495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2548,7 +2548,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2601,7 +2601,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2654,7 +2654,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2707,7 +2707,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2866,7 +2866,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -2972,7 +2972,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3025,7 +3025,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3131,7 +3131,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3184,7 +3184,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3237,7 +3237,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3290,7 +3290,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3343,7 +3343,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3449,7 +3449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3502,7 +3502,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3714,7 +3714,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3767,7 +3767,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3820,7 +3820,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3873,7 +3873,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3926,7 +3926,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -3979,7 +3979,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4032,7 +4032,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4085,7 +4085,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4191,7 +4191,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4244,7 +4244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4297,7 +4297,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4350,7 +4350,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4403,7 +4403,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4456,7 +4456,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4509,7 +4509,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4562,7 +4562,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4615,7 +4615,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4668,7 +4668,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4721,7 +4721,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4774,7 +4774,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4827,7 +4827,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4880,7 +4880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4933,7 +4933,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -4986,7 +4986,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5039,7 +5039,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5092,7 +5092,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5145,7 +5145,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5198,7 +5198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5251,7 +5251,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5304,7 +5304,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5357,7 +5357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5410,7 +5410,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5463,7 +5463,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5516,7 +5516,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5569,7 +5569,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5622,7 +5622,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5675,7 +5675,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5728,7 +5728,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5781,7 +5781,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5834,7 +5834,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5887,7 +5887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5940,7 +5940,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -5993,7 +5993,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6046,7 +6046,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6099,7 +6099,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6152,7 +6152,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6205,7 +6205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6258,7 +6258,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6311,7 +6311,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6364,7 +6364,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6417,7 +6417,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6470,7 +6470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6523,7 +6523,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6576,7 +6576,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6629,7 +6629,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6682,7 +6682,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6735,7 +6735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6788,7 +6788,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6841,7 +6841,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6894,7 +6894,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -6947,7 +6947,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7000,7 +7000,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7053,7 +7053,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7106,7 +7106,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7159,7 +7159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7212,7 +7212,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7265,7 +7265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7318,7 +7318,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7371,7 +7371,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7424,7 +7424,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7477,7 +7477,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7530,7 +7530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7583,7 +7583,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7636,7 +7636,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7689,7 +7689,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7742,7 +7742,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7795,7 +7795,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7848,7 +7848,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7901,7 +7901,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -7954,7 +7954,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8007,7 +8007,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8060,7 +8060,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8113,7 +8113,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8166,7 +8166,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8219,7 +8219,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8272,7 +8272,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8325,7 +8325,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8378,7 +8378,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8431,7 +8431,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8484,7 +8484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8537,7 +8537,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8590,7 +8590,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8643,7 +8643,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8696,7 +8696,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8749,7 +8749,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8802,7 +8802,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8855,7 +8855,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8908,7 +8908,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -8961,7 +8961,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9014,7 +9014,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9067,7 +9067,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9120,7 +9120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9173,7 +9173,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9226,7 +9226,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9279,7 +9279,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9332,7 +9332,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9385,7 +9385,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9438,7 +9438,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9491,7 +9491,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9544,7 +9544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9597,7 +9597,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9650,7 +9650,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9703,7 +9703,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9756,7 +9756,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.plugin.audit.action.pluginenabled", @@ -9810,7 +9810,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.displaynamechanged", @@ -9860,7 +9860,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -9917,7 +9917,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.directorycreated", diff --git a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 4dcc1454b3b..3571761e005 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_bitbucket/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongrantrequested", @@ -208,7 +208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.globalpermissiongranted", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.applicationconfiguration.audit.action.applicationsetup", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.search.audit.action.elasticsearchconfigurationchange", @@ -403,7 +403,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -545,7 +545,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -674,7 +674,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -866,7 +866,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -930,7 +930,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -994,7 +994,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1058,7 +1058,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1269,7 +1269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -1333,7 +1333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercreated", @@ -1423,7 +1423,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupcreated", @@ -1591,7 +1591,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipscreated.user", @@ -1685,7 +1685,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupmembershipdeleted", @@ -1764,7 +1764,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.groupdeleted", @@ -1838,7 +1838,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.userrenamed", @@ -2005,7 +2005,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.userdeleted", @@ -2077,7 +2077,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2154,7 +2154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -2233,7 +2233,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -2304,7 +2304,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -2393,7 +2393,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.personal", @@ -2481,7 +2481,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", @@ -2569,7 +2569,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.personal", @@ -2659,7 +2659,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.personal", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -2854,7 +2854,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.web.audit.action.logoutsuccess", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -2994,7 +2994,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3062,7 +3062,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -3203,7 +3203,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.usercredentialupdated", @@ -3298,7 +3298,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", @@ -3398,7 +3398,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.created", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.plugins.gpg.audit.action.gpgevent.deleted", @@ -3588,7 +3588,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationfailure", @@ -3729,7 +3729,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -3806,7 +3806,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -3856,7 +3856,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.scm.git.lfs.audit.action.gitlfsfeatureenabled", @@ -3920,7 +3920,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", @@ -3999,7 +3999,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -4164,7 +4164,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", @@ -4233,7 +4233,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreationrequested", @@ -4307,7 +4307,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorycreated", @@ -4376,7 +4376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4450,7 +4450,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4524,7 +4524,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4603,7 +4603,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", @@ -4682,7 +4682,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", @@ -4756,7 +4756,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -4845,7 +4845,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", @@ -4936,7 +4936,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", @@ -5027,7 +5027,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeycreated", @@ -5132,7 +5132,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeygranted.repository", @@ -5222,7 +5222,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongrantrequested", @@ -5313,7 +5313,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissiongranted", @@ -5404,7 +5404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokencreated.repository", @@ -5494,7 +5494,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokenmodified.repository", @@ -5584,7 +5584,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.access.tokens.audit.action.accesstokendeleted.repository", @@ -5674,7 +5674,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevocationrequested", @@ -5765,7 +5765,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.repositorypermissionrevoked", @@ -5856,7 +5856,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshkeydeleted", @@ -5961,7 +5961,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.ssh.audit.action.sshaccesskeyrevoked.repository", @@ -6036,7 +6036,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6103,7 +6103,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -6180,7 +6180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6244,7 +6244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreationrequested", @@ -6323,7 +6323,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.projectpermissiongranted", @@ -6394,7 +6394,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectcreated", @@ -6488,7 +6488,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.branch.audit.action.projectbranchmodelconfigurationcreated", @@ -6557,7 +6557,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6644,7 +6644,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodificationrequested", @@ -6731,7 +6731,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorymodified", @@ -6805,7 +6805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositoryaccessed", @@ -6872,7 +6872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -6949,7 +6949,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7018,7 +7018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeletionrequested", @@ -7092,7 +7092,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.repository.audit.action.repositorydeleted", @@ -7159,7 +7159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7236,7 +7236,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7300,7 +7300,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectdeletionrequested", @@ -7369,7 +7369,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectdeleted", @@ -7436,7 +7436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7513,7 +7513,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -7577,7 +7577,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectmodificationrequested", @@ -7664,7 +7664,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.project.audit.action.projectmodified", @@ -7731,7 +7731,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bitbucket.service.user.audit.action.authenticationsuccess", @@ -7808,7 +7808,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 51d7d62738f..5fffa15d22e 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sample logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json index 26cbb75ae7e..a3dba7b2b9e 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json +++ b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/docs/README.md b/packages/atlassian_bitbucket/docs/README.md index 429e905e18a..ca874bdd7c2 100644 --- a/packages/atlassian_bitbucket/docs/README.md +++ b/packages/atlassian_bitbucket/docs/README.md @@ -149,7 +149,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml index b1488caa382..5946bf5e85c 100644 --- a/packages/atlassian_bitbucket/manifest.yml +++ b/packages/atlassian_bitbucket/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_bitbucket title: Atlassian Bitbucket -version: "1.4.1" +version: "1.5.0" license: basic description: Collect logs from Atlassian Bitbucket with Elastic Agent. type: integration diff --git a/packages/atlassian_confluence/_dev/build/build.yml b/packages/atlassian_confluence/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/atlassian_confluence/_dev/build/build.yml +++ b/packages/atlassian_confluence/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index 77e39bcd36d..54c8b719d87 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index caeb69ea1f8..12c3d1ef0e0 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -199,7 +199,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -363,7 +363,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -609,7 +609,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -691,7 +691,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -783,7 +783,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -981,7 +981,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1172,7 +1172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1370,7 +1370,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1462,7 +1462,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1561,7 +1561,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1660,7 +1660,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1851,7 +1851,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1950,7 +1950,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2049,7 +2049,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2148,7 +2148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2438,7 +2438,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2537,7 +2537,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2629,7 +2629,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2728,7 +2728,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2827,7 +2827,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2926,7 +2926,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3018,7 +3018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3117,7 +3117,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3216,7 +3216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3407,7 +3407,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3506,7 +3506,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3605,7 +3605,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3796,7 +3796,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3994,7 +3994,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4093,7 +4093,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4192,7 +4192,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4291,7 +4291,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4383,7 +4383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4482,7 +4482,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4581,7 +4581,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4680,7 +4680,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4772,7 +4772,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4871,7 +4871,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4970,7 +4970,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5161,7 +5161,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5260,7 +5260,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5359,7 +5359,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5458,7 +5458,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5550,7 +5550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5649,7 +5649,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5748,7 +5748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5941,7 +5941,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6028,7 +6028,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6115,7 +6115,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6289,7 +6289,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6376,7 +6376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6463,7 +6463,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6543,7 +6543,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6630,7 +6630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6717,7 +6717,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6891,7 +6891,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -6978,7 +6978,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7058,7 +7058,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7145,7 +7145,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7232,7 +7232,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7319,7 +7319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7399,7 +7399,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7486,7 +7486,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7573,7 +7573,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7660,7 +7660,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7740,7 +7740,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7827,7 +7827,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -7914,7 +7914,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8001,7 +8001,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8081,7 +8081,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8168,7 +8168,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8255,7 +8255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8342,7 +8342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8422,7 +8422,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8509,7 +8509,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8596,7 +8596,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8683,7 +8683,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8763,7 +8763,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8850,7 +8850,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -8937,7 +8937,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9024,7 +9024,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9104,7 +9104,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9184,7 +9184,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9271,7 +9271,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9358,7 +9358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9445,7 +9445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9612,7 +9612,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9699,7 +9699,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9786,7 +9786,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9873,7 +9873,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -9960,7 +9960,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10040,7 +10040,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10127,7 +10127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10214,7 +10214,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10301,7 +10301,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10381,7 +10381,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", @@ -10481,7 +10481,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.config.updated", @@ -10555,7 +10555,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -10638,7 +10638,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10721,7 +10721,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10804,7 +10804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10887,7 +10887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -10970,7 +10970,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -11038,7 +11038,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -11113,7 +11113,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11208,7 +11208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11296,7 +11296,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11391,7 +11391,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11486,7 +11486,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11574,7 +11574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11669,7 +11669,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11764,7 +11764,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11852,7 +11852,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -11947,7 +11947,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12042,7 +12042,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12130,7 +12130,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12225,7 +12225,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12320,7 +12320,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12408,7 +12408,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12686,7 +12686,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12781,7 +12781,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12876,7 +12876,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -12964,7 +12964,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13059,7 +13059,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13154,7 +13154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13242,7 +13242,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13337,7 +13337,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13432,7 +13432,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13527,7 +13527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13615,7 +13615,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13710,7 +13710,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13805,7 +13805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13893,7 +13893,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -13988,7 +13988,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14083,7 +14083,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14171,7 +14171,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14266,7 +14266,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14361,7 +14361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14449,7 +14449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14544,7 +14544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14639,7 +14639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -14717,7 +14717,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14805,7 +14805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -14909,7 +14909,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -15006,7 +15006,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15090,7 +15090,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15174,7 +15174,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15258,7 +15258,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15342,7 +15342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15426,7 +15426,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15510,7 +15510,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15594,7 +15594,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -15666,7 +15666,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15741,7 +15741,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -15906,7 +15906,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -15971,7 +15971,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -16034,7 +16034,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16097,7 +16097,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -16170,7 +16170,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.renamed", @@ -16241,7 +16241,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.updated", @@ -16318,7 +16318,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.updated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 73bb18aa515..50199d233aa 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space logo uploaded", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space logo uploaded", @@ -128,7 +128,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space logo uploaded", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space configuration updated", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space created", @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space configuration updated", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space created", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -579,7 +579,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -820,7 +820,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -887,7 +887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -961,7 +961,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Group created", @@ -1247,7 +1247,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1395,7 +1395,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1465,7 +1465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Group created", @@ -1533,7 +1533,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1607,7 +1607,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1681,7 +1681,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1755,7 +1755,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1825,7 +1825,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Group created", @@ -1911,7 +1911,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space configuration updated", @@ -1988,7 +1988,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Space created", @@ -2047,7 +2047,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -2121,7 +2121,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -2208,7 +2208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -2354,7 +2354,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User details updated", @@ -2411,7 +2411,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User deactivated", @@ -2477,7 +2477,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Page archived", @@ -2540,7 +2540,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User details updated", @@ -2597,7 +2597,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User deactivated", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index f0aa7f53283..8a6d0f9a9e4 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -22,7 +22,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.plugin.enabled", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.import", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.directory.added", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.created", @@ -540,7 +540,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -710,7 +710,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -795,7 +795,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -965,7 +965,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1050,7 +1050,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1135,7 +1135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.permission.added", @@ -1230,7 +1230,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1409,7 +1409,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -1514,7 +1514,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1609,7 +1609,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1698,7 +1698,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1793,7 +1793,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1888,7 +1888,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -1977,7 +1977,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2072,7 +2072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2256,7 +2256,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2446,7 +2446,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2535,7 +2535,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2725,7 +2725,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -2909,7 +2909,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3099,7 +3099,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3188,7 +3188,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3283,7 +3283,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3378,7 +3378,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3467,7 +3467,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3562,7 +3562,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3657,7 +3657,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3746,7 +3746,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3841,7 +3841,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4025,7 +4025,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4120,7 +4120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4304,7 +4304,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4399,7 +4399,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4494,7 +4494,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4583,7 +4583,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4773,7 +4773,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4862,7 +4862,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -4957,7 +4957,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5052,7 +5052,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.space.permission.added", @@ -5125,7 +5125,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.config.updated", @@ -5192,7 +5192,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5273,7 +5273,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -5345,7 +5345,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.global.settings.edited", @@ -5439,7 +5439,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.user.created", @@ -5530,7 +5530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit.logging.summary.group.membership.added", @@ -5715,7 +5715,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7bee77628cb..7dc77265872 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Confluence audit logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_confluence/data_stream/audit/sample_event.json b/packages/atlassian_confluence/data_stream/audit/sample_event.json index bac79773838..5cc2db2a69e 100644 --- a/packages/atlassian_confluence/data_stream/audit/sample_event.json +++ b/packages/atlassian_confluence/data_stream/audit/sample_event.json @@ -45,7 +45,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index dff2e5de8c6..dd562cea266 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -168,7 +168,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index a51a23f6120..98bc55834db 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: "1.5.2" +version: "1.6.0" license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration diff --git a/packages/atlassian_jira/_dev/build/build.yml b/packages/atlassian_jira/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/atlassian_jira/_dev/build/build.yml +++ b/packages/atlassian_jira/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index 6b4a9112aed..7fdc8acf841 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index fa88787134d..a83c9321c81 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:34:47.536Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -84,7 +84,7 @@ { "@timestamp": "2021-11-22T00:34:40.008Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -165,7 +165,7 @@ { "@timestamp": "2021-11-22T00:34:23.154Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", @@ -234,7 +234,7 @@ { "@timestamp": "2021-11-22T00:32:20.234Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -303,7 +303,7 @@ { "@timestamp": "2021-11-22T00:31:52.991Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -372,7 +372,7 @@ { "@timestamp": "2021-11-22T00:31:37.412Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -441,7 +441,7 @@ { "@timestamp": "2021-11-22T00:31:26.455Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -510,7 +510,7 @@ { "@timestamp": "2021-11-22T00:30:59.449Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -579,7 +579,7 @@ { "@timestamp": "2021-11-22T00:26:03.206Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -648,7 +648,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -717,7 +717,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -786,7 +786,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -860,7 +860,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.released", @@ -922,7 +922,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -996,7 +996,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -1064,7 +1064,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.project.created", @@ -1157,7 +1157,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -1219,7 +1219,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -1287,7 +1287,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1355,7 +1355,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1423,7 +1423,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1491,7 +1491,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1559,7 +1559,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1627,7 +1627,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1695,7 +1695,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1768,7 +1768,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1836,7 +1836,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1909,7 +1909,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1977,7 +1977,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2045,7 +2045,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2118,7 +2118,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2186,7 +2186,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2259,7 +2259,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2327,7 +2327,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2400,7 +2400,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2473,7 +2473,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2541,7 +2541,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2682,7 +2682,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2750,7 +2750,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2823,7 +2823,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2891,7 +2891,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2959,7 +2959,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3027,7 +3027,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3095,7 +3095,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3163,7 +3163,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3236,7 +3236,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3304,7 +3304,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3372,7 +3372,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3440,7 +3440,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3508,7 +3508,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3644,7 +3644,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3712,7 +3712,7 @@ { "@timestamp": "2021-11-22T00:08:34.072Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Board created", @@ -3774,7 +3774,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.filter.created", @@ -3869,7 +3869,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -3931,7 +3931,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -3999,7 +3999,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -4077,7 +4077,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4140,7 +4140,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4203,7 +4203,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4329,7 +4329,7 @@ { "@timestamp": "2021-11-22T00:07:09.088Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4402,7 +4402,7 @@ { "@timestamp": "2021-11-22T00:07:09.037Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4462,7 +4462,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4535,7 +4535,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4608,7 +4608,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4681,7 +4681,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4754,7 +4754,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4827,7 +4827,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4900,7 +4900,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4960,7 +4960,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5016,7 +5016,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5072,7 +5072,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5140,7 +5140,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5213,7 +5213,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5286,7 +5286,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5342,7 +5342,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5478,7 +5478,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5551,7 +5551,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5624,7 +5624,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5697,7 +5697,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -5772,7 +5772,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5845,7 +5845,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5918,7 +5918,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5991,7 +5991,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6064,7 +6064,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -6139,7 +6139,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.created", @@ -6233,7 +6233,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -6325,7 +6325,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6398,7 +6398,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6471,7 +6471,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6544,7 +6544,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6617,7 +6617,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.group.created", @@ -6681,7 +6681,7 @@ { "@timestamp": "2021-11-28T18:18:26.076Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.renamed", @@ -6752,7 +6752,7 @@ { "@timestamp": "2021-11-28T18:23:20.278Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.updated", @@ -6830,7 +6830,7 @@ { "@timestamp": "2021-11-28T18:23:13.741Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.updated", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 80accd7810f..2c3a30051d9 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-24T08:48:05.645Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project deleted", @@ -34,7 +34,7 @@ { "@timestamp": "2022-01-24T08:48:05.316Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme deleted", @@ -65,7 +65,7 @@ { "@timestamp": "2022-01-24T08:48:05.097Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -108,7 +108,7 @@ { "@timestamp": "2022-01-24T08:48:04.939Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -151,7 +151,7 @@ { "@timestamp": "2022-01-24T08:48:04.716Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -194,7 +194,7 @@ { "@timestamp": "2022-01-24T08:48:04.530Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -237,7 +237,7 @@ { "@timestamp": "2022-01-24T08:48:04.167Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -280,7 +280,7 @@ { "@timestamp": "2022-01-24T08:48:04.020Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow scheme deleted", @@ -311,7 +311,7 @@ { "@timestamp": "2022-01-24T08:48:03.965Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow deleted", @@ -342,7 +342,7 @@ { "@timestamp": "2022-01-24T08:48:03.371Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Notification scheme deleted", @@ -373,7 +373,7 @@ { "@timestamp": "2022-01-24T08:48:03.355Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project role deleted", @@ -404,7 +404,7 @@ { "@timestamp": "2022-01-24T08:48:03.339Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project role deleted", @@ -435,7 +435,7 @@ { "@timestamp": "2022-01-24T08:48:03.322Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project role deleted", @@ -466,7 +466,7 @@ { "@timestamp": "2022-01-24T08:48:03.305Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project role deleted", @@ -497,7 +497,7 @@ { "@timestamp": "2022-01-24T08:48:03.259Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Issue Security scheme deleted", @@ -528,7 +528,7 @@ { "@timestamp": "2022-01-24T08:48:03.223Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Permission scheme deleted", @@ -559,7 +559,7 @@ { "@timestamp": "2022-01-18T08:43:02.838Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -618,7 +618,7 @@ { "@timestamp": "2022-01-18T08:43:02.768Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -677,7 +677,7 @@ { "@timestamp": "2022-01-18T08:43:02.602Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ { "@timestamp": "2022-01-14T16:37:07.126Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -793,7 +793,7 @@ { "@timestamp": "2022-01-14T16:37:07.019Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -850,7 +850,7 @@ { "@timestamp": "2022-01-10T12:44:41.065Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User's password changed", @@ -904,7 +904,7 @@ { "@timestamp": "2022-01-06T09:49:07.418Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -947,7 +947,7 @@ { "@timestamp": "2022-01-05T07:23:49.369Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -981,7 +981,7 @@ { "@timestamp": "2022-01-05T07:23:49.162Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -1024,7 +1024,7 @@ { "@timestamp": "2021-12-13T14:10:35.436Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -1067,7 +1067,7 @@ { "@timestamp": "2021-12-10T11:57:29.971Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User's password changed", @@ -1121,7 +1121,7 @@ { "@timestamp": "2021-12-10T11:53:37.982Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-12-10T11:52:39.940Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Customer invited notification changed", @@ -1261,7 +1261,7 @@ { "@timestamp": "2021-12-07T17:15:05.069Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User created", @@ -1338,7 +1338,7 @@ { "@timestamp": "2021-12-07T17:03:54.188Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Customer permissions changed", @@ -1401,7 +1401,7 @@ { "@timestamp": "2021-12-07T16:56:48.122Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Request type deleted", @@ -1483,7 +1483,7 @@ { "@timestamp": "2021-12-07T16:56:24.940Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Request type deleted", @@ -1565,7 +1565,7 @@ { "@timestamp": "2021-12-07T16:56:07.861Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Request type deleted", @@ -1647,7 +1647,7 @@ { "@timestamp": "2021-12-07T16:54:03.906Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Request type deleted", @@ -1729,7 +1729,7 @@ { "@timestamp": "2021-12-07T16:46:02.950Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1788,7 +1788,7 @@ { "@timestamp": "2021-12-07T16:46:02.944Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1847,7 +1847,7 @@ { "@timestamp": "2021-12-07T16:46:02.939Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1906,7 +1906,7 @@ { "@timestamp": "2021-12-07T16:46:02.932Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User added to group", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-12-07T16:45:24.007Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Group created", @@ -2006,7 +2006,7 @@ { "@timestamp": "2021-12-07T16:29:41.490Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project created", @@ -2099,7 +2099,7 @@ { "@timestamp": "2021-12-07T16:29:38.789Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Custom email channel turned on", @@ -2165,7 +2165,7 @@ { "@timestamp": "2021-12-07T16:29:38.773Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud Email settings created", @@ -2221,7 +2221,7 @@ { "@timestamp": "2021-12-07T16:29:38.426Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud email channel turned on", @@ -2287,7 +2287,7 @@ { "@timestamp": "2021-12-07T16:29:36.956Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2376,7 +2376,7 @@ { "@timestamp": "2021-12-07T16:29:36.930Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2465,7 +2465,7 @@ { "@timestamp": "2021-12-07T16:29:36.903Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2554,7 +2554,7 @@ { "@timestamp": "2021-12-07T16:29:36.877Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2643,7 +2643,7 @@ { "@timestamp": "2021-12-07T16:29:36.849Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-12-07T16:29:36.823Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2821,7 +2821,7 @@ { "@timestamp": "2021-12-07T16:29:36.797Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2910,7 +2910,7 @@ { "@timestamp": "2021-12-07T16:29:36.770Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -2999,7 +2999,7 @@ { "@timestamp": "2021-12-07T16:29:36.743Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-12-07T16:29:36.717Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3177,7 +3177,7 @@ { "@timestamp": "2021-12-07T16:29:36.691Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3266,7 +3266,7 @@ { "@timestamp": "2021-12-07T16:29:36.664Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3355,7 +3355,7 @@ { "@timestamp": "2021-12-07T16:29:36.637Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3444,7 +3444,7 @@ { "@timestamp": "2021-12-07T16:29:36.609Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3533,7 +3533,7 @@ { "@timestamp": "2021-12-07T16:29:36.561Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3622,7 +3622,7 @@ { "@timestamp": "2021-12-07T16:29:36.529Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Project component created", @@ -3711,7 +3711,7 @@ { "@timestamp": "2021-12-07T16:29:36.499Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow scheme added to project", @@ -3771,7 +3771,7 @@ { "@timestamp": "2021-12-07T16:29:36.468Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -3833,7 +3833,7 @@ { "@timestamp": "2021-12-07T16:29:36.448Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -3888,7 +3888,7 @@ { "@timestamp": "2021-12-07T16:29:36.421Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow created", @@ -3954,7 +3954,7 @@ { "@timestamp": "2021-12-07T16:29:36.329Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -4016,7 +4016,7 @@ { "@timestamp": "2021-12-07T16:29:36.310Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -4071,7 +4071,7 @@ { "@timestamp": "2021-12-07T16:29:36.283Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow created", @@ -4137,7 +4137,7 @@ { "@timestamp": "2021-12-07T16:29:36.186Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow updated", @@ -4199,7 +4199,7 @@ { "@timestamp": "2021-11-18T10:58:11.410Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-18T10:58:11.132Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4333,7 +4333,7 @@ { "@timestamp": "2021-11-18T10:58:10.771Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow scheme added to project", @@ -4393,7 +4393,7 @@ { "@timestamp": "2021-11-18T10:58:10.754Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow scheme created", @@ -4459,7 +4459,7 @@ { "@timestamp": "2021-11-18T10:58:10.744Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Workflow created", @@ -4521,7 +4521,7 @@ { "@timestamp": "2021-11-18T10:58:10.473Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4588,7 +4588,7 @@ { "@timestamp": "2021-11-18T10:58:10.265Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4657,7 +4657,7 @@ { "@timestamp": "2021-11-18T10:58:10.174Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme added to project", @@ -4717,7 +4717,7 @@ { "@timestamp": "2021-11-18T10:58:10.146Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Field Configuration scheme created", @@ -4784,7 +4784,7 @@ { "@timestamp": "2021-11-18T10:58:10.114Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Issue Security scheme added to project", @@ -4844,7 +4844,7 @@ { "@timestamp": "2021-11-18T10:58:10.062Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Permission scheme added to project", @@ -4904,7 +4904,7 @@ { "@timestamp": "2021-11-17T16:00:37.374Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User updated", @@ -4951,7 +4951,7 @@ { "@timestamp": "2021-11-16T09:25:56.725Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "User updated", @@ -4998,7 +4998,7 @@ { "@timestamp": "2021-11-16T08:48:05.867Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Custom field created", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 3ac7964fbae..04edd8f9c02 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.group.created", @@ -68,7 +68,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -143,7 +143,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -218,7 +218,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -293,7 +293,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -368,7 +368,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -462,7 +462,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.created", @@ -557,7 +557,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -632,7 +632,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -707,7 +707,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -782,7 +782,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -932,7 +932,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -1007,7 +1007,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1081,7 +1081,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1155,7 +1155,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1229,7 +1229,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1298,7 +1298,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1367,7 +1367,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1424,7 +1424,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1498,7 +1498,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1572,7 +1572,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1641,7 +1641,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1698,7 +1698,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1755,7 +1755,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -1817,7 +1817,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1891,7 +1891,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2039,7 +2039,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2113,7 +2113,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2187,7 +2187,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2261,7 +2261,7 @@ { "@timestamp": "2021-11-22T00:07:09.370Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -2323,7 +2323,7 @@ { "@timestamp": "2021-11-22T00:07:09.880Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2397,7 +2397,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2461,7 +2461,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2525,7 +2525,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2589,7 +2589,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2653,7 +2653,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -2801,7 +2801,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -2863,7 +2863,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.filter.created", @@ -2957,7 +2957,7 @@ { "@timestamp": "2021-11-22T00:08:34.720Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Board created", @@ -3019,7 +3019,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3157,7 +3157,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3226,7 +3226,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3295,7 +3295,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3364,7 +3364,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3433,7 +3433,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3502,7 +3502,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3645,7 +3645,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3714,7 +3714,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3783,7 +3783,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3852,7 +3852,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3921,7 +3921,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3995,7 +3995,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4064,7 +4064,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4133,7 +4133,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4207,7 +4207,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4276,7 +4276,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4350,7 +4350,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4424,7 +4424,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4493,7 +4493,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4567,7 +4567,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4636,7 +4636,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4710,7 +4710,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4779,7 +4779,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4848,7 +4848,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4922,7 +4922,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4991,7 +4991,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5065,7 +5065,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5134,7 +5134,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5203,7 +5203,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5272,7 +5272,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5341,7 +5341,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5479,7 +5479,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -5559,7 +5559,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -5621,7 +5621,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.project.created", @@ -5714,7 +5714,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -5783,7 +5783,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -5857,7 +5857,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.released", @@ -5931,7 +5931,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -6005,7 +6005,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.version.created", @@ -6074,7 +6074,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6145,7 +6145,7 @@ { "@timestamp": "2021-11-26T19:35:10.718Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.login.failed", @@ -6220,7 +6220,7 @@ { "@timestamp": "2021-11-26T19:33:29.363Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "jira.auditing.user.logged.in", diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 54da2946dcc..e21ee95cc42 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Atlassian Jira audit logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/sample_event.json b/packages/atlassian_jira/data_stream/audit/sample_event.json index a05ea51773c..edc5267ae29 100644 --- a/packages/atlassian_jira/data_stream/audit/sample_event.json +++ b/packages/atlassian_jira/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 5ff565fc706..e47aa013009 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -135,7 +135,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7", diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index 3d14cb7be9c..7a5b00c6d97 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: "1.5.2" +version: "1.6.0" license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration diff --git a/packages/auditd/_dev/build/build.yml b/packages/auditd/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/auditd/_dev/build/build.yml +++ b/packages/auditd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 391e21dc07c..15ff7cd30bb 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "3.3.4" changes: - description: Remove duplicate fields. diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json index cc862d91e31..2eb7dafadf2 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json @@ -15,7 +15,7 @@ "address": "192.168.0.0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mac_ipsec_event", @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "syscall", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "proctitle", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "proctitle", @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "execve", @@ -465,7 +465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -497,7 +497,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -545,7 +545,7 @@ "runtime": "kvm" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -587,7 +587,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -669,7 +669,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -712,7 +712,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -797,7 +797,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -843,7 +843,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -937,7 +937,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -982,7 +982,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1049,7 +1049,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1118,7 +1118,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1165,7 +1165,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1251,7 +1251,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1284,7 +1284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1335,7 +1335,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1436,7 +1436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1481,7 +1481,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1573,7 +1573,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1635,7 +1635,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1705,7 +1705,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -1786,7 +1786,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cwd", @@ -1816,7 +1816,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "path", @@ -1840,7 +1840,7 @@ "log": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown[1329]", @@ -1870,7 +1870,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bprm_fcaps", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sockaddr", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ckaddr", @@ -1930,7 +1930,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json index fc0a43de54e..a1671e1a03b 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-useradd.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -125,7 +125,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -343,7 +343,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -395,7 +395,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json index 7c4e9cd7a01..b6443d3a0b4 100644 --- a/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json +++ b/packages/auditd/data_stream/log/_dev/test/pipeline/test-truncated-execve.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "execve", @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "execve", @@ -131,7 +131,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "execve", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "execve", diff --git a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 615c2519026..b97a2eb4b04 100644 --- a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index ca16d5db805..f902582b263 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f386c08a-1dcf-444a-a259-9c33fa001606", diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index cbc0c590412..b87580092de 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f386c08a-1dcf-444a-a259-9c33fa001606", diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index 625b1497d0e..a7eef67adb2 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: "3.3.4" +version: "3.4.0" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration diff --git a/packages/auditd_manager/_dev/build/build.yml b/packages/auditd_manager/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/auditd_manager/_dev/build/build.yml +++ b/packages/auditd_manager/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index 0291f2a88ea..b22b908b2c7 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json index 4f37be3198a..0286d44e98e 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-auditlogin-events.json-expected.json @@ -30,7 +30,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-login-id-to", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-login-id-to", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-login-id-to", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json index 80909170866..395017a6026 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-centos7-events.json-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started-session", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-group-account-to", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-user-account", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", @@ -644,7 +644,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json index bf8f38e7209..9c9530a9d68 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-chown-events.json-expected.json @@ -92,7 +92,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-file-ownership-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json index 3ef029fbcbe..0d71772b987 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-passwd-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-password", @@ -115,7 +115,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-password", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-password", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json index 7aea228e083..7ab79169d94 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-setuid-events.json-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-identity-of", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-identity-of", @@ -266,7 +266,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-identity-of", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json index b1234956158..4f4f0374249 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-asuser-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json index 7e91ee8234b..0f8cedbaaf5 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-sudo-events.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -110,7 +110,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ran-command", @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "refreshed-credentials", @@ -319,7 +319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started-session", @@ -400,7 +400,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -475,7 +475,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "acquired-credentials", @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -699,7 +699,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started-session", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "refreshed-credentials", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ran-command", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", @@ -990,7 +990,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -1066,7 +1066,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-role-to", @@ -1125,7 +1125,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started-session", @@ -1206,7 +1206,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "disposed-credentials", @@ -1281,7 +1281,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ended-session", @@ -1356,7 +1356,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "disposed-credentials", @@ -1431,7 +1431,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ended-session", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json index 797b2a75191..72896746a0e 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-useradd-events.json-expected.json @@ -33,7 +33,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-group-account-to", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-group-account-to", @@ -190,7 +190,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-group-account-to", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-user-account", @@ -350,7 +350,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-password", @@ -506,7 +506,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -581,7 +581,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "was-authorized", diff --git a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json index c0c79d46db2..685703f48bd 100644 --- a/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json +++ b/packages/auditd_manager/data_stream/auditd/_dev/test/pipeline/test-userlogin-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authenticated", @@ -247,7 +247,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "acquired-credentials", diff --git a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml index b76bc53db72..451b28c9231 100644 --- a/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auditd_manager/data_stream/auditd/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Linux auditd logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: event.original target_field: auditd.messages diff --git a/packages/auditd_manager/data_stream/auditd/sample_event.json b/packages/auditd_manager/data_stream/auditd/sample_event.json index 4e346717387..35f7ff4c5c4 100644 --- a/packages/auditd_manager/data_stream/auditd/sample_event.json +++ b/packages/auditd_manager/data_stream/auditd/sample_event.json @@ -72,7 +72,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/docs/README.md b/packages/auditd_manager/docs/README.md index 9fef9c5e421..8204f06872e 100644 --- a/packages/auditd_manager/docs/README.md +++ b/packages/auditd_manager/docs/README.md @@ -184,7 +184,7 @@ An example event for `auditd` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "753ce520-4f32-45b1-9212-c4dcc9d575a1", diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index 86465dfc947..9ee6abf1014 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auditd_manager title: "Auditd Manager" -version: "1.3.0" +version: "1.4.0" release: ga license: basic description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." diff --git a/packages/auth0/_dev/build/build.yml b/packages/auth0/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/auth0/_dev/build/build.yml +++ b/packages/auth0/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index 1a18a5a944e..6d7fb356c5c 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.2" changes: - description: Remove duplicate field. diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json index fee6ceb1d47..d4d40e1dcfd 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-failure.json-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-login", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-login", @@ -211,7 +211,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-login", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "invalid-username-or-email", @@ -360,7 +360,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "incorrect-password", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json index 0a69a430670..0430852b7f0 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-login-success.json-expected.json @@ -61,7 +61,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -189,7 +189,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -264,7 +264,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -516,7 +516,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -630,7 +630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -935,7 +935,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1051,7 +1051,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1295,7 +1295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1411,7 +1411,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1759,7 +1759,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1875,7 +1875,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -1991,7 +1991,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -2107,7 +2107,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -2223,7 +2223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -2351,7 +2351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", @@ -2479,7 +2479,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "successful-login", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json index ed2a1a9890c..3f58024fa6d 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-logout-success.json-expected.json @@ -24,7 +24,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logout-successful", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logout-successful", @@ -178,7 +178,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logout-successful", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json index f1b421aa8d0..8e3b9510f7c 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-mgmt-api-success.json-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -680,7 +680,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -939,7 +939,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1280,7 +1280,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1519,7 +1519,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1623,7 +1623,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1733,7 +1733,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -1972,7 +1972,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2211,7 +2211,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2320,7 +2320,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2435,7 +2435,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2544,7 +2544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2646,7 +2646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2761,7 +2761,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2870,7 +2870,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -2972,7 +2972,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3065,7 +3065,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3175,7 +3175,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3284,7 +3284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3377,7 +3377,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3487,7 +3487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3690,7 +3690,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4006,7 +4006,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4122,7 +4122,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4361,7 +4361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4459,7 +4459,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4688,7 +4688,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -4913,7 +4913,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5013,7 +5013,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5331,7 +5331,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5433,7 +5433,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op", @@ -5538,7 +5538,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", @@ -5639,7 +5639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-mgmt-api-op-secrets-returned", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json index 4b4cda6d790..3c0ab701c11 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-failure.json-expected.json @@ -72,7 +72,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-signup-failed", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json index 164330ac109..112f4c6181c 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-signup-success.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-signup", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-signup", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-signup", @@ -255,7 +255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-signup", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-signup", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json index d493366f79f..1d635bdd863 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-token-xchg-success.json-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -88,7 +88,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -228,7 +228,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -298,7 +298,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -368,7 +368,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -438,7 +438,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -508,7 +508,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -578,7 +578,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -718,7 +718,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -788,7 +788,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -928,7 +928,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -998,7 +998,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1068,7 +1068,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1208,7 +1208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1278,7 +1278,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1348,7 +1348,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", @@ -1418,7 +1418,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "success-exchange-auth-code-for-access-token", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json index 6b7391e4e30..cfc7a3fa1b4 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-fail.json-expected.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-to-send-email-notification", @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-to-send-email-notification", diff --git a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json index c93ca79ccac..21ec85b15be 100644 --- a/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json +++ b/packages/auth0/data_stream/logs/_dev/test/pipeline/test-user-behaviour-success.json-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sent-verification-email", diff --git a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml index 0ccbb38ac4b..380dde0b422 100644 --- a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Auth0 log stream events processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: auth0.logs.data copy_from: json.data diff --git a/packages/auth0/data_stream/logs/sample_event.json b/packages/auth0/data_stream/logs/sample_event.json index f1f4ada2467..7e3f82cf69b 100644 --- a/packages/auth0/data_stream/logs/sample_event.json +++ b/packages/auth0/data_stream/logs/sample_event.json @@ -84,7 +84,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index 54dd19aa564..98f76ada030 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -257,7 +257,7 @@ An example event for `logs` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index 524c602d69e..12baf12bffa 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0" -version: 1.2.2 +version: "1.3.0" license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration diff --git a/packages/barracuda/_dev/build/build.yml b/packages/barracuda/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/barracuda/_dev/build/build.yml +++ b/packages/barracuda/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index c7534636d75..34a13773792 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.12.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.11.2" changes: - description: Remove duplicate fields. diff --git a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json index a1e2920dc62..91c4924b2b9 100644 --- a/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/spamfirewall/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[avolupt]: 10.224.15.48 nto sse accept tur 3 illumqui 1090 1.2364 ivelitse ritin", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: etdo[10.173.228.223] ntsunti 1455282753 1455282753 SCAN nseq itinvol psa umq 0 31 psaq SZ:cer SUBJ:reveri", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.104.162.169 eosquir orsi nulapari allow vol 4 uidolor nibus mipsumq \u003c\u003cgnaali\u003e: enatus", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[iatu]: 10.57.70.73 dolo meumfug deny roinBCS 2 com 1060 1.2548 byC tinculp", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.236.42.236 tconsec nsequat taev block untutl 1 llu uptassi tamremap tur", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (enatuse.exe) queued as magn", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[sit]: avol[10.162.151.94] laboreet 1461457525 1461457525 RECV aquaeabi giatq quid", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: tempor[10.138.137.28] eip 1462692479 1462692479 SCAN lupta iusmodt doloreeu pori 7 8 ect SZ:reetdolo SUBJ:nrepreh", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: ari[10.108.180.105] nsequat 1463927433 1463927433 block llam llamcorp ari eataevit 4 38 uovol dmi", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.206.159.177] ididu 1465162388 1465162388 RECV ciunt turQuisa 10 74 lit", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[umdo]: sed[10.206.224.241] reetdolo 1466397342 1466397342 RECV olupta turveli 4 40 tatno", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: aveniam[10.82.201.113] essequ 1467632296 1467632296 SCAN taevi ender snulapar aedic 5 13 iumto SZ:aboreetd SUBJ:sun", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (tem.exe) queued as ons", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.110.109.5 ittenbyC aperi lor accept ipi 4 paqu eseru remeum #to#10.18.165.35", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: dolore[10.195.109.134] eddoei 1471337159 1471337159 deny etM nimadmin ditautfu piscing 6 74 ostr rudexerc", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[colabor]: iusmodt[10.21.92.218] lorumw 1472572113 1472572113 accept llitani inima tlabo suntexp 4 45 stiae SZ:nofdeF SUBJ:sunt", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (tat.exe) queued as tion", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (emp.exe) queued as aperia", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: Ret Policy Summary (Del:eritquii Kept:dexeac)", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.45.25.68] LOGOUT (rehender)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: Ret Policy Summary (Del:hil Kept:atquovo)", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[tatn]: 10.18.109.121 ents pida allow idolor 1 emoeni 269 1.2857 utlabore ecillu", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.19.194.101] global CHANGE orinrepr (conse)", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (lumqui.exe) queued as itinvo", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (usmodt.exe) queued as siar", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[sci]: 10.116.193.182 snostrud nama allow data 1 ationul 2530 1.5361 commod adol", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: hitect[10.198.6.166] modocon 1486156610 1486156610 SCAN que atevel nsecte itame 0 38 lit5929.test quamnih", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.198.19.111 aquaeabi lita adeseru accept amc 4 amest corp modtemp \u003c\u003crehender\u003e: iae", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: equat[10.77.137.72] ione 1488626519 1488626519 SCAN ihilmole eriamea amre rsita 8 56 uptat3156.www5.test tmo", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: vitaedi[10.128.114.77] temqu 1489861473 1489861473 SCAN edol colab ommodico quatD 4 59 neav6028.internal.domain agnid", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.181.80.139 hitecto ents liquide allow tenatu 1 boN eprehend aevit aboN", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[ris]: uamqu[10.138.252.123] quioffi 1492331381 1492331381 RECV uptate ncidid quaturve", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (aera.exe) queued as ate", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.153.108.27] uir 1494801290 1494801290 RECV dol essecil citation", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.120.167.239 gnido ratvolu olup deny nsecte 3 eveli eroi dtemp aliquide", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[ris]: nisi[10.105.88.20] ecte 1497271198 1497271198 RECV tinvolu iurer iciadese", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: olupta[10.98.92.244] idolor 1498506153 1498506153 deny uta llumdolo nre ercitat 7 38 riosamn SZ:ept SUBJ:iumtotam", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[sperna]: sintocc[10.185.107.75] tDuisaut 1499741107 1499741107 allow tate imvenia spi stquido 8 62 ptas SZ:pta SUBJ:tetu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (nevo.exe) queued as ide", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[etcons]: 10.80.214.206 ate uiac accept officiad 4 quinesc 6218 1.5651 tur roi", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[nof]: 10.48.34.226 ccaec ten allow isc 2 ntN 6179 1.2364 tateve itinvol", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (etconsec.exe) queued as ios", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: tquov[10.211.93.62] mod 1505915878 1505915878 SCAN hilm ataevi com tnulapa 5 57 tiumt SZ:reetdolo SUBJ:norum", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (uidol.exe) queued as mporin", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: qui[10.199.182.123] entor 1508385787 1508385787 accept Sedutp utp ema rsitv 0 69 ntiumt iquipe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (tvolupt.exe) queued as eufugi", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[pid]: illoin[10.130.38.118] uamni 1510855695 1510855695 block gnamal metMalo ntexplic archite 1 56 untu asi", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.153.152.219] eumiu 1512090649 1512090649 RECV orumSe boree intoc", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: Retention violating accounts: rnatur total", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (isisten.exe) queued as cusant", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (naal.exe) queued as borios", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.167.227.44 tali lillum cusant deny ender 2 oles edic seq tutlab", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[atevelit]: 10.56.136.27 aperia ccaeca deny ttenby 1 amc 5163 1.375 orumSe ratv", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.194.90.130] FAILED_LOGIN (siut)", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.103.69.44] velitess 1520735329 1520735329 RECV naali uunturm temUte", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: aveni[10.29.155.171] uptatema 1521970284 1521970284 SCAN oeni tdol sit tiaec 6 23 oremagna3521.mail.home asiar", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.145.193.93] nonp 1523205238 1523205238 RECV labo ulapar aboreetd", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[ama]: uatur[10.143.79.226] exeacom 1524440192 1524440192 RECV roidents tem dol", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.30.25.84] FAILED_LOGIN (utlab)", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.141.225.182] bor 1526910101 1526910101 RECV rauto ationev 8 57 uaUten", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (dun.exe) queued as reprehe", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.90.9.88] global CHANGE umexerc (oremipsu)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (amco.exe) queued as ssecillu", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (olo.exe) queued as psumqu", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[rationev]: 10.226.20.199 tatem untutlab allow eveli 2 lillum 7809 1.2000 uisaute imide", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.134.140.191] global CHANGE nte (mvel)", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp[conse]: 10.252.40.172 nimadmin isiu licabo cancel etdolor 3 dic cola amcor", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[xea]: ites[10.126.26.131] nisiut 1536789735 1536789735 accept teturad perspici itation sequatD 5 24 isciv rroqu", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[rExc]: iusmo[10.187.210.173] reetd 1538024689 1538024689 accept ulpa sitam rad loi 2 15 Nequepor SZ:eirure SUBJ:deserun", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (orroq.exe) queued as vitaedic", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (orem.exe) queued as rcit", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[untincul]: ssecil[10.180.147.129] atise 1541729552 1541729552 allow umetMalo oluptas emvele isnost 2 5 ido emqu", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[exeaco]: 10.99.17.210 olorsit tore cancel illu 4 turadip 688 1.7484 boreetdo undeom", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[uov]: 10.230.46.162 sBono loremqu accept quunt 3 siuta 1107 1.2607 dquia temporin", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[nimveni]: idi[10.96.135.47] rum 1545434414 1545434414 accept eporroq ulla iqu oin 1 55 cingel modocon", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (atv.exe) queued as onu", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: obeataev[10.139.127.232] nsec 1547904323 1547904323 cancel maperi agnaaliq tlaboree norumet 7 48 tin SZ:fugitse SUBJ:imad", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: inv[10.163.209.70] atu 1549139277 1549139277 SCAN lloin remipsum tempor citatio 0 57 mveniamq SZ:taedict SUBJ:edquian", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (mipsamvo.exe) queued as eiusmod", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[avolu]: Except[10.191.7.121] umetMal 1551609186 1551609186 accept sciun metcons itasper uae 2 21 uia iciad", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: [10.157.196.101] gnaa 1552844140 1552844140 RECV mod doei cipitl", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.171.72.5] global CHANGE eprehend (asnu)", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: eritatis[10.209.184.60] mquisn 1555314049 1555314049 cancel uto emUte molestia quir 4 18 emip SZ:ver SUBJ:erc", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[dolorsit]: archite[10.143.228.97] isqua 1556549003 1556549003 RECV uta emo itq", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (ntexpl.exe) queued as dunt", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: plic[10.17.87.79] tetur 1559018911 1559018911 block amali ate idolor ratvolu 7 64 onse olorem", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: [10.163.18.29] FAILED_LOGIN (nim)", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "web: Retention violating accounts: erspi total", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (billoi.exe) queued as moles", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: taedi[10.17.98.243] etconsec 1563958728 1563958728 cancel ill mporinc onsectet idolo 8 55 docon SZ:mdolore SUBJ:eosquira", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (apariatu.exe) queued as lorsita", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (ever.exe) queued as tali", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1[mipsumqu]: tatio[10.181.247.224] onnu 1567663591 1567663591 RECV olorema aquiof ende", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan[ugitse]: quiineav[10.235.116.121] ventore 1568898545 1568898545 deny obea emp agnaaliq est 0 73 aev SZ:inrepr SUBJ:mol", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "outbound/smtp: 10.178.30.158 llit tenimad sitametc allow onproide 2 cillumd riosa Ok: queued as tNe #to#10.1.6.115", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "notify/smtp[rautod]: 10.124.32.120 lapar ritati accept qui 3 mullam 4965 1.4254 meaque uid", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (ataevita.exe) queued as oremqu", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reports: REPORTS (velitsed.exe) queued as magnaali", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inbound/pass1: der[10.77.182.191] enbyCi 1575073317 1575073317 SCAN quameiu diduntu eiusmod itation 8 79 piciatis2460.api.host iusmodt", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scan: iame[10.193.110.71] tiumd 1576308271 1576308271 accept loinve tanimid isnostru nofdeFi 3 5 saqu remips", "tags": [ diff --git a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml index 9b33c737783..9476cffa518 100644 --- a/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/spamfirewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Barracuda Spam Firewall processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/spamfirewall/sample_event.json b/packages/barracuda/data_stream/spamfirewall/sample_event.json index a5a7e45902b..80456b4e554 100644 --- a/packages/barracuda/data_stream/spamfirewall/sample_event.json +++ b/packages/barracuda/data_stream/spamfirewall/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json index 595365dbeb4..666318adadc 100644 --- a/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/barracuda/data_stream/waf/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to BYPASS (nbyCic).", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:tvolup] New attack definition version 1.1000 is available", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Forwarding log messages to syslog host #imadm, address=10.16.222.151", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:eritqui] One of the RAID arrays is degrading.", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode change: ccusant,epteurs", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:modoco] New attack definition version 1.3971 is available", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: LB-doloreeu elillumq CreateServer =loremeum", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: WebLog-radi ula itsed: SapCtx=rad,SapId=olupta, ididu", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:xcepte] New attack definition version 1.4012 is available", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Monitoring links: lo4933", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:doconse] One of the RAID arrays is degrading.", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: odite atn It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., sectet", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: LB-tet voluptas ActiveServerOutOfBandMonitorAttr =inv", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: [ALERT:obeata] Configuration size is pexeaco which exceeds the ercitati safe limit. Please check your configuration.", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode change: urEx,labo", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: LB-Maloru lapariat SetServerdmin=oinBCSed", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: luptate Initiating config_agent database commit phase.", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: LB-isistena Malorum SetSapquelauda=enderit", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Forwarding log messages to syslog host #equun, address=10.4.65.246", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:exer] New attack definition version 1.481 is available", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: isnisiu aspernat Update succeeded", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for mquel release.", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from ueporr to ptate", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:onsequ] enp0s7094: link is up", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: iquip tDuisau It is recommended to configure cookie_encryption_key_expiry atleast 7 days ahead of current time., amali", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Event manager startup succeeded.", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: LB-mveniam rvelill EnableServer =iame", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: number of stm worker threads iseuf", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: WebLog-ipiscin idolore turExce: SapCtx=modoc,SapId=mdolors, borios", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully stopped STM.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Forwarding log messages to syslog host #ccusa, address=10.58.33.30", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:uiadolo] eth321: link is up", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: rsi ciduntut Update succeeded", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: radipis RPC Name =isa, RPC Result: aal", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for ris release.", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: aliqui rcitat Update succeeded", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: aeconse Initiating config_agent database commit phase.", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: iaecon ipexea Update succeeded", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from nulapa to cillu", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:ectetura] Firmware storage exceeds didun", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: rcit nul Received put-tree command", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:aliquaU] New attack definition version 1.1278 is available", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:amei] New attack definition version 1.7778 is available", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:gelitse] New attack definition version 1.3018 is available", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from iceroin to qui", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from pariatu to issusc", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: FAILOVE-roinBCSe oreet Stateful Failover Module initialized.", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Committing UI configuration.", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from ernat to Ute", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Rolling back the current database transaction. Configuration digest failed.", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: RespPage-rinrepr rvelill CreateRP: Response Page mve created successfully", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: [ALERT:ineav] Configuration size is onp which exceeds the gnaaliqu safe limit. Please check your configuration.", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: quaea RPC Name =eetd, RPC Result: fdeFin", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: number of stm worker threads isrro", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: tutlabo Initiating config_agent database commit phase.", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for pli release.", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: erit Initiating config_agent database commit phase.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for mod release.", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for lamcolab release.", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from estlab to tis", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:uamqua] Firmware storage exceeds labo", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Migrating configuration from tfugit to taspern", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eventmgr: Forwarding log messages to syslog host #meiusm, address=10.48.248.158", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: number of stm worker threads isonula", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: FTPSVC-nimi ilmoles Ftp proxy initialized labor", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: [ALERT:atev] One of the RAID arrays is degrading.", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: amaliq ept Received put-tree command", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to BYPASS (ectetura).", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: COOKIE-icab quiado scipit = quiavolu", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: CACHE-oconseq tsedd untin SapCtx susc, SapId amr, Return Code success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM: aps-ddoeius tautfugi ParamProtectionClonePatterns: Old:cin, New:fugia, PatternsNode:olors", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for admi release.", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "CONFIG_AGENT: aecons Initiating config_agent database commit phase.", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Monitoring links: eth801", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Started monitoring", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:ntoc] New attack definition version 1.7781 is available", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "INSTALL: Loading the snapshot for stru release.", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Monitoring links: enp0s6182", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: number of stm worker threads isumwri", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to never bypass.", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "BYPASS: Mode set to BYPASS (eniamqu).", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "UPDATE: [ALERT:tco] New attack definition version 1.6840 is available", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Initializing STM.", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "STM_WRAPPER: Successfully initialized STM.", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "PROCMON: Started monitoring", "tags": [ diff --git a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml index 87930822b88..3ddf4025dac 100644 --- a/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Barracuda Web Application Firewall processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/barracuda/data_stream/waf/sample_event.json b/packages/barracuda/data_stream/waf/sample_event.json index 47237138775..f8c8ca1c026 100644 --- a/packages/barracuda/data_stream/waf/sample_event.json +++ b/packages/barracuda/data_stream/waf/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index c1f07e10cab..9b629a8cd51 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda title: Barracuda Logs -version: "0.11.2" +version: "0.12.0" description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/barracuda_cloudgen_firewall/_dev/build/build.yml b/packages/barracuda_cloudgen_firewall/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/barracuda_cloudgen_firewall/_dev/build/build.yml +++ b/packages/barracuda_cloudgen_firewall/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/barracuda_cloudgen_firewall/changelog.yml b/packages/barracuda_cloudgen_firewall/changelog.yml index 35317a8b52e..ca0f143a278 100644 --- a/packages/barracuda_cloudgen_firewall/changelog.yml +++ b/packages/barracuda_cloudgen_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.1.0" changes: - description: initial release diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json index a6b38581571..e06c0e9e6f6 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-firewall.log-expected.json @@ -32,7 +32,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "End", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json index c819c627be1..da85d21309a 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-threat.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -84,7 +84,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -160,7 +160,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json index 793fa7a366e..2b726af655f 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/_dev/test/pipeline/test-web.log-expected.json @@ -27,7 +27,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "0", @@ -129,7 +129,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "0", diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 51d0f96f9a0..3d244653202 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Barracuda CloudGen Firewall processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # Metadata about the origin of the event captured from the Lumberjack connection. - rename: diff --git a/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json b/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json index b6cdc63b758..3770f710f18 100644 --- a/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json +++ b/packages/barracuda_cloudgen_firewall/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "70e82165-776e-4b35-98b8-b0c9491f4b6e", diff --git a/packages/barracuda_cloudgen_firewall/docs/README.md b/packages/barracuda_cloudgen_firewall/docs/README.md index 612c04ad073..28cb64e493e 100644 --- a/packages/barracuda_cloudgen_firewall/docs/README.md +++ b/packages/barracuda_cloudgen_firewall/docs/README.md @@ -70,7 +70,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "70e82165-776e-4b35-98b8-b0c9491f4b6e", diff --git a/packages/barracuda_cloudgen_firewall/manifest.yml b/packages/barracuda_cloudgen_firewall/manifest.yml index 8363f23de5e..f19d5be8406 100644 --- a/packages/barracuda_cloudgen_firewall/manifest.yml +++ b/packages/barracuda_cloudgen_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda_cloudgen_firewall title: Barracuda CloudGen Firewall Logs -version: "0.1.0" +version: "0.2.0" description: Collect logs from Barracuda CloudGen Firewall devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/bluecoat/_dev/build/build.yml b/packages/bluecoat/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/bluecoat/_dev/build/build.yml +++ b/packages/bluecoat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 0d63a4b6af4..67dec6afd15 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.10.2" changes: - description: Remove duplicate fields. diff --git a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json index 65e875330d3..26d922a1ab3 100644 --- a/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[1001]: kernel time sync enabled utl", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context quasiarc: liqua", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[5699]: Audit daemon rotating log files", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[5066]: Normal exit ehend", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context vol: luptat", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003ceumiu.medium\u003e Processing command: accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context nci: ofdeFin", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[6668]: Audit daemon rotating log files", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[1613]: Normal exit mvolu", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[2959]: ntpd gelit-r tatno", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[654]: Updated timestamp for job rmagni to sit", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dmd: : \u003c\u003ctenima.very-high\u003e Health state for metric\"seq3874.mail.domain\" \"quid\" changed to \"fug\", reason: \"success\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[2067]: Audit daemon rotating log files", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "pm[5969]: \u003c\u003ctquovol.very-high\u003e check_license_validity(), tae", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "logrotate: : ALERT exited abnormally with temUten", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sshd: : \u003c\u003cdun.medium\u003e error: Bind to port Duisau on psum failed: failure", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "configd: : \u003c\u003cend.medium\u003e itaut@rveli: command: accept", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003cluptat.low\u003e authd_signal_handler(), quam", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "xinetd[6547]: Started working: onproide available services", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "logrotate: : ALERT exited abnormally with tfug", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003curE.medium\u003e Processing command: deny", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rsyslogd: : Warning: rehe", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sshd: : \u003c\u003cstiae.medium\u003e error: Bind to port erc on amqu failed: unknown", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[4515]: ntpd emp-r aperia", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context run: vol", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "logrotate: : ALERT exited abnormally with mporain", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003cmpori.very-high\u003e connect: atu", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cmd: : \u003c\u003ctexp.medium\u003e cmd starting adeseru", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cli[7108]: \u003c\u003c-uam.low\u003e tmo@::fficiade:10.2.53.125 : CLI launched", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "pm[7061]: \u003c\u003cihilmo.very-high\u003e ntpd will start in tlabo", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "poller[795]: \u003c\u003coluptate.low\u003e Querying content system for job results.", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "runner[6134]: \u003c\u003cedo.very-high\u003e Processing command: allow", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "epmd: : epmd: epmd running orpor", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "runner[602]: \u003c\u003cemvel.very-high\u003e Failed to exec olup", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "shutdown[2807]: shutting down non", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "configd: : \u003c\u003cugiatnu.high\u003e sperna@sintocc: command: cancel", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[2986]: Audit daemon rotating log files", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "configd: : \u003c\u003cccaecat.medium\u003e CREATE onsequ", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[1243]: Audit daemon rotating log files", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "xinetd[6599]: Started working: naal available services", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "xinetd[5850]: Started working: rQu available services", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003cboree.low\u003e queips: undefined symbol: ncidi", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003color.very-high\u003e authd_close(): npr", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[6373]: Anacron 1.3962 started on epre", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cli[3979]: \u003c\u003c-iduntu.medium\u003e temUt@avol752.www5.test : Processing command accept", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cmd: : \u003c\u003camc.medium\u003e cmd starting isiuta", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccd: : \u003c\u003colab.low\u003e Device elitse6672.internal.localdomain: mquisno", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "runner[1859]: \u003c\u003ctasnulap.high\u003e Failed to exec umSe", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "shutdown[6110]: shutting down itau", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sshd[2415]: PAM lorsita more authentication failure; dolore", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rsyslogd: : Warning: tio", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cli[802]: \u003c\u003c-gnaaliqu.very-high\u003e velillu@::cteturad:10.18.204.87 : Processing a secure command...", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003creprehe.high\u003e connect: inimveni", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003clitani.low\u003e authd_close(): psumqu", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "runner[2558]: \u003c\u003cicabo.high\u003e Failed to exec edquiac", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[4538]: Updated timestamp for job remips to uisaute", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "auditd[6837]: Audit daemon rotating log files", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "pm[1493]: \u003c\u003cetdolor.high\u003e print_msg(), dic", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "configd: : \u003c\u003cavolupt.low\u003e Device \"itation4168.api.domain\" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "epmd: : epmd: invalid packet size (mquae)", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "runner[429]: \u003c\u003ccorpori.very-high\u003e File reading failed", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "shutdown[7595]: shutting down emqu", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003cleumiur.low\u003e The HB command is accept", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003cest.very-high\u003e authd_signal_handler(), isetquas", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003cpsaqua.medium\u003e authd_signal_handler(), gnaal", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "logrotate: : ALERT exited abnormally with voluptas", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[627]: ntpd exiting on signal orin", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context ecillu: mmodoc", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cli[1140]: \u003c\u003c-abore.high\u003e modocon@ipsu3680.mail.test : Processing command: deny", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sshd: : bad username mquisn", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[1313]: ntpd derit-r orese", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccd: : \u003c\u003cleumiur.medium\u003e Device Communication Daemon online", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rsyslogd: : Warning: moles", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "restorecond: : Reset file context olup: aco", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "shutdown[609]: shutting down ser", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[2991]: ntpd orinrep-r quiavol", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dmd: : \u003c\u003cquin.medium\u003e inserted device id = sBonor2001.www5.example and serial number = amc into DB", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccd: : \u003c\u003came.very-high\u003e ccd_handle_read_failure(), uid", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cmd: : \u003c\u003cscivel.high\u003e cmd starting lmolesti", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dmd: : \u003c\u003cemaperia.high\u003e inserted device id = ersp6625.internal.domain and serial number = seq into DB", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cmd: : \u003c\u003ctanimid.medium\u003e cmd starting uipexe", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003core.low\u003e The HB command is cancel", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[7360]: Normal exit tperspic", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dmd: : \u003c\u003cict.very-high\u003e Filter on (tetura) things. riosamni", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccd: : \u003c\u003cumetMa.low\u003e Device eleumiu2454.api.local: tat", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "schedulerd: : \u003c\u003clumqu.very-high\u003e System time changed, recomputing job run times.", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "xinetd[3450]: Started working: aconsequ available services", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "authd: : \u003c\u003csequat.high\u003e handle_authd unknown message =utemvel", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rsyslogd: : Warning: iusm", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[16]: time reset stquido", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccd: : \u003c\u003caaliq.high\u003e Device olu5333.www.domain: orumSe", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "anacron[80]: Normal exit ici", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[7612]: kernel time sync enabled nturmag", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "schedulerd: : \u003c\u003cici.very-high\u003e Executing Job \"tquo\" execution iatnu", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "logrotate: : ALERT exited abnormally with ntut", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "poller[7151]: \u003c\u003cess.high\u003e Querying content system for job results.", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntpd[2314]: ntpd litanim-r rQuisaut", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "heartbeat: : \u003c\u003cmetco.high\u003e Processing command: block", "tags": [ diff --git a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml index 11851454ec0..eb748d3abcc 100644 --- a/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Blue Coat Director processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/bluecoat/data_stream/director/sample_event.json b/packages/bluecoat/data_stream/director/sample_event.json index 125171d28a7..4fb8911f7cd 100644 --- a/packages/bluecoat/data_stream/director/sample_event.json +++ b/packages/bluecoat/data_stream/director/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index f6a6c1bb127..08a025e7954 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: "0.10.2" +version: "0.11.0" description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/box_events/_dev/build/build.yml b/packages/box_events/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/box_events/_dev/build/build.yml +++ b/packages/box_events/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/box_events/changelog.yml b/packages/box_events/changelog.yml index b442e20d282..371951d3170 100644 --- a/packages/box_events/changelog.yml +++ b/packages/box_events/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.1.1" changes: - description: Remove duplicate fields. diff --git a/packages/box_events/data_stream/anomalous_download_alerts/_dev/test/pipeline/test-anomalous-download.log-expected.json b/packages/box_events/data_stream/anomalous_download_alerts/_dev/test/pipeline/test-anomalous-download.log-expected.json index 843fcbd0bdc..5a60d810a4f 100644 --- a/packages/box_events/data_stream/anomalous_download_alerts/_dev/test/pipeline/test-anomalous-download.log-expected.json +++ b/packages/box_events/data_stream/anomalous_download_alerts/_dev/test/pipeline/test-anomalous-download.log-expected.json @@ -40,7 +40,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -141,7 +141,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -248,7 +248,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -358,7 +358,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -465,7 +465,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -572,7 +572,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -679,7 +679,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -792,7 +792,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -905,7 +905,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/anomalous_download_alerts/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/anomalous_download_alerts/elasticsearch/ingest_pipeline/default.yml index 84f95dd7695..b87ce4c3921 100644 --- a/packages/box_events/data_stream/anomalous_download_alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/anomalous_download_alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Anomalous Download Alerts processors: - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/anomalous_download_alerts/sample_event.json b/packages/box_events/data_stream/anomalous_download_alerts/sample_event.json index 77ec9540d69..ca519fc1275 100644 --- a/packages/box_events/data_stream/anomalous_download_alerts/sample_event.json +++ b/packages/box_events/data_stream/anomalous_download_alerts/sample_event.json @@ -53,7 +53,7 @@ }, "@timestamp": "2019-12-01T08:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "data_stream": { "namespace": "default", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json index 7721c0b5da9..9f864df6d2e 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-copy.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_COPY", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json index 522a601bca4..3ef034e6d4d 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-create.log-expected.json @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_CREATE", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json index 38c2e25efe7..e79e172785a 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-download.log-expected.json @@ -71,7 +71,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_DOWNLOAD", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json index f020c7dfc06..9f0e17e2d09 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-event-types.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACCESS_GRANTED", @@ -21,7 +21,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACCESS_REVOKED", @@ -40,7 +40,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_DEVICE_ASSOCIATION", @@ -59,7 +59,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_LOGIN_ACTIVITY_DEVICE", @@ -79,7 +79,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADMIN_LOGIN", @@ -97,7 +97,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "APPLICATION_CREATED", @@ -115,7 +115,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "APPLICATION_PUBLIC_KEY_ADDED", @@ -135,7 +135,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "APPLICATION_PUBLIC_KEY_DELETED", @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ADMIN_ROLE", @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_FOLDER_PERMISSION", @@ -192,7 +192,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLABORATION_ACCEPT", @@ -211,7 +211,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLABORATION_EXPIRATION", @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLABORATION_INVITE", @@ -249,7 +249,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLABORATION_REMOVE", @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLABORATION_ROLE_CHANGE", @@ -287,7 +287,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLAB_ADD_COLLABORATOR", @@ -306,7 +306,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLAB_INVITE_COLLABORATOR", @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLAB_REMOVE_COLLABORATOR", @@ -343,7 +343,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COLLAB_ROLE_CHANGE", @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMMENT_CREATE", @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMMENT_DELETE", @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_ACCESS", @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_ABNORMAL_DOWNLOAD_ACTIVITY", @@ -437,7 +437,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_AUTOMATION_ADD", @@ -455,7 +455,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_AUTOMATION_DELETE", @@ -473,7 +473,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_POLICY_ADD", @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_SHARING_POLICY_VIOLATION", @@ -512,7 +512,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CONTENT_WORKFLOW_UPLOAD_POLICY_VIOLATION", @@ -532,7 +532,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COPY", @@ -550,7 +550,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DATA_RETENTION_CREATE_RETENTION", @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DATA_RETENTION_REMOVE_RETENTION", @@ -588,7 +588,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE", @@ -606,7 +606,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_USER", @@ -625,7 +625,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DEVICE_TRUST_CHECK_FAILED", @@ -645,7 +645,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DOWNLOAD", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EDIT", @@ -682,7 +682,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EDIT_USER", @@ -700,7 +700,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EMAIL_ALIAS_CONFIRM", @@ -718,7 +718,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EMAIL_ALIAS_REMOVE", @@ -736,7 +736,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_TWO_FACTOR_AUTH", @@ -754,7 +754,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENTERPRISE_APP_AUTHORIZATION_UPDATE", @@ -773,7 +773,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FAILED_LOGIN", @@ -793,7 +793,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FILE_MARKED_MALICIOUS", @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FILE_WATERMARKED_DOWNLOAD", @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_ADD_ITEM", @@ -849,7 +849,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_ADD_USER", @@ -868,7 +868,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_CREATION", @@ -887,7 +887,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_DELETION", @@ -906,7 +906,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_EDITED", @@ -925,7 +925,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_REMOVE_ITEM", @@ -944,7 +944,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_REMOVE_USER", @@ -964,7 +964,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_COPY", @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_CREATE", @@ -1000,7 +1000,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_DOWNLOAD", @@ -1018,7 +1018,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_MAKE_CURRENT_VERSION", @@ -1037,7 +1037,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_MODIFY", @@ -1055,7 +1055,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_MOVE", @@ -1074,7 +1074,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_OPEN", @@ -1092,7 +1092,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_PREVIEW", @@ -1110,7 +1110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_RENAME", @@ -1129,7 +1129,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_SHARED", @@ -1148,7 +1148,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_SHARED_CREATE", @@ -1167,7 +1167,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_SHARED_UNSHARE", @@ -1186,7 +1186,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_SHARED_UPDATE", @@ -1205,7 +1205,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_SYNC", @@ -1224,7 +1224,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_TRASH", @@ -1243,7 +1243,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_UNDELETE_VIA_TRASH", @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_UNSYNC", @@ -1281,7 +1281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_UPLOAD", @@ -1299,7 +1299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LEGAL_HOLD_ASSIGNMENT_CREATE", @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LEGAL_HOLD_ASSIGNMENT_DELETE", @@ -1337,7 +1337,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LEGAL_HOLD_POLICY_CREATE", @@ -1356,7 +1356,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LEGAL_HOLD_POLICY_DELETE", @@ -1375,7 +1375,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LEGAL_HOLD_POLICY_UPDATE", @@ -1394,7 +1394,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOCK", @@ -1413,7 +1413,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOCK_CREATE", @@ -1432,7 +1432,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOCK_DESTROY", @@ -1451,7 +1451,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN", @@ -1469,7 +1469,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MASTER_INVITE_ACCEPT", @@ -1487,7 +1487,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MASTER_INVITE_REJECT", @@ -1505,7 +1505,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_INSTANCE_CREATE", @@ -1523,7 +1523,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_INSTANCE_DELETE", @@ -1541,7 +1541,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_INSTANCE_UPDATE", @@ -1559,7 +1559,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_TEMPLATE_CREATE", @@ -1577,7 +1577,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_TEMPLATE_DELETE", @@ -1595,7 +1595,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "METADATA_TEMPLATE_UPDATE", @@ -1613,7 +1613,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOVE", @@ -1632,7 +1632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NEW_USER", @@ -1650,7 +1650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PREVIEW", @@ -1668,7 +1668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_DEVICE_ASSOCIATION", @@ -1686,7 +1686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_LOGIN_ACTIVITY_DEVICE", @@ -1705,7 +1705,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME", @@ -1724,7 +1724,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RETENTION_POLICY_ASSIGNMENT_ADD", @@ -1743,7 +1743,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHARE", @@ -1762,7 +1762,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHARE_EXPIRATION", @@ -1781,7 +1781,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -1799,7 +1799,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED", @@ -1818,7 +1818,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED_MISSING_JUSTIFICATION", @@ -1837,7 +1837,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED", @@ -1856,7 +1856,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED_MISSING_JUSTIFICATION", @@ -1875,7 +1875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_JUSTIFICATION_APPROVAL", @@ -1894,7 +1894,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_ASSIGNED", @@ -1913,7 +1913,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_CANCELLED", @@ -1932,7 +1932,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_COMPLETED", @@ -1951,7 +1951,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_CONVERTED", @@ -1970,7 +1970,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_CREATED", @@ -1989,7 +1989,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_DECLINED", @@ -2008,7 +2008,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_EXPIRED", @@ -2027,7 +2027,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_SIGNED", @@ -2046,7 +2046,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGN_DOCUMENT_VIEWED_BY_SIGNED", @@ -2065,7 +2065,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGNER_DOWNLOADED", @@ -2084,7 +2084,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIGNER_FORWARDED", @@ -2103,7 +2103,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "STORAGE_EXPIRATION", @@ -2121,7 +2121,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TAG_ITEM_CREATE", @@ -2140,7 +2140,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TASK_ASSIGNMENT_CREATE", @@ -2160,7 +2160,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TASK_ASSIGNMENT_DELETE", @@ -2180,7 +2180,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TASK_ASSIGNMENT_UPDATE", @@ -2200,7 +2200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TASK_CREATE", @@ -2219,7 +2219,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TASK_UPDATE", @@ -2238,7 +2238,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TERMS_OF_SERVICE_ACCEPT", @@ -2257,7 +2257,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TERMS_OF_SERVICE_REJECT", @@ -2276,7 +2276,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNDELETE", @@ -2294,7 +2294,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNLOCK", @@ -2312,7 +2312,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNSHARE", @@ -2331,7 +2331,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_COLLABORATION_EXPIRATION", @@ -2351,7 +2351,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_SHARE_EXPIRATION", @@ -2370,7 +2370,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPLOAD", @@ -2388,7 +2388,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_AUTHENTICATE_OAUTH2_ACCESS_TOKEN_CREATE", @@ -2400,7 +2400,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "WATERMARK_LABEL_CREATE", @@ -2419,7 +2419,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "WATERMARK_LABEL_DELETE", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json index 8e388a0b2fc..22d4e00076b 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-preview.log-expected.json @@ -71,7 +71,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_PREVIEW", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json index 9a0e7452f96..1f23e859475 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-rename.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_RENAME", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json index 00f2b829b86..01721627386 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-trash.log-expected.json @@ -49,7 +49,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_TRASH", diff --git a/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json b/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json index 4fe0a4228f4..caf4f604ae7 100644 --- a/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json +++ b/packages/box_events/data_stream/events/_dev/test/pipeline/test-upload.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ITEM_UPLOAD", diff --git a/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml index ba25482f209..cc3fcc77c5a 100644 --- a/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Events processors: - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/events/sample_event.json b/packages/box_events/data_stream/events/sample_event.json index c47816a2729..2d44fe145e3 100644 --- a/packages/box_events/data_stream/events/sample_event.json +++ b/packages/box_events/data_stream/events/sample_event.json @@ -78,7 +78,7 @@ "type": "folder" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "data_stream": { "namespace": "default", diff --git a/packages/box_events/data_stream/malicious_content_alerts/_dev/test/pipeline/test-malicious-content.log-expected.json b/packages/box_events/data_stream/malicious_content_alerts/_dev/test/pipeline/test-malicious-content.log-expected.json index 3506679665a..b8ba683b089 100644 --- a/packages/box_events/data_stream/malicious_content_alerts/_dev/test/pipeline/test-malicious-content.log-expected.json +++ b/packages/box_events/data_stream/malicious_content_alerts/_dev/test/pipeline/test-malicious-content.log-expected.json @@ -68,7 +68,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/malicious_content_alerts/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/malicious_content_alerts/elasticsearch/ingest_pipeline/default.yml index d409c0b605f..6a3882db053 100644 --- a/packages/box_events/data_stream/malicious_content_alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/malicious_content_alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Malicious Content Alerts processors: - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/malicious_content_alerts/sample_event.json b/packages/box_events/data_stream/malicious_content_alerts/sample_event.json index 5a56130eaa6..e2a0861710f 100644 --- a/packages/box_events/data_stream/malicious_content_alerts/sample_event.json +++ b/packages/box_events/data_stream/malicious_content_alerts/sample_event.json @@ -81,7 +81,7 @@ }, "@timestamp": "2019-12-20T08:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "data_stream": { "namespace": "default", diff --git a/packages/box_events/data_stream/suspicious_locations_alerts/_dev/test/pipeline/test-suspicious-locations.log-expected.json b/packages/box_events/data_stream/suspicious_locations_alerts/_dev/test/pipeline/test-suspicious-locations.log-expected.json index 61584d14a18..8e8c8111ac2 100644 --- a/packages/box_events/data_stream/suspicious_locations_alerts/_dev/test/pipeline/test-suspicious-locations.log-expected.json +++ b/packages/box_events/data_stream/suspicious_locations_alerts/_dev/test/pipeline/test-suspicious-locations.log-expected.json @@ -36,7 +36,7 @@ "ip": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/suspicious_locations_alerts/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/suspicious_locations_alerts/elasticsearch/ingest_pipeline/default.yml index 0ee04991101..a8070491f48 100644 --- a/packages/box_events/data_stream/suspicious_locations_alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/suspicious_locations_alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Suspicious Locations Alerts processors: - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/suspicious_locations_alerts/sample_event.json b/packages/box_events/data_stream/suspicious_locations_alerts/sample_event.json index 57c5ba6fe4f..8356a4914c3 100644 --- a/packages/box_events/data_stream/suspicious_locations_alerts/sample_event.json +++ b/packages/box_events/data_stream/suspicious_locations_alerts/sample_event.json @@ -83,7 +83,7 @@ "name": "Suspicious Location" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "data_stream": { "namespace": "default", diff --git a/packages/box_events/data_stream/suspicious_sessions_alerts/_dev/test/pipeline/test-suspicious-sessions.log-expected.json b/packages/box_events/data_stream/suspicious_sessions_alerts/_dev/test/pipeline/test-suspicious-sessions.log-expected.json index 1964c6781ff..82f72e7651b 100644 --- a/packages/box_events/data_stream/suspicious_sessions_alerts/_dev/test/pipeline/test-suspicious-sessions.log-expected.json +++ b/packages/box_events/data_stream/suspicious_sessions_alerts/_dev/test/pipeline/test-suspicious-sessions.log-expected.json @@ -36,7 +36,7 @@ "ip_address": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", @@ -132,7 +132,7 @@ "ip_address": "10.1.2.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SHIELD_ALERT", diff --git a/packages/box_events/data_stream/suspicious_sessions_alerts/elasticsearch/ingest_pipeline/default.yml b/packages/box_events/data_stream/suspicious_sessions_alerts/elasticsearch/ingest_pipeline/default.yml index 36f844d4798..060ed9d381e 100644 --- a/packages/box_events/data_stream/suspicious_sessions_alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/box_events/data_stream/suspicious_sessions_alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Box Suspicious Sessions Alerts processors: - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - rename: field: message target_field: event.original diff --git a/packages/box_events/data_stream/suspicious_sessions_alerts/sample_event.json b/packages/box_events/data_stream/suspicious_sessions_alerts/sample_event.json index 060bcfdb2e4..b16d0d70b5a 100644 --- a/packages/box_events/data_stream/suspicious_sessions_alerts/sample_event.json +++ b/packages/box_events/data_stream/suspicious_sessions_alerts/sample_event.json @@ -83,7 +83,7 @@ "name": "Suspicious Session" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "data_stream": { "namespace": "default", diff --git a/packages/box_events/manifest.yml b/packages/box_events/manifest.yml index 9e6ee36b06b..2a4bd896a95 100644 --- a/packages/box_events/manifest.yml +++ b/packages/box_events/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: box_events title: Box Events -version: 0.1.1 +version: "0.2.0" release: beta license: basic description: "Collect logs from Box with Elastic Agent." diff --git a/packages/carbon_black_cloud/_dev/build/build.yml b/packages/carbon_black_cloud/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/carbon_black_cloud/_dev/build/build.yml +++ b/packages/carbon_black_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 94995104bd8..7aa3fad6878 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.1" changes: - description: Remove duplicate fields. diff --git a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index 6a68f0318ac..00966ef3701 100644 --- a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "end": "2021-01-04T23:25:58Z", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "end": "2020-11-17T22:02:16Z", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "end": "2021-01-04T22:22:42Z", diff --git a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index a302659e9ed..9709ce563bb 100644 --- a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/alert/sample_event.json b/packages/carbon_black_cloud/data_stream/alert/sample_event.json index 7ecbfab7219..7045812c41e 100644 --- a/packages/carbon_black_cloud/data_stream/alert/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/alert/sample_event.json @@ -53,7 +53,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json index 7f73190e13c..4777453fc98 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":1,\"highest_risk_score\":5.3,\"host_name\":\"DESKTOP-001\",\"last_sync_ts\":\"2022-02-14T08:32:37.105065Z\",\"name\":\"DESKTOP-001KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows Server 2019 Datacenter\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":137}" @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":2,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-002\",\"last_sync_ts\":\"2021-12-31T22:16:06.970164Z\",\"name\":\"DESKTOP-002KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19044\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":342}" @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":3,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-003\",\"last_sync_ts\":\"2022-02-03T15:27:28.681106Z\",\"name\":\"DESKTOP-003KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Enterprise\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18363\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":499}" @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":4,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-004\",\"last_sync_ts\":\"2022-01-06T03:51:45.460029Z\",\"name\":\"DESKTOP-004KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":885}" @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":5,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-005\",\"last_sync_ts\":\"2022-01-10T02:46:08.236117Z\",\"name\":\"DESKTOP-005KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":893}" @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":6,\"highest_risk_score\":6,\"host_name\":\"DESKTOP-006\",\"last_sync_ts\":\"2022-01-10T03:11:44.097219Z\",\"name\":\"DESKTOP-006KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":276}" @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":7,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-007\",\"last_sync_ts\":\"2022-01-11T08:41:31.573863Z\",\"name\":\"DESKTOP-007KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19043\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":542}" @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":8,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-008\",\"last_sync_ts\":\"2022-01-17T08:33:37.384932Z\",\"name\":\"DESKTOP-008KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":1770}" diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml index 5ded16ebb31..374afc209b0 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - json: field: event.original target_field: json diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json index 18a138c1671..1952ad839d4 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 23a0decfadf..e4094f9e40f 100644 --- a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "16xxxxxxxxxx8ac7bd", @@ -51,7 +51,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "21xxxxxxxxxx93ff7c", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "28xxxxxxxxxx8ac7bd", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "34xxxxxxxxxxd9ccf9", @@ -159,7 +159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "3axxxxxxxxxx2e5035", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "32xxxxxxxxxx189c6d", @@ -231,7 +231,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "a9xxxxxxxxxx4b3d2c", diff --git a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index ebf7661d618..1d8686b0536 100644 --- a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/audit/sample_event.json b/packages/carbon_black_cloud/data_stream/audit/sample_event.json index d12c27c7061..81aed440d79 100644 --- a/packages/carbon_black_cloud/data_stream/audit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/audit/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index ae187de4746..4bd3e6fc37c 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CREATE_KEY", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_WRITE_VALUE", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -504,7 +504,7 @@ "path": "c:\\windows\\system32\\fltlib.dll" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -625,7 +625,7 @@ "path": "c:\\windows\\system32\\dnsapi.dll" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -867,7 +867,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1067,7 +1067,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1162,7 +1162,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE", @@ -1260,7 +1260,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE", @@ -1362,7 +1362,7 @@ "port": 62909 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CONNECTION_CREATE", @@ -1470,7 +1470,7 @@ "port": 9716 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", @@ -1587,7 +1587,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_LOAD_SCRIPT", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index 4729351d25c..077d118d82f 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json index f025682463b..1fe7b3f21bb 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/sample_event.json @@ -20,7 +20,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "carbon_black_cloud": { "endpoint_event": { diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json index e7caa135cce..321cda8c72f 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -683,7 +683,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml index f59084b05ae..569485b0bfd 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud watchlist hit. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json index ec2206a46eb..35b48310ebb 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/sample_event.json @@ -18,7 +18,7 @@ "version": "8.0.0" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "process": { "parent": { diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index dcb13af2a30..3e5225d3ef2 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -92,7 +92,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -251,7 +251,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -467,7 +467,7 @@ An example event for `endpoint_event` looks as following: } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "carbon_black_cloud": { "endpoint_event": { @@ -714,7 +714,7 @@ An example event for `watchlist_hit` looks as following: "version": "8.0.0" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "process": { "parent": { @@ -956,7 +956,7 @@ An example event for `asset_vulnerability_summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index 6e169bdfa20..894dc609b79 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.3.1" +version: "1.4.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 9c21eaa171a..1693df4a2e7 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.1" changes: - description: Remove duplicate field. diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index 89f1346840a..8056a64a332 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -89,7 +89,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -127,7 +127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -590,7 +590,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -633,7 +633,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -748,7 +748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -791,7 +791,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -823,7 +823,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -1000,7 +1000,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -1032,7 +1032,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1082,7 +1082,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -1220,7 +1220,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -1257,7 +1257,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -1528,7 +1528,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -1565,7 +1565,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -1601,7 +1601,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -1645,7 +1645,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -1679,7 +1679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1731,7 +1731,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -1808,7 +1808,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -1916,7 +1916,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -1952,7 +1952,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -1993,7 +1993,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2039,7 +2039,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2123,7 +2123,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -2194,7 +2194,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -2255,7 +2255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -2292,7 +2292,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -2328,7 +2328,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -2369,7 +2369,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -2457,7 +2457,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.module", @@ -2501,7 +2501,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2551,7 +2551,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -2667,7 +2667,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2790,7 +2790,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -2832,7 +2832,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.module", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2925,7 +2925,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -3016,7 +3016,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.remotethread", @@ -3063,7 +3063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -3136,7 +3136,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -3177,7 +3177,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3223,7 +3223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -3265,7 +3265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.module", @@ -3309,7 +3309,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unknown", @@ -3444,7 +3444,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.remotethread", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -3542,7 +3542,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.childproc", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.tamper", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -3749,7 +3749,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.module", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3842,7 +3842,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -3888,7 +3888,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -3942,7 +3942,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.remotethread", @@ -3989,7 +3989,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.regmod", @@ -4040,7 +4040,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.childproc", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.observed", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.filemod", @@ -4167,7 +4167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.moduleload", @@ -4255,7 +4255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.module", @@ -4299,7 +4299,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4348,7 +4348,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.netconn", @@ -4396,7 +4396,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.filemod", @@ -4447,7 +4447,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ingress.event.remotethread", diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 65c7b199ebf..fb1e454f602 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing CarbonBlack EDR logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # Validate that the input document conforms to the expected format # to avoid repetitive checks. diff --git a/packages/carbonblack_edr/data_stream/log/sample_event.json b/packages/carbonblack_edr/data_stream/log/sample_event.json index 433b51f8383..b14100d608d 100644 --- a/packages/carbonblack_edr/data_stream/log/sample_event.json +++ b/packages/carbonblack_edr/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index 38298446c11..2f85ed50ec2 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -58,7 +58,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index def7123ef1b..fd03517dc8b 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: "1.5.1" +version: "1.6.0" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/cef/_dev/build/build.yml b/packages/cef/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cef/_dev/build/build.yml +++ b/packages/cef/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index d31a419c52a..96248d9f883 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.3.4" changes: - description: Remove duplicate fields. diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json index c0db053c3b8..8a41b5e039b 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json @@ -50,7 +50,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "agent:016", @@ -129,7 +129,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "agent:030", @@ -200,7 +200,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "agent:044", @@ -279,7 +279,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "agent:031", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json index a5fb51150f5..b2413ce4040 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json @@ -31,7 +31,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18", @@ -146,7 +146,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18", @@ -272,7 +272,7 @@ "ip": "192.168.1.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json index 02c76804e2d..90afc9e96e7 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json @@ -77,7 +77,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Bypass", @@ -235,7 +235,7 @@ "ip": "::1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Drop", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json index e2df8834f3e..45c64681e12 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json @@ -88,7 +88,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "305012", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json index b7ed142165a..07d2bd88674 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json @@ -21,7 +21,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "0", @@ -66,7 +66,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "9005", @@ -122,7 +122,7 @@ "ip": "10.1.1.40" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allow", @@ -213,7 +213,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "70019", @@ -284,7 +284,7 @@ "ip": "192.168.1.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Refuse", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "70021", @@ -416,7 +416,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "72714", @@ -474,7 +474,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "72715", @@ -532,7 +532,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "72716", @@ -589,7 +589,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "78002", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json index 7f2030856d7..6338497bf66 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json @@ -28,7 +28,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -86,7 +86,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", @@ -144,7 +144,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "transformed", @@ -202,7 +202,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "transformed", @@ -260,7 +260,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json index bde8532dfe1..8fb445185b5 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json @@ -56,7 +56,7 @@ "domain": "centos7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Started", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json index 271d6753a11..9832987e87e 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json @@ -19,7 +19,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "600", @@ -82,7 +82,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Delete", @@ -143,7 +143,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "detectOnly", @@ -231,7 +231,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Log", @@ -286,7 +286,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updated", @@ -379,7 +379,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "IDS:Reset", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "3002795", @@ -502,7 +502,7 @@ "version": "0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "5000000", diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 01c4ed82c61..edbb6616941 100644 --- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CEF logs. CEF decoding happens in the Agent. This perf processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - convert: field: event.id diff --git a/packages/cef/data_stream/log/sample_event.json b/packages/cef/data_stream/log/sample_event.json index aa4da19638e..8c2b6aa8fdb 100644 --- a/packages/cef/data_stream/log/sample_event.json +++ b/packages/cef/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/docs/README.md b/packages/cef/docs/README.md index 537e54c938b..284f934a434 100644 --- a/packages/cef/docs/README.md +++ b/packages/cef/docs/README.md @@ -175,7 +175,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "69f5d3be-c31a-4be6-adb6-cb3ed3e50817", diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index a56419f83cc..0bbd41c2dae 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: 2.3.4 +version: "2.4.0" release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration diff --git a/packages/checkpoint/_dev/build/build.yml b/packages/checkpoint/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/checkpoint/_dev/build/build.yml +++ b/packages/checkpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 0e80d6ede54..65a2cc3a8bc 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.8.2" changes: - description: Remove duplicate field. diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json index b8bacc4ad15..7f6f74672ea 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json @@ -13,7 +13,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -91,7 +91,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Drop", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json index 9d5138ef564..5ed74acdd67 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json @@ -6,7 +6,7 @@ "sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -41,7 +41,7 @@ "sys_message": "installed Standard" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -302,7 +302,7 @@ "status": "Finished" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -353,7 +353,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -439,7 +439,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -498,7 +498,7 @@ "status": "Started" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -549,7 +549,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -621,7 +621,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -685,7 +685,7 @@ "status": "Finished" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -722,7 +722,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -786,7 +786,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -937,7 +937,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Drop", @@ -992,7 +992,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -1061,7 +1061,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -1130,7 +1130,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", @@ -1199,7 +1199,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json index 888c20e07e4..4dc2d448c9f 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r80x.log-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2022-07-06T15:53:08.000Z", "checkpoint": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json index 1d053e0abd3..4c440f6a445 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json @@ -12,7 +12,7 @@ "packets": 30 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json index c4595c01ed1..32f33245a8d 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json @@ -13,7 +13,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index e0cc4219a19..0aeb3166ee9 100644 --- a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing checkpoint firewall logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/checkpoint/data_stream/firewall/sample_event.json b/packages/checkpoint/data_stream/firewall/sample_event.json index e911516a1fd..afd17d6989c 100644 --- a/packages/checkpoint/data_stream/firewall/sample_event.json +++ b/packages/checkpoint/data_stream/firewall/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ba9ee39d-37f1-433a-8800-9d424cb9dd11", diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index 39d5cccce36..bc397a8bbfc 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -38,7 +38,7 @@ An example event for `firewall` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ba9ee39d-37f1-433a-8800-9d424cb9dd11", diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 291769e9eea..e5cd569861f 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.8.2" +version: "1.9.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco_aironet/_dev/build/build.yml b/packages/cisco_aironet/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_aironet/_dev/build/build.yml +++ b/packages/cisco_aironet/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_aironet/changelog.yml b/packages/cisco_aironet/changelog.yml index e3d55feaa10..20e38981402 100644 --- a/packages/cisco_aironet/changelog.yml +++ b/packages/cisco_aironet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.0.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json b/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json index a85960d1005..1d85eb8475b 100644 --- a/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json +++ b/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json @@ -7,7 +7,7 @@ "mac": "2C-6D-C1-F5-0C-80" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Q_IND", @@ -49,7 +49,7 @@ "mac": "66-7C-DE-EF-D9-18" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ARP_ORPHANPKT_DETECTED", @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "\u003c132\u003eWLC001: -Traceback: 0x11759554 0x1175b0f0 0x1175d2b8 0x11766124 0x116d0cf8 0xfff2ae0888 0xfff29f2cfc" @@ -116,7 +116,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_NAME_DELETED", @@ -156,7 +156,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_NAME_CREATED", @@ -201,7 +201,7 @@ "ip": "fe80::1e24:cdff:fe11:2f90" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENTRY_CREATED", @@ -243,7 +243,7 @@ "ip": "fe80::aee2:d3ff:feba:56a4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENTRY_DELETED", @@ -286,7 +286,7 @@ "mac": "70-EE-50-56-99-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENTRY_CHANGED", @@ -323,7 +323,7 @@ "mac": "E8-96-06-02-02-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Q_IND", @@ -368,7 +368,7 @@ "ip": "fe80::48d:c1bc:6c01:6e85" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Q_IND", @@ -423,7 +423,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AAA_AUTH_ADMIN_USER", @@ -460,7 +460,7 @@ { "@timestamp": "2022-08-22T18:14:03.172Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADMIN_MODE_DISABLE", @@ -506,7 +506,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIG_ALARM_OFF", @@ -545,7 +545,7 @@ "mac": "4A-B8-CB-63-1D-BD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIG_ALARM_OFF_CONT", @@ -583,7 +583,7 @@ "mac": "28-6F-7F-F8-64-E0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIG_INFO1", @@ -630,7 +630,7 @@ "mac": "80-7D-3A-9B-2F-FC" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MAX_EAPOL_KEY_RETRANS", @@ -667,7 +667,7 @@ "mac": "CC-73-14-61-B0-8F" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RRM_LOGMSG", @@ -701,7 +701,7 @@ { "@timestamp": "2022-08-29T10:58:28.227Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RRM_LOGMSG", @@ -739,7 +739,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ABORT_AUTH", @@ -784,7 +784,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Q_IND", @@ -821,7 +821,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Q_IND", @@ -865,7 +865,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INVALID_WPA_KEY_STATE", @@ -902,7 +902,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "WPA_SEND_STATE_ERR", @@ -939,7 +939,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INVALID_REPLAY_CTR", @@ -973,7 +973,7 @@ { "@timestamp": "2022-08-29T10:47:25.944Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REPLAY_ERR", @@ -1010,7 +1010,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CLIENT_NOT_FOUND", @@ -1044,7 +1044,7 @@ { "@timestamp": "2022-08-22T18:14:24.651Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SIG_ALARM_OFF", @@ -1075,7 +1075,7 @@ { "@timestamp": "2022-08-29T10:58:58.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INVALID_REQUEST", @@ -1112,7 +1112,7 @@ "mac": "DE-FB-48-7C-4F-F7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AAA_AUTH_SEND_FAIL", @@ -1146,7 +1146,7 @@ { "@timestamp": "2022-08-20T14:55:28.577Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MLD_INVALID_IPV6_PKT", @@ -1180,7 +1180,7 @@ { "@timestamp": "2022-08-22T10:24:20.959Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILESTATION_NOT_FOUND", diff --git a/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 43014001b7c..a69e96a9a5e 100644 --- a/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: event.original patterns: diff --git a/packages/cisco_aironet/data_stream/log/sample_event.json b/packages/cisco_aironet/data_stream/log/sample_event.json index dca7e203204..e8ec757e11c 100644 --- a/packages/cisco_aironet/data_stream/log/sample_event.json +++ b/packages/cisco_aironet/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "68e210ce-ee67-482a-8fb4-c45055e6f2b2", diff --git a/packages/cisco_aironet/docs/README.md b/packages/cisco_aironet/docs/README.md index 1ba69f85f14..766759ba88e 100644 --- a/packages/cisco_aironet/docs/README.md +++ b/packages/cisco_aironet/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "68e210ce-ee67-482a-8fb4-c45055e6f2b2", diff --git a/packages/cisco_aironet/manifest.yml b/packages/cisco_aironet/manifest.yml index 1d8e402305e..74c7b1536e3 100644 --- a/packages/cisco_aironet/manifest.yml +++ b/packages/cisco_aironet/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_aironet title: "Cisco Aironet" -version: 0.0.2 +version: "0.1.0" release: beta license: basic description: "Integration for Cisco Aironet WLC Logs" diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 6e6db0bf56a..d78a4afb923 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.9.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.8.0" changes: - description: Harmonise with pipeline with Cisco FTD. diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 8d00537959a..09b4cca10c6 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -109,7 +109,7 @@ "port": 53500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -188,7 +188,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -249,7 +249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -372,7 +372,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -447,7 +447,7 @@ "port": 111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -530,7 +530,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -603,7 +603,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -679,7 +679,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -746,7 +746,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -790,7 +790,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -849,7 +849,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -911,7 +911,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1032,7 +1032,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -1099,7 +1099,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -1167,7 +1167,7 @@ "port": 55225 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1255,7 +1255,7 @@ "port": 54839 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1334,7 +1334,7 @@ "port": 54230 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1411,7 +1411,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1481,7 +1481,7 @@ "port": 57006 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1554,7 +1554,7 @@ "port": 14322 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1627,7 +1627,7 @@ "port": 53356 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1713,7 +1713,7 @@ "port": 22638 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1800,7 +1800,7 @@ "port": 22638 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1880,7 +1880,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1954,7 +1954,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2022,7 +2022,7 @@ "port": 65020 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 10051 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2378,7 +2378,7 @@ "port": 10051 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2452,7 +2452,7 @@ "port": 10051 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2525,7 +2525,7 @@ "port": 10051 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2604,7 +2604,7 @@ "port": 39222 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2677,7 +2677,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2729,7 +2729,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2788,7 +2788,7 @@ "port": 3452 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2865,7 +2865,7 @@ "port": 6007 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2933,7 +2933,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 1985 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3087,7 +3087,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3129,7 +3129,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3178,7 +3178,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3255,7 +3255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3305,7 +3305,7 @@ "port": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3380,7 +3380,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3450,7 +3450,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3511,7 +3511,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3572,7 +3572,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3633,7 +3633,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3711,7 +3711,7 @@ "port": 9101 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3803,7 +3803,7 @@ "port": 51635 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3880,7 +3880,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3947,7 +3947,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3997,7 +3997,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4059,7 +4059,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4115,7 +4115,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -4183,7 +4183,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -4249,7 +4249,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4316,7 +4316,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -4376,7 +4376,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4456,7 +4456,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4522,7 +4522,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4581,7 +4581,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4653,7 +4653,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4716,7 +4716,7 @@ "port": 23 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4799,7 +4799,7 @@ "port": 123123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "bypass", @@ -4885,7 +4885,7 @@ "port": 514514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -4962,7 +4962,7 @@ "port": 123412 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5044,7 +5044,7 @@ "port": 514514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5127,7 +5127,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -5199,7 +5199,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted", @@ -5279,7 +5279,7 @@ "port": 7777 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -5355,7 +5355,7 @@ "port": 7777 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "error", @@ -5425,7 +5425,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5477,7 +5477,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5527,7 +5527,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "error", @@ -5578,7 +5578,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "error", @@ -5622,7 +5622,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5665,7 +5665,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "error", @@ -5709,7 +5709,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "error", @@ -5760,7 +5760,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5835,7 +5835,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5930,7 +5930,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6029,7 +6029,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6122,7 +6122,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6174,7 +6174,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6226,7 +6226,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6278,7 +6278,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6338,7 +6338,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -6412,7 +6412,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -6484,7 +6484,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -6543,7 +6543,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", @@ -6596,7 +6596,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -6651,7 +6651,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -6709,7 +6709,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -6767,7 +6767,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", @@ -6830,7 +6830,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-failed", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index a3bc1e20887..44a94b209b0 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -82,7 +82,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -158,7 +158,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -234,7 +234,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -310,7 +310,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -386,7 +386,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -462,7 +462,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -538,7 +538,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -614,7 +614,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -662,7 +662,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-error", @@ -738,7 +738,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-connected", @@ -814,7 +814,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-disconnected", @@ -868,7 +868,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-connected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 8d2acafcade..0eb476c3b52 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -102,7 +102,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -247,7 +247,7 @@ "port": 57621 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -324,7 +324,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -452,7 +452,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -592,7 +592,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -663,7 +663,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -751,7 +751,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -852,7 +852,7 @@ "port": 9803 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -963,7 +963,7 @@ "port": 9803 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1080,7 +1080,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index 119535207e5..e5be52abba8 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -185,7 +185,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index d53b28a5a66..0ae2d942ef9 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -97,7 +97,7 @@ "port": 1772 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 1758 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -262,7 +262,7 @@ "port": 1757 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -347,7 +347,7 @@ "port": 1755 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -432,7 +432,7 @@ "port": 1754 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -517,7 +517,7 @@ "port": 1752 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -602,7 +602,7 @@ "port": 1749 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -687,7 +687,7 @@ "port": 1750 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -772,7 +772,7 @@ "port": 1747 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -857,7 +857,7 @@ "port": 1742 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -942,7 +942,7 @@ "port": 1741 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1027,7 +1027,7 @@ "port": 1739 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1112,7 +1112,7 @@ "port": 1740 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1197,7 +1197,7 @@ "port": 1738 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1282,7 +1282,7 @@ "port": 1756 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1367,7 +1367,7 @@ "port": 1737 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1452,7 +1452,7 @@ "port": 1736 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1537,7 +1537,7 @@ "port": 1765 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1621,7 +1621,7 @@ "port": 1188 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1704,7 +1704,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1784,7 +1784,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1872,7 +1872,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1952,7 +1952,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2035,7 +2035,7 @@ "port": 8257 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2118,7 +2118,7 @@ "port": 1773 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2197,7 +2197,7 @@ "port": 8258 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2280,7 +2280,7 @@ "port": 1774 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2364,7 +2364,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2448,7 +2448,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2528,7 +2528,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2612,7 +2612,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2695,7 +2695,7 @@ "port": 8259 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2778,7 +2778,7 @@ "port": 1775 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2857,7 +2857,7 @@ "port": 1189 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2940,7 +2940,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3104,7 +3104,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3188,7 +3188,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3271,7 +3271,7 @@ "port": 8265 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3354,7 +3354,7 @@ "port": 1452 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3438,7 +3438,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3522,7 +3522,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3602,7 +3602,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3686,7 +3686,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3769,7 +3769,7 @@ "port": 8266 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3852,7 +3852,7 @@ "port": 1453 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3932,7 +3932,7 @@ "port": 1453 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4021,7 +4021,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4101,7 +4101,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4185,7 +4185,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4268,7 +4268,7 @@ "port": 8267 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4351,7 +4351,7 @@ "port": 1454 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4430,7 +4430,7 @@ "port": 8268 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4513,7 +4513,7 @@ "port": 1455 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4592,7 +4592,7 @@ "port": 8269 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4675,7 +4675,7 @@ "port": 1456 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4759,7 +4759,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4839,7 +4839,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4922,7 +4922,7 @@ "port": 8270 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "port": 1457 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5084,7 +5084,7 @@ "port": 8271 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5167,7 +5167,7 @@ "port": 1458 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5251,7 +5251,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5331,7 +5331,7 @@ "port": 1457 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5415,7 +5415,7 @@ "port": 8272 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5498,7 +5498,7 @@ "port": 1459 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5578,7 +5578,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5661,7 +5661,7 @@ "port": 8273 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5744,7 +5744,7 @@ "port": 1460 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5823,7 +5823,7 @@ "port": 8267 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5905,7 +5905,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5988,7 +5988,7 @@ "port": 1385 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6067,7 +6067,7 @@ "port": 8268 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6149,7 +6149,7 @@ "port": 8269 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6231,7 +6231,7 @@ "port": 8270 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6313,7 +6313,7 @@ "port": 8271 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6395,7 +6395,7 @@ "port": 8272 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6477,7 +6477,7 @@ "port": 8273 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6560,7 +6560,7 @@ "port": 1382 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6645,7 +6645,7 @@ "port": 1385 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6729,7 +6729,7 @@ "port": 8278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6812,7 +6812,7 @@ "port": 1386 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6892,7 +6892,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6973,7 +6973,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7054,7 +7054,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7135,7 +7135,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7216,7 +7216,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7297,7 +7297,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7378,7 +7378,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7459,7 +7459,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7540,7 +7540,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7621,7 +7621,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7702,7 +7702,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7783,7 +7783,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7864,7 +7864,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7944,7 +7944,7 @@ "port": 8279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8027,7 +8027,7 @@ "port": 1275 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8106,7 +8106,7 @@ "port": 1190 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8189,7 +8189,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8269,7 +8269,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8357,7 +8357,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8437,7 +8437,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8520,7 +8520,7 @@ "port": 8280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8603,7 +8603,7 @@ "port": 1276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8682,7 +8682,7 @@ "port": 8281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8765,7 +8765,7 @@ "port": 1277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8845,7 +8845,7 @@ "port": 1276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8929,7 +8929,7 @@ "port": 8282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9012,7 +9012,7 @@ "port": 1278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9092,7 +9092,7 @@ "port": 1277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9176,7 +9176,7 @@ "port": 8283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9259,7 +9259,7 @@ "port": 1279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9339,7 +9339,7 @@ "port": 1278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9424,7 +9424,7 @@ "port": 1279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9508,7 +9508,7 @@ "port": 8284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9591,7 +9591,7 @@ "port": 1280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9671,7 +9671,7 @@ "port": 1280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9755,7 +9755,7 @@ "port": 8285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9838,7 +9838,7 @@ "port": 1281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9917,7 +9917,7 @@ "port": 8286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10000,7 +10000,7 @@ "port": 1282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10079,7 +10079,7 @@ "port": 8287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10162,7 +10162,7 @@ "port": 1283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10241,7 +10241,7 @@ "port": 8288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10324,7 +10324,7 @@ "port": 1284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10404,7 +10404,7 @@ "port": 1281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10489,7 +10489,7 @@ "port": 1282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10574,7 +10574,7 @@ "port": 1283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10658,7 +10658,7 @@ "port": 8289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10741,7 +10741,7 @@ "port": 1285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10820,7 +10820,7 @@ "port": 8290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10903,7 +10903,7 @@ "port": 1286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10983,7 +10983,7 @@ "port": 1284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11067,7 +11067,7 @@ "port": 8291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11150,7 +11150,7 @@ "port": 1287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11230,7 +11230,7 @@ "port": 1285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11315,7 +11315,7 @@ "port": 1286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11404,7 +11404,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11483,7 +11483,7 @@ "port": 8292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11566,7 +11566,7 @@ "port": 1288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11646,7 +11646,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11734,7 +11734,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11814,7 +11814,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11897,7 +11897,7 @@ "port": 8293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11980,7 +11980,7 @@ "port": 1289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12060,7 +12060,7 @@ "port": 1288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12145,7 +12145,7 @@ "port": 1287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12234,7 +12234,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12314,7 +12314,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12397,7 +12397,7 @@ "port": 8294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12480,7 +12480,7 @@ "port": 1290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12560,7 +12560,7 @@ "port": 68 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12643,7 +12643,7 @@ "port": 8276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12730,7 +12730,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12814,7 +12814,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12894,7 +12894,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12982,7 +12982,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13062,7 +13062,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13146,7 +13146,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13234,7 +13234,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13314,7 +13314,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13397,7 +13397,7 @@ "port": 8295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13480,7 +13480,7 @@ "port": 1291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13564,7 +13564,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13644,7 +13644,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13727,7 +13727,7 @@ "port": 8296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13810,7 +13810,7 @@ "port": 1292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13889,7 +13889,7 @@ "port": 8297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13972,7 +13972,7 @@ "port": 1293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14051,7 +14051,7 @@ "port": 8298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14134,7 +14134,7 @@ "port": 1294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14214,7 +14214,7 @@ "port": 1293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14298,7 +14298,7 @@ "port": 8299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14381,7 +14381,7 @@ "port": 1295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14460,7 +14460,7 @@ "port": 8300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14543,7 +14543,7 @@ "port": 1296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14623,7 +14623,7 @@ "port": 1294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14708,7 +14708,7 @@ "port": 1295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14793,7 +14793,7 @@ "port": 1296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14877,7 +14877,7 @@ "port": 8301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14960,7 +14960,7 @@ "port": 1297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15039,7 +15039,7 @@ "port": 8302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15122,7 +15122,7 @@ "port": 1298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15206,7 +15206,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15286,7 +15286,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15370,7 +15370,7 @@ "port": 1297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15454,7 +15454,7 @@ "port": 8303 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15537,7 +15537,7 @@ "port": 1299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15616,7 +15616,7 @@ "port": 8304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15699,7 +15699,7 @@ "port": 1300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15779,7 +15779,7 @@ "port": 1298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15864,7 +15864,7 @@ "port": 1300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15948,7 +15948,7 @@ "port": 8305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16031,7 +16031,7 @@ "port": 1301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16110,7 +16110,7 @@ "port": 8306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16193,7 +16193,7 @@ "port": 1302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16272,7 +16272,7 @@ "port": 8280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16354,7 +16354,7 @@ "port": 8281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16436,7 +16436,7 @@ "port": 8282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16518,7 +16518,7 @@ "port": 8283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16600,7 +16600,7 @@ "port": 8284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16682,7 +16682,7 @@ "port": 8285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16764,7 +16764,7 @@ "port": 8286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16846,7 +16846,7 @@ "port": 8287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16928,7 +16928,7 @@ "port": 8288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17010,7 +17010,7 @@ "port": 8289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17092,7 +17092,7 @@ "port": 8290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17174,7 +17174,7 @@ "port": 8291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17256,7 +17256,7 @@ "port": 8292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17338,7 +17338,7 @@ "port": 8297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17420,7 +17420,7 @@ "port": 8298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17502,7 +17502,7 @@ "port": 8308 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17585,7 +17585,7 @@ "port": 1304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17664,7 +17664,7 @@ "port": 8299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17746,7 +17746,7 @@ "port": 8300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17833,7 +17833,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17917,7 +17917,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17997,7 +17997,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18081,7 +18081,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18164,7 +18164,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -18247,7 +18247,7 @@ "port": 1305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -18326,7 +18326,7 @@ "port": 8301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18408,7 +18408,7 @@ "port": 8302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18490,7 +18490,7 @@ "port": 8303 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18572,7 +18572,7 @@ "port": 8304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18654,7 +18654,7 @@ "port": 8305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18736,7 +18736,7 @@ "port": 8306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18818,7 +18818,7 @@ "port": 8307 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18901,7 +18901,7 @@ "port": 1305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18986,7 +18986,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19067,7 +19067,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19148,7 +19148,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19228,7 +19228,7 @@ "port": 8310 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19311,7 +19311,7 @@ "port": 1306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19391,7 +19391,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19472,7 +19472,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19553,7 +19553,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19634,7 +19634,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19715,7 +19715,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19877,7 +19877,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19958,7 +19958,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20039,7 +20039,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20120,7 +20120,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20201,7 +20201,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20363,7 +20363,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20444,7 +20444,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20525,7 +20525,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20606,7 +20606,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20687,7 +20687,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20768,7 +20768,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20849,7 +20849,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20930,7 +20930,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21011,7 +21011,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21092,7 +21092,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21173,7 +21173,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21254,7 +21254,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21335,7 +21335,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21416,7 +21416,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21497,7 +21497,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21578,7 +21578,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21659,7 +21659,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21740,7 +21740,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21821,7 +21821,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21902,7 +21902,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21983,7 +21983,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index 87063f41446..d140e5acf51 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logged-in", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 26566f2aca2..73cd6cbffd5 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -102,7 +102,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index eee4cc43a51..9422eb81cfe 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -77,7 +77,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json index 311d2203ca9..e67aeaf57c3 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-non-canonical.log-expected.json @@ -19,7 +19,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -101,7 +101,7 @@ "port": 46145 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -184,7 +184,7 @@ "port": 48347 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -267,7 +267,7 @@ "port": 55653 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -341,7 +341,7 @@ "port": 54703 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -410,7 +410,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -510,7 +510,7 @@ "port": 62409 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -599,7 +599,7 @@ "port": 56421 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -688,7 +688,7 @@ "port": 50578 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -773,7 +773,7 @@ "port": 56570 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -865,7 +865,7 @@ "port": 2511 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -959,7 +959,7 @@ "port": 2511 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1033,7 +1033,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -1107,7 +1107,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -1181,7 +1181,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1255,7 +1255,7 @@ "domain": "eth0_fw" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1322,7 +1322,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-connected", @@ -1399,7 +1399,7 @@ "asa": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "client-vpn-connected", @@ -1477,7 +1477,7 @@ "domain": "mirror" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1537,7 +1537,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1573,7 +1573,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 85d7c2556fc..8df56b29a4a 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -176,7 +176,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index a46dbc31861..139f307a335 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -85,7 +85,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -156,7 +156,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -226,7 +226,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -303,7 +303,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ "port": 12834 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -454,7 +454,7 @@ "port": 4952 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 25882 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -597,7 +597,7 @@ "port": 52925 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -669,7 +669,7 @@ "port": 45392 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -745,7 +745,7 @@ "port": 4953 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -815,7 +815,7 @@ "port": 52925 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -893,7 +893,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -973,7 +973,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1037,7 +1037,7 @@ "port": 10879 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1113,7 +1113,7 @@ "port": 4954 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1179,7 +1179,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1241,7 +1241,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1311,7 +1311,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1381,7 +1381,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1451,7 +1451,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1521,7 +1521,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1591,7 +1591,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1661,7 +1661,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1731,7 +1731,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1801,7 +1801,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1871,7 +1871,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1939,7 +1939,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2001,7 +2001,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2063,7 +2063,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2133,7 +2133,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2203,7 +2203,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2273,7 +2273,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2343,7 +2343,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2413,7 +2413,7 @@ "port": 8111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2483,7 +2483,7 @@ "port": 8111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2553,7 +2553,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2623,7 +2623,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2694,7 +2694,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2768,7 +2768,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2840,7 +2840,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2913,7 +2913,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2990,7 +2990,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3140,7 +3140,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3217,7 +3217,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3294,7 +3294,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3369,7 +3369,7 @@ "port": 5679 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3435,7 +3435,7 @@ "port": 5679 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3503,7 +3503,7 @@ "port": 5000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3580,7 +3580,7 @@ "port": 65000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3656,7 +3656,7 @@ "port": 65000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3728,7 +3728,7 @@ "port": 1235 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3805,7 +3805,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3875,7 +3875,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3938,7 +3938,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4001,7 +4001,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4064,7 +4064,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4127,7 +4127,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4190,7 +4190,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4253,7 +4253,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4316,7 +4316,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4382,7 +4382,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4454,7 +4454,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4521,7 +4521,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4590,7 +4590,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4677,7 +4677,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4757,7 +4757,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4826,7 +4826,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4879,7 +4879,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4936,7 +4936,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5020,7 +5020,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5093,7 +5093,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5178,7 +5178,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5288,7 +5288,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5400,7 +5400,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -5495,7 +5495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -5594,7 +5594,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", @@ -5687,7 +5687,7 @@ "port": 18449 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5764,7 +5764,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5836,7 +5836,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "port": 50120 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6028,7 +6028,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6130,7 +6130,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6227,7 +6227,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6334,7 +6334,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6438,7 +6438,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index 90a9c8e4bb1..ce6f34f3919 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -83,7 +83,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -150,7 +150,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -217,7 +217,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8f83ba13d07..82f8f39e89c 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # # Parse the syslog header # diff --git a/packages/cisco_asa/data_stream/log/sample_event.json b/packages/cisco_asa/data_stream/log/sample_event.json index 8236d873b3f..95156c29056 100644 --- a/packages/cisco_asa/data_stream/log/sample_event.json +++ b/packages/cisco_asa/data_stream/log/sample_event.json @@ -24,7 +24,7 @@ "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c077f5c5-ca69-4197-9db5-7963794bdac3", diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index 566ea2439c9..daa1924bb6a 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -40,7 +40,7 @@ An example event for `log` looks as following: "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c077f5c5-ca69-4197-9db5-7963794bdac3", diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index f76c1e86272..cfbe5ef3a1e 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.8.0" +version: "2.9.0" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 85330d69482..455b43b0207 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.2" changes: - description: Fix handling of empty event lists. diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index 60a46a1939b..6dcb48b4529 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "activation_begin", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "admin_activate_duo_push", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "activation_begin", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "activation_set_password", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "admin_self_activate", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "admin_update", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_update", @@ -257,7 +257,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_update", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index f364c4f0882..b51f7c9ee3c 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo administrator logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/admin/sample_event.json b/packages/cisco_duo/data_stream/admin/sample_event.json index 35d3972c286..79d046cfc02 100644 --- a/packages/cisco_duo/data_stream/admin/sample_event.json +++ b/packages/cisco_duo/data_stream/admin/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index 648694d8a84..294b1d1b56c 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -40,7 +40,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -735,7 +735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -940,7 +940,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1043,7 +1043,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1352,7 +1352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1641,7 +1641,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", @@ -1726,7 +1726,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "authentication", diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 263c80dbbc4..21f3b42382a 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo authentication logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/sample_event.json b/packages/cisco_duo/data_stream/auth/sample_event.json index 4e79af77422..87ed9208cbf 100644 --- a/packages/cisco_duo/data_stream/auth/sample_event.json +++ b/packages/cisco_duo/data_stream/auth/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index 885ea331579..23ea303e5d6 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index 6294b8d6947..1fc4b55c519 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo offline enrollment logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json index 966c33bf9ee..3936ed1b483 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index a8717366992..4ba6c6f05ab 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-10-27T21:43:27.362576949Z", + "@timestamp": "2022-11-04T08:04:01.891054338Z", "cisco_duo": { "summary": { "admin_count": 6, @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" @@ -21,7 +21,7 @@ ] }, { - "@timestamp": "2022-10-27T21:43:27.362601509Z", + "@timestamp": "2022-11-04T08:04:01.891064328Z", "cisco_duo": { "summary": { "admin_count": 3, @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index ca713fd8e03..7eaf9be42d7 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo summary logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/summary/sample_event.json b/packages/cisco_duo/data_stream/summary/sample_event.json index 723b5e45ae8..4fb03c9577a 100644 --- a/packages/cisco_duo/data_stream/summary/sample_event.json +++ b/packages/cisco_duo/data_stream/summary/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 1d088c2d27a..ec39526294d 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index 179555b3d49..f264f7d1851 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo telephony logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/cisco_duo/data_stream/telephony/sample_event.json b/packages/cisco_duo/data_stream/telephony/sample_event.json index 038e46f0b36..e14e5688e59 100644 --- a/packages/cisco_duo/data_stream/telephony/sample_event.json +++ b/packages/cisco_duo/data_stream/telephony/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/docs/README.md b/packages/cisco_duo/docs/README.md index 98ce44f86d6..08b9153ced5 100644 --- a/packages/cisco_duo/docs/README.md +++ b/packages/cisco_duo/docs/README.md @@ -54,7 +54,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", @@ -217,7 +217,7 @@ An example event for `auth` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", @@ -455,7 +455,7 @@ An example event for `offline_enrollment` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", @@ -569,7 +569,7 @@ An example event for `summary` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", @@ -676,7 +676,7 @@ An example event for `telephony` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c934978b-c8c9-4484-8fbe-007cc0ace376", diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 650856088b8..4f3f3d5c3bc 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: "1.5.2" +version: "1.6.0" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 83a5451896c..0355ff8e6cb 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.4.6" changes: - description: Harmonise with pipeline with Cisco ASA. diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index 97513f206bc..fcac27b0a82 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -102,7 +102,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -247,7 +247,7 @@ "port": 57621 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -324,7 +324,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -383,7 +383,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-creation", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 36fa766ab9c..e7505aaa33a 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -97,7 +97,7 @@ "port": 1772 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 1758 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -262,7 +262,7 @@ "port": 1757 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -347,7 +347,7 @@ "port": 1755 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -432,7 +432,7 @@ "port": 1754 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -517,7 +517,7 @@ "port": 1752 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -602,7 +602,7 @@ "port": 1749 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -687,7 +687,7 @@ "port": 1750 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -772,7 +772,7 @@ "port": 1747 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -857,7 +857,7 @@ "port": 1742 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -942,7 +942,7 @@ "port": 1741 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1027,7 +1027,7 @@ "port": 1739 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1112,7 +1112,7 @@ "port": 1740 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1197,7 +1197,7 @@ "port": 1738 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1282,7 +1282,7 @@ "port": 1756 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1367,7 +1367,7 @@ "port": 1737 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1452,7 +1452,7 @@ "port": 1736 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1537,7 +1537,7 @@ "port": 1765 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1621,7 +1621,7 @@ "port": 1188 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1704,7 +1704,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1784,7 +1784,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1872,7 +1872,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1952,7 +1952,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2035,7 +2035,7 @@ "port": 8257 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2118,7 +2118,7 @@ "port": 1773 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2197,7 +2197,7 @@ "port": 8258 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2280,7 +2280,7 @@ "port": 1774 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2364,7 +2364,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2448,7 +2448,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2528,7 +2528,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2612,7 +2612,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -2695,7 +2695,7 @@ "port": 8259 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2778,7 +2778,7 @@ "port": 1775 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2857,7 +2857,7 @@ "port": 1189 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2940,7 +2940,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3104,7 +3104,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3188,7 +3188,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3271,7 +3271,7 @@ "port": 8265 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3354,7 +3354,7 @@ "port": 1452 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3438,7 +3438,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3522,7 +3522,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3602,7 +3602,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3686,7 +3686,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3769,7 +3769,7 @@ "port": 8266 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3852,7 +3852,7 @@ "port": 1453 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3932,7 +3932,7 @@ "port": 1453 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4021,7 +4021,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4101,7 +4101,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4185,7 +4185,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4268,7 +4268,7 @@ "port": 8267 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4351,7 +4351,7 @@ "port": 1454 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4430,7 +4430,7 @@ "port": 8268 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4513,7 +4513,7 @@ "port": 1455 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4592,7 +4592,7 @@ "port": 8269 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4675,7 +4675,7 @@ "port": 1456 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4759,7 +4759,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4839,7 +4839,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -4922,7 +4922,7 @@ "port": 8270 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "port": 1457 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5084,7 +5084,7 @@ "port": 8271 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5167,7 +5167,7 @@ "port": 1458 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5251,7 +5251,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5331,7 +5331,7 @@ "port": 1457 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5415,7 +5415,7 @@ "port": 8272 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5498,7 +5498,7 @@ "port": 1459 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5578,7 +5578,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5661,7 +5661,7 @@ "port": 8273 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5744,7 +5744,7 @@ "port": 1460 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5823,7 +5823,7 @@ "port": 8267 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -5905,7 +5905,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -5988,7 +5988,7 @@ "port": 1385 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6067,7 +6067,7 @@ "port": 8268 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6149,7 +6149,7 @@ "port": 8269 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6231,7 +6231,7 @@ "port": 8270 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6313,7 +6313,7 @@ "port": 8271 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6395,7 +6395,7 @@ "port": 8272 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6477,7 +6477,7 @@ "port": 8273 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6560,7 +6560,7 @@ "port": 1382 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6645,7 +6645,7 @@ "port": 1385 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -6729,7 +6729,7 @@ "port": 8278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6812,7 +6812,7 @@ "port": 1386 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6892,7 +6892,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -6973,7 +6973,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7054,7 +7054,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7135,7 +7135,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7216,7 +7216,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7297,7 +7297,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7378,7 +7378,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7459,7 +7459,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7540,7 +7540,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7621,7 +7621,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7702,7 +7702,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7783,7 +7783,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7864,7 +7864,7 @@ "port": 8277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -7944,7 +7944,7 @@ "port": 8279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8027,7 +8027,7 @@ "port": 1275 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8106,7 +8106,7 @@ "port": 1190 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8189,7 +8189,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8269,7 +8269,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8357,7 +8357,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8437,7 +8437,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8520,7 +8520,7 @@ "port": 8280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8603,7 +8603,7 @@ "port": 1276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8682,7 +8682,7 @@ "port": 8281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8765,7 +8765,7 @@ "port": 1277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -8845,7 +8845,7 @@ "port": 1276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -8929,7 +8929,7 @@ "port": 8282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9012,7 +9012,7 @@ "port": 1278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9092,7 +9092,7 @@ "port": 1277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9176,7 +9176,7 @@ "port": 8283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9259,7 +9259,7 @@ "port": 1279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9339,7 +9339,7 @@ "port": 1278 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9424,7 +9424,7 @@ "port": 1279 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9508,7 +9508,7 @@ "port": 8284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9591,7 +9591,7 @@ "port": 1280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9671,7 +9671,7 @@ "port": 1280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -9755,7 +9755,7 @@ "port": 8285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9838,7 +9838,7 @@ "port": 1281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -9917,7 +9917,7 @@ "port": 8286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10000,7 +10000,7 @@ "port": 1282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10079,7 +10079,7 @@ "port": 8287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10162,7 +10162,7 @@ "port": 1283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10241,7 +10241,7 @@ "port": 8288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10324,7 +10324,7 @@ "port": 1284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10404,7 +10404,7 @@ "port": 1281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10489,7 +10489,7 @@ "port": 1282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10574,7 +10574,7 @@ "port": 1283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -10658,7 +10658,7 @@ "port": 8289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10741,7 +10741,7 @@ "port": 1285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10820,7 +10820,7 @@ "port": 8290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10903,7 +10903,7 @@ "port": 1286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -10983,7 +10983,7 @@ "port": 1284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11067,7 +11067,7 @@ "port": 8291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11150,7 +11150,7 @@ "port": 1287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11230,7 +11230,7 @@ "port": 1285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11315,7 +11315,7 @@ "port": 1286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11404,7 +11404,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11483,7 +11483,7 @@ "port": 8292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11566,7 +11566,7 @@ "port": 1288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11646,7 +11646,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11734,7 +11734,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11814,7 +11814,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -11897,7 +11897,7 @@ "port": 8293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -11980,7 +11980,7 @@ "port": 1289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12060,7 +12060,7 @@ "port": 1288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12145,7 +12145,7 @@ "port": 1287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12234,7 +12234,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12314,7 +12314,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12397,7 +12397,7 @@ "port": 8294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12480,7 +12480,7 @@ "port": 1290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12560,7 +12560,7 @@ "port": 68 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12643,7 +12643,7 @@ "port": 8276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12730,7 +12730,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12814,7 +12814,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -12894,7 +12894,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -12982,7 +12982,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13062,7 +13062,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13146,7 +13146,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13234,7 +13234,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13314,7 +13314,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13397,7 +13397,7 @@ "port": 8295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13480,7 +13480,7 @@ "port": 1291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13564,7 +13564,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13644,7 +13644,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -13727,7 +13727,7 @@ "port": 8296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13810,7 +13810,7 @@ "port": 1292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13889,7 +13889,7 @@ "port": 8297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -13972,7 +13972,7 @@ "port": 1293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14051,7 +14051,7 @@ "port": 8298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14134,7 +14134,7 @@ "port": 1294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14214,7 +14214,7 @@ "port": 1293 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14298,7 +14298,7 @@ "port": 8299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14381,7 +14381,7 @@ "port": 1295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14460,7 +14460,7 @@ "port": 8300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14543,7 +14543,7 @@ "port": 1296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14623,7 +14623,7 @@ "port": 1294 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14708,7 +14708,7 @@ "port": 1295 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14793,7 +14793,7 @@ "port": 1296 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -14877,7 +14877,7 @@ "port": 8301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -14960,7 +14960,7 @@ "port": 1297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15039,7 +15039,7 @@ "port": 8302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15122,7 +15122,7 @@ "port": 1298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15206,7 +15206,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15286,7 +15286,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15370,7 +15370,7 @@ "port": 1297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15454,7 +15454,7 @@ "port": 8303 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15537,7 +15537,7 @@ "port": 1299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15616,7 +15616,7 @@ "port": 8304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15699,7 +15699,7 @@ "port": 1300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -15779,7 +15779,7 @@ "port": 1298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15864,7 +15864,7 @@ "port": 1300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -15948,7 +15948,7 @@ "port": 8305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16031,7 +16031,7 @@ "port": 1301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16110,7 +16110,7 @@ "port": 8306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16193,7 +16193,7 @@ "port": 1302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -16272,7 +16272,7 @@ "port": 8280 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16354,7 +16354,7 @@ "port": 8281 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16436,7 +16436,7 @@ "port": 8282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16518,7 +16518,7 @@ "port": 8283 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16600,7 +16600,7 @@ "port": 8284 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16682,7 +16682,7 @@ "port": 8285 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16764,7 +16764,7 @@ "port": 8286 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16846,7 +16846,7 @@ "port": 8287 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -16928,7 +16928,7 @@ "port": 8288 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17010,7 +17010,7 @@ "port": 8289 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17092,7 +17092,7 @@ "port": 8290 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17174,7 +17174,7 @@ "port": 8291 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17256,7 +17256,7 @@ "port": 8292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17338,7 +17338,7 @@ "port": 8297 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17420,7 +17420,7 @@ "port": 8298 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17502,7 +17502,7 @@ "port": 8308 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17585,7 +17585,7 @@ "port": 1304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17664,7 +17664,7 @@ "port": 8299 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17746,7 +17746,7 @@ "port": 8300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -17833,7 +17833,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17917,7 +17917,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -17997,7 +17997,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18081,7 +18081,7 @@ "port": 56132 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18164,7 +18164,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -18247,7 +18247,7 @@ "port": 1305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -18326,7 +18326,7 @@ "port": 8301 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18408,7 +18408,7 @@ "port": 8302 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18490,7 +18490,7 @@ "port": 8303 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18572,7 +18572,7 @@ "port": 8304 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18654,7 +18654,7 @@ "port": 8305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18736,7 +18736,7 @@ "port": 8306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18818,7 +18818,7 @@ "port": 8307 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18901,7 +18901,7 @@ "port": 1305 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -18986,7 +18986,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19067,7 +19067,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19148,7 +19148,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19228,7 +19228,7 @@ "port": 8310 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19311,7 +19311,7 @@ "port": 1306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19391,7 +19391,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19472,7 +19472,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19553,7 +19553,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19634,7 +19634,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19715,7 +19715,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19877,7 +19877,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -19958,7 +19958,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20039,7 +20039,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20120,7 +20120,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20201,7 +20201,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20363,7 +20363,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20444,7 +20444,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20525,7 +20525,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20606,7 +20606,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20687,7 +20687,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20768,7 +20768,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20849,7 +20849,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -20930,7 +20930,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21011,7 +21011,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21092,7 +21092,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21173,7 +21173,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21254,7 +21254,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21335,7 +21335,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21416,7 +21416,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21497,7 +21497,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21578,7 +21578,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21659,7 +21659,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21740,7 +21740,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21821,7 +21821,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21902,7 +21902,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -21983,7 +21983,7 @@ "port": 8309 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 007676d6c7f..69182bb3a11 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -66,7 +66,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -211,7 +211,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -354,7 +354,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -499,7 +499,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -643,7 +643,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -786,7 +786,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -932,7 +932,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1075,7 +1075,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1219,7 +1219,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1364,7 +1364,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1507,7 +1507,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1644,7 +1644,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1788,7 +1788,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1931,7 +1931,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2075,7 +2075,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2220,7 +2220,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2363,7 +2363,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2506,7 +2506,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2649,7 +2649,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2790,7 +2790,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -2935,7 +2935,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 9dddb30f752..e3394ab97dc 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index 1fdc9b0b368..7153b7df39a 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -46,7 +46,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -86,7 +86,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -126,7 +126,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -166,7 +166,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -206,7 +206,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -246,7 +246,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -286,7 +286,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -326,7 +326,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -366,7 +366,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -406,7 +406,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -446,7 +446,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -486,7 +486,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -526,7 +526,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -566,7 +566,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -606,7 +606,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -646,7 +646,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -686,7 +686,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -726,7 +726,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -766,7 +766,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -806,7 +806,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -846,7 +846,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -886,7 +886,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -926,7 +926,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -966,7 +966,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1006,7 +1006,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1046,7 +1046,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1086,7 +1086,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1126,7 +1126,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1166,7 +1166,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1206,7 +1206,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1246,7 +1246,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1286,7 +1286,7 @@ "ftd": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", @@ -1327,7 +1327,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json index 08e187f0e4b..a451d88999a 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-fix.log-expected.json @@ -12,7 +12,7 @@ "ip": "192.168.0.38" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -81,7 +81,7 @@ "ip": "192.168.0.139" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index db12ae25c15..f24cab480a8 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", @@ -155,7 +155,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", @@ -267,7 +267,7 @@ "port": 39114 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", @@ -377,7 +377,7 @@ "port": 40740 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index b34f1959c10..e7428d79a33 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -18,7 +18,7 @@ "ip": "10.8.12.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "intrusion-detected", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -209,7 +209,7 @@ "port": 64311 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index f294e9e293a..2f85e35f960 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -176,7 +176,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 574b9718ada..b15ef52d3fc 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -85,7 +85,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -156,7 +156,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -226,7 +226,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -303,7 +303,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ "port": 12834 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -454,7 +454,7 @@ "port": 4952 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 25882 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -597,7 +597,7 @@ "port": 52925 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -669,7 +669,7 @@ "port": 45392 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -745,7 +745,7 @@ "port": 4953 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -815,7 +815,7 @@ "port": 52925 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -893,7 +893,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -973,7 +973,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -1037,7 +1037,7 @@ "port": 10879 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1113,7 +1113,7 @@ "port": 4954 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1179,7 +1179,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1241,7 +1241,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1311,7 +1311,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1381,7 +1381,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1451,7 +1451,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1521,7 +1521,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1591,7 +1591,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1661,7 +1661,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1731,7 +1731,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1801,7 +1801,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1871,7 +1871,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1939,7 +1939,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2001,7 +2001,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2063,7 +2063,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2133,7 +2133,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2203,7 +2203,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2273,7 +2273,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2343,7 +2343,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2413,7 +2413,7 @@ "port": 8111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2483,7 +2483,7 @@ "port": 8111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2553,7 +2553,7 @@ "port": 40443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2623,7 +2623,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2694,7 +2694,7 @@ "port": 2000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2768,7 +2768,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2844,7 +2844,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2921,7 +2921,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3002,7 +3002,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3081,7 +3081,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3156,7 +3156,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3237,7 +3237,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3318,7 +3318,7 @@ "port": 5678 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3397,7 +3397,7 @@ "port": 5679 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3467,7 +3467,7 @@ "port": 5679 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3539,7 +3539,7 @@ "port": 5000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3620,7 +3620,7 @@ "port": 65000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3700,7 +3700,7 @@ "port": 65000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3776,7 +3776,7 @@ "port": 1235 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3857,7 +3857,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow-expiration", @@ -3927,7 +3927,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -3990,7 +3990,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4053,7 +4053,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4116,7 +4116,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4179,7 +4179,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4242,7 +4242,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4305,7 +4305,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4368,7 +4368,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4434,7 +4434,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4506,7 +4506,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4573,7 +4573,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4642,7 +4642,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4732,7 +4732,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4816,7 +4816,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4885,7 +4885,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4938,7 +4938,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -4995,7 +4995,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index 8397960dc07..d730b9691fd 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -42,7 +42,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -158,7 +158,7 @@ "packets": 1 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -298,7 +298,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -439,7 +439,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -569,7 +569,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -703,7 +703,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -851,7 +851,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -984,7 +984,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", @@ -1116,7 +1116,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-started", @@ -1238,7 +1238,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index a383febb45f..355589c1958 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -31,7 +31,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -133,7 +133,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -235,7 +235,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -337,7 +337,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -443,7 +443,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -556,7 +556,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file-detected", @@ -673,7 +673,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", @@ -801,7 +801,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", @@ -917,7 +917,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", @@ -1045,7 +1045,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", @@ -1176,7 +1176,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index eb3d8994d34..6d0ba3ba31b 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -64,7 +64,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 211562b40f6..f5043b9edf9 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # # Parse the syslog header # diff --git a/packages/cisco_ftd/data_stream/log/sample_event.json b/packages/cisco_ftd/data_stream/log/sample_event.json index fb0ff610fb8..eefff6b90fa 100644 --- a/packages/cisco_ftd/data_stream/log/sample_event.json +++ b/packages/cisco_ftd/data_stream/log/sample_event.json @@ -60,7 +60,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c46e592b-7ede-4f31-9714-c3e0bc5c3213", diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index 577bd324883..0e9fa6c7759 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -81,7 +81,7 @@ An example event for `log` looks as following: "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c46e592b-7ede-4f31-9714-c3e0bc5c3213", diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 391b8327528..ccc24a20b8e 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: "2.4.6" +version: "2.5.0" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 1acc2a7e8ca..b404e3cedff 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.10.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.9.3" changes: - description: Remove duplicate fields. diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json index c9343f65c5a..60ab92deff2 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-asr920.log-expected.json @@ -14,7 +14,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -126,7 +126,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -177,7 +177,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -242,7 +242,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -280,7 +280,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -347,7 +347,7 @@ "ip": "224.0.0.18" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -414,7 +414,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index 6da62f0c99d..b2c2119a3ac 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -14,7 +14,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -68,7 +68,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -125,7 +125,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -188,7 +188,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allow", @@ -252,7 +252,7 @@ "port": 15600 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -307,7 +307,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -366,7 +366,7 @@ "port": 15600 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -416,7 +416,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -453,7 +453,7 @@ "port": 15600 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -521,7 +521,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -571,7 +571,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -678,7 +678,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -732,7 +732,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -846,7 +846,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "multicast-join", @@ -907,7 +907,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "multicast-join", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -985,7 +985,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index 7f61717c956..62e64dcb30c 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -41,7 +41,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index d87d8aa8781..0681d91e1e4 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -41,7 +41,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -393,7 +393,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -457,7 +457,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -489,7 +489,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -553,7 +553,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index 50627f5491b..c3de0c9f70b 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -9,7 +9,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -73,7 +73,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -124,7 +124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 74d2929aff9..e0995e45398 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.category value: network diff --git a/packages/cisco_ios/data_stream/log/sample_event.json b/packages/cisco_ios/data_stream/log/sample_event.json index 8c6e38575df..6537d1e1391 100644 --- a/packages/cisco_ios/data_stream/log/sample_event.json +++ b/packages/cisco_ios/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9e9a5067-5380-4f64-9fb0-e004f4733651", diff --git a/packages/cisco_ios/docs/README.md b/packages/cisco_ios/docs/README.md index 42252960273..a8e1fd6e7c6 100644 --- a/packages/cisco_ios/docs/README.md +++ b/packages/cisco_ios/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9e9a5067-5380-4f64-9fb0-e004f4733651", diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 6858fc444c0..3991f11e0fc 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: "1.9.3" +version: "1.10.0" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_ise/_dev/build/build.yml +++ b/packages/cisco_ise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 23c2e449adc..8c936a1500f 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.2" changes: - description: Fix handling of IdentityPolicyMatchedRule and IdentitySelectionMatchedRule. diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json index dfa9c98785c..70ca8f21990 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -250,7 +250,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -589,7 +589,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -652,7 +652,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -717,7 +717,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ad-connector", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -830,7 +830,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json index 9d10dded8c8..147aa9df322 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -191,7 +191,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -525,7 +525,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "feedservice", @@ -668,7 +668,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "feedservice", @@ -743,7 +743,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -981,7 +981,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap-tls", @@ -1058,7 +1058,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap-tls", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -1241,7 +1241,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -1324,7 +1324,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -1417,7 +1417,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "process-management", @@ -1499,7 +1499,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -1661,7 +1661,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -1813,7 +1813,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -1967,7 +1967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -2044,7 +2044,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "administrator-login", @@ -2113,7 +2113,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -2173,7 +2173,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -2249,7 +2249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -2357,7 +2357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -2451,7 +2451,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -2541,7 +2541,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", @@ -2626,7 +2626,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "configuration-changes", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json index 0eea31ce52f..fae39940cb2 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -491,7 +491,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -597,7 +597,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -713,7 +713,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflow", @@ -916,7 +916,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication", @@ -997,7 +997,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json index 5b4d50e3147..d6e328ef77f 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -84,7 +84,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-attempt", @@ -269,7 +269,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-attempt", @@ -355,7 +355,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "guest", @@ -495,7 +495,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -680,7 +680,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -1108,7 +1108,7 @@ "port": 1645 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "failed-attempt", @@ -1193,7 +1193,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json index 2babb749ea8..0716284c7c3 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "guest", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "guest", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json index b01cda2bcfc..fce62776c2c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -235,7 +235,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -618,7 +618,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -741,7 +741,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -825,7 +825,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -917,7 +917,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -1100,7 +1100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "local-user-db", @@ -1195,7 +1195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -1265,7 +1265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "external-active-directory", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json index bb412e007c7..a874a982d20 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -28,7 +28,7 @@ "port": 9025 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "profiler", @@ -152,7 +152,7 @@ "port": 9005 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -217,7 +217,7 @@ "port": 9005 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "system-management", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logging", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json index 7f65ce027f4..a292ade3542 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mydevices", @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json index f5d0603cf15..22c38662bc5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -197,7 +197,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "passed-authentication", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "guest", @@ -451,7 +451,7 @@ "port": 1645 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "passed-authentication", @@ -536,7 +536,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -608,7 +608,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json index b17a0b055ab..fc1380a5dbb 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -41,7 +41,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -138,7 +138,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -259,7 +259,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -373,7 +373,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -467,7 +467,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -566,7 +566,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -658,7 +658,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json index 7d859d4d481..693d5f05fe0 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eps", @@ -102,7 +102,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json index cddf0a9d4c2..0ae797ff7d3 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -114,7 +114,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius-accounting", @@ -231,7 +231,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius-accounting", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json index 3e66735afc5..8e3f0db96de 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -59,7 +59,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -183,7 +183,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -269,7 +269,7 @@ "port": 1813 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -379,7 +379,7 @@ "port": 1813 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -501,7 +501,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -605,7 +605,7 @@ "port": 73 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -684,7 +684,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -784,7 +784,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -894,7 +894,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -994,7 +994,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -1098,7 +1098,7 @@ "port": 1813 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -1197,7 +1197,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -1313,7 +1313,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -1437,7 +1437,7 @@ "port": 72 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -1553,7 +1553,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -1669,7 +1669,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -1788,7 +1788,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -1913,7 +1913,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2038,7 +2038,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2164,7 +2164,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2284,7 +2284,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2399,7 +2399,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2519,7 +2519,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2638,7 +2638,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2757,7 +2757,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2877,7 +2877,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "eap", @@ -2991,7 +2991,7 @@ "port": 1892 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json index 02cf32428bf..a6da98f01d8 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -174,7 +174,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -568,7 +568,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json index c372e68d3bb..1732cf1f739 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -112,7 +112,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tacacs-accounting", @@ -263,7 +263,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tacacs-accounting", @@ -433,7 +433,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tacacs-accounting", @@ -578,7 +578,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json index 7efaa934a0a..bf8bdd9188f 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "irf", @@ -94,7 +94,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "irf", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "radius", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c9e46cb7cf4..aa325270a2c 100644 --- a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco ISE logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_ise/data_stream/log/sample_event.json b/packages/cisco_ise/data_stream/log/sample_event.json index 0c82489972c..3b71002e887 100644 --- a/packages/cisco_ise/data_stream/log/sample_event.json +++ b/packages/cisco_ise/data_stream/log/sample_event.json @@ -122,7 +122,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdb81c52-44a4-414c-996b-bcfa977c5f7a", diff --git a/packages/cisco_ise/docs/README.md b/packages/cisco_ise/docs/README.md index bcdfb28101e..483ca9b8260 100644 --- a/packages/cisco_ise/docs/README.md +++ b/packages/cisco_ise/docs/README.md @@ -158,7 +158,7 @@ An example event for `log` looks as following: "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdb81c52-44a4-414c-996b-bcfa977c5f7a", diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 381cc9172f5..2ff3f2fc453 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "1.1.2" +version: "1.2.0" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_meraki/_dev/build/build.yml b/packages/cisco_meraki/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_meraki/_dev/build/build.yml +++ b/packages/cisco_meraki/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 1640e443748..3d7eab06a42 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.3" changes: - description: Improve handling of flows events. diff --git a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json index 524a2d91ea0..83d0e7e26da 100644 --- a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json +++ b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cellular came up", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Insight Alert", @@ -133,7 +133,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Failover event detected", diff --git a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml index ace8dc48cbc..1c6156f8bf9 100644 --- a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Cisco Meraki events processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.serial_number copy_from: json.deviceSerial diff --git a/packages/cisco_meraki/data_stream/events/sample_event.json b/packages/cisco_meraki/data_stream/events/sample_event.json index 83633463a4d..ec42931c744 100644 --- a/packages/cisco_meraki/data_stream/events/sample_event.json +++ b/packages/cisco_meraki/data_stream/events/sample_event.json @@ -37,7 +37,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json index 896bb0e34ce..35b10e7b3f1 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json @@ -14,7 +14,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -59,7 +59,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -104,7 +104,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -150,7 +150,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -192,7 +192,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -237,7 +237,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -283,7 +283,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -328,7 +328,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -373,7 +373,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -419,7 +419,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -461,7 +461,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -506,7 +506,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -551,7 +551,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -597,7 +597,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -642,7 +642,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -687,7 +687,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -732,7 +732,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -777,7 +777,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -822,7 +822,7 @@ "mac": "78-55-CD-18-8F-76" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -869,7 +869,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -911,7 +911,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -956,7 +956,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1002,7 +1002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1048,7 +1048,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1094,7 +1094,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1139,7 +1139,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1185,7 +1185,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1230,7 +1230,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1276,7 +1276,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1322,7 +1322,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1364,7 +1364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1409,7 +1409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1454,7 +1454,7 @@ "mac": "0E-8D-FB-70-0F-A8" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1499,7 +1499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1545,7 +1545,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1591,7 +1591,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1633,7 +1633,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1678,7 +1678,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1723,7 +1723,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1768,7 +1768,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1813,7 +1813,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1858,7 +1858,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1903,7 +1903,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1949,7 +1949,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -1994,7 +1994,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2040,7 +2040,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2083,7 +2083,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2125,7 +2125,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2170,7 +2170,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2215,7 +2215,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2260,7 +2260,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2305,7 +2305,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2350,7 +2350,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2396,7 +2396,7 @@ "mac": "90-AC-3F-02-31-59" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2438,7 +2438,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2483,7 +2483,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2529,7 +2529,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2574,7 +2574,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2619,7 +2619,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2665,7 +2665,7 @@ "mac": "08-A7-C0-3B-5A-95" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2707,7 +2707,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2753,7 +2753,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2799,7 +2799,7 @@ "mac": "AE-17-E8-C7-E2-9D" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2845,7 +2845,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2890,7 +2890,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2935,7 +2935,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -2980,7 +2980,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3026,7 +3026,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3071,7 +3071,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3116,7 +3116,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3162,7 +3162,7 @@ "mac": "6E-DA-36-A2-39-71" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3204,7 +3204,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3249,7 +3249,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3294,7 +3294,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3340,7 +3340,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3386,7 +3386,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3433,7 +3433,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3475,7 +3475,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3520,7 +3520,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3565,7 +3565,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3610,7 +3610,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3655,7 +3655,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3700,7 +3700,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3745,7 +3745,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3791,7 +3791,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3836,7 +3836,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3881,7 +3881,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3927,7 +3927,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -3973,7 +3973,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4019,7 +4019,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4065,7 +4065,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4110,7 +4110,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4155,7 +4155,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4200,7 +4200,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4246,7 +4246,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4288,7 +4288,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4333,7 +4333,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4379,7 +4379,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4421,7 +4421,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4466,7 +4466,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4512,7 +4512,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4558,7 +4558,7 @@ "mac": "EE-CE-D5-6A-B6-22" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4600,7 +4600,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4645,7 +4645,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4690,7 +4690,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4737,7 +4737,7 @@ "mac": "AE-17-E8-C7-E1-41" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4779,7 +4779,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4825,7 +4825,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4867,7 +4867,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4912,7 +4912,7 @@ "mac": "E2-CB-9C-B5-D7-80" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -4957,7 +4957,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5002,7 +5002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5047,7 +5047,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5092,7 +5092,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5137,7 +5137,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5182,7 +5182,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5228,7 +5228,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5273,7 +5273,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5319,7 +5319,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5364,7 +5364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5409,7 +5409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5454,7 +5454,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5499,7 +5499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5544,7 +5544,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5589,7 +5589,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5634,7 +5634,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5679,7 +5679,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5724,7 +5724,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5770,7 +5770,7 @@ "mac": "34-8F-27-25-CC-48" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ssid-spoofing-detected", @@ -5812,7 +5812,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5857,7 +5857,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5902,7 +5902,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5947,7 +5947,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -5992,7 +5992,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6037,7 +6037,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6082,7 +6082,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6128,7 +6128,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6173,7 +6173,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6218,7 +6218,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6263,7 +6263,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6308,7 +6308,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6353,7 +6353,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6399,7 +6399,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6444,7 +6444,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6489,7 +6489,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6534,7 +6534,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6579,7 +6579,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6624,7 +6624,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6669,7 +6669,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6714,7 +6714,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6759,7 +6759,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6804,7 +6804,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6850,7 +6850,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6896,7 +6896,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6942,7 +6942,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -6988,7 +6988,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7033,7 +7033,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7078,7 +7078,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7123,7 +7123,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7168,7 +7168,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7213,7 +7213,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7258,7 +7258,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7304,7 +7304,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7350,7 +7350,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7395,7 +7395,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7440,7 +7440,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7485,7 +7485,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7530,7 +7530,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7576,7 +7576,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7622,7 +7622,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7668,7 +7668,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7714,7 +7714,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7759,7 +7759,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7805,7 +7805,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", @@ -7850,7 +7850,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-ssid-detected", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json index 13ace71f80c..d6f4014a214 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json @@ -12,7 +12,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dynamic-frequency-selection-detected", @@ -53,7 +53,7 @@ "mac": "E5-A4-98-71-9A-FE" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-wpa-failed-auth-or-deauth", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-wpa-authentication", @@ -151,7 +151,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-disassociation-request", @@ -195,7 +195,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-association-request", @@ -232,7 +232,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "site-to-site-vpn", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "site-to-site-vpn", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "vpn-connectivity-change", @@ -348,7 +348,7 @@ "mac": "E0-CB-BC-02-4F-80" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-offer", @@ -386,7 +386,7 @@ "mac": "A4-83-E7-02-A2-F1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-no-offer", @@ -433,7 +433,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "site-to-site-vpn", @@ -497,7 +497,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-disassociation-request", @@ -539,7 +539,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "association-rejected-for-load-balancing", @@ -581,7 +581,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-association-request", @@ -623,7 +623,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-wpa-authentication", @@ -664,7 +664,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -715,7 +715,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -770,7 +770,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-association-request", @@ -813,7 +813,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-8021x-auth", @@ -856,7 +856,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "8021x_auth", @@ -916,7 +916,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-disassociation-request", @@ -979,7 +979,7 @@ "event_type": "events" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-disassociation-request", @@ -1021,7 +1021,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "wifi-wpa-authentication", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json index f1ea39fcb63..24c81c659e6 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json @@ -14,7 +14,7 @@ "port": 15600 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -70,7 +70,7 @@ "port": 44210 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ip-session-initiated", @@ -128,7 +128,7 @@ "port": 15500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -171,7 +171,7 @@ "ip": "ff02::1:ffb6:a227" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -213,7 +213,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -267,7 +267,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "layer3-firewall-allowed-flow", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json index 4516eeeaf54..855b12318dd 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -130,7 +130,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -190,7 +190,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -307,7 +307,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -424,7 +424,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json index da9f957aef7..649ea9f0e82 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json @@ -17,7 +17,7 @@ "port": 56391 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ids-signature-matched", @@ -93,7 +93,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malicious-file-actioned", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "issued-retrospective-malicious-disposition", @@ -188,7 +188,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ids-signature-matched", @@ -246,7 +246,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ids-signature-matched", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json index 524083d5d99..7c0612274b3 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json @@ -32,7 +32,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "http-access-error", @@ -98,7 +98,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "http-access", diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 019665db1c6..dcff65ef7d7 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Meraki syslog processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_meraki/data_stream/log/sample_event.json b/packages/cisco_meraki/data_stream/log/sample_event.json index 930a22a9e84..f7a62bcc2df 100644 --- a/packages/cisco_meraki/data_stream/log/sample_event.json +++ b/packages/cisco_meraki/data_stream/log/sample_event.json @@ -27,7 +27,7 @@ "port": 56391 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index 0cc7e5d7cf0..51b6276ec6b 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -312,7 +312,7 @@ An example event for `log` looks as following: "port": 56391 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", @@ -647,7 +647,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 316ddb55e36..65b7a3d70d9 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki -version: 1.2.3 +version: "1.3.0" license: basic description: Collect logs from Cisco Meraki with Elastic Agent. type: integration diff --git a/packages/cisco_nexus/_dev/build/build.yml b/packages/cisco_nexus/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_nexus/_dev/build/build.yml +++ b/packages/cisco_nexus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 151b57b2ba9..3f17c113200 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.7.3" changes: - description: Remove duplicate fields. diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 0799deb4b0f..7b061592507 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login", "tags": [ diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 27e250da8db..4e95ad0236c 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_nexus/data_stream/log/sample_event.json b/packages/cisco_nexus/data_stream/log/sample_event.json index 36fb5dc12de..e83b1e162d7 100644 --- a/packages/cisco_nexus/data_stream/log/sample_event.json +++ b/packages/cisco_nexus/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/docs/README.md b/packages/cisco_nexus/docs/README.md index 36c6117484b..94906275490 100644 --- a/packages/cisco_nexus/docs/README.md +++ b/packages/cisco_nexus/docs/README.md @@ -29,7 +29,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index 53d32265e97..c6363f9ddad 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: "0.7.3" +version: "0.8.0" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/_dev/build/build.yml b/packages/cisco_secure_email_gateway/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_secure_email_gateway/_dev/build/build.yml +++ b/packages/cisco_secure_email_gateway/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index f7250037d25..0baf56ebf60 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.0" changes: - description: Improve error message for incorrect log filepath configuration. diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json index 6aa735a1c26..2a39d8188e7 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -108,7 +108,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -202,7 +202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -248,7 +248,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json index a9f299feddb..6f6ee818dd7 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json index 78aa96348c0..a063a619b73 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json index 36cf4336b24..aabbafd5123 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json index 6904b6d73e6..eddd3ceb65e 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -83,7 +83,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "'Critical \u003cSystem\u003e example.com: Log Error: Subscription error_logs: Failed to connect to 10....' (attempt #0)", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json index 675694d47d9..35fc4b2c119 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json @@ -14,7 +14,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -87,7 +87,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -140,7 +140,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -308,7 +308,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -366,7 +366,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json index 90954347e92..ed7857822b9 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json @@ -96,7 +96,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "0" diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json index a2f697739ae..c98c300c45e 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json index 2b64513a651..55e84d22aab 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "111" @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -106,7 +106,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "\"Warning \u003cSystem\u003e cisco.esa: URL category definitions have changed.; Added new category '...\"", @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "6" @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -252,7 +252,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "6", @@ -286,7 +286,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -321,7 +321,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "6" @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "message_id": "6" @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -512,7 +512,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -547,7 +547,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "'Warning \u003cSystem\u003e cisco.esa: Your \"Sophos Anti-Virus\" key will expire in under 60 day(s)....'", @@ -610,7 +610,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -652,7 +652,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "to": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e215e64de55..6bd2dac1470 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Secure Email Gateway logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: log.file.path if: ctx.log?.file?.path != null diff --git a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json index 267871419f1..7b08085d0d3 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f30e055b-b967-474e-ba00-65b6223f750d", diff --git a/packages/cisco_secure_email_gateway/docs/README.md b/packages/cisco_secure_email_gateway/docs/README.md index 0d9c5ea04eb..a63d5d37498 100644 --- a/packages/cisco_secure_email_gateway/docs/README.md +++ b/packages/cisco_secure_email_gateway/docs/README.md @@ -222,7 +222,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f30e055b-b967-474e-ba00-65b6223f750d", diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index f927e0d3cbc..4806cea7741 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "1.1.0" +version: "1.2.0" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/_dev/build/build.yml b/packages/cisco_secure_endpoint/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cisco_secure_endpoint/_dev/build/build.yml +++ b/packages/cisco_secure_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index e01348b25b7..c4426d20e43 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.6.2" changes: - description: Remove duplicate fields. diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index d31c9ff3107..a6e03b9170c 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -622,7 +622,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -700,7 +700,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1044,7 +1044,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1130,7 +1130,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1214,7 +1214,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1286,7 +1286,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1430,7 +1430,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1575,7 +1575,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1753,7 +1753,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "File Fetch Completed", @@ -1842,7 +1842,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1920,7 +1920,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1992,7 +1992,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "File Fetch Completed", @@ -2069,7 +2069,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -2133,7 +2133,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2204,7 +2204,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2355,7 +2355,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2609,7 +2609,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -2676,7 +2676,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -2762,7 +2762,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -2841,7 +2841,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -2993,7 +2993,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -3058,7 +3058,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3232,7 +3232,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3330,7 +3330,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3408,7 +3408,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3494,7 +3494,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3594,7 +3594,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3693,7 +3693,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3822,7 +3822,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -3958,7 +3958,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Scan Completed, No Detections", @@ -4016,7 +4016,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Scan Started", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index 8c92e8183c5..3a544d1eaf7 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SecureX Threat Hunting Incident", @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -278,7 +278,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -377,7 +377,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -481,7 +481,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -589,7 +589,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -697,7 +697,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -805,7 +805,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -913,7 +913,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -1021,7 +1021,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DFC Threat Detected", @@ -1114,7 +1114,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1194,7 +1194,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1287,7 +1287,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Multiple Infected Files", @@ -1365,7 +1365,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1455,7 +1455,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1541,7 +1541,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1630,7 +1630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Executed malware", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1887,7 +1887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1973,7 +1973,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2063,7 +2063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2153,7 +2153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2239,7 +2239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2418,7 +2418,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2508,7 +2508,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2594,7 +2594,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2680,7 +2680,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2770,7 +2770,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2856,7 +2856,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2942,7 +2942,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3021,7 +3021,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3282,7 +3282,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3372,7 +3372,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3458,7 +3458,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3544,7 +3544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3626,7 +3626,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Executed malware", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3783,7 +3783,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index c0d2525e57a..5a14137f2e0 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -113,7 +113,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -777,7 +777,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -860,7 +860,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -943,7 +943,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1192,7 +1192,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1275,7 +1275,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1441,7 +1441,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1520,7 +1520,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1603,7 +1603,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1686,7 +1686,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1773,7 +1773,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1872,7 +1872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1959,7 +1959,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2058,7 +2058,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2145,7 +2145,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2327,7 +2327,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2426,7 +2426,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2850,7 +2850,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2940,7 +2940,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3116,7 +3116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3195,7 +3195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3281,7 +3281,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3439,7 +3439,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3518,7 +3518,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3694,7 +3694,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3784,7 +3784,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index c009c421507..dc99eac9ce2 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -120,7 +120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Executed malware", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -447,7 +447,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -541,7 +541,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -869,7 +869,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -944,7 +944,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1019,7 +1019,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1094,7 +1094,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1244,7 +1244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1319,7 +1319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1394,7 +1394,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1469,7 +1469,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1544,7 +1544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1619,7 +1619,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1694,7 +1694,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1844,7 +1844,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1919,7 +1919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1994,7 +1994,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2070,7 +2070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2264,7 +2264,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2365,7 +2365,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2461,7 +2461,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2532,7 +2532,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2603,7 +2603,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2745,7 +2745,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2895,7 +2895,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2970,7 +2970,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3121,7 +3121,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3224,7 +3224,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3322,7 +3322,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3393,7 +3393,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3465,7 +3465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3649,7 +3649,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3750,7 +3750,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3847,7 +3847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3933,7 +3933,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4023,7 +4023,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4126,7 +4126,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4219,7 +4219,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -4274,7 +4274,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -4338,7 +4338,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4413,7 +4413,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4488,7 +4488,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -4639,7 +4639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -4718,7 +4718,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -4876,7 +4876,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4975,7 +4975,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -5073,7 +5073,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -5148,7 +5148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5294,7 +5294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -5445,7 +5445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -5524,7 +5524,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -5685,7 +5685,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -5760,7 +5760,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -5910,7 +5910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6135,7 +6135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6210,7 +6210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6360,7 +6360,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6435,7 +6435,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6511,7 +6511,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -6610,7 +6610,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -6707,7 +6707,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -6792,7 +6792,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -6867,7 +6867,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -6942,7 +6942,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -7017,7 +7017,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -7089,7 +7089,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7179,7 +7179,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7269,7 +7269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7359,7 +7359,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7449,7 +7449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7539,7 +7539,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7629,7 +7629,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7719,7 +7719,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7809,7 +7809,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7899,7 +7899,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -7993,7 +7993,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -8086,7 +8086,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 00b642040b6..9cab14b86be 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -285,7 +285,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -375,7 +375,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -478,7 +478,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -651,7 +651,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -813,7 +813,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -977,7 +977,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1127,7 +1127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -1270,7 +1270,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1432,7 +1432,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1593,7 +1593,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1664,7 +1664,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1819,7 +1819,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1905,7 +1905,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1980,7 +1980,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2055,7 +2055,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2127,7 +2127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2206,7 +2206,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2285,7 +2285,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2368,7 +2368,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2566,7 +2566,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detection", @@ -2639,7 +2639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2714,7 +2714,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2789,7 +2789,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2864,7 +2864,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2936,7 +2936,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3015,7 +3015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3173,7 +3173,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3252,7 +3252,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3331,7 +3331,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -3492,7 +3492,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3564,7 +3564,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3654,7 +3654,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3736,7 +3736,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3825,7 +3825,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3976,7 +3976,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -4145,7 +4145,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -4220,7 +4220,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -4292,7 +4292,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4378,7 +4378,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4550,7 +4550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4636,7 +4636,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4722,7 +4722,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4808,7 +4808,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4894,7 +4894,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -5065,7 +5065,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index 98c5a350d4f..1a64e8ee79a 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -187,7 +187,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -671,7 +671,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -757,7 +757,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -984,7 +984,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -1056,7 +1056,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1350,7 +1350,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1551,7 +1551,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1626,7 +1626,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1848,7 +1848,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2016,7 +2016,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -2095,7 +2095,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2250,7 +2250,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2332,7 +2332,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2404,7 +2404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2498,7 +2498,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2593,7 +2593,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2683,7 +2683,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2782,7 +2782,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2872,7 +2872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2957,7 +2957,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3028,7 +3028,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -3104,7 +3104,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Potential Dropper Infection", @@ -3269,7 +3269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3655,7 +3655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3730,7 +3730,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3880,7 +3880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -3956,7 +3956,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4053,7 +4053,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -4288,7 +4288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index 5842e1ee82d..2ab17759791 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -606,7 +606,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -678,7 +678,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -932,7 +932,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -1010,7 +1010,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -1137,7 +1137,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "File Fetch Completed", @@ -1224,7 +1224,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1322,7 +1322,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -1397,7 +1397,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -1473,7 +1473,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1572,7 +1572,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -1670,7 +1670,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Policy Update", @@ -1800,7 +1800,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Executed malware", @@ -1881,7 +1881,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Multiple Infected Files", @@ -1958,7 +1958,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -2030,7 +2030,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2188,7 +2188,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2277,7 +2277,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2427,7 +2427,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Quarantine Failure", @@ -2499,7 +2499,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2655,7 +2655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -2902,7 +2902,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Quarantined", @@ -2974,7 +2974,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3064,7 +3064,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3154,7 +3154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3248,7 +3248,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Threat Detected", @@ -3351,7 +3351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malicious Activity Detection", @@ -3452,7 +3452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3538,7 +3538,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3624,7 +3624,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3710,7 +3710,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -3864,7 +3864,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Quarantine", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Retrospective Detection", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json index aa3815742b5..3b0e8c3a46d 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Cloud IOC", diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index cd0dca31fba..4f57cfc4e76 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -40,7 +40,7 @@ processors: ####################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: alert diff --git a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json index 728815234ba..e7597f7c659 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/sample_event.json +++ b/packages/cisco_secure_endpoint/data_stream/event/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/docs/README.md b/packages/cisco_secure_endpoint/docs/README.md index c6375100470..c047761a9cc 100644 --- a/packages/cisco_secure_endpoint/docs/README.md +++ b/packages/cisco_secure_endpoint/docs/README.md @@ -65,7 +65,7 @@ An example event for `event` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "83d8d392-d20c-40ef-a257-bf9cf314d1db", diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 566dc9ad8e1..bc74b0d082b 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint -version: 2.6.2 +version: "2.7.0" license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/_dev/build/build.yml b/packages/cisco_umbrella/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/cisco_umbrella/_dev/build/build.yml +++ b/packages/cisco_umbrella/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 9e32bb8f4ef..715d717c3fa 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.2" changes: - description: Remove duplicate field. diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json index 4bbcada3d93..7a8a6c7fbb5 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index c21729540fc..0195aab57d1 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -28,7 +28,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index 4187074468e..71ed3a3bdc9 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -31,7 +31,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-request-Allowed", @@ -109,7 +109,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-request-Blocked", @@ -182,7 +182,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index 9f11fb0dab4..a84c18f5206 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -25,7 +25,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -84,7 +84,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index 85ea6a3d3f3..b409fd0c11f 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -31,7 +31,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -117,7 +117,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -280,7 +280,7 @@ "ip": "89.160.20.130" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 4b4aeeb8e12..87b87e57f31 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Umbrella processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor value: Cisco diff --git a/packages/cisco_umbrella/data_stream/log/sample_event.json b/packages/cisco_umbrella/data_stream/log/sample_event.json index 180f761add1..3de31eaceb1 100644 --- a/packages/cisco_umbrella/data_stream/log/sample_event.json +++ b/packages/cisco_umbrella/data_stream/log/sample_event.json @@ -42,7 +42,7 @@ }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index f85909b1e33..cff755ea0d3 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -60,7 +60,7 @@ An example event for `log` looks as following: }, "@timestamp": "2020-07-23T23:48:56.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "related": { "hash": [ diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index d9806762254..64090949d85 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: "1.4.2" +version: "1.5.0" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/citrix_waf/_dev/build/build.yml b/packages/citrix_waf/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/citrix_waf/_dev/build/build.yml +++ b/packages/citrix_waf/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/citrix_waf/changelog.yml b/packages/citrix_waf/changelog.yml index b2476cc3134..7ad23ccffc3 100644 --- a/packages/citrix_waf/changelog.yml +++ b/packages/citrix_waf/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.2" changes: - description: Remove duplicate fields. diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json index d07306a8c15..0a78a401c76 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json @@ -34,7 +34,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", @@ -181,7 +181,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "transformed", @@ -255,7 +255,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -331,7 +331,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", @@ -407,7 +407,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", @@ -480,7 +480,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "transformed", @@ -553,7 +553,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "transformed", @@ -626,7 +626,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", @@ -700,7 +700,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "not blocked", diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json index 19e38eace9e..9d4e2229bbc 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json @@ -31,7 +31,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "60", @@ -69,7 +69,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "5743593", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "4471", @@ -145,7 +145,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "4472", @@ -183,7 +183,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "4473", @@ -221,7 +221,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "4474", diff --git a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 9f40c2447e0..a1f18c65400 100644 --- a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Citrix Web App Firewall logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/citrix_waf/data_stream/log/sample_event.json b/packages/citrix_waf/data_stream/log/sample_event.json index 30aef26d00f..908916c0226 100644 --- a/packages/citrix_waf/data_stream/log/sample_event.json +++ b/packages/citrix_waf/data_stream/log/sample_event.json @@ -44,7 +44,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e30119bc-b47d-4e56-86e3-4a9683305c6e", diff --git a/packages/citrix_waf/docs/README.md b/packages/citrix_waf/docs/README.md index 9fdaff8a29b..d96c8bd23cf 100644 --- a/packages/citrix_waf/docs/README.md +++ b/packages/citrix_waf/docs/README.md @@ -95,7 +95,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e30119bc-b47d-4e56-86e3-4a9683305c6e", diff --git a/packages/citrix_waf/manifest.yml b/packages/citrix_waf/manifest.yml index 5fc162ab87e..22249e39f00 100644 --- a/packages/citrix_waf/manifest.yml +++ b/packages/citrix_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: citrix_waf title: "Citrix Web App Firewall" -version: 1.1.2 +version: "1.2.0" license: basic description: Ingest events from Citrix Systems Web App Firewall. type: integration diff --git a/packages/cloudflare/_dev/build/build.yml b/packages/cloudflare/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cloudflare/_dev/build/build.yml +++ b/packages/cloudflare/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 76b12772ca6..c60b227019f 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.2.4" changes: - description: Remove duplicate fields. diff --git a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 0a1e40976e5..e6de6f37d19 100644 --- a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_create", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_revoke", @@ -185,7 +185,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "api_key_view", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "api_key_view", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rotate_api_key", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "api_key_created", @@ -493,7 +493,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_create", @@ -569,7 +569,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "purge", @@ -736,7 +736,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tls_settings_deployed", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete", @@ -871,7 +871,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_revoke", @@ -953,7 +953,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_revoke", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_roll", @@ -1115,7 +1115,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_create", @@ -1204,7 +1204,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1294,7 +1294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1475,7 +1475,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1566,7 +1566,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1657,7 +1657,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1748,7 +1748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1839,7 +1839,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -1929,7 +1929,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -2019,7 +2019,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -2109,7 +2109,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -2199,7 +2199,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_del", @@ -2288,7 +2288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2377,7 +2377,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2644,7 +2644,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2734,7 +2734,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2824,7 +2824,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -2914,7 +2914,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3272,7 +3272,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3361,7 +3361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rec_add", @@ -3442,7 +3442,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pending", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tls_settings_deployed", @@ -3584,7 +3584,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add", @@ -3667,7 +3667,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_setting", @@ -3748,7 +3748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "token_create", @@ -3824,7 +3824,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login", diff --git a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b059eaae035..4c8f8555d78 100644 --- a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/audit/sample_event.json b/packages/cloudflare/data_stream/audit/sample_event.json index 39d844d4d02..2589f099c67 100644 --- a/packages/cloudflare/data_stream/audit/sample_event.json +++ b/packages/cloudflare/data_stream/audit/sample_event.json @@ -33,7 +33,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json index c8e064da1b6..86e1a9e39b4 100644 --- a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json @@ -105,7 +105,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -283,7 +283,7 @@ "bytes": 24743 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -487,7 +487,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml index de78b1393c0..5d2982d8b6b 100644 --- a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/logpull/sample_event.json b/packages/cloudflare/data_stream/logpull/sample_event.json index 625c77e088a..4f5d5707a39 100644 --- a/packages/cloudflare/data_stream/logpull/sample_event.json +++ b/packages/cloudflare/data_stream/logpull/sample_event.json @@ -103,7 +103,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/docs/README.md b/packages/cloudflare/docs/README.md index ea6e87a6c14..c6cc80c2dd5 100644 --- a/packages/cloudflare/docs/README.md +++ b/packages/cloudflare/docs/README.md @@ -178,7 +178,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -539,7 +539,7 @@ An example event for `logpull` looks as following: "bytes": 2848 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index cce82a04855..ed29e5c0ddc 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 2.2.4 +version: "2.3.0" release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration diff --git a/packages/cloudflare_logpush/_dev/build/build.yml b/packages/cloudflare_logpush/_dev/build/build.yml index 57064cc41b0..aaafc5d833b 100644 --- a/packages/cloudflare_logpush/_dev/build/build.yml +++ b/packages/cloudflare_logpush/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.2.0 + reference: git@v8.5.1 diff --git a/packages/cloudflare_logpush/changelog.yml b/packages/cloudflare_logpush/changelog.yml index b952316b708..efa8b25329d 100644 --- a/packages/cloudflare_logpush/changelog.yml +++ b/packages/cloudflare_logpush/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.2.1" changes: - description: Set default endpoint to empty string diff --git a/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index 1fb8ecfdcc3..19d4343c575 100644 --- a/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "action": "token_create", diff --git a/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index faf942743ef..eea3732bbf0 100644 --- a/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Audit logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/audit/sample_event.json b/packages/cloudflare_logpush/data_stream/audit/sample_event.json index 7f7c7469748..a70fe9354f9 100644 --- a/packages/cloudflare_logpush/data_stream/audit/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/audit/sample_event.json @@ -50,7 +50,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json b/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json index e8781b8a4c7..83864ad865e 100644 --- a/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/dns/_dev/test/pipeline/test-pipeline-dns.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index ad6d37c7b9b..6cbe8e58f7d 100644 --- a/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare DNS logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/dns/sample_event.json b/packages/cloudflare_logpush/data_stream/dns/sample_event.json index 0b930fbc2ef..9a41077e9ca 100644 --- a/packages/cloudflare_logpush/data_stream/dns/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/dns/sample_event.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json b/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json index 52ccac8d0b2..7edd0a760f3 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/firewall_event/_dev/test/pipeline/test-pipeline-firewall-event.log-expected.json @@ -64,7 +64,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "action": "block", diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml index 77ae2b3b936..7ba336e9c1d 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/firewall_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Firewall Event logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json b/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json index e00847dbaaf..d97ebe74d29 100644 --- a/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/firewall_event/sample_event.json @@ -75,7 +75,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json b/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json index 388655b749c..d3e71fae200 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/http_request/_dev/test/pipeline/test-pipeline-http-request.log-expected.json @@ -173,7 +173,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "category": [ @@ -415,7 +415,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml index b45e0edbc52..daabea5b00d 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare HTTP Request logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/http_request/sample_event.json b/packages/cloudflare_logpush/data_stream/http_request/sample_event.json index adc72ad77d9..0dfd446a3b9 100644 --- a/packages/cloudflare_logpush/data_stream/http_request/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/http_request/sample_event.json @@ -185,7 +185,7 @@ "ip": "67.43.156.0" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json b/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json index 9db02ea07be..d0747b02e21 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/nel_report/_dev/test/pipeline/test-pipeline-nel-report.log-expected.json @@ -26,7 +26,7 @@ } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "error": { "type": "network-error" diff --git a/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml index 52441fec75e..797e325edb0 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/nel_report/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare NEL Report logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json b/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json index a3c802be0e5..9b9d499bcbf 100644 --- a/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/nel_report/sample_event.json @@ -37,7 +37,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json b/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json index 4fdfa04ed78..98154853374 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/network_analytics/_dev/test/pipeline/test-pipeline-network-analytics.log-expected.json @@ -167,7 +167,7 @@ "port": 5678 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml index 2025140c3c0..8ffeb98fff3 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Network Analytics logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json b/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json index 28058d565a2..dca6eedaf36 100644 --- a/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/network_analytics/sample_event.json @@ -178,7 +178,7 @@ "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json b/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json index cf0d6bc4ef7..e65cc95e7e3 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/_dev/test/pipeline/test-pipeline-spectrum-event.log-expected.json @@ -59,7 +59,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "event": { "action": "connect", diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml index 3ae34a0763d..3a1c93965f1 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cloudflare Spectrum Event logs. processors: - set: field: ecs.version - value: '8.2.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json b/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json index 4a5d3a43ef3..7268cdcbc5b 100644 --- a/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json +++ b/packages/cloudflare_logpush/data_stream/spectrum_event/sample_event.json @@ -70,7 +70,7 @@ "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/docs/README.md b/packages/cloudflare_logpush/docs/README.md index 6432c30c120..41c5c904918 100644 --- a/packages/cloudflare_logpush/docs/README.md +++ b/packages/cloudflare_logpush/docs/README.md @@ -156,7 +156,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -337,7 +337,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -530,7 +530,7 @@ An example event for `firewall_event` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -911,7 +911,7 @@ An example event for `http_request` looks as following: "ip": "67.43.156.0" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -1210,7 +1210,7 @@ An example event for `nel_report` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -1495,7 +1495,7 @@ An example event for `network_analytics` looks as following: "port": 0 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", @@ -1686,7 +1686,7 @@ An example event for `network_analytics` looks as following: | log.offset | Log offset | long | | log.source.address | Source address from which the log event was read / sent from. | keyword | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | related.hash | All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). | keyword | | related.ip | All of the IPs seen on your event. | ip | @@ -1779,7 +1779,7 @@ An example event for `spectrum_event` looks as following: "port": 3389 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8539930e-8f7a-48ac-af3e-7f098b7d6ea2", diff --git a/packages/cloudflare_logpush/manifest.yml b/packages/cloudflare_logpush/manifest.yml index 117cb95303d..90cc1520281 100644 --- a/packages/cloudflare_logpush/manifest.yml +++ b/packages/cloudflare_logpush/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cloudflare_logpush title: Cloudflare Logpush -version: 0.2.1 +version: "0.3.0" license: basic description: Collect and parse logs from Cloudflare API with Elastic Agent. type: integration diff --git a/packages/crowdstrike/_dev/build/build.yml b/packages/crowdstrike/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/crowdstrike/_dev/build/build.yml +++ b/packages/crowdstrike/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index fde5200ff2d..b846be65f4f 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Expose Default Region setting to UI diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json index 5c47141d7f4..7995019f7e1 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_activity_audit_event", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -604,7 +604,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -658,7 +658,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -729,7 +729,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json index de41be971aa..2e0dfc996e8 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Prevention, process killed.", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "incident", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json index 2b5a24da72e..918cae671fd 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json @@ -46,7 +46,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "incident", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_activity_audit_event", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Detection, process would have been blocked if related prevention policy setting was enabled.", diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index a944e4da7dc..acacef3ca45 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Ingest pipeline for normalizing CrowdStrike Falcon logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/crowdstrike/data_stream/falcon/sample_event.json b/packages/crowdstrike/data_stream/falcon/sample_event.json index e12d36b60cb..3abf668df80 100644 --- a/packages/crowdstrike/data_stream/falcon/sample_event.json +++ b/packages/crowdstrike/data_stream/falcon/sample_event.json @@ -52,7 +52,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json index 8ac89e15c3f..93e78c620a8 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json @@ -18,7 +18,7 @@ "name": "SyntheticProcessRollup2MacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SyntheticProcessRollup2", @@ -120,7 +120,7 @@ "name": "EndOfProcessMacV15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -207,7 +207,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RawBindIP6", @@ -299,7 +299,7 @@ "name": "ProcessRollup2StatsMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2Stats", @@ -398,7 +398,7 @@ "name": "SensorHeartbeatMacV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SensorHeartbeat", @@ -470,7 +470,7 @@ "name": "ProcessRollup2MacV5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -583,7 +583,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkReceiveAcceptIP4", @@ -672,7 +672,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RawBindIP4", @@ -771,7 +771,7 @@ "port": 50626 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP6", @@ -860,7 +860,7 @@ "name": "ProcessRollup2LinV6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -966,7 +966,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP6", @@ -1046,7 +1046,7 @@ "name": "OoxmlFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OoxmlFileWritten", @@ -1142,7 +1142,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP4", @@ -1238,7 +1238,7 @@ "name": "ChannelVersionRequiredLinV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ChannelVersionRequired", @@ -1296,7 +1296,7 @@ "name": "LocalIpAddressIP6LinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressIP6", @@ -1382,7 +1382,7 @@ "name": "ChannelVersionRequiredMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ChannelVersionRequired", @@ -1442,7 +1442,7 @@ "name": "SensorHeartbeatLinV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SensorHeartbeat", @@ -1506,7 +1506,7 @@ "name": "JavaClassFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "JavaClassFileWritten", @@ -1603,7 +1603,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP4", @@ -1693,7 +1693,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DnsRequest", @@ -1763,7 +1763,7 @@ "name": "NewScriptWrittenMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewScriptWritten", @@ -1842,7 +1842,7 @@ "name": "LocalIpAddressRemovedIP6LinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -1925,7 +1925,7 @@ "name": "DirectoryCreateMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DirectoryCreate", @@ -2026,7 +2026,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkCloseIP4", @@ -2147,7 +2147,7 @@ "name": "FsVolumeMountedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FsVolumeMounted", @@ -2219,7 +2219,7 @@ "name": "LocalIpAddressIP4LinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressIP4", @@ -2303,7 +2303,7 @@ "name": "LocalIpAddressRemovedIP6MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2398,7 +2398,7 @@ "name": "LocalIpAddressIP6MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressIP6", @@ -2486,7 +2486,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP4", @@ -2565,7 +2565,7 @@ "name": "ExecutableDeletedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ExecutableDeleted", @@ -2641,7 +2641,7 @@ "name": "GzipFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GzipFileWritten", @@ -2714,7 +2714,7 @@ "name": "IOServiceRegisterMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "IOServiceRegister", @@ -2779,7 +2779,7 @@ "name": "PtyCreatedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PtyCreated", @@ -2851,7 +2851,7 @@ "name": "LocalIpAddressRemovedIP4MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressRemovedIP4", @@ -2939,7 +2939,7 @@ "port": 9 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkCloseIP6", @@ -3025,7 +3025,7 @@ "name": "ConfigStateUpdateLinV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ConfigStateUpdate", @@ -3090,7 +3090,7 @@ "name": "SuspiciousDnsRequestMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -3166,7 +3166,7 @@ "name": "ErrorEventLinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ErrorEvent", @@ -3259,7 +3259,7 @@ "name": "ConfigStateUpdateMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ConfigStateUpdate", @@ -3324,7 +3324,7 @@ "name": "KextLoadMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "KextLoad", @@ -3395,7 +3395,7 @@ "name": "ChannelVersionRequiredLinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ChannelVersionRequired", @@ -3455,7 +3455,7 @@ "name": "ProcessRollup2StatsLinV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2Stats", @@ -3544,7 +3544,7 @@ "name": "UserIdentityMacV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserIdentity", @@ -3628,7 +3628,7 @@ "name": "DeliverLocalFXToCloudMacV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DeliverLocalFXToCloud", @@ -3685,7 +3685,7 @@ "name": "CreateProcessArgsMac" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CreateProcessArgs", @@ -3783,7 +3783,7 @@ "name": "PdfFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PdfFileWritten", @@ -3863,7 +3863,7 @@ "name": "GroupIdentityMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupIdentity", @@ -3932,7 +3932,7 @@ "name": "MachOFileWrittenMacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MachOFileWritten", @@ -4022,7 +4022,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP6", @@ -4223,7 +4223,7 @@ "name": "CurrentSystemTagsMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CurrentSystemTags", @@ -4288,7 +4288,7 @@ "name": "NewExecutableWrittenMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewExecutableWritten", @@ -4493,7 +4493,7 @@ "name": "LfoUploadDataCompleteMacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LfoUploadDataComplete", @@ -4566,7 +4566,7 @@ "name": "LightningLatencyInfoMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LightningLatencyInfo", @@ -4658,7 +4658,7 @@ "name": "NeighborListIP4MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NeighborListIP4", @@ -4723,7 +4723,7 @@ "name": "ZipFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ZipFileWritten", @@ -4824,7 +4824,7 @@ "name": "AgentOnlineMacV13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AgentOnline", @@ -4902,7 +4902,7 @@ "name": "CriticalFileAccessedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CriticalFileAccessed", @@ -4991,7 +4991,7 @@ "name": "OsVersionInfoMacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OsVersionInfo", @@ -5073,7 +5073,7 @@ "name": "ConfigStateUpdateLinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ConfigStateUpdate", @@ -5137,7 +5137,7 @@ "name": "LFODownloadConfirmationLinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5218,7 +5218,7 @@ "name": "TarFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TarFileWritten", @@ -5307,7 +5307,7 @@ "name": "AgentConnectMacV5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AgentConnect", @@ -5375,7 +5375,7 @@ "name": "LFODownloadConfirmationMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5458,7 +5458,7 @@ "name": "AsepFileChangeMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AsepFileChange", @@ -5536,7 +5536,7 @@ "name": "TerminateProcessLinV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TerminateProcess", @@ -5607,7 +5607,7 @@ "name": "FirewallEnabledMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FirewallEnabled", @@ -5676,7 +5676,7 @@ "name": "FsVolumeUnmountedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FsVolumeUnmounted", @@ -5747,7 +5747,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP4", @@ -5827,7 +5827,7 @@ "name": "ELFFileWrittenMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ELFFileWritten", @@ -5918,7 +5918,7 @@ "name": "OsVersionInfoLinV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OsVersionInfo", @@ -5985,7 +5985,7 @@ "name": "CriticalFileModifiedMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CriticalFileModified", @@ -6074,7 +6074,7 @@ "name": "NeighborListIP6MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NeighborListIP6", @@ -6140,7 +6140,7 @@ "name": "NewScriptWrittenMacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewScriptWritten", @@ -6235,7 +6235,7 @@ "name": "SystemCapacityMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SystemCapacity", @@ -6305,7 +6305,7 @@ "name": "FirmwareAnalysisStatusMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FirmwareAnalysisStatus", @@ -6384,7 +6384,7 @@ "name": "LocalIpAddressIP4MacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LocalIpAddressIP4", @@ -6474,7 +6474,7 @@ "name": "ProcessRollup2LinV5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -6583,7 +6583,7 @@ "name": "EndOfProcessMacV14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -6713,7 +6713,7 @@ "name": "EndOfProcessV15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -6810,7 +6810,7 @@ "name": "EndOfProcessMacV12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -6903,7 +6903,7 @@ "name": "ProcessRollup2V17" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -7002,7 +7002,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DnsRequest", @@ -7072,7 +7072,7 @@ "name": "CriticalFileAccessedLinV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CriticalFileAccessed", @@ -7165,7 +7165,7 @@ "name": "ProcessRollup2MacV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -7272,7 +7272,7 @@ "name": "NewScriptWrittenV7" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewScriptWritten", @@ -7368,7 +7368,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP4", @@ -7469,7 +7469,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP4", @@ -7570,7 +7570,7 @@ "name": "UserLogonV8" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLogon", @@ -7662,7 +7662,7 @@ "name": "PeFileWrittenV14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PeFileWritten", @@ -7758,7 +7758,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLogoff", @@ -7845,7 +7845,7 @@ "name": "NewExecutableWrittenV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewExecutableWritten", @@ -7930,7 +7930,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP4", @@ -8036,7 +8036,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLogonFailed2", @@ -8121,7 +8121,7 @@ "name": "ExecutableDeletedV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ExecutableDeleted", @@ -8213,7 +8213,7 @@ "name": "EndOfProcessMacV11" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -8289,7 +8289,7 @@ "name": "RegisterRawInputDevicesEtwV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RegisterRawInputDevicesEtw", @@ -8363,7 +8363,7 @@ "name": "LFODownloadConfirmationV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LFODownloadConfirmation", @@ -8452,7 +8452,7 @@ "name": "NewExecutableRenamedV6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewExecutableRenamed", @@ -8541,7 +8541,7 @@ "name": "DirectoryCreateV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DirectoryCreate", @@ -8626,7 +8626,7 @@ "name": "ServiceStartedV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ServiceStarted", @@ -8718,7 +8718,7 @@ "port": 2181 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP6", @@ -8812,7 +8812,7 @@ "name": "UserIdentityV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserIdentity", @@ -8924,7 +8924,7 @@ "name": "ProcessRollup2V16" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -9028,7 +9028,7 @@ "name": "RansomwareOpenFileV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RansomwareOpenFile", @@ -9160,7 +9160,7 @@ "name": "EndOfProcessV14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EndOfProcess", @@ -9253,7 +9253,7 @@ "name": "OoxmlFileWrittenV11" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OoxmlFileWritten", @@ -9339,7 +9339,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP6", @@ -9432,7 +9432,7 @@ "name": "AsepFileChangeMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AsepFileChange", @@ -9515,7 +9515,7 @@ "name": "UserLogonFailedV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLogonFailed", @@ -9608,7 +9608,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkConnectIP6", @@ -9698,7 +9698,7 @@ "name": "NewExecutableRenamedMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NewExecutableRenamed", @@ -9786,7 +9786,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP6", @@ -9868,7 +9868,7 @@ "name": "SuspiciousDnsRequestV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -9950,7 +9950,7 @@ "name": "FsVolumeMountedV6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FsVolumeMounted", @@ -10026,7 +10026,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NetworkListenIP4", @@ -10116,7 +10116,7 @@ "name": "HostedServiceStartedV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "HostedServiceStarted", @@ -10193,7 +10193,7 @@ "name": "HostedServiceStoppedV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "HostedServiceStopped", @@ -10271,7 +10271,7 @@ "name": "PdfFileWrittenV11" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PdfFileWritten", @@ -10369,7 +10369,7 @@ "name": "ProcessRollup2V18" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", @@ -10462,7 +10462,7 @@ "name": "UserIdentityMacV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserIdentity", @@ -10543,7 +10543,7 @@ "name": "HostInfoV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "HostInfo", @@ -10617,7 +10617,7 @@ "name": "GenericFileWrittenV11" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GenericFileWritten", @@ -10696,7 +10696,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FsVolumeUnmounted", @@ -10765,7 +10765,7 @@ "name": "FirewallDisabledMacV1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FirewallDisabled", @@ -10843,7 +10843,7 @@ "cid": "ffffffff30a3407dae27d0503611022ff" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2021-11-09T05:47:19.952Z", @@ -10918,7 +10918,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLogoff", @@ -11014,7 +11014,7 @@ "name": "ProcessRollup2V19" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ProcessRollup2", diff --git a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml index bbc76762b10..e6fc4b9d844 100644 --- a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml @@ -77,7 +77,7 @@ processors: ## ECS fields. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## Categorization. - script: diff --git a/packages/crowdstrike/data_stream/fdr/sample_event.json b/packages/crowdstrike/data_stream/fdr/sample_event.json index 3b961e03614..c86d599855f 100644 --- a/packages/crowdstrike/data_stream/fdr/sample_event.json +++ b/packages/crowdstrike/data_stream/fdr/sample_event.json @@ -31,7 +31,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 27f0b4e121e..7c0210ea229 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -278,7 +278,7 @@ An example event for `falcon` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", @@ -935,7 +935,7 @@ An example event for `fdr` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index e7c8b89340b..0b0fe0fc660 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.7.0" +version: "1.8.0" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: 1.0.0 diff --git a/packages/cyberark_pta/_dev/build/build.yml b/packages/cyberark_pta/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cyberark_pta/_dev/build/build.yml +++ b/packages/cyberark_pta/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cyberark_pta/changelog.yml b/packages/cyberark_pta/changelog.yml index aa8c14cef7a..7d5e914868d 100644 --- a/packages/cyberark_pta/changelog.yml +++ b/packages/cyberark_pta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.1.2" changes: - description: Remove duplicate fields. diff --git a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json index 4bd6f5bb2f6..5dcc3266bdb 100644 --- a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json +++ b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "26", diff --git a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json index 30b9835698d..791c675a9f0 100644 --- a/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json +++ b/packages/cyberark_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "1", diff --git a/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 8dc97742279..537b62cda60 100644 --- a/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CyberArk PTA processors: - set: field: ecs.version - value: '8.3.0' + value: '8.5.0' - set: field: event.action value: "{{cef.extensions.deviceCustomString5}}" diff --git a/packages/cyberark_pta/data_stream/events/sample_event.json b/packages/cyberark_pta/data_stream/events/sample_event.json index 5ad7e328727..24880fd7830 100644 --- a/packages/cyberark_pta/data_stream/events/sample_event.json +++ b/packages/cyberark_pta/data_stream/events/sample_event.json @@ -55,7 +55,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "61c2aa93-e34e-4412-bd9b-ce85257847de", diff --git a/packages/cyberark_pta/manifest.yml b/packages/cyberark_pta/manifest.yml index 204f9c7a43a..7e0ce6c389e 100644 --- a/packages/cyberark_pta/manifest.yml +++ b/packages/cyberark_pta/manifest.yml @@ -1,6 +1,6 @@ name: cyberark_pta title: Cyberark Privileged Threat Analytics -version: 0.1.2 +version: "0.2.0" release: beta license: basic description: Collect security logs from Cyberark PTA integration. diff --git a/packages/cyberarkpas/_dev/build/build.yml b/packages/cyberarkpas/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cyberarkpas/_dev/build/build.yml +++ b/packages/cyberarkpas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 7377142daa3..3b07642d73f 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.6.2" changes: - description: Remove duplicate field. diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json index a9e6abae195..848d0b12a61 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json index c301bc732e7..bc0671113e9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", @@ -358,7 +358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json index 42d1b2a59a6..59be90e0c8b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json @@ -26,7 +26,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json index 3826c3daa45..dd659975283 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rename file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json index 01741bab81e..fcd96a9d91e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rename file (cont.)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json index b1defe5824c..db4d4a1d380 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unlock file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json index 8397e92b3aa..a0960af8a45 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm disable password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json index 244c1c80fb8..e79a76b47f8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "get user's details", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json index a79cdfc23fa..4781cc20da3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -251,7 +251,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -485,7 +485,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -564,7 +564,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -643,7 +643,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add user", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json index 3a2f437a196..a3e21f506d8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json index 7fcb8f3e404..61d0dc8758b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add safe", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json index 5e3a73a8c81..c85e1f0a584 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add folder", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add folder", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json index dba0e2cd0a7..2968929adbb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -554,7 +554,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "full gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json index f5fc5d89bfe..2252b5623aa 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "partial gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json index 67e54f72933..f25675c4bd2 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "old backup files deletion start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json index 2b1de73353e..ca67c467afe 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "old backup files deletion end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json index 1566f423703..1c8557cf4ff 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json index 162709b750f..dcdc82a5194 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "action on closed safe", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "action on closed safe", @@ -136,7 +136,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "action on closed safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json index a48bd2b77b0..e0baed8f964 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json @@ -42,7 +42,7 @@ "domain": "radiussrv.cyberark.local" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm change password", @@ -136,7 +136,7 @@ "domain": "components" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm change password", @@ -239,7 +239,7 @@ "domain": "components" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm change password", @@ -343,7 +343,7 @@ "domain": "components" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm change password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json index 2a7aa7cf2a7..ea1cf2115d5 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add/update group", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add/update group", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add/update group", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add/update group", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json index ca82c2fe529..32c1a617460 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -396,7 +396,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -459,7 +459,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -586,7 +586,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -650,7 +650,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -714,7 +714,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -778,7 +778,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json index 6743ee6780c..7063653d0c1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json index 3ee623c1004..01c6a6ccd85 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json index e1bb3b2ae78..da79510a843 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add rule", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json index 52233d537f1..ea5e9a6d5a7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear users history start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear users history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json index 1d3d8021b09..b45f99f2b24 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear users history end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear users history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json index 11d94cded11..078357ffddc 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear safes history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json index 7091d048ad4..d41508a9a4c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "auto clear safes history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json index 2bd065b3e51..1b8cd0e8677 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -90,7 +90,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -449,7 +449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -517,7 +517,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -596,7 +596,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", @@ -674,7 +674,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json index af6d7f96042..151b5fe22d3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -219,7 +219,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -410,7 +410,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -510,7 +510,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -600,7 +600,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -979,7 +979,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json index 252cfb68ff4..66e84a26886 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -387,7 +387,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -621,7 +621,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -861,7 +861,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1250,7 +1250,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1379,7 +1379,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1504,7 +1504,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1629,7 +1629,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1763,7 +1763,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -1897,7 +1897,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm connect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json index 1ec873ae3c1..7ae61bfcf8e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -156,7 +156,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -632,7 +632,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -876,7 +876,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1009,7 +1009,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1402,7 +1402,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1656,7 +1656,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1792,7 +1792,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", @@ -1928,7 +1928,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm disconnect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json index 32baa53d33d..5404f206cdb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "psm upload recording", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json index 78c99e247ad..5301834595c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -351,7 +351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -458,7 +458,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -672,7 +672,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -1025,7 +1025,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", @@ -1148,7 +1148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "use password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json index 0f94b53ec3b..b0008bdab33 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", @@ -95,7 +95,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", @@ -254,7 +254,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", @@ -338,7 +338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json index fbf0af032f8..8074a38ed05 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json @@ -44,7 +44,7 @@ "domain": "dbserver.cyberark.local" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json index b08a5c03ade..453ca6e25db 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor dr replication start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor dr replication start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json index f00aca8dff0..e66efdeca20 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor dr replication end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor dr replication end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json index a5ca3d6f147..4d648170c9e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reset user password detailed information", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json index 14e8b03e4e3..ff736c2a39f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reset user password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json index d5a69f4a66f..0cd573e2f5d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -179,7 +179,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -260,7 +260,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -422,7 +422,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -503,7 +503,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -584,7 +584,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -827,7 +827,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -908,7 +908,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -989,7 +989,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -1151,7 +1151,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json index 519bd37a273..91f85eed1e4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm auto-detection start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json index 98897757ae3..e1d3def0ab6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm auto-detection end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json index cd29db3b91e..a3082d33e06 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json index 4e8235d4901..292a87110ed 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor license expiration date start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json index a31ac735615..bed38559567 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor license expiration date end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json index 42d7542c9b1..d2c07772ca3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor fw rules start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor fw rules start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json index 93c4fd309a9..50a36896cbb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor fw rules end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "monitor fw rules end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json index 00cfa39870d..759aae694f1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -766,7 +766,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -884,7 +884,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -1002,7 +1002,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", @@ -1120,7 +1120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sql command", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json index 40154cdc68a..565d724dda4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -164,7 +164,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -426,7 +426,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -693,7 +693,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", @@ -829,7 +829,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json index 44e1d053978..4af337b57ed 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -640,7 +640,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -749,7 +749,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1076,7 +1076,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1188,7 +1188,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1412,7 +1412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json index 7fb7461c54c..65d7d21f0c0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json @@ -23,7 +23,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blservice audit record", @@ -86,7 +86,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blservice audit record", @@ -149,7 +149,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blservice audit record", @@ -212,7 +212,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blservice audit record", @@ -275,7 +275,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blservice audit record", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json index f86e0e151dc..3d351bd514e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", @@ -96,7 +96,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json index 3894b8e7cbe..fe69ef8635b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "window title", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json index 116d5c6c2d1..2561ccbcc0e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json index fe559c1becf..0d7aa0d1b62 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm verify ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json index 5aa17213a8c..2a70445390a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json index 34da2398fc7..40b4cdd9456 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve ssh key", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve ssh key", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json index 56b12dde662..09a16742885 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create discovery succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json index af6c0c6a6c6..a4cc5239bec 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "general audit", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "general audit", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "general audit", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json index 205ba63b166..2047aa36096 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "the component public key for jwt authentication was updated", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json index 68086e9785a..94f0b0af747 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json index 2d8d3c2a173..d5d6cc3a98c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update existing add account bulk operation succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json index 11855876a99..2b2f1d6f28e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", @@ -337,7 +337,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "store file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json index 43ce81225e4..54b95f46e29 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve file", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json index 17e6461b245..0c1d99ece4d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json @@ -31,7 +31,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -106,7 +106,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -372,7 +372,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -445,7 +445,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -518,7 +518,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -595,7 +595,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", @@ -672,7 +672,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json index f27d24ded04..46c27cf01ab 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json @@ -54,7 +54,7 @@ "domain": "rhel7.cybr.com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm change password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json index 43110ded512..8ab97ee004a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "clear safe history", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "clear safe history", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "clear safe history", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json index 0ddffd4f496..72d4023f681 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json @@ -54,7 +54,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -172,7 +172,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -288,7 +288,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -406,7 +406,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -524,7 +524,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -641,7 +641,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -760,7 +760,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -877,7 +877,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", @@ -997,7 +997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cpm reconcile password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json index 62cf8291b7d..6d54f19e696 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -84,7 +84,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -216,7 +216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -283,7 +283,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -413,7 +413,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create file version", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json index a5c31739592..27ea5a60d40 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.2.0.3" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -417,7 +417,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -492,7 +492,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -576,7 +576,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -655,7 +655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -805,7 +805,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json index e7169fc0500..59e44a79ca4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -727,7 +727,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -812,7 +812,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -959,7 +959,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", @@ -1049,7 +1049,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logoff", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json index 6a09a4b7008..34c12e7b99c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -118,7 +118,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -635,7 +635,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -759,7 +759,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -945,7 +945,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", @@ -1007,7 +1007,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "set password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json index 2bb8aa594e1..d802d78a837 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "open file (write only)", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "open file (write only)", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "open file (write only)", @@ -213,7 +213,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "open file (write only)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json index 8a60664d4e0..6340c2592c5 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "open file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json index 72cb42efe91..363b69182de 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json index c9659ded41c..1fe4bdf6494 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "retrieve file", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 6ef36b3b734..899571e357c 100644 --- a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: # - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # # Set event.original from message, unless reindexing. diff --git a/packages/cyberarkpas/data_stream/audit/sample_event.json b/packages/cyberarkpas/data_stream/audit/sample_event.json index 2d0ff03f012..5d2effae1c2 100644 --- a/packages/cyberarkpas/data_stream/audit/sample_event.json +++ b/packages/cyberarkpas/data_stream/audit/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/docs/README.md b/packages/cyberarkpas/docs/README.md index da946f83a3e..537db6cd7a2 100644 --- a/packages/cyberarkpas/docs/README.md +++ b/packages/cyberarkpas/docs/README.md @@ -68,7 +68,7 @@ An example event for `audit` looks as following: } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index c6fea8c7325..e8ed784e5fc 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: 2.6.2 +version: "2.7.0" release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration diff --git a/packages/cylance/_dev/build/build.yml b/packages/cylance/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/cylance/_dev/build/build.yml +++ b/packages/cylance/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index 07e13dff067..e03852bda52 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.10.2" changes: - description: Remove duplicate fields. diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json index 202c933dfc4..f03e1ae2b49 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "29-January-2016 06:09:59 high boNemoe4402.www.invalid dolore \u003c\u003csequa\u003eabo 2016-1-29T6:09:59.squira nostrud4819.mail.test CylancePROTECT mqui nci [billoi] Event Type: AuditLog, Event Name: ZoneAdd, Message: Policy Assigned:orev; Devices: pisciv , User: uii umexe (estlabo)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-2-12T1:12:33.olupt volup208.invalid CylancePROTECT eosquir orsi [nulapari] Event Type: AuditLog, Event Name: LoginSuccess, Message: Devices: vol, User: luptat isiutal (moenimi)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "26-Feb-2016 8:15:08 very-high anonnu410.internal.home aqu \u003c\u003cutper\u003esquame 26T20:15:08.ntex eius6159.www5.localhost CylancePROTECT Event Name:Alert, Device Message: Device: aer User: ),lupt (tia oloremqu Zone Names: temvel Device Id: iatu", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-3-12T3:17:42.ceroinBC ratvolup497.www.corp CylancePROTECT ionofde con [uia] Event Type: AuditLog, Event Name: SystemSecurity, Message: ommodic, User: mipsu consec (taliquip)", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-3-26T10:20:16.gelit tatno5625.api.local CylancePROTECT taev roidents [oluptas] Event Type: AuditLog, Event Name: Alert, Message: Source: taliqu; SHA256: ommod; Reason: failure, User: tur aperi (iveli)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uatDuis 2016-4-9T5:22:51.ude maveniam1399.mail.lan CylancePROTECT siutaliq exercit [tempor] Event Type: omnis, Event Name: SystemSecurity, Device Name: eip, Agent Version: lupta, IP Address: (10.124.61.119), MAC Address: (01:00:5e:dc:bb:8b), Logged On Users: (occ), OS: ect Zone Names: reetdolo", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "24-Apr-2016 12:25:25 low lor340.mail.local natura \u003c\u003caboris\u003eima 24T00:25:25.tanimi nimadmin6499.local CylancePROTECT Event Name:Device Policy Assigned, Device Message: Device: dexe User: ),urerep (aquaeab liqu Zone Names: lorem Device Id: emq", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ari 2016-5-8T7:27:59.equun suntinc4934.www5.test CylancePROTECT ipis gelits [tatevel] Event Type: AuditLog, Event Name: ThreatUpdated, Message: Policy: uptatev; SHA256: uovol, User: )dmi (olab mquisnos", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "22-May-2016 14:30:33 medium tvol457.internal.local inim \u003c\u003cema\u003eroinBCSe 2016-5-22T2:30:33.onse tae1382.mail.localhost CylancePROTECT oluptate ofdeF tion Event Type: orsitame, Event Name: threat_quarantined, Threat Class: lit, Threat Subclass: iam, SHA256: qua, MD5: umdo", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-6-5T9:33:08.eniam reetdolo2451.www.example CylancePROTECT rumet oll [erc] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: llam, File Path: aspern, Interpreter: itlabori, Interpreter Version: 1.2344, Zone Names: ollit, User Name: usan", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "olo 2016-6-20T4:35:42.uaera sitas4259.mail.corp CylancePROTECT atquovo iumto aboreetd Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Zone: dun; Policy: enim; Value: saute, User: vel quu (undeo)", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-7-4T11:38:16.isqu uis7612.www5.domain CylancePROTECT llumquid tation [ips] Event Type: emeumfug, Event Name: Registration, emporinc", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cup 2016-7-18T6:40:50.boNemoen uid7309.api.domain CylancePROTECT uradi aborumSe luptat Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: Policy: antiumto, User: strude ctetura (usmod)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2-Aug-2016 1:43:25 high fugit7668.www5.invalid lupt \u003c\u003cxea\u003equa 2T01:43:25.luptatev admi3749.api.lan CylancePROTECT Event Name:DeviceRemove, Device Message: Device: tinvol; Zones Removed: dolore; Zones Added: abor, User: iqui etc (etM), Zone Names:nimadmin Device Id: ditautfu", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-8-16T8:45:59.ostr rudexerc703.internal.host CylancePROTECT itaut imaven [liqua] Event Type: ScriptControl, Event Name: fullaccess, Device Name: onproide, File Path: Nemoen, Interpreter: tfug, Interpreter Version: 1.5383 (ccu), Zone Names: urE, User Name: isaute", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eomnisis 2016-8-30T3:48:33.mqui civeli370.www5.local CylancePROTECT sunt stl tdolorem Event Type: AuditLog, Event Name: Alert, Message: The Device: picia was auto assigned to the Zone: IP Address: Fake Devices, User: mUtenima emaperi ()tame", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2016/09/13 22:51:07 ivelits712.api.example CylancePROTECT Event Type: AppControl, etdolo inv [agnaali] Event Type: AppControl, Event Name: threat_found, Device Name: sequatur, IP Address: (10.199.98.186), Action: cancel, Action Type: nihi, File Path: Lor, SHA256: itecto, Zone Names: erc", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "olupt 2016-9-28T5:53:42.modoco estqu1709.internal.example CylancePROTECT ostrume molest [upt] Event Type: Threat, Event Name: LoginSuccess, Device Name: uasia, IP Address: (10.64.70.5), File Name: ici, Path: giatquov, Drive Type: eritquii, SHA256: dexeac, MD5: iscinge, Status: atvol, Cylance Score: 145.898000, Found Date: uames, File Type: tati, Is Running: utaliqu, Auto Run: oriosamn, Detected By: deFinibu, Zone Names: iadese, Is Malware: imidest, Is Unique To Cylance: emagnama, Threat Classification: eprehend", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016-10-12T12:56:16.suntinc xeac7155.www.localdomain CylancePROTECT taliq intoccae [ents] Event Type: pida, Event Name: Alert, Device Name: idolor, Agent Version: emeumfu, IP Address: (10.143.239.210), MAC Address: (01:00:5e:93:1c:9f), Logged On Users: (oinBCSe), OS: mnisist Zone Names: sedd", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ipitla 2016-10-26T7:58:50.quae maccusa5126.api.domain CylancePROTECT idex xerci [aqu] Event Type: ExploitAttempt, Event Name: Alert, Device Name: olorema, IP Address: (10.32.143.134), Action: accept, Process ID: 2289, Process Name: aliqu.exe, User Name: olupta, Violation Type: mipsumd, Zone Names: eFinib", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10-Nov-2016 3:01:24 low eav3687.internal.local siar \u003c\u003corev\u003eiamquis 10T03:01:24.quirat llu4718.localhost CylancePROTECT Event Name:DeviceEdit, Device Name:conseq, External Device Type:oidentsu, External Device Vendor ID:atiset, External Device Name:atu, External Device Product ID:umexerci, External Device Serial Number:ern, Zone Names:psaquae", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 24 10:03:59 doloremi7402.www.test CylancePROTECT Event Type:stquidol, Event Name:DeviceRemove, Device Message: Device: leumiu; Policy Changed: namali to 'taevit', User: rinrepre etconse (tincu), Zone Names:ari, Device Id: exercit", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "8-December-2016 17:06:33 very-high occae1180.internal.localhost aquaeabi \u003c\u003clita\u003eadeseru 2016-12-8T5:06:33.emoe eaq908.api.home CylancePROTECT itame intoc [oluptas] Event Type: tNequepo, Event Name: ZoneAddDevice, Device Name: luptasn, Zone Names:equat", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ihilmole 2016-12-23T12:09:07.eriamea amre146.mail.host CylancePROTECT pisciv iquidex radipisc Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Policy: nti; SHA256: abi; Category: sectetur, User: )uioffi (oru temqu", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ommodico 2017-1-6T7:11:41.quatD mcolab379.internal.home CylancePROTECT tsedqu agnid [proide] Event Type: ScriptControl, Event Name: DeviceRemove, Device Name: tper, File Path: olor, Interpreter: Neque, Interpreter Version: 1.4129 (xerc), Zone Names: iutali, User Name: fdeFi", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 20 2:14:16 tasuntex5037.www.corp CylancePROTECT Event Type:boN, Event Name:threat_quarantined, Device Name:ectio, Agent Version:dutper, IP Address: (10.237.205.140), MAC Address: (01:00:5e:3f:c4:6c), Logged On Users: (uames), OS:iduntu, Zone Names:veniam", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "3-Feb-2017 9:16:50 very-high reme622.mail.example isnisiu \u003c\u003cbore\u003etsu 3T21:16:50.tcons sciun4694.api.lan CylancePROTECT Event Name:LoginSuccess, Device Message: Device: nsect User: ),idata (rumwritt magnid Zone Names: enderit Device Id: untex", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "paquioff 2017-2-18T4:19:24.mquisnos maven3758.www.invalid CylancePROTECT labor didunt uptatema Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: udan, IP Address: (10.74.104.215), Action: cancel, Process ID: 7410, Process Name: mveleu.exe, User Name: nofdeFin, Violation Type: sequam, Zone Names: temvel", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "4-Mar-2017 11:21:59 medium tvolu3997.mail.home eiu \u003c\u003cntiumdo\u003eautfu 4T11:21:59.gnaaliq mni7200.mail.localdomain CylancePROTECT Event Name:pechange, Device Name:idolor, Zone Names:uisau, Device Id: eleum", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 18 6:24:33 ate4627.localdomain CylancePROTECT Event Type:officiad, Event Name:Device Policy Assigned, Message: The Device:quinescwas auto assigned to Zone:madmi, User:tur", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2-April-2017 01:27:07 very-high orem6702.invalid tev \u003c\u003csaute\u003entocca 2017-4-2T1:27:07.ostru ntoccae1705.internal.invalid CylancePROTECT temquiav equatu [upta] Event Type: ScriptControl, Event Name: Alert, Device Name: sBon, File Path: orro, Interpreter: tae, Interpreter Version: 1.3212, Zone Names: tlab, User Name: aperiame", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "16-Apr-2017 8:29:41 high tobea2364.internal.localhost itinvol \u003c\u003ceavolup\u003efugiatn 16T08:29:41.docon etconsec6708.internal.invalid CylancePROTECT Event Name:PolicyAdd, Device Name:ersp, External Device Type:tquov, External Device Vendor ID:diconseq, External Device Name:inven, External Device Product ID:osquira, External Device Serial Number:tes, Zone Names:mquame", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-4-30T3:32:16.squirati Sedutp7428.internal.home CylancePROTECT utlabor itessequ [porro] Event Type: AuditLog, Event Name: PolicyAdd, Message: Zone: iquipe; Policy: itempor; Value: quin, User: upida tvolupt (eufugi)", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uamni 2017-5-14T10:34:50.ctet ati4639.www5.home CylancePROTECT archite loreme [untu] Event Type: AuditLog, Event Name: Alert, Message: Device: ven; User: con nisist (usmodte)", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-5-29T5:37:24.eturadi torever662.www5.home CylancePROTECT quam sumdolor [meaqueip] Event Type: AuditLog, Event Name: PolicyAdd, Message: The Device: pexe was auto assigned to the Zone: IP Address: 10.70.168.240, User: amcol adeser ()oin", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "12-June-2017 12:39:58 medium meius3932.internal.example ccaeca \u003c\u003cumdolo\u003euptate 2017-6-12T12:39:58.amc cusant1701.api.localdomain CylancePROTECT siutaliq dutp psaquaea Event Type: taevita, Event Name: DeviceRemove, Device Name: siut, Agent Version: tconsect, IP Address: (10.190.175.158), MAC Address: (01:00:5e:45:8b:97), Logged On Users: (ditemp), OS: edqui", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "26-June-2017 19:42:33 very-high rnatu2805.www.home enderi \u003c\u003cmquisno\u003eodoconse 2017-6-26T7:42:33.quamqua eacommod1930.internal.lan CylancePROTECT tpersp stla uptatema Event Type: AuditLog, Event Name: fullaccess, Message: Device: uradi; SHA256: tot; Category: llamco, User: )nea (psum tasnulap", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-7-11T2:45:07.oremipsu emeumfug4387.internal.lan CylancePROTECT uidol litani [utodita] Event Type: AuditLog, Event Name: Alert, Message: Device: untincul; SHA256: iduntu, User: )ccaeca (niamq lapariat", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uat 2017-7-25T9:47:41.tiaec rumwrit764.www5.local CylancePROTECT edquiac urerepr [eseru] Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: etMal, External Device Type: qua, External Device Vendor ID: rsita, External Device Name: ate, External Device Product ID: ipsamvo, External Device Serial Number: onula, Zone Names: miu", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 8 4:50:15 mex2054.mail.corp CylancePROTECT Event Type:luptat, Event Name:SyslogSettingsSave, Message: Provider:ica, Source IP:10.13.66.97, User: dicta taedicta (ritt)#015", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-8-22T11:52:50.dictasun veniamqu7284.mail.invalid CylancePROTECT nte mvel nof Event Type: AuditLog, Event Name: DeviceEdit, Message: The Device: tetur was auto assigned to the Zone: IP Address: Fake Devices, User: ()xce", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "6-September-2017 06:55:24 high isiu5733.api.domain etdolor \u003c\u003clupta\u003exeaco 2017-9-6T6:55:24.nvolupt oremi1485.api.localhost CylancePROTECT iosa boNemoe [onsequ] Event Type: AuditLog, Event Name: threat_quarantined, Message: SHA256: amvolupt; Reason: success, User: atisund xea (ites)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eri 2017-9-20T1:57:58.quunt olori416.api.test CylancePROTECT elit cidunt plica Event Type: ExploitAttempt, Event Name: Alert, Device Name: exeaco, IP Address: (10.31.190.145), Action: cancel, Process ID: 5530, Process Name: accusant.exe, User Name: onse, Violation Type: admin, Zone Names: stenatu", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "4-Oct-2017 9:00:32 high nvol6269.internal.local tla \u003c\u003citem\u003enimid 4T21:00:32.dat periam126.api.host CylancePROTECT Event Name:threat_found, Threat Class:rExc, Threat Subclass:iusmo, SHA256:tame, MD5:naaliq", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "19-October-2017 04:03:07 medium toccaec7645.www5.home psaqua \u003c\u003cullamcor\u003eitationu 2017-10-19T4:03:07.proident maliquam2147.internal.home CylancePROTECT lores ritati orisni Event Type: DeviceControl, Event Name: PolicyAdd, Device Name: estl, External Device Type: sitam, External Device Vendor ID: orem, External Device Name: rcit, External Device Product ID: llamco, External Device Serial Number: atu, Zone Names: untincul", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iuntNe 2017-11-2T11:05:41.atise tate6578.api.localdomain CylancePROTECT emvele isnost [olorem] Event Type: Threat, Event Name: PolicyAdd, Device Name: yCiceroi, IP Address: (10.252.165.146), File Name: iquamqua, Path: sit, Drive Type: rumSect, SHA256: ita, MD5: vitaed, Status: exeaco, Cylance Score: 51.523000, Found Date: mven, File Type: olorsit, Is Running: tore, Auto Run: elits, Detected By: consequa, Zone Names: turadip, Is Malware: tatevel, Is Unique To Cylance: boreetdo, Threat Classification: undeom", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-11-16T6:08:15.uov itlab6956.mail.local CylancePROTECT loremqu tetur amvo Event Type: siuta, Event Name: threat_changed, Device Name: ommodo, Agent Version: uptat, IP Address: (10.105.46.101, tatione), MAC Address: (01:00:5e:de:32:2c, ori), Logged On Users: (tconsect), OS: rum", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-12-1T1:10:49.ugiatn midestl1919.host CylancePROTECT cingel modocon [ipsu] Event Type: ntNeq, Event Name: Device Policy Assigned, Device Name: aUt, Agent Version: boNem, IP Address: (10.124.88.222), MAC Address: (01:00:5e:f9:78:c2), Logged On Users: (onu), OS: liquaUte", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ria 2017-12-15T8:13:24.atDu nsec923.internal.local CylancePROTECT agnaaliq tlaboree norumet Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: mod, IP Address: (10.28.120.149), Action: deny, Process ID: 3916, Process Name: tinvolup.exe, User Name: tsed, Violation Type: inv, Zone Names: rroq", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017-12-29T3:15:58.mipsamvo eiusmod3517.internal.invalid CylancePROTECT oreveri ehende [eaqueip] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: olup; SHA256: labor, User: )dol (sciun metcons", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "12-January-2018 22:18:32 high asnu3806.api.lan tamet \u003c\u003cperspici\u003eationul 2018/01/12T22:18:32.mquisn queips4947.mail.example CylancePROTECT molestia quir eavolup Event Type: AppControl, Event Name: Registration, Device Name: labore, IP Address: (10.165.16.231), Action: accept, Action Type: uto, File Path: iuntNequ, SHA256: esseq, Zone Names: aincidun", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "27-January-2018 05:21:06 low oloreseo5039.test derit \u003c\u003corese\u003edolor 2018-1-27T5:21:06.econs ntexpl3889.www.home CylancePROTECT yCic nder [mdolore] Event Type: Cic, Event Name: DeviceRemove, Device Name: saqu, Agent Version: iscive, IP Address: (10.156.34.19), MAC Address: (01:00:5e:54:ab:3f), Logged On Users: (imveni), OS: ariaturE Zone Names: stquid", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ree 2018-2-10T12:23:41.saquaea ation6657.www.home CylancePROTECT iatqu lorsi repreh Event Type: AuditLog, Event Name: Registration, Message: sitamet, User: utlabo tetur (tionula)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "24-Feb-2018 7:26:15 very-high idolor3916.www5.home tas \u003c\u003cautfugi\u003etasun 24T19:26:15.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "llam 2018-3-11T2:28:49.cti aparia1179.www.localdomain CylancePROTECT rever ore offici Event Type: AuditLog, Event Name: DeviceEdit, Message: Devices: metco, User: acom ceroinB (nim)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "25-March-2018 09:31:24 medium taliqui5348.mail.localdomain loremag \u003c\u003ctcu\u003eiatqu 2018-3-25T9:31:24.inBCSedu erspi5757.local CylancePROTECT suntex iacons [occaec] Event Type: DeviceControl, Event Name: LoginSuccess, Device Name: uov, External Device Type: quaeab, External Device Vendor ID: fici, External Device Name: imve, External Device Product ID: quide, External Device Serial Number: quaU, Zone Names: undeomni", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "liquid 2018-4-8T4:33:58.enim Finibus1411.www5.corp CylancePROTECT xea taed umdolo Event Type: AuditLog, Event Name: fullaccess, Message: Policy Assigned:rroqu; Devices: dquiaco , User: nibus vitaed (ser)", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 22 11:36:32 upt7879.www5.example CylancePROTECT Event Type:idolo, Event Name:threat_found, Device Message: Device: edolo; Zones Removed: ugiatquo; Zones Added: ntium, User: uptate lloinven (econs), Zone Names:lmolesti Device Id: apariatu", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2018/05/07 06:39:06 erspi4926.www5.test CylancePROTECT Event Type: AppControl, incidid quin [autemv] Event Type: AppControl, Event Name: PolicyAdd, Device Name: fugits, IP Address: (10.153.34.43), Action: allow, Action Type: acommo, File Path: isi, SHA256: culpaq, Zone Names: saute", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018-5-21T1:41:41.abor magnid3343.home CylancePROTECT tesseq niam [pernat] Event Type: DeviceControl, Event Name: threat_found, Device Name: gitse, External Device Type: ugitse, External Device Vendor ID: quiineav, External Device Name: billoinv, External Device Product ID: sci, External Device Serial Number: col, Zone Names: obea", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "4-Jun-2018 8:44:15 high uptatem4483.localhost inrepr \u003c\u003cmol\u003eumdolors 4T20:44:15.dolori asperna7623.www.home CylancePROTECT Event Name:ThreatUpdated, Message: Device:dexewas auto assigned to Zone:tat, User:onproide", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "riosa 2018-6-19T3:46:49.tNe pisc3553.internal.home CylancePROTECT rautod olest eataev Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: ritati, IP Address: (10.43.110.203), Action: allow, Process ID: 1359, Process Name: nim.exe, User Name: ame, Violation Type: amvolu, Zone Names: mip", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "3-July-2018 10:49:23 medium iame4937.local tiumd \u003c\u003cntmoll\u003emexer 2018/07/03T10:49:23.estla uipexe7153.api.corp CylancePROTECT saqu remips illoi Event Type: AppControl, Event Name: ZoneAdd, Device Name: abori, IP Address: (10.127.20.244), Action: block, Action Type: uelauda, File Path: ema, SHA256: odi, Zone Names: ptatems", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nde 2018-7-17T5:51:58.abillo undeom845.www5.example CylancePROTECT quaer eetdo [tlab] Event Type: ScriptControl, Event Name: LoginSuccess, Device Name: liq, File Path: seddoeiu, Interpreter: nse, Interpreter Version: 1.3421, Zone Names: quira, User Name: tassita", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 1 12:54:32 atis6201.internal.invalid CylancePROTECT Event Type:nisiut, Event Name:threat_changed, Message: Device:quirawas auto assigned to Zone:rror, User:tatema", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "15-August-2018 07:57:06 low tperspic7591.www.lan ict \u003c\u003csquirati\u003etem 2018-8-15T7:57:06.mestq ura675.mail.localdomain CylancePROTECT eleumiu uei Nequepo Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: seddo, External Device Type: uam, External Device Vendor ID: orumSec, External Device Name: nisiuta, External Device Product ID: stiaecon, External Device Serial Number: dol, Zone Names: sumquiad", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "29-August-2018 14:59:40 high oeni179.api.localhost gna \u003c\u003cisiutali\u003elumqu 2018-8-29T2:59:40.onulamco ons5050.mail.test CylancePROTECT unt tass [tiumdol] Event Type: Threat, Event Name: threat_quarantined, Device Name: mquiad, IP Address: (10.48.209.115), File Name: psa, Path: nculpaq, Drive Type: reseosqu, SHA256: sequat, MD5: lor, Status: ccaec, Cylance Score: 75.498000, Found Date: ommo, File Type: iame, Is Running: laudanti, Auto Run: umiurer, Detected By: rere, Zone Names: cta, Is Malware: aevi, Is Unique To Cylance: uameiusm, Threat Classification: adm", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "12-September-2018 22:02:15 medium mnihilm1903.internal.host ditautf \u003c\u003citametc\u003eori 2018-9-12T10:02:15.uamqu olori4584.mail.domain CylancePROTECT sunt autfugit emUte Event Type: AuditLog, Event Name: ThreatUpdated, Message: Zone: nturmag; Policy: tura; Value: osquirat, User: equat aliquid (usantiu)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "27-Sep-2018 5:04:49 very-high trudex4443.www5.localhost lor \u003c\u003cxplic\u003eeseruntm 27T05:04:49.lpaquiof oloreeu7597.mail.home CylancePROTECT Event Name:PolicyAdd, Device Name:nula, Agent Version:quiacons, IP Address: (10.7.99.47), MAC Address: (01:00:5e:e8:41:ae), Logged On Users: (evolupta), OS:teturadi, Zone Names:ditau", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "hend 2018-10-11T12:07:23.eacommo ueip5847.api.test CylancePROTECT umd sciveli [dolorem] Event Type: sed, Event Name: Device Updated, Threat Class: Nemoenim, Threat Subclass: usm, SHA256: labori, MD5: porai", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ostr 2018-10-25T7:09:57.sec uid3520.www.home CylancePROTECT eFini ectob [mrema] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: prehend, File Path: eufug, Interpreter: roquisq, Interpreter Version: 1.989 (est), Zone Names: civelits, User Name: ici", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 9 2:12:32 miurerep3693.mail.localhost CylancePROTECT Event Type:iduntu, Event Name:SyslogSettingsSave, Device Name:inibusB, Zone Names:nostrud", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 23 9:15:06 esse3795.www.host CylancePROTECT Event Type:pariatur, Event Name:SyslogSettingsSave, Message: The Device:imaveniawas auto assigned to Zone:expli, User:ugiat", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "bore 2018-12-7T4:17:40.ptate teir7585.www5.localdomain CylancePROTECT quu xeac [llitanim] Event Type: AuditLog, Event Name: SystemSecurity, Message: Devices: oreverit, User: scip Finibus (Utenimad)", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 21 11:20:14 hen1901.example CylancePROTECT Event Type:ali, Event Name:SyslogSettingsSave, Device Name:quunt, External Device Type:itasp, External Device Vendor ID:qui, External Device Name:equeporr, External Device Product ID:met, External Device Serial Number:volup, Zone Names:ptate, Device Id: entsu, Policy Name: conse", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 5 6:22:49 mag4267.www.test CylancePROTECT Event Type:atura, Event Name:Alert, Device Message: Device: oreeu User: ),nvo (iamqui tassita Zone Names: colabori Device Id: imidestl", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-1-19T1:25:23.minimve serrorsi1096.www5.localdomain CylancePROTECT lamco cit [siar] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: The Device: reetdo was auto assigned to the Zone: IP Address: Fake Devices, User: ()ever", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "quiav 2019-2-2T8:27:57.mse prehen4807.mail.invalid CylancePROTECT liqua ariatur [labo] Event Type: DeviceControl, Event Name: SystemSecurity, Device Name: remq, External Device Type: unt, External Device Vendor ID: tla, External Device Name: arch, External Device Product ID: lite, External Device Serial Number: ugia, Zone Names: meum", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 17 3:30:32 nvolupta126.www.domain CylancePROTECT Event Type:quas, Event Name:threat_found, Device Name:orp, File Path:ender, Interpreter:dico, Interpreter Version:1.5848, Zone Names:Utenima, User Name: olore", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "3-March-2019 10:33:06 medium radip4253.www.corp gna \u003c\u003cici\u003equamnih 2019-3-3T10:33:06.asnulap yCiceroi5998.mail.home CylancePROTECT inc tect uiad Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: roinBCSe, External Device Type: maperiam, External Device Vendor ID: mSec, External Device Name: smoditem, External Device Product ID: tatisetq, External Device Serial Number: uidolo, Zone Names: umdolore", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-3-17T5:35:40.abori sit1400.www.lan CylancePROTECT ames amni [tatio] Event Type: AuditLog, Event Name: ZoneAdd, Message: Zone: ntsunti; Policy: borios; Value: ani, User: uid idatat (onev)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iosamni 2019-4-1T12:38:14.idu sis3986.internal.lan CylancePROTECT tsedquia its umdolor Event Type: isiu, Event Name: Device Policy Assigned, Device Name: mmodi, Agent Version: snostr, IP Address: (10.232.90.3), MAC Address: (01:00:5e:e6:a6:a2), Logged On Users: (midestl), OS: nci", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "hilmole 2019-4-15T7:40:49.sequ sectetu7182.localdomain CylancePROTECT dolor lorumwri [amnihil] Event Type: orissus, Event Name: Device Updated, uido", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-4-29T2:43:23.itse officiad4982.www5.domain CylancePROTECT lumqui quiavolu [upta] Event Type: AuditLog, Event Name: ZoneAdd, Message: Device: umtota; User: etdolore magnaa (sumquiad)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-5-13T9:45:57.Duisa consequa1486.internal.localdomain CylancePROTECT aevitaed byCic [leumiur] Event Type: ptatemse, Event Name: pechange, Threat Class: quaeratv, Threat Subclass: involu, SHA256: tobeata, MD5: nesciun", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "onorumet 2019-5-28T4:48:31.ptatema eavolup6981.www5.example CylancePROTECT psaquaea rchit psumq Event Type: DeviceControl, Event Name: threat_changed, Device Name: lum, External Device Type: xerc, External Device Vendor ID: ctetura, External Device Name: msequ, External Device Product ID: nvol, External Device Serial Number: enimadmi, Zone Names: tateveli", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-6-11T11:51:06.oremip its6443.mail.example CylancePROTECT natuserr ostrudex [nse] Event Type: miurere, Event Name: fullaccess, Device Name: tlabo, Agent Version: tatemse, IP Address: (10.139.80.71), MAC Address: (01:00:5e:bc:c1:21), Logged On Users: (orem), OS: eniamqui", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "25-June-2019 18:53:40 high tnulapa7580.www.domain adeser \u003c\u003cuasiarc\u003edoeiu 2019-6-25T6:53:40.onsectet dentsunt6061.www5.home CylancePROTECT tobeata imven onnumqua Event Type: quioff, Event Name: SyslogSettingsSave, Device Names: (upt), Policy Name: atatnonp, User: nvol dtemp (mquis)", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10-July-2019 01:56:14 medium midest133.www5.example tocca \u003c\u003corsitvol\u003entor 2019-7-10T1:56:14.oinBCSed oid218.api.invalid CylancePROTECT roquisqu ariat midestl Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: mcorpori, User: mqu pteursi (orsitam)", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "totamre 2019-7-24T8:58:48.rpo velites4233.internal.home CylancePROTECT uisaute uun end Event Type: odocons, Event Name: Alert, Threat Class: asp, Threat Subclass: dexercit, SHA256: amn, MD5: itessequ", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "7-August-2019 16:01:23 low sumd3215.test aUtenima \u003c\u003cturQuis\u003etaevi 2019-8-7T4:01:23.uames tconsec7604.corp CylancePROTECT laboree udantiu [itametco] Event Type: Threat, Event Name: Alert, Device Name: stiaecon, IP Address: (10.223.246.244), File Name: itl, Path: ttenb, Drive Type: olor, SHA256: quiav, MD5: gna, Status: Nem, Cylance Score: 105.845000, Found Date: lors, File Type: oluptat, Is Running: enimad, Auto Run: tis, Detected By: qua, Zone Names: con, Is Malware: tore, Is Unique To Cylance: sequatD, Threat Classification: ercitati", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "21-Aug-2019 11:03:57 high oeiusmo5035.api.local tconse \u003c\u003crem\u003etseddoei 21T23:03:57.teursint etMa3452.www5.test CylancePROTECT Event Name:threat_found, Device Name:nturmag, File Path:uredol, Interpreter:maliqua, Interpreter Version:1.4613, Zone Names:mquia, User Name: omnisi, Device Id: etMalor, Policy Name: mco", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "5-September-2019 06:06:31 high taspe1205.mail.domain cti \u003c\u003commodoc\u003ense 2019-9-5T6:06:31.mveniam tuser2694.internal.invalid CylancePROTECT tlaboru aeabillo [ciad] Event Type: ugiatqu, Event Name: threat_found, Device Names: (turveli), Policy Name: isciv, User: natus boreet (luptasnu)", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "edqu 2019-9-19T1:09:05.tationu gnaaliq5240.api.test CylancePROTECT nula ameaquei [gnama] Event Type: esciun, Event Name: pechange, Threat Class: ratvo, Threat Subclass: ntutl, SHA256: volupt, MD5: ine", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "3-Oct-2019 8:11:40 low ditaut33.mail.localhost iumdo \u003c\u003coreeu\u003emea 3T20:11:40.ssec illum2625.test CylancePROTECT Event Name:LoginSuccess, Threat Class:iaeconse, Threat Subclass:uisa, SHA256:nimadmin, MD5:tdolo", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "18-October-2019 03:14:14 high porissus1225.www5.corp ddoe \u003c\u003cuptateve\u003eured 2019-10-18T3:14:14.ctetu oreeu6419.www.corp CylancePROTECT cul iinea snos Event Type: AuditLog, Event Name: PolicyAdd, Message: Device: moenimip; User: uames tium (ianonn)", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-11-1T10:16:48.tiset sci333.mail.home CylancePROTECT doloreeu lors eumfu Event Type: docons, Event Name: PolicyAdd, Device Names: (eumf), Policy Name: roquisq, User: uasi maveniam (uis)", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "imi 2019-11-15T5:19:22.animi edutpers6452.api.host CylancePROTECT ntiumt sumquia vento Event Type: sitv, Event Name: LoginSuccess, Threat Class: com, Threat Subclass: rep, SHA256: mveni, MD5: aquae", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "30-November-2019 00:21:57 low iaturE3103.api.domain aturve \u003c\u003cptateve\u003eiatu 2019/11/30T00:21:57.use nulamc5617.mail.host CylancePROTECT teturad ese [eddoei] Event Type: AppControl, Event Name: SystemSecurity, Device Name: ntu, IP Address: (10.134.137.205), Action: deny, Action Type: duntut, File Path: emporin, SHA256: oreseosq, Zone Names: etquasia", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019-12-14T7:24:31.cinge tatem4713.internal.host CylancePROTECT elites pariat [nimip] Event Type: AuditLog, Event Name: threat_found, Message: Zone: usci; Policy: unturmag; Value: dexeaco, User: lupta ura (oreeufug)", "tags": [ diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json index 2adbf372a61..86ac17ce833 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-rsa2elk-output.json-expected.json @@ -15,7 +15,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml index d7a205c69a8..dcadbaa09f4 100644 --- a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CylanceProtect processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - gsub: field: host.mac ignore_missing: true diff --git a/packages/cylance/data_stream/protect/sample_event.json b/packages/cylance/data_stream/protect/sample_event.json index e22298905db..c621a0eb6f9 100644 --- a/packages/cylance/data_stream/protect/sample_event.json +++ b/packages/cylance/data_stream/protect/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index 3802ad08e45..cb50c1292a9 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: "0.10.2" +version: "0.11.0" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/darktrace/_dev/build/build.yml b/packages/darktrace/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/darktrace/_dev/build/build.yml +++ b/packages/darktrace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/darktrace/changelog.yml b/packages/darktrace/changelog.yml index 7cc05faccb8..fe2ef7ec5c0 100644 --- a/packages/darktrace/changelog.yml +++ b/packages/darktrace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '0.1.2' changes: - description: Remove duplicate fields. diff --git a/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json b/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json index c2a4fad58b2..549bdf527cf 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json +++ b/packages/darktrace/data_stream/ai_analyst_alert/_dev/test/pipeline/test-ai-analyst-alert.log-expected.json @@ -135,7 +135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -409,7 +409,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml index 3b22b43d8bb..3869a6204ce 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/ai_analyst_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing AI Analyst Alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json b/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json index fa6272b4acc..55ded9a71a5 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json +++ b/packages/darktrace/data_stream/ai_analyst_alert/sample_event.json @@ -144,7 +144,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json b/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json index 25d25301556..011b0ffcd85 100644 --- a/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json +++ b/packages/darktrace/data_stream/model_breach_alert/_dev/test/pipeline/test-model-breach-alert.log-expected.json @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-07-13T02:12:45.000Z", @@ -515,7 +515,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1157,7 +1157,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-08-05T09:35:45.460Z", @@ -1235,7 +1235,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-08-05T09:34:46.317Z", diff --git a/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml index 126107e391c..441e099f6bf 100644 --- a/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Model Breach Alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/model_breach_alert/sample_event.json b/packages/darktrace/data_stream/model_breach_alert/sample_event.json index 87660729767..fc4bbaa5e6a 100644 --- a/packages/darktrace/data_stream/model_breach_alert/sample_event.json +++ b/packages/darktrace/data_stream/model_breach_alert/sample_event.json @@ -499,7 +499,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json b/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json index e1c42b4f11c..3c0140ccbd3 100644 --- a/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json +++ b/packages/darktrace/data_stream/system_status_alert/_dev/test/pipeline/test-system-status-alert.log-expected.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "abcdabcd-1234-1234-1234-3abababcdcd3", @@ -74,7 +74,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "abcd1234-1234-1234-1234-3abababcdcd3", diff --git a/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml b/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml index 50abd1f6162..0dc69c750b2 100644 --- a/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/darktrace/data_stream/system_status_alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing System Status Alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: message patterns: diff --git a/packages/darktrace/data_stream/system_status_alert/sample_event.json b/packages/darktrace/data_stream/system_status_alert/sample_event.json index 31283fa03ac..6bd2bfe893c 100644 --- a/packages/darktrace/data_stream/system_status_alert/sample_event.json +++ b/packages/darktrace/data_stream/system_status_alert/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/docs/README.md b/packages/darktrace/docs/README.md index e720ef7ac81..38f97a5fd2b 100644 --- a/packages/darktrace/docs/README.md +++ b/packages/darktrace/docs/README.md @@ -254,7 +254,7 @@ An example event for `ai_analyst_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", @@ -979,7 +979,7 @@ An example event for `model_breach_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", @@ -1308,7 +1308,7 @@ An example event for `system_status_alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "95d2bc73-8bc8-47d9-b36e-a21b58255eec", diff --git a/packages/darktrace/manifest.yml b/packages/darktrace/manifest.yml index 48fc51dafe2..ceac2826f21 100644 --- a/packages/darktrace/manifest.yml +++ b/packages/darktrace/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: darktrace title: Darktrace -version: 0.1.2 +version: "0.2.0" license: basic description: Collect logs from Darktrace with Elastic Agent. type: integration diff --git a/packages/f5/_dev/build/build.yml b/packages/f5/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/f5/_dev/build/build.yml +++ b/packages/f5/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index bda86a7c918..c7bc726d24a 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.12.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.11.2" changes: - description: Remove duplicate fields. diff --git a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json index 9b555ec8c1f..bda3ff5ffff 100644 --- a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iusm modtempo olab6078.home olaboris tur itv [F5@odoco acl_policy_name=ria acl_policy_type=min acl_rule_name=ite action=Closed hostname=tatemac3541.api.corp bigip_mgmt_ip=10.228.193.207 context_name=liqua context_type=ciade date_time=Jan 29 2016 06:09:59 dest_ip=10.125.114.51 dst_geo=umq dest_port=2288 device_product=pexe device_vendor=nes device_version=1.2262 drop_reason=reveri errdefs_msgno=boNemoe errdefs_msg_name=equepor flow_id=eni ip_protocol=ipv6 severity=low partition_name=ehend route_domain=ritquiin sa_translation_pool=umqui sa_translation_type=reeufugi source_ip=10.208.121.85 src_geo=sperna source_port=884 source_user=billoi translated_dest_ip=10.165.201.71 translated_dest_port=6153 translated_ip_protocol=tatemU translated_route_domain=deF translated_source_ip=10.11.196.142 translated_source_port=5222 translated_vlan=iatnu vlan=3810", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eporr quipexe alo4540.example umdo itessequ vol [F5@luptat acl_policy_name=isiutal acl_policy_type=moenimi acl_rule_name=mod action=Established hostname=enatus2114.mail.home bigip_mgmt_ip=10.51.132.10 context_name=utper context_type=squame date_time=Feb 12 2016 13:12:33 dest_ip=10.173.116.41 dst_geo=iin dest_port=6287 device_product=emape device_vendor=aer device_version=1.445 drop_reason=nse errdefs_msgno=eumiu errdefs_msg_name=uame flow_id=quis ip_protocol=tcp severity=medium partition_name=cca route_domain=dolo sa_translation_pool=meumfug sa_translation_type=tetu source_ip=10.162.9.235 src_geo=tionulam source_port=2548 source_user=byC translated_dest_ip=10.94.67.230 translated_dest_port=783 translated_ip_protocol=atio translated_route_domain=uipexea translated_source_ip=10.92.202.200 translated_source_port=6772 translated_vlan=eFini vlan=859", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "exe iatu ionofde2424.api.invalid rsitam ommodic mipsu [F5@consec acl_policy_name=taliquip acl_policy_type=psumq acl_rule_name=atcup action=Reject hostname=gelit6728.api.invalid bigip_mgmt_ip=10.122.116.161 context_name=uam context_type=untutl date_time=Feb 26 2016 20:15:08 dest_ip=10.40.68.117 dst_geo=uptassi dest_port=3179 device_product=scivel device_vendor=aqui device_version=1.4726 drop_reason=iveli errdefs_msgno=llumd errdefs_msg_name=enatuse flow_id=magn ip_protocol=icmp severity=low partition_name=eos route_domain=enimad sa_translation_pool=rmagni sa_translation_type=sit source_ip=10.209.155.149 src_geo=tenima source_port=1073 source_user=seq translated_dest_ip=10.82.56.117 translated_dest_port=2935 translated_ip_protocol=veleumi translated_route_domain=tia translated_source_ip=10.191.68.244 translated_source_port=6905 translated_vlan=veri vlan=5990", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "siutaliq exercit tempor4496.www.localdomain eip lupta iusmodt [F5@doloreeu acl_policy_name=pori acl_policy_type=occ acl_rule_name=ect action=Accept hostname=uid545.www5.localhost bigip_mgmt_ip=10.12.44.169 context_name=autfu context_type=natura date_time=Mar 12 2016 03:17:42 dest_ip=10.163.217.10 dst_geo=untNequ dest_port=5075 device_product=nimadmin device_vendor=erep device_version=1.2696 drop_reason=temq errdefs_msgno=ugiatqu errdefs_msg_name=eacomm flow_id=Utenimad ip_protocol=igmp severity=high partition_name=ehend route_domain=ueipsaqu sa_translation_pool=uidolore sa_translation_type=niamqu source_ip=10.202.66.28 src_geo=tevelit source_port=5098 source_user=elits translated_dest_ip=10.131.233.27 translated_dest_port=5037 translated_ip_protocol=ari translated_route_domain=eataevit translated_source_ip=10.50.112.141 translated_source_port=7303 translated_vlan=dmi vlan=499", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mquisnos loremagn iciade3433.example enimad incididu eci [F5@aali acl_policy_name=ametcons acl_policy_type=porainc acl_rule_name=amquisno action=Established hostname=emquiavo452.internal.localhost bigip_mgmt_ip=10.151.111.38 context_name=tvol context_type=moll date_time=Mar 26 2016 10:20:16 dest_ip=10.228.149.225 dst_geo=ema dest_port=5969 device_product=tquovol device_vendor=ntsuntin device_version=1.3341 drop_reason=tatno errdefs_msgno=imav errdefs_msg_name=ididu flow_id=ciunt ip_protocol=ipv6-icmp severity=very-high partition_name=emqu route_domain=lit sa_translation_pool=iam sa_translation_type=qua source_ip=10.159.182.171 src_geo=umdolore source_port=6680 source_user=mol translated_dest_ip=10.96.35.212 translated_dest_port=3982 translated_ip_protocol=rumet translated_route_domain=oll translated_source_ip=10.206.197.113 translated_source_port=4075 translated_vlan=temUten vlan=4125", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iqu ollit usan6343.www5.domain olo uaera sitas [F5@ehenderi acl_policy_name=pidatat acl_policy_type=gni acl_rule_name=tquiinea action=Drop hostname=sun1403.www.invalid bigip_mgmt_ip=10.126.177.162 context_name=eriame context_type=lorema date_time=Apr 09 2016 17:22:51 dest_ip=10.213.82.64 dst_geo=rnatura dest_port=3007 device_product=ddoeiu device_vendor=enb device_version=1.6179 drop_reason=onse errdefs_msgno=liq errdefs_msg_name=metcon flow_id=smo ip_protocol=igmp severity=medium partition_name=emporinc route_domain=untutlab sa_translation_pool=tem sa_translation_type=ons source_ip=10.213.113.28 src_geo=ali source_port=6446 source_user=ist translated_dest_ip=10.169.144.147 translated_dest_port=2399 translated_ip_protocol=nibus translated_route_domain=edquiano translated_source_ip=10.89.163.114 translated_source_port=5166 translated_vlan=par vlan=686", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rveli rsint omm4276.www.example onofd taed lup [F5@remeumf acl_policy_name=antiumto acl_policy_type=strude acl_rule_name=ctetura action=Closed hostname=ittenbyC7838.api.localdomain bigip_mgmt_ip=10.18.124.28 context_name=ido context_type=paqu date_time=Apr 24 2016 00:25:25 dest_ip=10.158.194.3 dst_geo=qua dest_port=2945 device_product=quip device_vendor=oin device_version=1.6316 drop_reason=elaudant errdefs_msgno=tinvol errdefs_msg_name=dolore flow_id=abor ip_protocol=udp severity=medium partition_name=etc route_domain=etM sa_translation_pool=nimadmin sa_translation_type=ditautfu source_ip=10.146.88.52 src_geo=entsu source_port=5364 source_user=rudexerc translated_dest_ip=10.101.223.43 translated_dest_port=6494 translated_ip_protocol=quam translated_route_domain=adm translated_source_ip=10.103.107.47 translated_source_port=6094 translated_vlan=Nemoen vlan=2827", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "icab mwr fugi4637.www.lan imadmini ntutla equa [F5@mexercit acl_policy_name=dtem acl_policy_type=tasuntex acl_rule_name=sunt action=Reject hostname=ume465.corp bigip_mgmt_ip=10.189.109.245 context_name=emaperi context_type=tame date_time=May 08 2016 07:27:59 dest_ip=10.83.234.60 dst_geo=ivelits dest_port=712 device_product=iusmodt device_vendor=etdolo device_version=1.3768 drop_reason=lorumw errdefs_msgno=ommod errdefs_msg_name=sequatur flow_id=uidolo ip_protocol=ipv6-icmp severity=high partition_name=nihi route_domain=Lor sa_translation_pool=itecto sa_translation_type=erc source_ip=10.69.57.206 src_geo=olupt source_port=5979 source_user=onse translated_dest_ip=10.110.99.17 translated_dest_port=6888 translated_ip_protocol=ostrume translated_route_domain=molest translated_source_ip=10.150.220.75 translated_source_port=1298 translated_vlan=tisetq vlan=5372", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ici giatquov eritquii3561.www.example taut oreseos uames [F5@tati acl_policy_name=utaliqu acl_policy_type=oriosamn acl_rule_name=deFinibu action=Drop hostname=iciatisu1463.www5.localdomain bigip_mgmt_ip=10.153.136.222 context_name=tem context_type=est date_time=May 22 2016 14:30:33 dest_ip=10.176.205.96 dst_geo=nidolo dest_port=3409 device_product=taliq device_vendor=intoccae device_version=1.2299 drop_reason=dolo errdefs_msgno=Loremip errdefs_msg_name=idolor flow_id=emeumfu ip_protocol=ipv6-icmp severity=very-high partition_name=lupt route_domain=psaquae sa_translation_pool=oinBCSe sa_translation_type=mnisist source_ip=10.199.34.241 src_geo=amvolup source_port=7700 source_user=temveleu translated_dest_ip=10.19.194.101 translated_dest_port=3605 translated_ip_protocol=numqu translated_route_domain=qui translated_source_ip=10.121.219.204 translated_source_port=3496 translated_vlan=utali vlan=3611", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reetd lumqui itinvo7084.mail.corp equep iavolu den [F5@tutla acl_policy_name=olorema acl_policy_type=iades acl_rule_name=siarchi action=Reject hostname=aliqu6801.api.localdomain bigip_mgmt_ip=10.46.27.57 context_name=ihilm context_type=atDu date_time=Jun 05 2016 21:33:08 dest_ip=10.128.232.208 dst_geo=usmodt dest_port=1837 device_product=run device_vendor=mque device_version=1.4138 drop_reason=quirat errdefs_msgno=llu errdefs_msg_name=licab flow_id=eirure ip_protocol=rdp severity=medium partition_name=oidentsu route_domain=atiset sa_translation_pool=atu sa_translation_type=umexerci source_ip=10.64.141.105 src_geo=iadese source_port=2374 source_user=ice translated_dest_ip=10.57.103.192 translated_dest_port=2716 translated_ip_protocol=oei translated_route_domain=tlabori translated_source_ip=10.182.199.231 translated_source_port=1426 translated_vlan=data vlan=4478", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nnum eritqu uradip7152.www5.home luptasn hitect dol [F5@leumiu acl_policy_name=namali acl_policy_type=taevit acl_rule_name=rinrepre action=Closed hostname=itame189.domain bigip_mgmt_ip=10.32.67.231 context_name=estia context_type=eaq date_time=Jun 20 2016 04:35:42 dest_ip=10.66.80.221 dst_geo=serunt dest_port=7865 device_product=texp device_vendor=tMalor device_version=1.7410 drop_reason=emoe errdefs_msgno=eaq errdefs_msg_name=amest flow_id=corp ip_protocol=tcp severity=low partition_name=rehender route_domain=iae sa_translation_pool=dantiumt sa_translation_type=luptasn source_ip=10.164.6.207 src_geo=olestiae source_port=5485 source_user=pic translated_dest_ip=10.160.210.31 translated_dest_port=7741 translated_ip_protocol=duntut translated_route_domain=magni translated_source_ip=10.3.134.237 translated_source_port=3156 translated_vlan=radipisc vlan=7020", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "fficiade uscipit vitaedi1318.corp temqu edol colab [F5@ommodico acl_policy_name=quatD acl_policy_type=mcolab acl_rule_name=neav action=Established hostname=tsedqu2456.www5.invalid bigip_mgmt_ip=10.182.178.217 context_name=tlab context_type=volupt date_time=Jul 04 2016 11:38:16 dest_ip=10.188.169.107 dst_geo=beata dest_port=6448 device_product=fdeFi device_vendor=texp device_version=1.3545 drop_reason=etdol errdefs_msgno=uela errdefs_msg_name=boN flow_id=eprehend ip_protocol=tcp severity=medium partition_name=aboN route_domain=ihilmo sa_translation_pool=radi sa_translation_type=gel source_ip=10.235.101.253 src_geo=veniam source_port=2400 source_user=giatnu translated_dest_ip=10.42.138.192 translated_dest_port=3403 translated_ip_protocol=quioffi translated_route_domain=uptate translated_source_ip=10.201.6.10 translated_source_port=6608 translated_vlan=sequa vlan=2851", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ate aliquam nimid893.mail.corp umwr oluptate issus [F5@osamn acl_policy_name=isnisiu acl_policy_type=bore acl_rule_name=tsu action=Closed hostname=stlabo1228.mail.host bigip_mgmt_ip=10.151.161.70 context_name=edo context_type=asia date_time=Jul 18 2016 18:40:50 dest_ip=10.108.167.93 dst_geo=enderit dest_port=5858 device_product=essecil device_vendor=citation device_version=1.3795 drop_reason=eco errdefs_msgno=Utenimad errdefs_msg_name=orpor flow_id=tlabo ip_protocol=rdp severity=low partition_name=emvel route_domain=tmollita sa_translation_pool=fde sa_translation_type=nsecte source_ip=10.22.102.198 src_geo=eroi source_port=176 source_user=nse translated_dest_ip=10.194.247.171 translated_dest_port=4940 translated_ip_protocol=mquisnos translated_route_domain=maven translated_source_ip=10.86.101.235 translated_source_port=3266 translated_vlan=lapar vlan=1024", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tfu udan orema6040.api.corp mveleu nofdeFin sequam [F5@temvel acl_policy_name=ris acl_policy_type=nisi acl_rule_name=dant action=Reject hostname=ecte4762.local bigip_mgmt_ip=10.204.35.15 context_name=quidolor context_type=tessec date_time=Aug 02 2016 01:43:25 dest_ip=10.135.160.125 dst_geo=mve dest_port=513 device_product=itatio device_vendor=uta device_version=1.4901 drop_reason=sintoc errdefs_msgno=volupt errdefs_msg_name=siste flow_id=uiinea ip_protocol=icmp severity=low partition_name=volupta route_domain=rcitati sa_translation_pool=eni sa_translation_type=ionevo source_ip=10.174.252.105 src_geo=sperna source_port=5368 source_user=mnisi translated_dest_ip=10.107.168.60 translated_dest_port=2227 translated_ip_protocol=oinBC translated_route_domain=quameius translated_source_ip=10.167.172.155 translated_source_port=3544 translated_vlan=etdo vlan=706", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ese isaute ptatemq95.api.host Nequepo ipsumd ntocc [F5@uteirure acl_policy_name=nevo acl_policy_type=ide acl_rule_name=aali action=Drop hostname=smo7167.www.test bigip_mgmt_ip=10.214.249.164 context_name=tco context_type=uae date_time=Aug 16 2016 08:45:59 dest_ip=10.187.20.98 dst_geo=quinesc dest_port=6218 device_product=santiumd device_vendor=turadip device_version=1.3427 drop_reason=niamqui errdefs_msgno=orem errdefs_msg_name=sno flow_id=atno ip_protocol=ipv6-icmp severity=high partition_name=volu route_domain=nonn sa_translation_pool=inventor sa_translation_type=quiavol source_ip=10.99.249.210 src_geo=iatisu source_port=6684 source_user=upta translated_dest_ip=10.182.191.174 translated_dest_port=1759 translated_ip_protocol=adm translated_route_domain=leumiur translated_source_ip=10.81.26.208 translated_source_port=7651 translated_vlan=isc vlan=5933", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tobea tor qui4499.api.local fugiatn docon etconsec [F5@ios acl_policy_name=evolu acl_policy_type=ersp acl_rule_name=tquov action=Drop hostname=sauteiru4554.api.domain bigip_mgmt_ip=10.220.5.143 context_name=com context_type=tnulapa date_time=Aug 30 2016 15:48:33 dest_ip=10.108.85.148 dst_geo=eriti dest_port=2201 device_product=norum device_vendor=madmi device_version=1.1766 drop_reason=sequatu errdefs_msgno=quameius errdefs_msg_name=nisiuta flow_id=roid ip_protocol=icmp severity=very-high partition_name=eprehen route_domain=entor sa_translation_pool=xeacomm sa_translation_type=nihil source_ip=10.101.226.128 src_geo=rsitv source_port=3087 source_user=porro translated_dest_ip=10.88.101.53 translated_dest_port=2458 translated_ip_protocol=tatemUt translated_route_domain=modtemp translated_source_ip=10.201.238.90 translated_source_port=2715 translated_vlan=remag vlan=3759", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ccaecat tquiin tse4198.www.localdomain ptasn taedicta itam [F5@str acl_policy_name=idolore acl_policy_type=pid acl_rule_name=illoin action=Reject hostname=untut4046.internal.domain bigip_mgmt_ip=10.217.150.196 context_name=uine context_type=udant date_time=Sep 13 2016 22:51:07 dest_ip=10.183.59.41 dst_geo=untu dest_port=5676 device_product=ven device_vendor=con device_version=1.7491 drop_reason=amnih errdefs_msgno=ium errdefs_msg_name=esciuntN flow_id=idunt ip_protocol=udp severity=low partition_name=rQu route_domain=oremeu sa_translation_pool=laudant sa_translation_type=isnost source_ip=10.157.18.252 src_geo=itess source_port=52 source_user=evit translated_dest_ip=10.30.133.66 translated_dest_port=1921 translated_ip_protocol=velitse translated_route_domain=oditem translated_source_ip=10.243.218.215 translated_source_port=662 translated_vlan=rsitvolu vlan=3751", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sumdolor meaqueip npr4414.api.localdomain boNem ess ipisci [F5@gitsed acl_policy_name=tqu acl_policy_type=reprehen acl_rule_name=trumexer action=Accept hostname=quid3147.mail.home bigip_mgmt_ip=10.66.181.6 context_name=epre context_type=tobeata date_time=Sep 28 2016 05:53:42 dest_ip=10.181.53.249 dst_geo=iduntu dest_port=1655 device_product=temUt device_vendor=avol device_version=1.752 drop_reason=essequam errdefs_msgno=acommo errdefs_msg_name=nturma flow_id=str ip_protocol=ipv6 severity=high partition_name=etur route_domain=itecto sa_translation_pool=reetdol sa_translation_type=totamre source_ip=10.148.161.250 src_geo=ciadeser source_port=6135 source_user=adipisc translated_dest_ip=10.181.133.187 translated_dest_port=1079 translated_ip_protocol=aquioffi translated_route_domain=tamet translated_source_ip=10.167.227.44 translated_source_port=6595 translated_vlan=eFi vlan=6733", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "its ender riamea1540.www.host seq tutlab sau [F5@atevelit acl_policy_name=meius acl_policy_type=billo acl_rule_name=labo action=Reject hostname=umdolo1029.mail.localhost bigip_mgmt_ip=10.54.17.32 context_name=orumSe context_type=ratv date_time=Oct 12 2016 12:56:16 dest_ip=10.119.81.180 dst_geo=psaquaea dest_port=1348 device_product=nts device_vendor=siut device_version=1.5663 drop_reason=ano errdefs_msgno=piscinge errdefs_msg_name=tvol flow_id=velitess ip_protocol=ipv6 severity=high partition_name=uunturm route_domain=temUte sa_translation_pool=sit sa_translation_type=olab source_ip=10.84.163.178 src_geo=ima source_port=2031 source_user=mquisno translated_dest_ip=10.107.9.163 translated_dest_port=5433 translated_ip_protocol=eacommod translated_route_domain=ctetura translated_source_ip=10.74.11.43 translated_source_port=55 translated_vlan=seosqui vlan=6797", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uradi tot llamco7206.www.home oremagna ncididun umSe [F5@xeacomm acl_policy_name=cinge acl_policy_type=itla acl_rule_name=iamquis action=Accept hostname=lorsita2019.internal.home bigip_mgmt_ip=10.192.229.221 context_name=ect context_type=modocons date_time=Oct 26 2016 19:58:50 dest_ip=10.199.194.188 dst_geo=odoconse dest_port=228 device_product=quatu device_vendor=veli device_version=1.5726 drop_reason=nonp errdefs_msgno=labo errdefs_msg_name=ulapar flow_id=aboreetd ip_protocol=igmp severity=low partition_name=llitanim route_domain=invo sa_translation_pool=hit sa_translation_type=urv source_ip=10.112.32.213 src_geo=runtmol source_port=1749 source_user=odi translated_dest_ip=10.184.73.211 translated_dest_port=6540 translated_ip_protocol=esseci translated_route_domain=tametcon translated_source_ip=10.230.129.252 translated_source_port=3947 translated_vlan=isis vlan=4917", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "utlab emUteni rum959.host velillu cteturad bor [F5@rauto acl_policy_name=ationev acl_policy_type=umdolor acl_rule_name=uaUten action=Reject hostname=paquioff624.mail.invalid bigip_mgmt_ip=10.161.148.64 context_name=ibusBon context_type=ven date_time=Nov 10 2016 03:01:24 dest_ip=10.162.114.217 dst_geo=doloreme dest_port=60 device_product=onemulla device_vendor=evitaed device_version=1.1721 drop_reason=suntin errdefs_msgno=itse errdefs_msg_name=umexerc flow_id=oremipsu ip_protocol=ipv6-icmp severity=medium partition_name=amco route_domain=ssecillu sa_translation_pool=liqua sa_translation_type=olo source_ip=10.199.216.143 src_geo=fdeF source_port=593 source_user=ccaeca translated_dest_ip=10.198.213.189 translated_dest_port=5024 translated_ip_protocol=remagn translated_route_domain=mquae translated_source_ip=10.7.200.140 translated_source_port=3298 translated_vlan=olupt vlan=2189", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "edquiac urerepr eseru4234.mail.example qua rsita ate [F5@ipsamvo acl_policy_name=onula acl_policy_type=miu acl_rule_name=rationev action=Reject hostname=mex2054.mail.corp bigip_mgmt_ip=10.65.232.27 context_name=ica context_type=lillum date_time=Nov 24 2016 10:03:59 dest_ip=10.199.40.38 dst_geo=taedicta dest_port=3409 device_product=poriss device_vendor=tvolup device_version=1.1000 drop_reason=siu errdefs_msgno=snost errdefs_msg_name=tpersp flow_id=llamc ip_protocol=tcp severity=very-high partition_name=mvel route_domain=nof sa_translation_pool=usmodi sa_translation_type=mvolu source_ip=10.206.96.56 src_geo=aincidu source_port=2687 source_user=uaeab translated_dest_ip=10.128.157.27 translated_dest_port=1493 translated_ip_protocol=etdolor translated_route_domain=lupta translated_source_ip=10.22.187.69 translated_source_port=3590 translated_vlan=oremi vlan=1485", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nbyCi tevel usc5760.www5.localdomain cab atisund xea [F5@ites acl_policy_name=isetq acl_policy_type=iutali acl_rule_name=velite action=Closed hostname=avolupt7576.api.corp bigip_mgmt_ip=10.194.210.62 context_name=porincid context_type=atisetqu date_time=Dec 08 2016 17:06:33 dest_ip=10.51.213.42 dst_geo=dipisci dest_port=3449 device_product=ilmol device_vendor=eri device_version=1.3104 drop_reason=ueipsa errdefs_msgno=tae errdefs_msg_name=autodit flow_id=elit ip_protocol=udp severity=high partition_name=plica route_domain=ore sa_translation_pool=quidolor sa_translation_type=inven source_ip=10.71.114.14 src_geo=itsedd source_port=3010 source_user=admin translated_dest_ip=10.68.253.120 translated_dest_port=481 translated_ip_protocol=est translated_route_domain=uptatemU translated_source_ip=10.183.130.225 translated_source_port=5693 translated_vlan=item vlan=2738", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dat periam dqu6144.api.localhost dutpers erun orisn [F5@reetd acl_policy_name=prehen acl_policy_type=ntutlabo acl_rule_name=iusmodte action=Established hostname=loi7596.www5.home bigip_mgmt_ip=10.31.177.226 context_name=deserun context_type=esseq date_time=Dec 23 2016 00:09:07 dest_ip=10.209.157.8 dst_geo=giatquov dest_port=1918 device_product=enderi device_vendor=ptatem device_version=1.341 drop_reason=fugi errdefs_msgno=labo errdefs_msg_name=nostrud flow_id=gnaal ip_protocol=ggp severity=medium partition_name=cupi route_domain=tame sa_translation_pool=atione sa_translation_type=lores source_ip=10.45.253.103 src_geo=uii source_port=5923 source_user=remagn translated_dest_ip=10.47.255.237 translated_dest_port=2311 translated_ip_protocol=uuntur translated_route_domain=enderit translated_source_ip=10.107.45.175 translated_source_port=4185 translated_vlan=rumSecti vlan=4593", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "atise tate onevo4326.internal.local isnost olorem ido [F5@emqu acl_policy_name=riss acl_policy_type=iquamqua acl_rule_name=sit action=Reject hostname=nsequat1971.internal.invalid bigip_mgmt_ip=10.225.212.189 context_name=mven context_type=olorsit date_time=Jan 06 2017 07:11:41 dest_ip=10.121.239.183 dst_geo=illu dest_port=4875 device_product=turadip device_vendor=tatevel device_version=1.1607 drop_reason=ptassita errdefs_msgno=its errdefs_msg_name=lore flow_id=idol ip_protocol=igmp severity=high partition_name=isn route_domain=sBono sa_translation_pool=loremqu sa_translation_type=tetur source_ip=10.213.94.135 src_geo=tMal source_port=2607 source_user=dquia translated_dest_ip=10.55.105.113 translated_dest_port=3214 translated_ip_protocol=tatione translated_route_domain=nimveni translated_source_ip=10.44.58.106 translated_source_port=1241 translated_vlan=quid vlan=4814", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eporroq ulla iqu4614.www5.example abore squ uiadol [F5@Duisa acl_policy_name=lupta acl_policy_type=aUt acl_rule_name=boNem action=Reject hostname=ectiono2241.lan bigip_mgmt_ip=10.2.114.9 context_name=rehende context_type=velillu date_time=Jan 20 2017 14:14:16 dest_ip=10.94.139.127 dst_geo=mUten dest_port=1812 device_product=quidolor device_vendor=oqu device_version=1.51 drop_reason=tlaboree errdefs_msgno=norumet errdefs_msg_name=dtempo flow_id=tin ip_protocol=tcp severity=high partition_name=imad route_domain=tinvolup sa_translation_pool=tsed sa_translation_type=inv source_ip=10.163.209.70 src_geo=atu source_port=4718 source_user=olabor translated_dest_ip=10.69.161.78 translated_dest_port=1282 translated_ip_protocol=iruredol translated_route_domain=incidid translated_source_ip=10.255.74.136 translated_source_port=5902 translated_vlan=eaqueips vlan=6396", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "volupta dmi untexpl2847.www5.local eiusmod emoe uiinea [F5@mnisiut acl_policy_name=avolu acl_policy_type=Except acl_rule_name=olup action=Closed hostname=umetMal1664.mail.lan bigip_mgmt_ip=10.46.115.216 context_name=equun context_type=sitvo date_time=Feb 03 2017 21:16:50 dest_ip=10.223.198.146 dst_geo=iciad dest_port=7874 device_product=mad device_vendor=onse device_version=1.380 drop_reason=mipsum errdefs_msgno=lmo errdefs_msg_name=aliquamq flow_id=dtempori ip_protocol=rdp severity=medium partition_name=voluptat route_domain=ugit sa_translation_pool=tatem sa_translation_type=metcons source_ip=10.252.102.110 src_geo=henderit source_port=7829 source_user=perspici translated_dest_ip=10.184.59.148 translated_dest_port=6933 translated_ip_protocol=queips translated_route_domain=midest translated_source_ip=10.12.129.137 translated_source_port=721 translated_vlan=orroqu vlan=472", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "labore uela ntexplic4824.internal.localhost dolorsit archite remq [F5@veniamq acl_policy_name=occ acl_policy_type=oloreseo acl_rule_name=iruredol action=Established hostname=derit5270.mail.local bigip_mgmt_ip=10.105.52.140 context_name=ntexpl context_type=dunt date_time=Feb 18 2017 04:19:24 dest_ip=10.20.55.199 dst_geo=nder dest_port=3238 device_product=itanim device_vendor=nesciun device_version=1.1729 drop_reason=mollita errdefs_msgno=tatem errdefs_msg_name=iae flow_id=quido ip_protocol=ipv6-icmp severity=very-high partition_name=inBC route_domain=mol sa_translation_pool=tur sa_translation_type=ictas source_ip=10.81.184.7 src_geo=saquaea source_port=6344 source_user=eetd translated_dest_ip=10.155.204.243 translated_dest_port=459 translated_ip_protocol=lorsi translated_route_domain=repreh translated_source_ip=10.199.194.79 translated_source_port=7713 translated_vlan=illumqui vlan=3414", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "amali ate idolor3916.www5.home tas autfugi tasun [F5@duntutla acl_policy_name=ntium acl_policy_type=iration acl_rule_name=umwritte action=Closed hostname=orisni5238.mail.lan bigip_mgmt_ip=10.177.238.45 context_name=iumt context_type=tsed date_time=Mar 04 2017 11:21:59 dest_ip=10.249.120.78 dst_geo=unte dest_port=893 device_product=ueipsa device_vendor=scipitl device_version=1.1453 drop_reason=aparia errdefs_msgno=tatnon errdefs_msg_name=leumiur flow_id=tetura ip_protocol=ggp severity=very-high partition_name=oluptat route_domain=metco sa_translation_pool=acom sa_translation_type=ceroinB source_ip=10.110.2.166 src_geo=exeacomm source_port=79 source_user=taliqui translated_dest_ip=10.18.226.72 translated_dest_port=5140 translated_ip_protocol=olupta translated_route_domain=tsuntinc translated_source_ip=10.251.231.142 translated_source_port=872 translated_vlan=urExcep vlan=102", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "suntex iacons occaec7487.corp quaeab fici imve [F5@quide acl_policy_name=quaU acl_policy_type=undeomni acl_rule_name=accusa action=Established hostname=iutali7297.www.domain bigip_mgmt_ip=10.190.122.27 context_name=mporainc context_type=xea date_time=Mar 18 2017 18:24:33 dest_ip=10.123.113.152 dst_geo=billo dest_port=2618 device_product=radipisc device_vendor=Cice device_version=1.6332 drop_reason=vitaed errdefs_msgno=ser errdefs_msg_name=etconsec flow_id=elillum ip_protocol=tcp severity=high partition_name=rnat route_domain=eprehend sa_translation_pool=rem sa_translation_type=edolo source_ip=10.99.202.229 src_geo=eosquira source_port=4392 source_user=lloinven translated_dest_ip=10.100.199.226 translated_dest_port=7617 translated_ip_protocol=apariatu translated_route_domain=lorsita translated_source_ip=10.192.98.247 translated_source_port=4308 translated_vlan=temaccu vlan=5302", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uptassit ncidi tlabori4803.www5.local oconse mag tob [F5@dolores acl_policy_name=equamnih acl_policy_type=taliqui acl_rule_name=eiu action=Drop hostname=orumw5960.www5.home bigip_mgmt_ip=10.248.111.207 context_name=dolor context_type=tiumto date_time=Apr 02 2017 01:27:07 dest_ip=10.38.28.151 dst_geo=nrepreh dest_port=5251 device_product=equep device_vendor=ever device_version=1.6463 drop_reason=atq errdefs_msgno=erspi errdefs_msg_name=iqu flow_id=niamqu ip_protocol=rdp severity=medium partition_name=icab route_domain=sBonor sa_translation_pool=fugits sa_translation_type=mipsumqu source_ip=10.172.154.97 src_geo=admi source_port=7165 source_user=culpaq translated_dest_ip=10.162.97.197 translated_dest_port=4357 translated_ip_protocol=tcupida translated_route_domain=isa translated_source_ip=10.37.193.70 translated_source_port=170 translated_vlan=tesseq vlan=7693", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "pernat rerepre nculpaq3821.www5.invalid billoinv sci col [F5@obea acl_policy_name=emp acl_policy_type=agnaaliq acl_rule_name=est action=Reject hostname=oinv5493.internal.domain bigip_mgmt_ip=10.36.63.31 context_name=nisiu context_type=imad date_time=Apr 16 2017 08:29:41 dest_ip=10.30.101.79 dst_geo=itasp dest_port=4927 device_product=sitametc device_vendor=onsequa device_version=1.3912 drop_reason=ntmo errdefs_msgno=loreeu errdefs_msg_name=temse flow_id=aspernat ip_protocol=ipv6 severity=very-high partition_name=caecat route_domain=rautod sa_translation_pool=olest sa_translation_type=eataev source_ip=10.171.221.230 src_geo=edquia source_port=1977 source_user=otamr translated_dest_ip=10.222.165.250 translated_dest_port=2757 translated_ip_protocol=amvolu translated_route_domain=mip translated_source_ip=10.45.35.180 translated_source_port=653 translated_vlan=maccusa vlan=7248", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nimad ataevita oremqu542.internal.localhost uteir boree isn [F5@ulla acl_policy_name=equatDu acl_policy_type=pta acl_rule_name=enbyCi action=Reject hostname=tnonproi195.api.home bigip_mgmt_ip=10.238.4.219 context_name=uide context_type=scivel date_time=Apr 30 2017 15:32:16 dest_ip=10.150.9.246 dst_geo=meumfugi dest_port=7010 device_product=emaperia device_vendor=Section device_version=1.4329 drop_reason=iame errdefs_msgno=orroquis errdefs_msg_name=aquio flow_id=riatu ip_protocol=udp severity=low partition_name=tanimid route_domain=isnostru sa_translation_pool=nofdeFi sa_translation_type=aquioff source_ip=10.1.171.61 src_geo=amnisi source_port=7258 source_user=reetdolo translated_dest_ip=10.199.127.211 translated_dest_port=3598 translated_ip_protocol=ilmole translated_route_domain=ugi translated_source_ip=10.83.238.145 translated_source_port=5392 translated_vlan=emveleum vlan=3661", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nde abillo undeom845.www5.example quaer eetdo tlab [F5@spernatu acl_policy_name=exercita acl_policy_type=sBonorum acl_rule_name=atems action=Drop hostname=edictasu5362.internal.localhost bigip_mgmt_ip=10.65.141.244 context_name=turmag context_type=ipsaqu date_time=May 14 2017 22:34:50 dest_ip=10.203.69.36 dst_geo=quira dest_port=3091 device_product=ore device_vendor=tation device_version=1.3789 drop_reason=porincid errdefs_msgno=tperspic errdefs_msg_name=equu flow_id=sintoc ip_protocol=rdp severity=very-high partition_name=tetura route_domain=riosamni sa_translation_pool=icta sa_translation_type=luptate source_ip=10.170.252.219 src_geo=iqui source_port=1978 source_user=Nequepo translated_dest_ip=10.44.226.104 translated_dest_port=7020 translated_ip_protocol=nse translated_route_domain=veniam translated_source_ip=10.74.213.42 translated_source_port=5922 translated_vlan=sse vlan=2498", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inBCSe otamrem tutlabor4180.internal.host consecte pteurs catcupi [F5@autf acl_policy_name=saqu acl_policy_type=uptat acl_rule_name=unt action=Reject hostname=uido492.www5.home bigip_mgmt_ip=10.180.48.221 context_name=lors context_type=aconsequ date_time=May 29 2017 05:37:24 dest_ip=10.33.195.166 dst_geo=sequat dest_port=4596 device_product=utemvel device_vendor=epteur device_version=1.2965 drop_reason=iusm errdefs_msgno=roi errdefs_msg_name=busBonor flow_id=stquido ip_protocol=igmp severity=high partition_name=mnisi route_domain=usmo sa_translation_pool=iamea sa_translation_type=imaveni source_ip=10.183.223.149 src_geo=cor source_port=2648 source_user=nihil translated_dest_ip=10.225.255.211 translated_dest_port=5595 translated_ip_protocol=citati translated_route_domain=uamei translated_source_ip=10.225.141.172 translated_source_port=956 translated_vlan=fugiatn vlan=3309", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "aaliq nat uovolupt307.internal.host serror onse umquam [F5@emagn acl_policy_name=emulla acl_policy_type=mips acl_rule_name=itae action=Established hostname=redo6311.api.invalid bigip_mgmt_ip=10.176.64.28 context_name=olup context_type=remipsu date_time=Jun 12 2017 12:39:58 dest_ip=10.92.6.176 dst_geo=mcorpor dest_port=7420 device_product=autfugit device_vendor=emUte device_version=1.7612 drop_reason=nturmag errdefs_msgno=tura errdefs_msg_name=osquirat flow_id=equat ip_protocol=tcp severity=high partition_name=usantiu route_domain=idunt sa_translation_pool=atqu sa_translation_type=naturau source_ip=10.97.138.181 src_geo=oluptat source_port=7128 source_user=eseruntm translated_dest_ip=10.205.174.181 translated_dest_port=766 translated_ip_protocol=olor translated_route_domain=etquasia translated_source_ip=10.169.123.103 translated_source_port=519 translated_vlan=uisa vlan=6863", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Cicero evolupta teturadi4718.api.local piscivel hend eacommo [F5@ueip acl_policy_name=maliqu acl_policy_type=iati acl_rule_name=minim action=Established hostname=dolorem1698.www.domain bigip_mgmt_ip=10.75.120.11 context_name=urau context_type=etur date_time=Jun 26 2017 19:42:33 dest_ip=10.20.73.247 dst_geo=laborum dest_port=5749 device_product=xeac device_vendor=umdolors device_version=1.4226 drop_reason=uiadolo errdefs_msgno=empor errdefs_msg_name=umexerci flow_id=duntut ip_protocol=ggp severity=very-high partition_name=prehend route_domain=eufug sa_translation_pool=roquisq sa_translation_type=temporai source_ip=10.53.101.131 src_geo=ici source_port=5097 source_user=tquo translated_dest_ip=10.204.4.40 translated_dest_port=271 translated_ip_protocol=sitvo translated_route_domain=ine translated_source_ip=10.169.101.161 translated_source_port=4577 translated_vlan=ipi vlan=4211", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "exerci idata ese4384.mail.domain rumexerc isiutali iquidexe [F5@illumq acl_policy_name=luptatem acl_policy_type=ite acl_rule_name=tasnul action=Reject hostname=evitae7333.www.lan bigip_mgmt_ip=10.28.51.219 context_name=ess context_type=quiad date_time=Jul 11 2017 02:45:07 dest_ip=10.43.210.236 dst_geo=litanim dest_port=2135 device_product=orsitam device_vendor=modico device_version=1.2990 drop_reason=itatio errdefs_msgno=porinc errdefs_msg_name=riame flow_id=riat ip_protocol=udp severity=very-high partition_name=eriam route_domain=pernat sa_translation_pool=udan sa_translation_type=archi source_ip=10.6.222.112 src_geo=aliqu source_port=780 source_user=onsequu translated_dest_ip=10.156.117.169 translated_dest_port=2939 translated_ip_protocol=agnamal translated_route_domain=quei translated_source_ip=10.87.120.87 translated_source_port=1636 translated_vlan=teni vlan=4967", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dant etdolor uat7787.www.host iti nimadm nculp [F5@asp acl_policy_name=eacom acl_policy_type=mag acl_rule_name=gelitse action=Drop hostname=arc2412.mail.lan bigip_mgmt_ip=10.247.44.59 context_name=eiusmo context_type=ainc date_time=Jul 25 2017 09:47:41 dest_ip=10.173.129.72 dst_geo=ecill dest_port=6831 device_product=snu device_vendor=inibusB device_version=1.388 drop_reason=texplica errdefs_msgno=oco errdefs_msg_name=aboree flow_id=ainci ip_protocol=udp severity=high partition_name=pariatur route_domain=uames sa_translation_pool=umtotamr sa_translation_type=mquido source_ip=10.57.89.155 src_geo=rur source_port=3553 source_user=ntorever translated_dest_ip=10.253.167.17 translated_dest_port=2990 translated_ip_protocol=seos translated_route_domain=exercita translated_source_ip=10.4.126.103 translated_source_port=892 translated_vlan=tco vlan=3607", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "oluptate lit santi837.api.domain turadip dip idolo [F5@Ute acl_policy_name=ptassita acl_policy_type=caecatcu acl_rule_name=inBC action=Established hostname=olorsi2746.internal.localhost bigip_mgmt_ip=10.15.240.220 context_name=teir context_type=quep date_time=Aug 08 2017 16:50:15 dest_ip=10.63.78.66 dst_geo=xeac dest_port=7061 device_product=abor device_vendor=oreverit device_version=1.6451 drop_reason=reetdo errdefs_msgno=tat errdefs_msg_name=eufugia flow_id=ncididun ip_protocol=tcp severity=medium partition_name=periamea route_domain=itametco sa_translation_pool=vel sa_translation_type=quunt source_ip=10.248.206.210 src_geo=nonn source_port=4478 source_user=met translated_dest_ip=10.36.69.125 translated_dest_port=7157 translated_ip_protocol=entsu translated_route_domain=conse translated_source_ip=10.143.183.208 translated_source_port=5214 translated_vlan=umwri vlan=4057", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "atura tur tur5914.internal.invalid tassita colabori imidestl [F5@piscing acl_policy_name=ceroi acl_policy_type=iconsequ acl_rule_name=iat action=Established hostname=edqu2208.www.localhost bigip_mgmt_ip=10.6.32.7 context_name=exerci context_type=inesciu date_time=Aug 22 2017 23:52:50 dest_ip=10.141.216.14 dst_geo=emu dest_port=5311 device_product=psa device_vendor=ate device_version=1.4386 drop_reason=fugitse errdefs_msgno=minimve errdefs_msg_name=serrorsi flow_id=tametco ip_protocol=ipv6-icmp severity=high partition_name=lore route_domain=isci sa_translation_pool=Dui sa_translation_type=reetdo source_ip=10.69.170.107 src_geo=iumtotam source_port=1010 source_user=ipitlabo translated_dest_ip=10.34.133.2 translated_dest_port=4807 translated_ip_protocol=nderi translated_route_domain=liqua translated_source_ip=10.142.186.43 translated_source_port=4691 translated_vlan=sautei vlan=2363", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "voluptas velill rspic5453.www.local meum borumSec aecatcup [F5@snisiut acl_policy_name=siar acl_policy_type=quas acl_rule_name=occaeca action=Closed hostname=ender5647.www5.example bigip_mgmt_ip=10.142.22.24 context_name=ulamc context_type=cept date_time=Sep 06 2017 06:55:24 dest_ip=10.93.88.228 dst_geo=rchitect dest_port=3402 device_product=gna device_vendor=ici device_version=1.2026 drop_reason=olu errdefs_msgno=iameaque errdefs_msg_name=identsun flow_id=ender ip_protocol=ipv6 severity=low partition_name=tect route_domain=uiad sa_translation_pool=doconse sa_translation_type=eni source_ip=10.121.153.197 src_geo=smoditem source_port=6593 source_user=borumSec translated_dest_ip=10.59.103.10 translated_dest_port=768 translated_ip_protocol=oquisq translated_route_domain=abori translated_source_ip=10.170.165.164 translated_source_port=505 translated_vlan=uiineavo vlan=5554", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uidexeac sequa ntsunti2313.internal.invalid uinesc cid emi [F5@Bonorum acl_policy_name=lesti acl_policy_type=oreseo acl_rule_name=reprehen action=Established hostname=sis3986.internal.lan bigip_mgmt_ip=10.133.10.122 context_name=texplic context_type=edutp date_time=Sep 20 2017 13:57:58 dest_ip=10.93.59.189 dst_geo=eserun dest_port=3034 device_product=eniamqu device_vendor=inimav device_version=1.1576 drop_reason=imadm errdefs_msgno=uta errdefs_msg_name=tisu flow_id=remagnam ip_protocol=icmp severity=low partition_name=meiusm route_domain=nidolo sa_translation_pool=atquovol sa_translation_type=quunt source_ip=10.247.114.30 src_geo=olesti source_port=7584 source_user=quaeabil translated_dest_ip=10.19.99.129 translated_dest_port=956 translated_ip_protocol=itesse translated_route_domain=iamqui translated_source_ip=10.176.83.7 translated_source_port=5908 translated_vlan=inim vlan=6806", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sed oremeumf lesti5921.api.localhost enima tnulapar ico [F5@giatquo acl_policy_name=lors acl_policy_type=its acl_rule_name=dolor action=Drop hostname=uatu2894.api.lan bigip_mgmt_ip=10.64.139.17 context_name=pro context_type=ice date_time=Oct 04 2017 21:00:32 dest_ip=10.87.238.169 dst_geo=conse dest_port=5351 device_product=mcol device_vendor=lup device_version=1.3824 drop_reason=upta errdefs_msgno=sedquian errdefs_msg_name=cti flow_id=rumSecti ip_protocol=rdp severity=medium partition_name=eca route_domain=oluptate sa_translation_pool=Duisa sa_translation_type=consequa source_ip=10.40.177.138 src_geo=aevitaed source_port=1082 source_user=rep translated_dest_ip=10.8.29.219 translated_dest_port=6890 translated_ip_protocol=quaeratv translated_route_domain=involu translated_source_ip=10.70.7.23 translated_source_port=2758 translated_vlan=amcolab vlan=4306", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "odic iuta liquaUte209.internal.test olores scipit lloinve [F5@borisnis acl_policy_name=onorumet acl_policy_type=ptatema acl_rule_name=eavolup action=Closed hostname=rmagnido5483.local bigip_mgmt_ip=10.180.62.222 context_name=ptatev context_type=atu date_time=Oct 19 2017 04:03:07 dest_ip=10.234.26.132 dst_geo=msequ dest_port=2383 device_product=mwritten device_vendor=tat device_version=1.6066 drop_reason=osa errdefs_msgno=mini errdefs_msg_name=rors flow_id=ssusci ip_protocol=udp severity=medium partition_name=inimve route_domain=uio sa_translation_pool=mexercit sa_translation_type=byC source_ip=10.2.189.20 src_geo=orin source_port=535 source_user=uptasnul translated_dest_ip=10.67.221.220 translated_dest_port=239 translated_ip_protocol=aedict translated_route_domain=niamqui translated_source_ip=10.67.173.228 translated_source_port=5767 translated_vlan=tatemse vlan=4493", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uamestqu mpor orem6479.api.host seq rumSe tatnonp [F5@ommo acl_policy_name=adeser acl_policy_type=uasiarc acl_rule_name=doeiu action=Reject hostname=uian521.www.example bigip_mgmt_ip=10.209.52.47 context_name=imven context_type=onnumqua date_time=Nov 02 2017 11:05:41 dest_ip=10.141.201.173 dst_geo=upt dest_port=6017 device_product=itautfu device_vendor=nesci device_version=1.5040 drop_reason=mquis errdefs_msgno=lorsi errdefs_msg_name=tetura flow_id=eeufug ip_protocol=ipv6 severity=medium partition_name=tevelite route_domain=tocca sa_translation_pool=orsitvol sa_translation_type=ntor source_ip=10.147.127.181 src_geo=minimav source_port=6994 source_user=tasu translated_dest_ip=10.56.134.118 translated_dest_port=358 translated_ip_protocol=evo translated_route_domain=mcorpori translated_source_ip=10.196.176.243 translated_source_port=3465 translated_vlan=orsitam vlan=4991", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "prehende lup tpers2217.internal.lan nula tdolorem qui [F5@olupt acl_policy_name=nemulla acl_policy_type=asp acl_rule_name=dexercit action=Closed hostname=taliq5213.api.corp bigip_mgmt_ip=10.226.24.84 context_name=ectobea context_type=dat date_time=Nov 16 2017 18:08:15 dest_ip=10.91.18.221 dst_geo=aut dest_port=5596 device_product=uames device_vendor=tconsec device_version=1.7604 drop_reason=oll errdefs_msgno=laboree errdefs_msg_name=udantiu flow_id=itametco ip_protocol=ipv6 severity=very-high partition_name=odico route_domain=rsint sa_translation_pool=itl sa_translation_type=ttenb source_ip=10.231.18.90 src_geo=lapa source_port=4860 source_user=Nem translated_dest_ip=10.85.13.237 translated_dest_port=4072 translated_ip_protocol=upidata translated_route_domain=ici translated_source_ip=10.248.140.59 translated_source_port=5760 translated_vlan=ident vlan=4293", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "quelaud luptat rinrep6482.api.lan nimv emeu tatemac [F5@quisn acl_policy_name=rem acl_policy_type=ulamcola acl_rule_name=remagnaa action=Accept hostname=ntsunt4894.mail.domain bigip_mgmt_ip=10.203.46.215 context_name=mcorpori context_type=orisn date_time=Dec 01 2017 01:10:49 dest_ip=10.88.194.242 dst_geo=mco dest_port=6246 device_product=itame device_vendor=tenat device_version=1.5407 drop_reason=yCiceroi errdefs_msgno=nostrum errdefs_msg_name=orroquis flow_id=eumi ip_protocol=icmp severity=low partition_name=aea route_domain=tvolu sa_translation_pool=dutper sa_translation_type=tlaboru source_ip=10.207.183.204 src_geo=equuntu source_port=2673 source_user=eruntmo translated_dest_ip=10.8.224.72 translated_dest_port=6506 translated_ip_protocol=ion translated_route_domain=rured translated_source_ip=10.59.215.207 translated_source_port=6195 translated_vlan=ore vlan=5842", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "xerc Nequep ametcon7485.www.test rro tuser ctasu [F5@irat acl_policy_name=sitame acl_policy_type=oinven acl_rule_name=natu action=Drop hostname=mexer3864.api.corp bigip_mgmt_ip=10.98.154.146 context_name=nula context_type=ameaquei date_time=Dec 15 2017 08:13:24 dest_ip=10.72.114.116 dst_geo=mquis dest_port=7760 device_product=olupta device_vendor=isno device_version=1.6814 drop_reason=ine errdefs_msgno=aeco errdefs_msg_name=rinrepr flow_id=dutp ip_protocol=ipv6-icmp severity=very-high partition_name=giatqu route_domain=rsint sa_translation_pool=rsi sa_translation_type=paq source_ip=10.73.84.95 src_geo=uisautem source_port=6701 source_user=sitam translated_dest_ip=10.255.145.22 translated_dest_port=6949 translated_ip_protocol=emUtenim translated_route_domain=ende translated_source_ip=10.230.38.148 translated_source_port=3213 translated_vlan=sse vlan=368", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "incidi aedictas rumetMa2554.domain unt liq abore [F5@iumdo acl_policy_name=oreeu acl_policy_type=mea acl_rule_name=ssec action=Accept hostname=oluptat6960.www5.test bigip_mgmt_ip=10.211.29.187 context_name=ptat context_type=meaquei date_time=Dec 29 2017 15:15:58 dest_ip=10.228.204.249 dst_geo=eleumi dest_port=4584 device_product=porissus device_vendor=imip device_version=1.7160 drop_reason=ddoe errdefs_msgno=uptateve errdefs_msg_name=ured flow_id=ctetu ip_protocol=tcp severity=low partition_name=uasiarch route_domain=Malor sa_translation_pool=boriosa sa_translation_type=cillumdo source_ip=10.166.142.198 src_geo=oremipsu source_port=465 source_user=tium translated_dest_ip=10.105.120.162 translated_dest_port=2984 translated_ip_protocol=etc translated_route_domain=eturadip translated_source_ip=10.175.181.138 translated_source_port=3787 translated_vlan=tassitas vlan=1495", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "velite maccus nima5813.mail.example iarchit sBonorum moenimi [F5@lor acl_policy_name=auto acl_policy_type=rsinto acl_rule_name=ati action=Established hostname=fugiatnu2498.www.localhost bigip_mgmt_ip=10.182.213.195 context_name=tconse context_type=eumf date_time=Jan 12 2018 22:18:32 dest_ip=10.200.94.145 dst_geo=doconse dest_port=5211 device_product=uis device_vendor=lill device_version=1.6057 drop_reason=imi errdefs_msgno=animi errdefs_msg_name=edutpers flow_id=pisci ip_protocol=tcp severity=very-high partition_name=umto route_domain=xercit sa_translation_pool=lam sa_translation_type=asnu source_ip=10.122.133.162 src_geo=eriam source_port=4838 source_user=aquae translated_dest_ip=10.220.202.102 translated_dest_port=10 translated_ip_protocol=iaturE translated_route_domain=epor translated_source_ip=10.195.139.25 translated_source_port=5566 translated_vlan=tper vlan=4341", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tconsect pariat iutal3376.api.corp isi idexeac ntu [F5@tdolo acl_policy_name=nimve acl_policy_type=duntut acl_rule_name=emporin action=Reject hostname=ptat3230.domain bigip_mgmt_ip=10.156.208.5 context_name=tlaboru context_type=tec date_time=Jan 27 2018 05:21:06 dest_ip=10.9.69.13 dst_geo=uatD dest_port=6508 device_product=antium device_vendor=remaper device_version=1.3297 drop_reason=ntNequ errdefs_msgno=anim errdefs_msg_name=uae flow_id=ata ip_protocol=tcp severity=very-high partition_name=paq route_domain=emipsumq sa_translation_pool=culpaq sa_translation_type=quamq source_ip=10.53.72.161 src_geo=pta source_port=4723 source_user=scip translated_dest_ip=10.33.143.163 translated_dest_port=5404 translated_ip_protocol=iusmodi translated_route_domain=esciun translated_source_ip=10.247.144.9 translated_source_port=2494 translated_vlan=lit vlan=4112", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "oidentsu oditau onsec1632.internal.lan lup aeca isau [F5@giat acl_policy_name=ttenb acl_policy_type=eirure acl_rule_name=boreetd action=Closed hostname=exer447.internal.localhost bigip_mgmt_ip=10.35.190.164 context_name=radipis context_type=lore date_time=Feb 10 2018 12:23:41 dest_ip=10.76.99.144 dst_geo=eufugia dest_port=2345 device_product=pariat device_vendor=nimip device_version=1.2476 drop_reason=usci errdefs_msgno=unturmag errdefs_msg_name=dexeaco flow_id=lupta ip_protocol=ggp severity=very-high partition_name=oreeufug route_domain=Quisa sa_translation_pool=quiav sa_translation_type=ctionofd source_ip=10.21.58.162 src_geo=uisautei source_port=7881 source_user=porin translated_dest_ip=10.241.143.145 translated_dest_port=6151 translated_ip_protocol=ecillum translated_route_domain=olor translated_source_ip=10.113.65.192 translated_source_port=7807 translated_vlan=conseq vlan=6079", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "edutpers ctobeat upta4358.home orem inibus secte [F5@ctobeat acl_policy_name=onsec acl_policy_type=idestl acl_rule_name=litani action=Closed hostname=itanimi1934.home bigip_mgmt_ip=10.19.154.103 context_name=ittenb context_type=tobeatae date_time=Feb 24 2018 19:26:15 dest_ip=10.235.51.61 dst_geo=exe dest_port=1872 device_product=cia device_vendor=idolo device_version=1.768 drop_reason=pitlabo errdefs_msgno=tas errdefs_msg_name=rcitat flow_id=ree ip_protocol=tcp severity=very-high partition_name=quipexea route_domain=orsitv sa_translation_pool=dunt sa_translation_type=int source_ip=10.53.27.253 src_geo=temveleu source_port=3599 source_user=luptat translated_dest_ip=10.75.113.240 translated_dest_port=1874 translated_ip_protocol=ionulam translated_route_domain=auto translated_source_ip=10.129.16.166 translated_source_port=5141 translated_vlan=ntocca vlan=5439", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tvol lup mipsamv161.local ionula pexeaco temaccu [F5@uamqua acl_policy_name=Neq acl_policy_type=runt acl_rule_name=xcep action=Established hostname=pteurs1031.mail.corp bigip_mgmt_ip=10.125.150.220 context_name=lumquid context_type=eturadip date_time=Mar 11 2018 02:28:49 dest_ip=10.241.228.95 dst_geo=equ dest_port=7256 device_product=ssequamn device_vendor=ave device_version=1.5812 drop_reason=edquia errdefs_msgno=ihi errdefs_msg_name=undeomn flow_id=ape ip_protocol=rdp severity=medium partition_name=ari route_domain=umtot sa_translation_pool=onemulla sa_translation_type=atquo source_ip=10.120.50.13 src_geo=issu source_port=4426 source_user=inculpa translated_dest_ip=10.150.153.61 translated_dest_port=2773 translated_ip_protocol=loremagn translated_route_domain=acons translated_source_ip=10.22.213.196 translated_source_port=7230 translated_vlan=emoenimi vlan=1864", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mqu onorume abill5290.lan mini mve tionev [F5@uasiarch acl_policy_name=velites acl_policy_type=uredolor acl_rule_name=epreh action=Accept hostname=edquiaco6562.api.lan bigip_mgmt_ip=10.113.2.13 context_name=rudexerc context_type=nturm date_time=Mar 25 2018 09:31:24 dest_ip=10.182.134.109 dst_geo=dquia dest_port=5334 device_product=bori device_vendor=dipi device_version=1.7232 drop_reason=utf errdefs_msgno=dolor errdefs_msg_name=dexe flow_id=nemul ip_protocol=igmp severity=low partition_name=lupt route_domain=quatur sa_translation_pool=dminim sa_translation_type=ptatevel source_ip=10.85.52.249 src_geo=eirured source_port=3772 source_user=tatiset translated_dest_ip=10.238.171.184 translated_dest_port=2574 translated_ip_protocol=duntutl translated_route_domain=nven translated_source_ip=10.229.155.171 translated_source_port=6978 translated_vlan=asiarch vlan=7121", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "utla deomni tse7542.test nesciu todit utaliqui [F5@emse acl_policy_name=emqui acl_policy_type=cipitla acl_rule_name=tlab action=Accept hostname=tatis7315.mail.home bigip_mgmt_ip=10.249.174.35 context_name=umfu context_type=utla date_time=Apr 08 2018 16:33:58 dest_ip=10.136.53.201 dst_geo=dolo dest_port=6418 device_product=samvol device_vendor=equa device_version=1.536 drop_reason=strumex errdefs_msgno=tessecil errdefs_msg_name=ugia flow_id=reprehe ip_protocol=udp severity=medium partition_name=umq route_domain=sistena sa_translation_pool=qui sa_translation_type=caboN source_ip=10.198.150.185 src_geo=catcupid source_port=3167 source_user=quela translated_dest_ip=10.51.245.225 translated_dest_port=3991 translated_ip_protocol=enimi translated_route_domain=illum translated_source_ip=10.220.1.249 translated_source_port=4200 translated_vlan=Sedut vlan=7832", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "audant obeata uredol2348.www5.host entorev quuntur olup [F5@aeab acl_policy_name=uradipis acl_policy_type=aerat acl_rule_name=les action=Drop hostname=eosqui3723.api.localdomain bigip_mgmt_ip=10.152.157.32 context_name=ali context_type=udexerci date_time=Apr 22 2018 23:36:32 dest_ip=10.76.232.245 dst_geo=osqu dest_port=4859 device_product=aborio device_vendor=rve device_version=1.219 drop_reason=nbyCi errdefs_msgno=runtmoll errdefs_msg_name=busBon flow_id=norumetM ip_protocol=udp severity=low partition_name=usBono route_domain=ameaq sa_translation_pool=Quis sa_translation_type=lupta source_ip=10.251.82.195 src_geo=umiure source_port=5186 source_user=olorese translated_dest_ip=10.190.96.181 translated_dest_port=2153 translated_ip_protocol=culp translated_route_domain=deomn translated_source_ip=10.38.185.31 translated_source_port=1085 translated_vlan=llo vlan=1106", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tla iaconseq sed3235.www5.localhost pidatatn isno luptatev [F5@occaeca acl_policy_name=dan acl_policy_type=pta acl_rule_name=upt action=Drop hostname=itaedict199.mail.corp bigip_mgmt_ip=10.103.102.242 context_name=labore context_type=lorem date_time=May 07 2018 06:39:06 dest_ip=10.68.159.207 dst_geo=eratv dest_port=7206 device_product=estq device_vendor=quasiarc device_version=1.6526 drop_reason=liq errdefs_msgno=xerc errdefs_msg_name=atisetqu flow_id=squir ip_protocol=icmp severity=very-high partition_name=quam route_domain=deriti sa_translation_pool=edictasu sa_translation_type=eturadi source_ip=10.190.247.194 src_geo=mSecti source_port=4210 source_user=tDuisaut translated_dest_ip=10.230.112.179 translated_dest_port=5926 translated_ip_protocol=vol translated_route_domain=ita translated_source_ip=10.211.198.50 translated_source_port=7510 translated_vlan=nibusB vlan=5555", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "amremap oremagna aqu4475.mail.invalid serrorsi tsedquia rsit [F5@quis acl_policy_name=upidatat acl_policy_type=mod acl_rule_name=niamqui action=Closed hostname=xeaco7887.www.localdomain bigip_mgmt_ip=10.47.223.155 context_name=ugitsed context_type=dminimve date_time=May 21 2018 13:41:41 dest_ip=10.111.137.84 dst_geo=uiac dest_port=7838 device_product=tot device_vendor=reme device_version=1.7750 drop_reason=loremi errdefs_msgno=queporro errdefs_msg_name=tur flow_id=eFi ip_protocol=ipv6-icmp severity=medium partition_name=ulapari route_domain=eporroq sa_translation_pool=uunturm sa_translation_type=iatn source_ip=10.219.83.199 src_geo=diduntut source_port=1321 source_user=ectetur translated_dest_ip=10.101.13.122 translated_dest_port=6737 translated_ip_protocol=nibusBo translated_route_domain=volup translated_source_ip=10.251.101.61 translated_source_port=5153 translated_vlan=scipit vlan=6495", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tore isni tamrema736.www5.lan ntiumdol conse aturve [F5@edqui acl_policy_name=tvolu acl_policy_type=psu acl_rule_name=strud action=Closed hostname=saute7421.www.invalid bigip_mgmt_ip=10.21.80.157 context_name=tiumtot context_type=tate date_time=Jun 04 2018 20:44:15 dest_ip=10.13.222.177 dst_geo=inBCSed dest_port=6353 device_product=Loremip device_vendor=taliqui device_version=1.5568 drop_reason=ipsaquae errdefs_msgno=olu errdefs_msg_name=exerci flow_id=isnostru ip_protocol=tcp severity=very-high partition_name=ngelits route_domain=volupt sa_translation_pool=billoi sa_translation_type=reseo source_ip=10.31.86.83 src_geo=pariat source_port=6646 source_user=litsed translated_dest_ip=10.21.30.43 translated_dest_port=4754 translated_ip_protocol=lorem translated_route_domain=iamquisn translated_source_ip=10.83.136.233 translated_source_port=6643 translated_vlan=imadm vlan=3187", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "lumdol edutper utemve6966.mail.local emoen ptate mipsumqu [F5@turad acl_policy_name=dol acl_policy_type=ntutla acl_rule_name=des action=Accept hostname=oluptas1637.home bigip_mgmt_ip=10.195.90.73 context_name=ipisc context_type=iatnulap date_time=Jun 19 2018 03:46:49 dest_ip=10.170.155.137 dst_geo=uine dest_port=1815 device_product=veniamqu device_vendor=iconsequ device_version=1.5445 drop_reason=apa errdefs_msgno=archite errdefs_msg_name=tur flow_id=ddo ip_protocol=ipv6 severity=high partition_name=inBC route_domain=did sa_translation_pool=atcupi sa_translation_type=eriti source_ip=10.45.152.205 src_geo=rema source_port=5107 source_user=datatn translated_dest_ip=10.194.197.107 translated_dest_port=2524 translated_ip_protocol=tur translated_route_domain=itation translated_source_ip=10.27.181.27 translated_source_port=5509 translated_vlan=uredo vlan=2155", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "use catcu quame922.internal.host eursi liquid ulapari [F5@ibus acl_policy_name=isu acl_policy_type=moll acl_rule_name=roinBCS action=Drop hostname=ididu5505.api.localdomain bigip_mgmt_ip=10.43.239.97 context_name=modi context_type=cip date_time=Jul 03 2018 10:49:23 dest_ip=10.60.60.164 dst_geo=iscive dest_port=5527 device_product=incididu device_vendor=yCice device_version=1.508 drop_reason=ionem errdefs_msgno=taevitae errdefs_msg_name=dminimv flow_id=quam ip_protocol=tcp severity=low partition_name=umdol route_domain=rerepr sa_translation_pool=ipiscin sa_translation_type=trudexe source_ip=10.222.2.132 src_geo=umdo source_port=6187 source_user=aedicta translated_dest_ip=10.129.161.18 translated_dest_port=782 translated_ip_protocol=umquiad translated_route_domain=porinc translated_source_ip=10.183.90.25 translated_source_port=5038 translated_vlan=conse vlan=2563", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dolo reeufu umexe5208.local suntex uptatema uteiru [F5@rcitati acl_policy_name=siutali acl_policy_type=uiratio acl_rule_name=ficia action=Closed hostname=mqui1099.api.corp bigip_mgmt_ip=10.231.167.171 context_name=onorumet context_type=illoinve date_time=Jul 17 2018 17:51:58 dest_ip=10.188.254.168 dst_geo=nevolup dest_port=3706 device_product=lor device_vendor=ica device_version=1.4479 drop_reason=sumd errdefs_msgno=elitse errdefs_msg_name=olu flow_id=temqu ip_protocol=rdp severity=very-high partition_name=nesci route_domain=meaquei sa_translation_pool=snisiu sa_translation_type=atem source_ip=10.189.162.131 src_geo=litsed source_port=6019 source_user=sedquia translated_dest_ip=10.67.129.100 translated_dest_port=7106 translated_ip_protocol=mmodicon translated_route_domain=eosquir translated_source_ip=10.248.156.138 translated_source_port=2125 translated_vlan=smodit vlan=3090", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dun xce dol5403.www.localhost asiar eiu maliquam [F5@gnama acl_policy_name=ursintoc acl_policy_type=minimve acl_rule_name=eprehe action=Reject hostname=siuta2155.lan bigip_mgmt_ip=10.63.103.30 context_name=ill context_type=imveniam date_time=Aug 01 2018 00:54:32 dest_ip=10.36.29.127 dst_geo=umqui dest_port=1757 device_product=sci device_vendor=isquames device_version=1.2927 drop_reason=tlabor errdefs_msgno=itecto errdefs_msg_name=loreeuf flow_id=orainci ip_protocol=icmp severity=low partition_name=aev route_domain=uelaudan sa_translation_pool=lab sa_translation_type=sequa source_ip=10.6.146.184 src_geo=rrorsi source_port=7247 source_user=sequu translated_dest_ip=10.185.107.27 translated_dest_port=2257 translated_ip_protocol=mips translated_route_domain=iduntutl translated_source_ip=10.142.106.66 translated_source_port=3790 translated_vlan=quelauda vlan=289", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dolo ulamc doe344.www5.local toreve squirat llum [F5@dol acl_policy_name=niam acl_policy_type=atio acl_rule_name=sno action=Established hostname=tatiset4191.localdomain bigip_mgmt_ip=10.214.93.200 context_name=dtempor context_type=rroquisq date_time=Aug 15 2018 07:57:06 dest_ip=10.215.63.248 dst_geo=uidex dest_port=1203 device_product=lloi device_vendor=nseq device_version=1.4023 drop_reason=isetqua errdefs_msgno=ianonn errdefs_msg_name=oluptas flow_id=doe ip_protocol=udp severity=very-high partition_name=rchitect route_domain=orsitame sa_translation_pool=tasn sa_translation_type=exeaco source_ip=10.93.39.237 src_geo=aincidu source_port=232 source_user=tionofd translated_dest_ip=10.0.202.9 translated_dest_port=7451 translated_ip_protocol=nvolup translated_route_domain=ommodic translated_source_ip=10.119.179.182 translated_source_port=7255 translated_vlan=undeo vlan=7696", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uiinea uianonn eavolupt784.www5.example liquam sinto edi [F5@eumiure acl_policy_name=ore acl_policy_type=adeser acl_rule_name=mSe action=Drop hostname=aute2433.mail.lan bigip_mgmt_ip=10.252.204.162 context_name=tiae context_type=giat date_time=Aug 29 2018 14:59:40 dest_ip=10.115.77.51 dst_geo=mcorpor dest_port=2433 device_product=ostru device_vendor=mea device_version=1.5939 drop_reason=iquipex errdefs_msgno=byCice errdefs_msg_name=deritq flow_id=boreetdo ip_protocol=ipv6-icmp severity=medium partition_name=iin route_domain=nostr sa_translation_pool=luptatem sa_translation_type=tNequepo source_ip=10.28.145.163 src_geo=sper source_port=72 source_user=imadmin translated_dest_ip=10.123.154.140 translated_dest_port=2551 translated_ip_protocol=mSect translated_route_domain=iure translated_source_ip=10.30.189.166 translated_source_port=2749 translated_vlan=aer vlan=3422", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "roquis mremape ude2977.www.corp rmagnido exeaco dqu [F5@ccaec acl_policy_name=repreh acl_policy_type=imven acl_rule_name=usan action=Accept hostname=idolo6535.internal.example bigip_mgmt_ip=10.46.162.198 context_name=snulap context_type=onsequat date_time=Sep 12 2018 22:02:15 dest_ip=10.166.128.248 dst_geo=pariatur dest_port=7435 device_product=tura device_vendor=equuntur device_version=1.6564 drop_reason=uaera errdefs_msgno=mqua errdefs_msg_name=xer flow_id=utlabore ip_protocol=ipv6-icmp severity=very-high partition_name=beataevi route_domain=amquisn sa_translation_pool=itquii sa_translation_type=imaven source_ip=10.145.128.250 src_geo=nder source_port=5641 source_user=eni translated_dest_ip=10.79.49.3 translated_dest_port=7794 translated_ip_protocol=psamvolu translated_route_domain=teturad translated_source_ip=10.29.122.183 translated_source_port=6166 translated_vlan=tla vlan=6146", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "modtempo edict nost3250.internal.localdomain nibu quatur isiutali [F5@mdolo acl_policy_name=nof acl_policy_type=usantiu acl_rule_name=periam action=Closed hostname=one7728.api.localdomain bigip_mgmt_ip=10.177.232.136 context_name=obe context_type=niamqu date_time=Sep 27 2018 05:04:49 dest_ip=10.140.59.161 dst_geo=smoditem dest_port=575 device_product=tev device_vendor=oNemoeni device_version=1.3341 drop_reason=elillumq errdefs_msgno=loremeum errdefs_msg_name=luptatem flow_id=ing ip_protocol=tcp severity=very-high partition_name=riameaqu route_domain=etd sa_translation_pool=omnisi sa_translation_type=dolor source_ip=10.166.169.167 src_geo=ati source_port=1544 source_user=olors translated_dest_ip=10.65.174.196 translated_dest_port=472 translated_ip_protocol=iin translated_route_domain=uteiru translated_source_ip=10.142.235.217 translated_source_port=5846 translated_vlan=orain vlan=2663", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "llu quaUt labor7147.internal.host ten vitae tse [F5@gni acl_policy_name=per acl_policy_type=tione acl_rule_name=nibus action=Established hostname=uptatem4446.internal.localhost bigip_mgmt_ip=10.29.217.44 context_name=eacommod context_type=tali date_time=Oct 11 2018 12:07:23 dest_ip=10.131.223.198 dst_geo=orisnisi dest_port=4342 device_product=eritquii device_vendor=atevelit device_version=1.325 drop_reason=enat errdefs_msgno=ionula errdefs_msg_name=itaed flow_id=invol ip_protocol=rdp severity=low partition_name=cidun route_domain=tassitas sa_translation_pool=nimadmi sa_translation_type=dipisci source_ip=10.215.184.154 src_geo=nor source_port=3306 source_user=iarc translated_dest_ip=10.191.78.86 translated_dest_port=6355 translated_ip_protocol=uiac translated_route_domain=squ translated_source_ip=10.53.188.140 translated_source_port=6455 translated_vlan=ten vlan=2937", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "isciveli ntutlab sitamet452.domain nsequ ing ollita [F5@dipisci acl_policy_name=amnisiu acl_policy_type=ptat acl_rule_name=epr action=Drop hostname=emq2514.api.localhost bigip_mgmt_ip=10.135.77.156 context_name=uraut context_type=non date_time=Oct 25 2018 19:09:57 dest_ip=10.248.182.188 dst_geo=turad dest_port=2537 device_product=nBCSe device_vendor=ollita device_version=1.3567 drop_reason=eni errdefs_msgno=quipe errdefs_msg_name=oluptat flow_id=stenatus ip_protocol=ggp severity=very-high partition_name=iaecon route_domain=ect sa_translation_pool=tquid sa_translation_type=seru source_ip=10.76.148.147 src_geo=remagna source_port=1121 source_user=urve translated_dest_ip=10.46.222.149 translated_dest_port=3304 translated_ip_protocol=squ translated_route_domain=emagnaal translated_source_ip=10.74.74.129 translated_source_port=5904 translated_vlan=itati vlan=3497", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rinc tno meumf4052.invalid pitlabo riamea Malorumw [F5@consect acl_policy_name=issu acl_policy_type=tconsect acl_rule_name=tationem action=Drop hostname=agna5654.www.corp bigip_mgmt_ip=10.96.200.223 context_name=iatisun context_type=cto date_time=Nov 09 2018 02:12:32 dest_ip=10.3.228.220 dst_geo=imadmini dest_port=3791 device_product=oeiusm device_vendor=aUtenim device_version=1.1186 drop_reason=isu errdefs_msgno=ute errdefs_msg_name=tdolore flow_id=madminim ip_protocol=igmp severity=very-high partition_name=prehen route_domain=ate sa_translation_pool=ull sa_translation_type=enimipsa source_ip=10.130.203.37 src_geo=quisnos source_port=2132 source_user=mvele translated_dest_ip=10.11.146.253 translated_dest_port=3581 translated_ip_protocol=remeum translated_route_domain=temseq translated_source_ip=10.145.49.29 translated_source_port=2464 translated_vlan=sedquia vlan=4912", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntmo aliqu iqu4429.www5.lan doconse volupta ptat [F5@oreverit acl_policy_name=nimides acl_policy_type=remipsum acl_rule_name=elit action=Drop hostname=ipi4827.mail.lan bigip_mgmt_ip=10.162.78.48 context_name=lab context_type=sedqui date_time=Nov 23 2018 09:15:06 dest_ip=10.243.157.94 dst_geo=epteu dest_port=5744 device_product=tura device_vendor=mquiavol device_version=1.6845 drop_reason=eabil errdefs_msgno=ibusB errdefs_msg_name=rporis flow_id=etco ip_protocol=ipv6 severity=very-high partition_name=ereprehe route_domain=olu sa_translation_pool=nofdeF sa_translation_type=riaturEx source_ip=10.24.23.209 src_geo=itautfu source_port=1503 source_user=rumwr translated_dest_ip=10.162.2.180 translated_dest_port=3889 translated_ip_protocol=mporain translated_route_domain=ectetur translated_source_ip=10.48.75.140 translated_source_port=1837 translated_vlan=ineavol vlan=5182", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "onproid sitv equam3114.test mcorp uelaud aperiam [F5@ngelit acl_policy_name=quiano acl_policy_type=sund acl_rule_name=iaconse action=Drop hostname=sequatD163.internal.example bigip_mgmt_ip=10.151.206.38 context_name=oloremi context_type=luptate date_time=Dec 07 2018 16:17:40 dest_ip=10.38.57.217 dst_geo=rur dest_port=5543 device_product=imidest device_vendor=oeiusmod device_version=1.419 drop_reason=psumqui errdefs_msgno=eddoeiu errdefs_msg_name=oinvento flow_id=mips ip_protocol=udp severity=medium partition_name=corpor route_domain=amvolu sa_translation_pool=ent sa_translation_type=ionemu source_ip=10.66.92.83 src_geo=orinrep source_port=2549 source_user=nproide translated_dest_ip=10.119.12.186 translated_dest_port=5674 translated_ip_protocol=qui translated_route_domain=nemullam translated_source_ip=10.97.105.115 translated_source_port=3576 translated_vlan=squir vlan=3987", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "umqu umet psaquaea5284.internal.example upt giatquo toccaec [F5@nihilmo acl_policy_name=atquo acl_policy_type=umetMa acl_rule_name=ngelitse action=Accept hostname=itamet1303.invalid bigip_mgmt_ip=10.12.148.73 context_name=eius context_type=evo date_time=Dec 21 2018 23:20:14 dest_ip=10.10.44.34 dst_geo=volupt dest_port=61 device_product=eosqu device_vendor=reetdolo device_version=1.7551 drop_reason=sten errdefs_msgno=enderi errdefs_msg_name=labore flow_id=uasiarch ip_protocol=igmp severity=very-high partition_name=magnama route_domain=reprehe sa_translation_pool=citatio sa_translation_type=dolo source_ip=10.201.132.114 src_geo=eetd source_port=6058 source_user=borisnis translated_dest_ip=10.64.76.142 translated_dest_port=7083 translated_ip_protocol=temse translated_route_domain=samvo translated_source_ip=10.169.139.250 translated_source_port=1374 translated_vlan=nostrume vlan=5035", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tatevel itin tam942.api.host iut leumiur deser [F5@boris acl_policy_name=ris acl_policy_type=nisiuta acl_rule_name=utper action=Drop hostname=epr3512.internal.domain bigip_mgmt_ip=10.9.236.18 context_name=iumdo context_type=exe date_time=Jan 05 2019 06:22:49 dest_ip=10.152.7.48 dst_geo=giatnula dest_port=71 device_product=enimadmi device_vendor=qui device_version=1.5292 drop_reason=aecon errdefs_msgno=sedq errdefs_msg_name=olo flow_id=sperna ip_protocol=udp severity=very-high partition_name=conseq route_domain=upta sa_translation_pool=eturadi sa_translation_type=cinge source_ip=10.111.128.11 src_geo=niamq source_port=5336 source_user=umfug translated_dest_ip=10.35.38.185 translated_dest_port=7077 translated_ip_protocol=labor translated_route_domain=Sec translated_source_ip=10.200.116.191 translated_source_port=3068 translated_vlan=nsecte vlan=5790", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uianonnu por nve894.lan turadip ataev eFinib [F5@atione acl_policy_name=xcepte acl_policy_type=gnaa acl_rule_name=tio action=Reject hostname=uredol2174.home bigip_mgmt_ip=10.191.27.182 context_name=tMalo context_type=urautod date_time=Jan 19 2019 13:25:23 dest_ip=10.114.60.159 dst_geo=rese dest_port=5302 device_product=rissusci device_vendor=quaturve device_version=1.5991 drop_reason=tisunde errdefs_msgno=ende errdefs_msg_name=quidolor flow_id=lloin ip_protocol=igmp severity=high partition_name=proiden route_domain=moenimip sa_translation_pool=tat sa_translation_type=tate source_ip=10.236.67.227 src_geo=ern source_port=881 source_user=tlabo translated_dest_ip=10.134.238.8 translated_dest_port=2976 translated_ip_protocol=aqua translated_route_domain=edquiac translated_source_ip=10.240.62.238 translated_source_port=1251 translated_vlan=olo vlan=5926", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ali Nequepor aUten4127.internal.lan apariatu mnisis onsequa [F5@sunt acl_policy_name=orumSe acl_policy_type=olupta acl_rule_name=emveleum action=Drop hostname=ididunt7607.mail.localhost bigip_mgmt_ip=10.165.66.92 context_name=isq context_type=eacommo date_time=Feb 02 2019 20:27:57 dest_ip=10.244.171.198 dst_geo=nimad dest_port=7814 device_product=asi device_vendor=tobe device_version=1.6837 drop_reason=Lore errdefs_msgno=oin errdefs_msg_name=eritquii flow_id=taliqui ip_protocol=ipv6-icmp severity=very-high partition_name=entoreve route_domain=ion sa_translation_pool=exeaco sa_translation_type=tate source_ip=10.109.14.142 src_geo=sitas source_port=6036 source_user=perna translated_dest_ip=10.65.35.64 translated_dest_port=2748 translated_ip_protocol=irur translated_route_domain=risnisiu translated_source_ip=10.22.231.91 translated_source_port=2652 translated_vlan=equepor vlan=897", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ugiatn utpe hend1170.www5.lan ptateve aliqua officiad [F5@nimadmin acl_policy_name=iavol acl_policy_type=roq acl_rule_name=iumtota action=Reject hostname=inimav5557.www5.test bigip_mgmt_ip=10.71.112.86 context_name=olor context_type=emoenim date_time=Feb 17 2019 03:30:32 dest_ip=10.57.64.102 dst_geo=rume dest_port=7667 device_product=inibusBo device_vendor=tqui device_version=1.99 drop_reason=citat errdefs_msgno=prehende errdefs_msg_name=vitaedic flow_id=remip ip_protocol=ggp severity=high partition_name=rehe route_domain=aper sa_translation_pool=gnaa sa_translation_type=tam source_ip=10.64.161.215 src_geo=modi source_port=4869 source_user=rnatur translated_dest_ip=10.29.230.203 translated_dest_port=6579 translated_ip_protocol=abi translated_route_domain=inimaven translated_source_ip=10.89.221.90 translated_source_port=5835 translated_vlan=entoreve vlan=4612", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "roqu dquia ommod142.www.home ptate oloreeu imipsa [F5@iscinge acl_policy_name=ora acl_policy_type=meumfug acl_rule_name=inimve action=Closed hostname=nonn1650.www.test bigip_mgmt_ip=10.88.226.76 context_name=ptas context_type=iadolo date_time=Mar 03 2019 10:33:06 dest_ip=10.217.197.29 dst_geo=aliquide dest_port=7187 device_product=tinv device_vendor=iar device_version=1.5232 drop_reason=mquela errdefs_msgno=urm errdefs_msg_name=con flow_id=aeabil ip_protocol=udp severity=low partition_name=edicta route_domain=itaspern sa_translation_pool=tau sa_translation_type=rcit source_ip=10.79.208.135 src_geo=rehende source_port=3688 source_user=erspic translated_dest_ip=10.221.199.137 translated_dest_port=6430 translated_ip_protocol=quipe translated_route_domain=evita translated_source_ip=10.140.118.182 translated_source_port=4566 translated_vlan=nia vlan=7548", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "npro boriosa sundeo3076.internal.test Nequepor turQ tod [F5@rsitame acl_policy_name=nsectetu acl_policy_type=untexpli acl_rule_name=smo action=Reject hostname=acons3940.api.lan bigip_mgmt_ip=10.133.48.55 context_name=lab context_type=ela date_time=Mar 17 2019 17:35:40 dest_ip=10.134.141.37 dst_geo=oreve dest_port=2538 device_product=tali device_vendor=quamnih device_version=1.2492 drop_reason=reprehen errdefs_msgno=Exce errdefs_msg_name=tocca flow_id=tinvolu ip_protocol=ipv6 severity=low partition_name=iumt route_domain=mad sa_translation_pool=mpor sa_translation_type=eddoei source_ip=10.35.73.208 src_geo=dolo source_port=6552 source_user=tia translated_dest_ip=10.126.61.230 translated_dest_port=2068 translated_ip_protocol=dolor translated_route_domain=emUteni translated_source_ip=10.189.244.22 translated_source_port=734 translated_vlan=rinre vlan=6425", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ident uatur dquiaco2756.home uiine mve dolorema [F5@ditautf acl_policy_name=uisnostr acl_policy_type=oditautf acl_rule_name=nula action=Established hostname=suscipit587.www.localhost bigip_mgmt_ip=10.81.154.115 context_name=ita context_type=aeratvol date_time=Apr 01 2019 00:38:14 dest_ip=10.194.94.1 dst_geo=ostr dest_port=575 device_product=boreetd device_vendor=ueporro device_version=1.4044 drop_reason=oluptat errdefs_msgno=olors errdefs_msg_name=mSecti flow_id=ius ip_protocol=icmp severity=very-high partition_name=xerci route_domain=qua sa_translation_pool=iaecons sa_translation_type=pteurs source_ip=10.35.65.72 src_geo=veni source_port=3387 source_user=reseo translated_dest_ip=10.239.194.105 translated_dest_port=3629 translated_ip_protocol=isnos translated_route_domain=ntin translated_source_ip=10.240.94.109 translated_source_port=5437 translated_vlan=ono vlan=573", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "consequ ine hend3901.www.localdomain nsecte miurere tat [F5@pitlabor acl_policy_name=upi acl_policy_type=olupta acl_rule_name=ape action=Established hostname=mnisiut6146.internal.local bigip_mgmt_ip=10.52.70.192 context_name=empor context_type=ate date_time=Apr 15 2019 07:40:49 dest_ip=10.234.254.96 dst_geo=obeatae dest_port=2042 device_product=orem device_vendor=dquian device_version=1.2307 drop_reason=uis errdefs_msgno=emagnaal errdefs_msg_name=uunturm flow_id=nonnumq ip_protocol=ggp severity=very-high partition_name=ntocca route_domain=emquelau sa_translation_pool=adolorsi sa_translation_type=lupt source_ip=10.38.253.213 src_geo=ncidu source_port=3369 source_user=ionem translated_dest_ip=10.248.72.104 translated_dest_port=7485 translated_ip_protocol=cusan translated_route_domain=ivelit translated_source_ip=10.150.56.227 translated_source_port=4686 translated_vlan=isnost vlan=4697", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "urQu idol fici312.api.host eri pitlab riosamn [F5@Malo acl_policy_name=onse acl_policy_type=enatuse acl_rule_name=veritat action=Reject hostname=borios1067.www5.home bigip_mgmt_ip=10.218.15.164 context_name=ntNeque context_type=magnidol date_time=Apr 29 2019 14:43:23 dest_ip=10.56.60.3 dst_geo=aaliq dest_port=2143 device_product=gel device_vendor=modt device_version=1.2031 drop_reason=mvolu errdefs_msgno=agn errdefs_msg_name=eritinvo flow_id=aliq ip_protocol=rdp severity=very-high partition_name=uisautei route_domain=labor sa_translation_pool=ihilmol sa_translation_type=scinge source_ip=10.62.218.239 src_geo=yCiceroi source_port=166 source_user=reh translated_dest_ip=10.73.172.186 translated_dest_port=3510 translated_ip_protocol=itte translated_route_domain=niamquis translated_source_ip=10.203.193.134 translated_source_port=6251 translated_vlan=riosa vlan=7445", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ore ptatema poriss2289.localdomain luptat ficiad saquaea [F5@archi acl_policy_name=caboNe acl_policy_type=ptate acl_rule_name=enimips action=Established hostname=msequ323.www.example bigip_mgmt_ip=10.60.20.76 context_name=seq context_type=uae date_time=May 13 2019 21:45:57 dest_ip=10.244.241.67 dst_geo=quaeabi dest_port=5701 device_product=ost device_vendor=mave device_version=1.2555 drop_reason=aev errdefs_msgno=uovolup errdefs_msg_name=tMaloru flow_id=rum ip_protocol=ipv6-icmp severity=very-high partition_name=ptassita route_domain=ionemul sa_translation_pool=orema sa_translation_type=its source_ip=10.10.46.43 src_geo=stiaec source_port=7346 source_user=nev translated_dest_ip=10.136.211.234 translated_dest_port=4126 translated_ip_protocol=lamcor translated_route_domain=rorsitv translated_source_ip=10.131.127.113 translated_source_port=853 translated_vlan=iamqu vlan=1324", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mwrit dminimve madminim5473.mail.example reeuf orinrepr tinvo [F5@oru acl_policy_name=ainc acl_policy_type=aeab acl_rule_name=iat action=Closed hostname=tdolorem813.internal.host bigip_mgmt_ip=10.50.177.151 context_name=rsitam context_type=aliqui date_time=May 28 2019 04:48:31 dest_ip=10.206.65.159 dst_geo=fdeFini dest_port=1295 device_product=eetdolo device_vendor=issuscip device_version=1.3291 drop_reason=tqu errdefs_msgno=rinc errdefs_msg_name=hender flow_id=sBonor ip_protocol=rdp severity=high partition_name=ercitati route_domain=lapa sa_translation_pool=enia sa_translation_type=atis source_ip=10.233.181.250 src_geo=isiuta source_port=2868 source_user=ugiatq translated_dest_ip=10.187.237.220 translated_dest_port=7744 translated_ip_protocol=eumfu translated_route_domain=remap translated_source_ip=10.248.0.74 translated_source_port=6349 translated_vlan=tru vlan=2520", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "isautem eiusm assit1598.www5.invalid archite eruntm iades [F5@mremape acl_policy_name=nimad acl_policy_type=ionemu acl_rule_name=nul action=Established hostname=volupt4626.internal.test bigip_mgmt_ip=10.189.43.11 context_name=asper context_type=eeu date_time=Jun 11 2019 11:51:06 dest_ip=10.193.169.102 dst_geo=olab dest_port=629 device_product=olore device_vendor=mSecti device_version=1.2859 drop_reason=idid errdefs_msgno=ela errdefs_msg_name=fugits flow_id=litseddo ip_protocol=igmp severity=medium partition_name=ptasn route_domain=amrem sa_translation_pool=umdolor sa_translation_type=iamq source_ip=10.248.248.120 src_geo=ationemu source_port=1282 source_user=iatn translated_dest_ip=10.96.223.46 translated_dest_port=3654 translated_ip_protocol=pern translated_route_domain=ptasn translated_source_ip=10.80.129.81 translated_source_port=4827 translated_vlan=tat vlan=5084", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eruntmo lumdolo urmagnid2749.api.host imip taspe siutaliq [F5@turadipi acl_policy_name=tMalo acl_policy_type=veni acl_rule_name=rspi action=Closed hostname=ntium5103.www5.localhost bigip_mgmt_ip=10.66.106.186 context_name=uatD context_type=reh date_time=Jun 25 2019 18:53:40 dest_ip=10.36.14.238 dst_geo=metco dest_port=4740 device_product=ilmoles device_vendor=xeaco device_version=1.1910 drop_reason=ccaecat errdefs_msgno=radip errdefs_msg_name=secil flow_id=totamr ip_protocol=udp severity=very-high partition_name=iciat route_domain=uira sa_translation_pool=orio sa_translation_type=mseq source_ip=10.102.109.199 src_geo=iono source_port=2061 source_user=tNequ translated_dest_ip=10.173.114.63 translated_dest_port=5877 translated_ip_protocol=tatisetq translated_route_domain=eabilloi translated_source_ip=10.91.115.139 translated_source_port=412 translated_vlan=eroi vlan=2077", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "riatur amrema illum2978.internal.home rumetMa entor urere [F5@involu acl_policy_name=qui acl_policy_type=aliqu acl_rule_name=sita action=Drop hostname=orpori3334.www.local bigip_mgmt_ip=10.198.157.122 context_name=ncu context_type=quatu date_time=Jul 10 2019 01:56:14 dest_ip=10.239.90.72 dst_geo=iratio dest_port=7700 device_product=its device_vendor=agn device_version=1.3690 drop_reason=ntmo errdefs_msgno=iur errdefs_msg_name=aboNemo flow_id=tsedquia ip_protocol=udp severity=very-high partition_name=tatiset route_domain=enim sa_translation_pool=gnido sa_translation_type=iamq source_ip=10.159.155.88 src_geo=uisa source_port=7034 source_user=iquipex translated_dest_ip=10.0.175.17 translated_dest_port=5236 translated_ip_protocol=tempori translated_route_domain=sedquian translated_source_ip=10.221.223.127 translated_source_port=2687 translated_vlan=ira vlan=3007", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "idolor umdo sequatu7142.internal.corp ipsaqu asun rsitam [F5@magn acl_policy_name=amcola acl_policy_type=eumiurer acl_rule_name=umf action=Established hostname=equu7361.www5.localdomain bigip_mgmt_ip=10.30.20.187 context_name=rsinto context_type=nonnumqu date_time=Jul 24 2019 08:58:48 dest_ip=10.103.47.100 dst_geo=chitect dest_port=5316 device_product=fug device_vendor=ulpaq device_version=1.6302 drop_reason=piscivel errdefs_msgno=ueporr errdefs_msg_name=udex flow_id=ipexeac ip_protocol=tcp severity=low partition_name=isci route_domain=archi sa_translation_pool=rsitame sa_translation_type=qui source_ip=10.7.212.201 src_geo=ion source_port=949 source_user=ugiat translated_dest_ip=10.252.136.130 translated_dest_port=5601 translated_ip_protocol=expl translated_route_domain=animi translated_source_ip=10.189.70.237 translated_source_port=1457 translated_vlan=tnul vlan=24", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "radip amremap dolorsit64.www.local uredo uamni nisi [F5@onsecte acl_policy_name=iono acl_policy_type=secillum acl_rule_name=sequatD action=Established hostname=tse2979.internal.localhost bigip_mgmt_ip=10.242.121.165 context_name=aut context_type=eriti date_time=Aug 07 2019 16:01:23 dest_ip=10.88.229.78 dst_geo=imadmi dest_port=2642 device_product=tevelite device_vendor=cto device_version=1.2037 drop_reason=mquiado errdefs_msgno=agn errdefs_msg_name=dip flow_id=urmag ip_protocol=tcp severity=high partition_name=laboreet route_domain=tutlabo sa_translation_pool=incid sa_translation_type=der source_ip=10.83.105.69 src_geo=usm source_port=2153 source_user=mni translated_dest_ip=10.102.109.194 translated_dest_port=2324 translated_ip_protocol=nor translated_route_domain=saut translated_source_ip=10.60.224.93 translated_source_port=1508 translated_vlan=deomnis vlan=354", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tla nimve edutpe1255.internal.lan nimadm cepte paquioff [F5@ictasun acl_policy_name=iumto acl_policy_type=ciun acl_rule_name=prehe action=Accept hostname=uisnostr2390.mail.domain bigip_mgmt_ip=10.251.167.219 context_name=eaco context_type=oremeu date_time=Aug 21 2019 23:03:57 dest_ip=10.14.251.18 dst_geo=tenbyCi dest_port=4371 device_product=citation device_vendor=spernatu device_version=1.7314 drop_reason=giatq errdefs_msgno=tion errdefs_msg_name=tNeque flow_id=uidolore ip_protocol=rdp severity=medium partition_name=usB route_domain=magnaali sa_translation_pool=istenatu sa_translation_type=roqui source_ip=10.17.20.93 src_geo=eritqu source_port=4368 source_user=Uteni translated_dest_ip=10.181.134.69 translated_dest_port=551 translated_ip_protocol=norum translated_route_domain=emUten translated_source_ip=10.219.174.45 translated_source_port=4055 translated_vlan=idolo vlan=968", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mmodicon nisis edquia4523.www.host remap ntium veniamqu [F5@equat acl_policy_name=reeu acl_policy_type=atemacc acl_rule_name=rsitvolu action=Accept hostname=luptate4811.mail.example bigip_mgmt_ip=10.30.117.82 context_name=destlabo context_type=fficia date_time=Sep 05 2019 06:06:31 dest_ip=10.245.75.229 dst_geo=elaud dest_port=4916 device_product=eaqueip device_vendor=emUten device_version=1.596 drop_reason=itseddoe errdefs_msgno=iti errdefs_msg_name=evitaedi flow_id=ionulamc ip_protocol=tcp severity=high partition_name=culp route_domain=Ciceroin sa_translation_pool=aeco sa_translation_type=olores source_ip=10.223.99.90 src_geo=adminim source_port=4324 source_user=numqua translated_dest_ip=10.28.233.253 translated_dest_port=1159 translated_ip_protocol=mUten translated_route_domain=eursint translated_source_ip=10.37.14.20 translated_source_port=6531 translated_vlan=teurs vlan=4919", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "aaliq nos uaUteni562.www.test deF dutpe tseddoei [F5@byCi acl_policy_name=odic acl_policy_type=chitecto acl_rule_name=nimadm action=Closed hostname=lites1614.www.corp bigip_mgmt_ip=10.125.20.22 context_name=olu context_type=ectet date_time=Sep 19 2019 13:09:05 dest_ip=10.121.189.113 dst_geo=tess dest_port=4686 device_product=xeacom device_vendor=adminim device_version=1.95 drop_reason=henderi errdefs_msgno=rainc errdefs_msg_name=dminim flow_id=sse ip_protocol=tcp severity=high partition_name=umexe route_domain=Sedu sa_translation_pool=tetur sa_translation_type=ern source_ip=10.50.61.114 src_geo=nvento source_port=649 source_user=qua translated_dest_ip=10.57.85.113 translated_dest_port=1024 translated_ip_protocol=itquii translated_route_domain=psu translated_source_ip=10.8.32.17 translated_source_port=3788 translated_vlan=nem vlan=5883", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sitasper agni ivelit1640.internal.lan iscive prehende volup [F5@nimi acl_policy_name=niamqu acl_policy_type=uioffi acl_rule_name=suntin action=Closed hostname=lorinrep7686.mail.corp bigip_mgmt_ip=10.200.28.55 context_name=ineavol context_type=abor date_time=Oct 03 2019 20:11:40 dest_ip=10.232.122.152 dst_geo=voluptat dest_port=1549 device_product=ipi device_vendor=lamcor device_version=1.3064 drop_reason=litesse errdefs_msgno=tam errdefs_msg_name=uovo flow_id=scivelit ip_protocol=icmp severity=low partition_name=empo route_domain=apa sa_translation_pool=colab sa_translation_type=sistenat source_ip=10.215.224.27 src_geo=Sedutper source_port=6726 source_user=ficiade translated_dest_ip=10.113.78.101 translated_dest_port=2707 translated_ip_protocol=amqua translated_route_domain=nsequatu translated_source_ip=10.181.63.82 translated_source_port=168 translated_vlan=tse vlan=4029", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ueip amvo dolorsi306.www5.local tten erit asiarch [F5@tob acl_policy_name=tiae acl_policy_type=imipsamv acl_rule_name=doeiu action=Established hostname=nderit6272.mail.example bigip_mgmt_ip=10.177.14.106 context_name=natuser context_type=olupt date_time=Oct 18 2019 03:14:14 dest_ip=10.239.142.115 dst_geo=nsec dest_port=6720 device_product=siarchi device_vendor=etq device_version=1.4522 drop_reason=archit errdefs_msgno=nde errdefs_msg_name=tNequepo flow_id=byCicer ip_protocol=ipv6 severity=medium partition_name=ipit route_domain=tdolorem sa_translation_pool=nderitin sa_translation_type=mquiado source_ip=10.169.95.128 src_geo=reeufugi source_port=7737 source_user=ofd translated_dest_ip=10.139.20.223 translated_dest_port=114 translated_ip_protocol=porincid translated_route_domain=tisetqu translated_source_ip=10.243.43.168 translated_source_port=2110 translated_vlan=ehenderi vlan=2215", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ipsu iden oreseo1541.mail.domain boriosam lites col [F5@litsedd acl_policy_name=mnis acl_policy_type=ainci acl_rule_name=aturve action=Established hostname=ntu1279.mail.lan bigip_mgmt_ip=10.92.168.198 context_name=rume context_type=uptate date_time=Nov 01 2019 10:16:48 dest_ip=10.115.225.57 dst_geo=orsit dest_port=3315 device_product=mnis device_vendor=tametco device_version=1.7456 drop_reason=inc errdefs_msgno=rroqui errdefs_msg_name=amr flow_id=mfug ip_protocol=tcp severity=low partition_name=mid route_domain=henderi sa_translation_pool=consec sa_translation_type=dquia source_ip=10.90.93.4 src_geo=rehe source_port=3382 source_user=adminima translated_dest_ip=10.39.100.88 translated_dest_port=5195 translated_ip_protocol=lup translated_route_domain=rsi translated_source_ip=10.18.176.44 translated_source_port=7284 translated_vlan=Utenimad vlan=4305", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Bon amquisno mullam6505.www.localhost siarch oloremi ididu [F5@uov acl_policy_name=ncidid acl_policy_type=audantiu acl_rule_name=lmolest action=Reject hostname=essequam1161.domain bigip_mgmt_ip=10.49.68.8 context_name=temUte context_type=idest date_time=Nov 15 2019 17:19:22 dest_ip=10.8.247.249 dst_geo=enimip dest_port=3957 device_product=ataevit device_vendor=ficiad device_version=1.2909 drop_reason=taspe errdefs_msgno=empori errdefs_msg_name=mipsum flow_id=tium ip_protocol=tcp severity=very-high partition_name=ota route_domain=boriosa sa_translation_pool=eprehen sa_translation_type=rehen source_ip=10.163.203.191 src_geo=exeacom source_port=2599 source_user=tlab translated_dest_ip=10.193.43.135 translated_dest_port=4650 translated_ip_protocol=iaeconse translated_route_domain=onevol translated_source_ip=10.173.13.179 translated_source_port=1211 translated_vlan=ptasn vlan=3791", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ctetur amqui itatise2264.invalid lup cipitla niam [F5@mullamc acl_policy_name=umtota acl_policy_type=ssecil acl_rule_name=xplic action=Closed hostname=cipitl2184.localdomain bigip_mgmt_ip=10.240.47.113 context_name=uisnost context_type=snul date_time=Nov 30 2019 00:21:57 dest_ip=10.191.241.249 dst_geo=Loremips dest_port=4361 device_product=tiset device_vendor=ciade device_version=1.7726 drop_reason=equ errdefs_msgno=rror errdefs_msg_name=Exce flow_id=uae ip_protocol=ggp severity=high partition_name=umdol route_domain=nseq sa_translation_pool=autodita sa_translation_type=loreme source_ip=10.84.64.28 src_geo=par source_port=3938 source_user=ull translated_dest_ip=10.209.226.7 translated_dest_port=7745 translated_ip_protocol=aeabi translated_route_domain=ore translated_source_ip=10.31.147.51 translated_source_port=7780 translated_vlan=ptate vlan=3154", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "fugit dantiu ntutla1447.invalid strude rautodi Loremips [F5@mestqui acl_policy_name=tect acl_policy_type=odtem acl_rule_name=ite action=Closed hostname=item3647.home bigip_mgmt_ip=10.32.20.4 context_name=olupta context_type=dents date_time=Dec 14 2019 07:24:31 dest_ip=10.166.40.137 dst_geo=oremipsu dest_port=5644 device_product=idolor device_vendor=tionem device_version=1.292 drop_reason=oinB errdefs_msgno=tateve errdefs_msg_name=rsitvo flow_id=enatuser ip_protocol=tcp severity=high partition_name=sistena route_domain=reetdolo sa_translation_pool=psam sa_translation_type=litseddo source_ip=10.225.189.229 src_geo=odtem source_port=2287 source_user=odtemp translated_dest_ip=10.86.1.244 translated_dest_port=7101 translated_ip_protocol=rinci translated_route_domain=uamestqu translated_source_ip=10.52.13.192 translated_source_port=4714 translated_vlan=remagna vlan=439", "tags": [ diff --git a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml index 81eaba6e6b5..7b896d25539 100644 --- a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Advanced Firewall Manager processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipafm/sample_event.json b/packages/f5/data_stream/bigipafm/sample_event.json index 7a3a169d594..fa8afd808e0 100644 --- a/packages/f5/data_stream/bigipafm/sample_event.json +++ b/packages/f5/data_stream/bigipafm/sample_event.json @@ -23,7 +23,7 @@ "port": 2288 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json index 2a1147a6048..a2413392751 100644 --- a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2016/01/29 06:09:59 aliqu high equepor[6720]: 01490106: :dolore: sequa: AD module: authentication with 'abo' failed: Preauthentication failed, principal name: squira. success reeufugi", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2016/02/12 13:12:33 billoi medium orev[6153]: 01490504: :tatemU: deF: sist1803.mail.local can not be resolved.", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2016/02/26 20:15:08 aqui low sSMTP[1166]: isetq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2016/03/12 03:17:42 seq high crond[5738]: (ccaecat) veleumi", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2016/03/26 10:20:16 ude very-high veri[5990]: 01490113: :tempo: inv: session.user.clientip is 10.134.175.248", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2016/04/09 17:22:51 lupta low rsitvolu[2044]: 01490128: :pori: occ: Webtop ect assigned", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2016/04/24 00:25:25 aedic high gni: [syslog-ng]", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2016/05/08 07:27:59 labor low isqu: 01490167: :uis: Current snapshot ID: idolore updated inside session db for access profile: onse", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2016/05/22 14:30:33 metcon low emeumfug[6823]: 01490505: :emporinc: untutlab: tem", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2016/06/05 21:33:08 tessec very-high ali[6446]: sSMTP: ", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2016/06/20 04:35:42 riat medium atvol[98]: 014d0044: :uames: tati", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2016/07/04 11:38:16 sinto very-high CSed[2857]: 01490514: :utlabore: ecillu: Access encountered error: success. File: mnisist, Function: deny, Line: icons", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2016/07/18 18:40:50 lum high CROND[1675]: (sitvolup) CMD (cancel)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2016/08/02 01:43:25 uipe very-high siarchi[2289]: 01490500: :aliqu: olupta:mipsumd:eFinib: New session from client IP 10.204.123.107 (ST=saute/CC=ercit/C=usmodt) at VIP 10.225.160.182 Listener mque", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2016/08/16 08:45:59 dol high quiratio[3386]: 01490511: :tisetq: tevelite: Initializing Access profile orporiss with max concurrent user sessions limit: 4739", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2016/08/30 15:48:33 paquioff medium derit[4688]: 01490544: :hende: piscin: Received client info - https://mail.example.com/laboree/tfu.html?liqu=eporr#xeacomm", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2016/09/13 22:51:07 fugiatnu high tobea[2364]: 014d0001: :tateve: ctx: itinvol, SERVER : eavolup", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2016/09/28 05:53:42 remag very-high abor[5983]: 01490103: :tquiin: tse: Retry Username 'tenimad'", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2016/10/12 12:56:16 niamqui low amcol[5625]: 01490113: :ipisci: gitsed: session.server.network.port is 4374", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2016/10/26 19:58:50 nturma low cusant[4946]: 01490106: :etur: itecto: AD module: authentication with 'reetdol' failed: Preauthentication failed, principal name: totamre. success ercita", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2016/11/10 03:01:24 proiden medium mvele[5737]: 014d0044: :aco: tio", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2016/11/24 10:03:59 quaea very-high mvel[1188]: 01490520: :porinc: tetur: xce", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2016/12/08 17:06:33 aincidu very-high uaeab[5960]: 01490008: :licabo: enimadmi: Connectivity resource utaliqu assigned", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2016/12/23 00:09:07 cola high oremi[1485]: 01490128: :ineavol: iosa: Webtop boNemoe assigned", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2017/01/06 07:11:41 Nequepor medium rem[5461]: 01490538: :esseq: adminima: Configuration snapshot deleted by Access.", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2017/01/20 14:14:16 ptateve very-high miurerep: 01490165: :toccaec: Access profile: fugi initialized with configuration snapshot catalog: labo", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2017/02/03 21:16:50 sBono high equ[4808]: 01490005: :amvo: siuta: Following rule urmagn from item dquia to ending temporin", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2017/02/18 04:19:24 iruredol very-high derit[5270]: 01490106: :atquo: cupi: AD module: authentication with 'strude' failed in allow: Preauthentication failed, principal name: dunt. success yCic", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2017/03/04 11:21:59 unte very-high ueipsa[748]: 011f0005: :cti: failure (Client side: vip=https://www5.example.com/olli/rever.html?rsp=oluptat#metco profile=ipv6-icmp pool=edolorin client_ip=10.104.110.134)", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2017/03/18 18:24:33 ptasnula high syslog-ng[2638]: ill", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2017/04/02 01:27:07 caboNem medium laudan[7589]: 01490107: :oconse: mag: AD module: authentication with 'tob' failed: Client 'dolores2519.mail.host' not found in Kerberos database, principal name:deF itempo", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2017/04/16 08:29:41 meaque high mip[5899]: 01490107: :lamc: mvolupta: AD module: authentication with 'Utenima' failed: Clients credentials have been revoked, principal name: iqua@luptat2979.internal.local. unknown cididu", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2017/04/30 15:32:16 atDuis medium nisiut: 01490166: :rumwri: Current snapshot ID: velill retrieved from session db for access profile: ore", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2017/05/14 22:34:50 uptat high amquisno: 0149016b: :uido: Completed snapshot creation: tla for access profile: mquiad", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2017/05/29 05:37:24 atur very-high ditau[4727]: 01490514: :piscivel: hend: Access encountered error: success. File: cepteur, Function: accept, Line: maliqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2017/06/12 12:39:58 acon very-high sun[5971]: 01490501: :labori: porai: umiure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2017/06/26 19:42:33 eufug low uido[4318]: 01490500: :ici: snulap: New session from client IP 10.122.204.151 (ST=writte/CC=sitvo/C=ine) at VIP 10.169.101.161 Listener itessequ", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2017/07/11 02:45:07 udan low essequam[3682]: 01490113: :urQuis: etcon: session.server.network.protocol is onsequu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2017/07/25 09:47:41 gelitse very-high arc[2412]: 01490013: :radip: upta: AD agent: Retrieving AAA server: tetura", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2017/08/08 16:50:15 imavenia low mquido[5899]: 01490517: :rnat: rur: success", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2017/08/22 23:52:50 nonn high met[1580]: 01420002: : AUDIT - pid=2037 user=ptate folder=entsu module=conse status=failure cmd_data=ntut", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2017/09/06 06:55:24 iconsequ high idunt[571]: 01490549: :siuta: atev: Assigned PPP Dynamic IPv4: 10.6.32.7 Tunnel Type: exerci inesciu Resource: quid Client IP: 10.198.70.58 - orem", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2017/09/20 13:57:58 reetdo medium lup[5051]: 01260009: :eos: Connection error:ipitlabo", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2017/10/04 21:00:32 reprehen very-high syslog-ng[6438]: imid", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2017/10/19 04:03:07 sunt very-high aturQu[7083]: 01490128: :tDuis: iqu: Webtop oriosamn assigned", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2017/11/02 11:05:41 iquip very-high sedquian[4212]: 01490004: :etdolore: magnaa: Executed agent 'sumquiad', return value iusmodt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2017/11/16 18:08:15 equam low eaqueip[5207]: 01490538: :aevitaed: byCic: Configuration snapshot deleted by Access.", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2017/12/01 01:10:49 xerc high eturad[1760]: 01490506: :nvol: enimadmi: Received User-Agent header: mobmail android 2.1.3.3150", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2017/12/15 08:13:24 sumdolo medium rors[1935]: 01490538: :oremque: quaU: Configuration snapshot deleted by Access.", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2017/12/29 15:15:58 ioff medium quioff: 0149016a: :iuntN: Initiating snapshot creation: ipis for access profile: itautfu", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2018/01/12 22:18:32 rchit medium roquisqu[5924]: 01490005: :iquid: evo: Following rule mcorpori from item mqu to ending pteursi", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2018/01/27 05:21:06 itessequ low fdeFinib[2580]: 01490128: :sumd: sectetur: Webtop edquian assigned", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2018/02/10 12:23:41 quiav low rit: 0149016a: :eumfu: Initiating snapshot creation: lors for access profile: oluptat", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2018/02/24 19:26:15 oeiusmo very-high cusanti[5019]: 01420002: : AUDIT - pid=4996 user=rem folder=tseddoei module=teursint status=success cmd_data=remagnaa", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2018/03/11 02:28:49 ore low ovolupta: 0149016b: :volup: Completed snapshot creation: macc for access profile: ria", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2018/03/25 09:31:24 uisau high irat[2943]: 01490549: :emsequi: ueporroq: Assigned PPP Dynamic IPv4: 10.142.213.80 Tunnel Type: tationu gnaaliq Resource: olore Client IP: 10.16.181.60 - ameaquei", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2018/04/08 16:33:58 liq low mvolupta: syslog-ng: ", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2018/04/22 23:36:32 exe high illum[2625]: 01490101: :emi: reprehen: Access profile: tvol configuration has been applied. Newly active generation count is: 5959", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2018/05/07 06:39:06 iumt medium nulapari[1973]: 01490500: :tsunt: rnat:oremi:ectobeat: New session from client IP 10.187.64.126 (ST=uasiarch/CC=Malor/C=boriosa) at VIP 10.47.99.72 Listener upt (Reputation=oremipsu)", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2018/05/21 13:41:41 sint low auditd[3376]: ctobeat", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2018/06/04 20:44:15 lorumw high tdolo[3872]: syslog-ng: ", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2018/06/19 03:46:49 namaliqu medium aeca[4543]: 014d0044: :autemv: sciveli", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2018/07/03 10:49:23 piciati medium ntin[4646]: 01260009: :rcitat: Connection error:cinge", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2018/07/17 17:51:58 iqui low litani[3126]: 01490142: :itanimi: onoru: data", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2018/08/01 00:54:32 uptatem high ruredol: 01490079: :iadeseru: loremagn: Access policy 'acons' configuration has changed.Access profile 'nimadmi' configuration changes need to be applied for the new configuration", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2018/08/15 07:57:06 lupt very-high eavolupt: 01490167: :uipe: Current snapshot ID: ipsa updated inside session db for access profile: con", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2018/08/29 14:59:40 nesciu low ssequ[4877]: 01490008: :emse: emqui: Connectivity resource cipitla assigned", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2018/09/12 22:02:15 ionevo high ptate[52]: 01490102: :uira: todita: Access policy result: failure", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2018/09/27 05:04:49 iqu low tatis[7767]: 01490113: :reeufugi: sequines: session.server.network.protocol is minimve", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2018/10/11 12:07:23 aborio low setquas: 014d0002: :nbyCi: runtmoll: SSOv2 Logon failed, config busBon form norumetM", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2018/10/25 19:09:57 billoinv high deomn[904]: 01490113: :mali: roinBCSe: session.server.network.port is 3959", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2018/11/09 02:12:32 rch high sedd: 01490079: :atione: tvolup: Access policy 'oremeu' configuration has changed.Access profile 'lab' configuration changes need to be applied for the new configuration", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2018/11/23 09:15:06 urau medium upt[4762]: 01490538: :itaedict: eroi: Configuration snapshot deleted by Access.", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2018/12/07 16:17:40 reetdo low nidol[4345]: 01490113: :writtenb: atevelit: session.server.listener.name is ugitsed", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2018/12/21 23:20:14 uatDuisa high ano[4054]: 01490102: :uunturm: iatn: Access policy result: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2019/01/05 06:22:49 psum very-high exerci[3923]: 01490113: :lumqu: moen: session.oinvento", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 2019/01/19 13:25:23 volup very-high crond[4071]: (iconsequ) CMD (block)", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2019/02/02 20:27:57 archite high rem[6473]: 01490008: :emp: inBC: Connectivity resource did assigned", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2019/02/17 03:30:32 etconse medium uinesci: 0149016a: :otamr: Initiating snapshot creation: tsed for access profile: rExc", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2019/03/03 10:33:06 omnisis very-high uptatema[7023]: 01490501: :stiaec: Cicero: ven", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 2019/03/17 17:35:40 cons low ine[870]: 011f0005: :amquisn: success (Client side: vip=https://example.net/equamn/scipi.txt?eiu=maliquam#gnama profile=rdp pool=squamest client_ip=10.24.113.101)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2019/04/01 00:38:14 uelaudan low teiru[4918]: 014d0044: :orinrep: pta", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2019/04/15 07:40:49 sis very-high rchite[7405]: 01490521: :rvelill: rors: Session statistics - bytes in:6092, bytes out: 1363", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2019/04/29 14:43:23 Nequepo high CROND[2977]: (emac) CMD (cancel)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2019/05/13 21:45:57 isci high ugiatn: 0149016b: :squa: Completed snapshot creation: deseru for access profile: aquioff", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 2019/05/28 04:48:31 onsequat high giatq[7733]: 01490106: :imad: tura: AD module: authentication with 'equuntur' failed: Preauthentication failed, principal name: rve. success mqua", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2019/06/11 11:51:06 utlabore very-high exea[2867]: 01490008: :amquisn: itquii: Connectivity resource imaven assigned", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 2019/06/25 18:53:40 lloinve low nim[7673]: 01490511: :edquiac: psamvolu: Initializing Access profile teturad with max concurrent user sessions limit: 7783", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2019/07/10 01:56:14 tatemse low vitae[72]: 01490000: :samvolu: dip", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 2019/07/24 08:58:48 Dui medium nostrude[7057]: 01490007: :ione: ecillum: Session variable 'maccu' set to ame", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2019/08/07 16:01:23 reprehe medium enimipsa[2698]: 01490521: :samn: quisnos: Session statistics - bytes in:2132, bytes out: 2552", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2019/08/21 23:03:57 Nequepor low temseq[613]: 01490019: :ostrumex: suscipi: AD agent: Query: query with '(sAMAccountName=xplicabo)' successful", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2019/09/05 06:06:31 ameaquei very-high uelaud[1306]: 01490544: :ameiu: utei: Received client info - https://internal.example.net/lumquid/oluptat.jpg?equepor=iosamn#erspicia", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 2019/09/19 13:09:05 psumqui high ncu: 01490079: :quaturve: ciad: Access policy 'diconseq' configuration has changed.Access profile 'utod' configuration changes need to be applied for the new configuration", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2019/10/03 20:11:40 giatquo low dipisciv[5944]: 01490013: :atquo: umetMa: AD agent: Retrieving AAA server: ngelitse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 2019/10/18 03:14:14 tem very-high giatnula[71]: Rule: enimadmi \u003c\u003cqui\u003e: APM_EVENT=deny | aecon | sedq ***failure***", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2019/11/01 10:16:48 erc low tasnu: [syslog-ng]", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2019/11/15 17:19:22 ationevo very-high datatno[3538]: 01490019: :siar: orisnis: AD agent: Query: query with '(sAMAccountName=texp)' successful", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2019/11/30 00:21:57 pidat very-high sSMTP[6673]: ptateve", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 2019/12/14 07:24:31 olupta medium oremagn[2121]: 01490106: :itseddo: uptatev: AD module: authentication with 'oditem' failed in allow: Preauthentication failed, principal name: inimaven. failure olor", "tags": [ diff --git a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml index e69a3641249..bb7d1c798b9 100644 --- a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Big-IP Access Policy Manager processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipapm/sample_event.json b/packages/f5/data_stream/bigipapm/sample_event.json index 671fb995a1e..7254c4a7ead 100644 --- a/packages/f5/data_stream/bigipapm/sample_event.json +++ b/packages/f5/data_stream/bigipapm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index a0b2da2c8bf..5e44bb4cd21 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: "0.11.2" +version: "0.12.0" description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/fim/_dev/build/build.yml b/packages/fim/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/fim/_dev/build/build.yml +++ b/packages/fim/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index 5fab4adbe8f..803e425ed26 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.3" changes: - description: Fix path configuration documentation. diff --git a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml index f9f424167e5..ab4f821494e 100644 --- a/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fim/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing auditd events processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' on_failure: - set: field: error.message diff --git a/packages/fim/data_stream/event/sample_event.json b/packages/fim/data_stream/event/sample_event.json index 77a47bdb8b5..a322b8e3d7d 100644 --- a/packages/fim/data_stream/event/sample_event.json +++ b/packages/fim/data_stream/event/sample_event.json @@ -8,7 +8,7 @@ "version": "8.3.0" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "7e061f66-bf86-41e2-858d-d5cbe22e06b1", diff --git a/packages/fim/docs/README.md b/packages/fim/docs/README.md index 92af0803e85..f8e5d8c9619 100644 --- a/packages/fim/docs/README.md +++ b/packages/fim/docs/README.md @@ -34,7 +34,7 @@ An example event for `event` looks as following: "version": "8.3.0" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "7e061f66-bf86-41e2-858d-d5cbe22e06b1", diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml index 118cd30a486..c6a39fa4ecd 100644 --- a/packages/fim/manifest.yml +++ b/packages/fim/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fim title: "File Integrity Monitoring" -version: "1.2.3" +version: "1.3.0" license: basic release: ga description: "The File Integrity Monitoring integration reports filesystem changes in real time." diff --git a/packages/fireeye/_dev/build/build.yml b/packages/fireeye/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/fireeye/_dev/build/build.yml +++ b/packages/fireeye/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index 81a8bfcc115..56cfc316325 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.6.2" changes: - description: Remove duplicate fields. diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json index 3db66225e1e..9f17225ec7b 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json @@ -10,7 +10,7 @@ "port": 10001 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -144,7 +144,7 @@ "port": 10001 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 5938 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -370,7 +370,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -485,7 +485,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -593,7 +593,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml index 2614c17c2fc..29553f6b676 100644 --- a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing FireEye NX logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor value: "Fireeye" diff --git a/packages/fireeye/data_stream/nx/sample_event.json b/packages/fireeye/data_stream/nx/sample_event.json index 82e546ae4e2..c23410a2033 100644 --- a/packages/fireeye/data_stream/nx/sample_event.json +++ b/packages/fireeye/data_stream/nx/sample_event.json @@ -20,7 +20,7 @@ "port": 10001 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/docs/README.md b/packages/fireeye/docs/README.md index 1ff07b82993..d91d1945d70 100644 --- a/packages/fireeye/docs/README.md +++ b/packages/fireeye/docs/README.md @@ -194,7 +194,7 @@ An example event for `nx` looks as following: "port": 10001 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2411eb51-1c57-41d1-962f-cd06ac57198b", diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index 67bc3a0e989..d3d3e1139f2 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "FireEye Network Security" -version: 1.6.2 +version: "1.7.0" license: basic description: Collect logs from FireEye NX with Elastic Agent. type: integration diff --git a/packages/fortinet_forticlient/_dev/build/build.yml b/packages/fortinet_forticlient/_dev/build/build.yml index 5661d603a89..aaafc5d833b 100644 --- a/packages/fortinet_forticlient/_dev/build/build.yml +++ b/packages/fortinet_forticlient/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.5.1 diff --git a/packages/fortinet_forticlient/changelog.yml b/packages/fortinet_forticlient/changelog.yml index eca1bc56337..fccd4d2e217 100644 --- a/packages/fortinet_forticlient/changelog.yml +++ b/packages/fortinet_forticlient/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.3" changes: - description: Remove duplicate fields. diff --git a/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 37aba0c2d11..f8ab69f1ff4 100644 --- a/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 29 06:09:59 boNemoe4402.www.invalid proto=udp service=http status=deny src=10.150.92.220 dst=10.102.123.34 src_port=7178 dst_port=3994 server_app=reeufugi pid=7880 app_name=enderitq traff_direct=external block_count=5286 logon_user=sumdo@litesse6379.api.domain msg=failure", "observer": { @@ -16,7 +16,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 12 13:12:33 olupt4880.api.home proto=icmp service=https status=deny src=10.33.212.159 dst=10.149.203.46 src_port=2789 dst_port=5861 server_app=vol pid=4539 app_name=uidolor traff_direct=internal block_count=4402 logon_user=mipsumq@gnaali6189.internal.localhost msg=unknown", "observer": { @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 26 20:15:08 aqu1628.internal.domain proto=ipv6-icmp service=smtp status=deny src=10.173.116.41 dst=10.118.175.9 src_port=3710 dst_port=2802 server_app=aer pid=445 app_name=nse traff_direct=unknown block_count=7019 logon_user=uame@quis1130.internal.corp msg=success", "observer": { @@ -44,7 +44,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 12 03:17:42 tinculp2940.internal.local proto=ggp service=https status=deny src=10.134.137.177 dst=10.202.204.154 src_port=7868 dst_port=3587 server_app=amco pid=5712 app_name=psumquia traff_direct=unknown block_count=2458 logon_user=orsitame@reprehe189.internal.home msg=success", "observer": { @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 26 10:20:16 rad2103.api.domain proto=ipv6-icmp service=pop3 status=deny src=10.245.142.250 dst=10.70.0.60 src_port=5408 dst_port=4982 server_app=estqui pid=6557 app_name=magn traff_direct=inbound block_count=2638 logon_user=eos@enimad2283.internal.domain msg=failure", "observer": { @@ -72,7 +72,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 9 17:22:51 enim5316.www5.local proto=ipv6-icmp service=smtp status=deny src=10.202.72.124 dst=10.200.188.142 src_port=4665 dst_port=7143 server_app=omnis pid=2061 app_name=eip traff_direct=external block_count=513 logon_user=iusmodt@doloreeu3553.www5.home msg=unknown", "observer": { @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 24 00:25:25 reetdolo2770.www5.local proto=tcp service=pop3 status=deny src=10.12.44.169 dst=10.214.225.125 src_port=5710 dst_port=2121 server_app=inBCSedu pid=5722 app_name=tanimi traff_direct=outbound block_count=6071 logon_user=erep@iutal13.api.localdomain msg=failure", "observer": { @@ -100,7 +100,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 8 07:27:59 isiu1114.internal.corp proto=icmp service=http status=deny src=10.66.108.11 dst=10.198.136.50 src_port=6875 dst_port=2089 server_app=ipis pid=5037 app_name=ari traff_direct=unknown block_count=3856 logon_user=uptatev@uovol492.www.localhost msg=unknown", "observer": { @@ -114,7 +114,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 22 14:30:33 usmodte1296.www.corp proto=igmp service=ms-wbt-server status=deny src=10.178.244.31 dst=10.69.20.77 src_port=3857 dst_port=7579 server_app=nonnu pid=776 app_name=riat traff_direct=unknown block_count=5575 logon_user=umdolor@osquir6997.corp msg=failure", "observer": { @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 5 21:33:08 tatno4987.www5.localhost proto=ggp service=pop3 status=deny src=10.54.231.100 dst=10.203.5.162 src_port=5616 dst_port=7290 server_app=iam pid=6096 app_name=ciati traff_direct=unknown block_count=3162 logon_user=umdolore@eniam7007.api.invalid msg=success", "observer": { @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 20 04:35:42 tatno6787.internal.localhost proto=icmp service=pop3 status=deny src=10.65.83.160 dst=10.136.252.240 src_port=3592 dst_port=4105 server_app=uradi pid=7307 app_name=essequ traff_direct=outbound block_count=7148 logon_user=ender@snulapar3794.api.domain msg=failure", "observer": { @@ -156,7 +156,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 4 11:38:16 essecill2595.mail.local proto=ggp service=http status=deny src=10.57.40.29 dst=10.210.213.18 src_port=7616 dst_port=3970 server_app=atuse pid=2703 app_name=uis traff_direct=internal block_count=6179 logon_user=onse@liq5883.localdomain msg=unknown", "observer": { @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 18 18:40:50 ali6446.localhost proto=udp service=smtp status=deny src=10.144.82.69 dst=10.200.156.102 src_port=2896 dst_port=6061 server_app=rporis pid=5166 app_name=par traff_direct=outbound block_count=7041 logon_user=rveli@rsint7026.test msg=success", "observer": { @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 2 01:43:25 torev7118.internal.domain proto=ipv6 service=smtp status=deny src=10.109.232.112 dst=10.72.58.135 src_port=5160 dst_port=2382 server_app=fugit pid=7668 app_name=rsitamet traff_direct=internal block_count=1112 logon_user=xea@qua2945.www.local msg=failure", "observer": { @@ -198,7 +198,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 16 08:45:59 dolore6103.www5.example proto=udp service=http status=deny src=10.38.22.45 dst=10.72.29.73 src_port=1493 dst_port=203 server_app=piscing pid=1044 app_name=entsu traff_direct=unknown block_count=4979 logon_user=onproide@luptat6494.www.example msg=failure", "observer": { @@ -212,7 +212,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 30 15:48:33 errorsi6996.www.domain proto=tcp service=smtp status=deny src=10.70.95.74 dst=10.76.72.111 src_port=6119 dst_port=7388 server_app=emaperi pid=7183 app_name=sumquiad traff_direct=internal block_count=2362 logon_user=ivelits@moenimi6317.internal.invalid msg=failure", "observer": { @@ -226,7 +226,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 13 22:51:07 lumquido5839.api.corp proto=ipv6 service=https status=deny src=10.19.201.13 dst=10.73.69.75 src_port=5006 dst_port=6218 server_app=nsec pid=6907 app_name=estqu traff_direct=unknown block_count=2655 logon_user=tat@tion1761.home msg=unknown", "observer": { @@ -240,7 +240,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 28 05:53:42 aperia4409.www5.invalid proto=rdp service=ms-wbt-server status=deny src=10.78.151.178 dst=10.84.105.75 src_port=1846 dst_port=98 server_app=uames pid=499 app_name=msequi traff_direct=external block_count=4085 logon_user=iquaUten@santium4235.api.local msg=unknown", "observer": { @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 12 12:56:16 tem2496.api.lan proto=rdp service=ms-wbt-server status=deny src=10.135.233.146 dst=10.25.192.202 src_port=4181 dst_port=6462 server_app=ents pid=1531 app_name=Loremip traff_direct=internal block_count=4610 logon_user=emeumfu@CSed2857.www5.example msg=failure", "observer": { @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 26 19:58:50 eme6710.mail.invalid proto=rdp service=https status=deny src=10.121.219.204 dst=10.104.134.200 src_port=3611 dst_port=2508 server_app=reetd pid=6051 app_name=quae traff_direct=outbound block_count=7084 logon_user=uptat@equep5085.mail.domain msg=failure", "observer": { @@ -282,7 +282,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 10 03:01:24 ihilm1669.mail.invalid proto=tcp service=https status=deny src=10.191.105.82 dst=10.225.160.182 src_port=3361 dst_port=4810 server_app=uovolup pid=6994 app_name=llu traff_direct=external block_count=3936 logon_user=eirure@conseq557.mail.lan msg=unknown", "observer": { @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 24 10:03:59 umexerci1284.internal.localdomain proto=rdp service=smtp status=deny src=10.141.44.153 dst=10.161.57.8 src_port=3750 dst_port=2716 server_app=oei pid=5200 app_name=snostrud traff_direct=inbound block_count=3333 logon_user=quisnos@ite2026.www.invalid msg=failure", "observer": { @@ -310,7 +310,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 8 17:06:33 adol485.example proto=udp service=https status=deny src=10.153.111.103 dst=10.6.167.7 src_port=4977 dst_port=2022 server_app=taevit pid=3365 app_name=nsecte traff_direct=internal block_count=7424 logon_user=eumfug@lit5929.test msg=success", "observer": { @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 23 00:09:07 evita5008.www.localdomain proto=ggp service=pop3 status=deny src=10.248.204.182 dst=10.134.148.219 src_port=1331 dst_port=4430 server_app=tmo pid=1835 app_name=abi traff_direct=inbound block_count=4168 logon_user=uioffi@oru6938.invalid msg=success", "observer": { @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 6 07:11:41 tsedqu2456.www5.invalid proto=ipv6 service=smtp status=deny src=10.178.77.231 dst=10.163.5.243 src_port=5294 dst_port=4129 server_app=xerc pid=2019 app_name=hitecto traff_direct=unknown block_count=1123 logon_user=liquide@etdol5473.local msg=success", "observer": { @@ -352,7 +352,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 20 14:14:16 ris3314.mail.invalid proto=ggp service=smtp status=deny src=10.177.194.18 dst=10.221.89.228 src_port=766 dst_port=2447 server_app=uamei pid=2493 app_name=aera traff_direct=outbound block_count=1747 logon_user=aliquam@nimid893.mail.corp msg=success", "observer": { @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 3 21:16:50 reme622.mail.example proto=icmp service=ms-wbt-server status=deny src=10.241.65.49 dst=10.32.239.1 src_port=3027 dst_port=3128 server_app=dictasu pid=3022 app_name=catc traff_direct=unknown block_count=3522 logon_user=idata@rumwritt6003.host msg=failure", "observer": { @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 18 04:19:24 non3341.mail.invalid proto=ggp service=http status=deny src=10.168.90.81 dst=10.101.57.120 src_port=6866 dst_port=6501 server_app=laboree pid=2328 app_name=intocc traff_direct=internal block_count=5516 logon_user=eporr@xeacomm6855.api.corp msg=success", "observer": { @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 4 11:21:59 ris727.api.local proto=tcp service=ms-wbt-server status=deny src=10.14.211.43 dst=10.130.14.60 src_port=4456 dst_port=2051 server_app=autfu pid=1156 app_name=tessec traff_direct=external block_count=7200 logon_user=litse@icabo4125.mail.domain msg=unknown", "observer": { @@ -408,7 +408,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 18 18:24:33 stquido5705.api.host proto=icmp service=http status=deny src=10.60.129.15 dst=10.248.101.25 src_port=106 dst_port=5740 server_app=Nequepo pid=6003 app_name=pora traff_direct=unknown block_count=6437 logon_user=evolup@ionofdeF5643.www.localhost msg=success", "observer": { @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 2 01:27:07 etcons7378.api.lan proto=tcp service=https status=deny src=10.72.93.28 dst=10.111.187.12 src_port=3577 dst_port=3994 server_app=aper pid=5651 app_name=tur traff_direct=inbound block_count=3427 logon_user=niamqui@orem6702.invalid msg=failure", "observer": { @@ -436,7 +436,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 16 08:29:41 vita2681.www5.local proto=icmp service=ms-wbt-server status=deny src=10.27.14.168 dst=10.66.2.232 src_port=2224 dst_port=5764 server_app=fugiatn pid=3470 app_name=ipsumd traff_direct=outbound block_count=6708 logon_user=uirati@oin6780.mail.domain msg=unknown", "observer": { @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 30 15:32:16 tnulapa7592.www.local proto=ggp service=ms-wbt-server status=deny src=10.75.99.127 dst=10.195.2.130 src_port=1766 dst_port=202 server_app=mporin pid=6932 app_name=nisiuta traff_direct=internal block_count=3828 logon_user=inibusB@eprehen3224.www5.localdomain msg=failure", "observer": { @@ -464,7 +464,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 14 22:34:50 lup2134.www.localhost proto=ipv6 service=pop3 status=deny src=10.201.238.90 dst=10.245.104.182 src_port=3759 dst_port=55 server_app=ccaecat pid=6945 app_name=onsequ traff_direct=outbound block_count=4198 logon_user=ovol@ptasn6599.www.localhost msg=success", "observer": { @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 29 05:37:24 tanimid3337.mail.corp proto=ipv6-icmp service=http status=deny src=10.217.150.196 dst=10.105.91.31 src_port=2056 dst_port=5987 server_app=loreme pid=853 app_name=psumquia traff_direct=external block_count=4444 logon_user=con@nisist2752.home msg=unknown", "observer": { @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 12 12:39:58 eumiu765.api.lan proto=ipv6-icmp service=https status=deny src=10.4.157.1 dst=10.184.18.202 src_port=52 dst_port=205 server_app=ofdeFini pid=4153 app_name=molli traff_direct=outbound block_count=725 logon_user=oditem@gitsedqu2649.mail.lan msg=unknown", "observer": { @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 26 19:42:33 mquelau5326.mail.lan proto=icmp service=https status=deny src=10.255.39.252 dst=10.113.95.59 src_port=863 dst_port=4367 server_app=fugitsed pid=1693 app_name=idolo traff_direct=internal block_count=3147 logon_user=persp@entsunt3962.www.example msg=success", "observer": { @@ -520,7 +520,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 11 02:45:07 idestlab2631.www.lan proto=tcp service=http status=deny src=10.27.16.118 dst=10.83.177.2 src_port=18 dst_port=1827 server_app=iat pid=337 app_name=rinre traff_direct=internal block_count=1300 logon_user=borios@tut2703.www.host msg=success", "observer": { @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 25 09:47:41 inesci6789.test proto=udp service=http status=deny src=10.38.54.72 dst=10.167.227.44 src_port=6595 dst_port=5736 server_app=lillum pid=7041 app_name=its traff_direct=outbound block_count=7644 logon_user=riamea@entorev160.test msg=failure", "observer": { @@ -548,7 +548,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 8 16:50:15 ccaeca7077.internal.corp proto=tcp service=http status=deny src=10.216.54.184 dst=10.215.205.216 src_port=1495 dst_port=647 server_app=riat pid=3854 app_name=psaquaea traff_direct=external block_count=7536 logon_user=ameiusm@proide3714.mail.localdomain msg=unknown", "observer": { @@ -562,7 +562,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 22 23:52:50 ima2031.api.corp proto=igmp service=smtp status=deny src=10.9.12.248 dst=10.9.18.237 src_port=765 dst_port=2486 server_app=tpersp pid=55 app_name=seosqui traff_direct=internal block_count=6379 logon_user=uradi@tot5313.mail.invalid msg=success", "observer": { @@ -576,7 +576,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 6 06:55:24 ian867.internal.corp proto=rdp service=https status=deny src=10.83.130.226 dst=10.41.123.102 src_port=1542 dst_port=2300 server_app=odoconse pid=228 app_name=quatu traff_direct=external block_count=7661 logon_user=tenim@rumet3801.internal.domain msg=unknown", "observer": { @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 20 13:57:58 lorin4249.corp proto=tcp service=pop3 status=deny src=10.175.112.197 dst=10.80.152.108 src_port=1749 dst_port=2742 server_app=exeacom pid=4253 app_name=rita traff_direct=outbound block_count=6984 logon_user=tametcon@liqua2834.www5.lan msg=failure", "observer": { @@ -604,7 +604,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 4 21:00:32 gnaaliqu3935.api.test proto=udp service=smtp status=deny src=10.134.18.114 dst=10.142.25.100 src_port=2761 dst_port=5770 server_app=mdol pid=2200 app_name=nby traff_direct=internal block_count=624 logon_user=osqui@sequat7273.api.host msg=failure", "observer": { @@ -618,7 +618,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 19 04:03:07 nsequat1859.internal.localhost proto=udp service=http status=deny src=10.28.118.160 dst=10.223.119.218 src_port=6247 dst_port=300 server_app=umexerc pid=5717 app_name=intocc traff_direct=internal block_count=4387 logon_user=ntsunt@uidol4575.localhost msg=failure", "observer": { @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 2 11:05:41 ritin2495.api.corp proto=ggp service=https status=deny src=10.110.114.175 dst=10.47.28.48 src_port=4986 dst_port=3032 server_app=tatem pid=4469 app_name=luptat traff_direct=unknown block_count=4488 logon_user=plicab@oremq2000.api.corp msg=unknown", "observer": { @@ -646,7 +646,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 16 18:08:15 tetur2694.mail.local proto=ggp service=pop3 status=deny src=10.40.251.202 dst=10.90.33.138 src_port=5733 dst_port=7876 server_app=enimadmi pid=5524 app_name=lupta traff_direct=external block_count=6847 logon_user=nvolupt@oremi1485.api.localhost msg=success", "observer": { @@ -660,7 +660,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 1 01:10:49 rem7043.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.65.2.106 dst=10.227.173.252 src_port=5410 dst_port=5337 server_app=nisiut pid=3624 app_name=teturad traff_direct=external block_count=7576 logon_user=itation@sequatD5469.www5.lan msg=unknown", "observer": { @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 15 08:13:24 emqu2846.internal.home proto=udp service=https status=deny src=10.193.233.229 dst=10.28.84.106 src_port=2859 dst_port=4844 server_app=eaqu pid=1609 app_name=uptatemU traff_direct=inbound block_count=3096 logon_user=tla@item2738.test msg=success", "observer": { @@ -688,7 +688,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 29 15:15:58 dqu6144.api.localhost proto=ggp service=ms-wbt-server status=deny src=10.150.245.88 dst=10.210.89.183 src_port=3642 dst_port=2589 server_app=ulpa pid=6248 app_name=iusmodte traff_direct=external block_count=2700 logon_user=sequa@iosamnis1047.internal.localdomain msg=success", "observer": { @@ -702,7 +702,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 12 22:18:32 giatquov1918.internal.example proto=udp service=ms-wbt-server status=deny src=10.180.195.43 dst=10.85.185.13 src_port=4540 dst_port=7793 server_app=gnaal pid=7224 app_name=proident traff_direct=outbound block_count=1867 logon_user=voluptas@orroq6677.internal.example msg=failure", "observer": { @@ -716,7 +716,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 27 05:21:06 estl5804.internal.local proto=udp service=ms-wbt-server status=deny src=10.207.211.230 dst=10.210.28.247 src_port=3449 dst_port=7257 server_app=ssecil pid=430 app_name=iuntNe traff_direct=unknown block_count=7672 logon_user=tate@onevo4326.internal.local msg=failure", "observer": { @@ -730,7 +730,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 10 12:23:41 Sedut1775.www.domain proto=rdp service=ms-wbt-server status=deny src=10.86.11.48 dst=10.248.165.185 src_port=3436 dst_port=5460 server_app=olorsi pid=3589 app_name=exeaco traff_direct=external block_count=4801 logon_user=dquiac@itaedict7233.mail.localdomain msg=unknown", "observer": { @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 24 19:26:15 mac7484.www5.test proto=ipv6-icmp service=http status=deny src=10.118.6.177 dst=10.47.125.38 src_port=6977 dst_port=3896 server_app=isn pid=4814 app_name=omm traff_direct=outbound block_count=1844 logon_user=quunt@numquam5869.internal.example msg=unknown", "observer": { @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 11 02:28:49 oin1140.mail.localhost proto=icmp service=pop3 status=deny src=10.50.233.155 dst=10.60.142.127 src_port=1081 dst_port=5112 server_app=urExce pid=276 app_name=nturm traff_direct=outbound block_count=2241 logon_user=atv@onu6137.api.home msg=success", "observer": { @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 25 09:31:24 naaliq3710.api.local proto=rdp service=http status=deny src=10.28.82.189 dst=10.120.10.211 src_port=3916 dst_port=7661 server_app=odt pid=2452 app_name=inv traff_direct=internal block_count=7705 logon_user=rcit@aecatcup2241.www5.test msg=failure", "observer": { @@ -786,7 +786,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 8 16:33:58 volupta3552.internal.localhost proto=ipv6 service=pop3 status=deny src=10.31.237.225 dst=10.6.38.163 src_port=6153 dst_port=4059 server_app=oreveri pid=3453 app_name=avolu traff_direct=inbound block_count=2820 logon_user=olup@labor6360.mail.local msg=failure", "observer": { @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 22 23:36:32 onse380.internal.localdomain proto=ggp service=https status=deny src=10.226.5.189 dst=10.125.165.144 src_port=3371 dst_port=7889 server_app=dexerc pid=2302 app_name=tatem traff_direct=inbound block_count=5407 logon_user=mvolu@mveleum4322.www5.host msg=success", "observer": { @@ -814,7 +814,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 7 06:39:06 queips4947.mail.example proto=udp service=smtp status=deny src=10.97.149.97 dst=10.46.56.204 src_port=2463 dst_port=5070 server_app=uela pid=7079 app_name=umf traff_direct=unknown block_count=2441 logon_user=dolorsit@archite1843.mail.home msg=unknown", "observer": { @@ -828,7 +828,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 21 13:41:41 oloreseo5039.test proto=ggp service=https status=deny src=10.218.0.197 dst=10.28.105.124 src_port=7581 dst_port=4797 server_app=eritin pid=5773 app_name=litsedq traff_direct=outbound block_count=5749 logon_user=ntNe@itanim4024.api.example msg=success", "observer": { @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 4 20:44:15 minim459.mail.local proto=rdp service=https status=deny src=10.123.199.198 dst=10.17.87.79 src_port=6332 dst_port=3414 server_app=tionula pid=1586 app_name=ate traff_direct=outbound block_count=5006 logon_user=ratvolu@nreprehe715.api.home msg=unknown", "observer": { @@ -856,7 +856,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 19 03:46:49 eratv211.api.host proto=rdp service=https status=deny src=10.38.86.177 dst=10.115.68.40 src_port=5768 dst_port=5483 server_app=boNem pid=5137 app_name=ssusci traff_direct=internal block_count=2841 logon_user=mpo@unte893.internal.host msg=success", "observer": { @@ -870,7 +870,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 3 10:49:23 aparia1179.www.localdomain proto=tcp service=https status=deny src=10.193.118.163 dst=10.115.174.107 src_port=548 dst_port=5597 server_app=acom pid=5704 app_name=dolorem traff_direct=internal block_count=10 logon_user=exeacomm@aspe951.mail.domain msg=success", "observer": { @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 17 17:51:58 iatqu6203.mail.corp proto=icmp service=http status=deny src=10.37.128.49 dst=10.77.77.208 src_port=625 dst_port=1101 server_app=esci pid=2310 app_name=essecill traff_direct=external block_count=2653 logon_user=moles@dipiscin4957.www.home msg=unknown", "observer": { @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 1 00:54:32 ptasnula6576.api.invalid proto=tcp service=ms-wbt-server status=deny src=10.54.73.158 dst=10.1.96.93 src_port=5752 dst_port=428 server_app=docon pid=5398 app_name=ntium traff_direct=internal block_count=4392 logon_user=lloinven@econs2687.internal.localdomain msg=unknown", "observer": { @@ -912,7 +912,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 15 07:57:06 mag1506.internal.domain proto=igmp service=smtp status=deny src=10.131.126.109 dst=10.182.152.242 src_port=1877 dst_port=6998 server_app=rcitat pid=2465 app_name=ecillum traff_direct=inbound block_count=3208 logon_user=dolor@tiumto5834.api.lan msg=success", "observer": { @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 29 14:59:40 fugits1163.host proto=icmp service=http status=deny src=10.181.247.224 dst=10.77.229.168 src_port=260 dst_port=3777 server_app=atatnon pid=6064 app_name=abor traff_direct=external block_count=329 logon_user=adol@iutal6032.www.test msg=failure", "observer": { @@ -940,7 +940,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 12 22:02:15 gitse2463.www5.invalid proto=ipv6-icmp service=http status=deny src=10.235.116.121 dst=10.72.162.6 src_port=1 dst_port=5516 server_app=emp pid=2861 app_name=luptas traff_direct=outbound block_count=1444 logon_user=oinv@inculp2078.host msg=unknown", "observer": { @@ -954,7 +954,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 27 05:04:49 temse6953.www.example proto=ipv6-icmp service=https status=deny src=10.149.193.117 dst=10.28.124.236 src_port=5343 dst_port=3434 server_app=atcupi pid=3559 app_name=edquia traff_direct=internal block_count=3176 logon_user=mullam@mexerc2757.internal.home msg=failure", "observer": { @@ -968,7 +968,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 11 12:07:23 deriti6952.mail.domain proto=ipv6-icmp service=http status=deny src=10.34.131.224 dst=10.196.96.162 src_port=649 dst_port=6378 server_app=equatDu pid=1710 app_name=aconse traff_direct=outbound block_count=7174 logon_user=tnonproi@squira4455.api.domain msg=failure", "observer": { @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 25 19:09:57 abor1370.www.domain proto=ipv6-icmp service=https status=deny src=10.97.236.123 dst=10.77.78.180 src_port=5159 dst_port=5380 server_app=reetdol pid=4984 app_name=ugi traff_direct=inbound block_count=4782 logon_user=nisi@emveleum3661.localhost msg=unknown", "observer": { @@ -996,7 +996,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 9 02:12:32 emullamc5418.mail.test proto=ipv6 service=ms-wbt-server status=deny src=10.82.133.66 dst=10.45.54.107 src_port=7229 dst_port=3593 server_app=nse pid=3421 app_name=quira traff_direct=unknown block_count=5362 logon_user=olorem@sedquiac6517.internal.localhost msg=failure", "observer": { @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 23 09:15:06 squirati7050.www5.lan proto=rdp service=pop3 status=deny src=10.180.180.230 dst=10.170.252.219 src_port=4147 dst_port=2454 server_app=tesseci pid=4020 app_name=radipis traff_direct=external block_count=7020 logon_user=nse@veniam3148.www5.home msg=failure", "observer": { @@ -1024,7 +1024,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 7 16:17:40 venia2079.mail.example proto=rdp service=http status=deny src=10.5.11.205 dst=10.65.144.51 src_port=4901 dst_port=2283 server_app=lumqu pid=617 app_name=autf traff_direct=outbound block_count=5050 logon_user=uptat@unt3559.www.home msg=failure", "observer": { @@ -1038,7 +1038,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 21 23:20:14 snostrum3450.www5.localhost proto=udp service=smtp status=deny src=10.195.223.82 dst=10.76.122.196 src_port=3128 dst_port=5325 server_app=atu pid=487 app_name=iame traff_direct=external block_count=593 logon_user=umiurer@rere5274.mail.domain msg=success", "observer": { @@ -1052,7 +1052,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 5 06:22:49 gelitsed3249.corp proto=icmp service=ms-wbt-server status=deny src=10.138.210.116 dst=10.225.255.211 src_port=5595 dst_port=3369 server_app=rum pid=2442 app_name=eursinto traff_direct=external block_count=956 logon_user=fugiatn@uaeabi3728.www5.invalid msg=failure", "observer": { @@ -1066,7 +1066,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "January 19 13:25:23 dolor7082.internal.localhost proto=icmp service=smtp status=deny src=10.250.81.189 dst=10.219.1.151 src_port=5404 dst_port=4323 server_app=redo pid=6311 app_name=ditautf traff_direct=external block_count=3262 logon_user=ori@uamqu2804.test msg=unknown", "observer": { @@ -1080,7 +1080,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 2 20:27:57 totam6886.api.localhost proto=ggp service=https status=deny src=10.54.23.133 dst=10.76.125.70 src_port=3258 dst_port=756 server_app=oluptat pid=7128 app_name=eseruntm traff_direct=internal block_count=1916 logon_user=oloreeu@olor5201.host msg=unknown", "observer": { @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "February 17 03:30:32 laborum5749.www.example proto=igmp service=http status=deny src=10.36.110.69 dst=10.189.42.62 src_port=4187 dst_port=4262 server_app=duntut pid=2780 app_name=ullamc traff_direct=unknown block_count=170 logon_user=eque@eufug3348.www.lan msg=success", "observer": { @@ -1108,7 +1108,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 3 10:33:06 lup3313.api.home proto=tcp service=https status=deny src=10.47.179.68 dst=10.183.202.82 src_port=5107 dst_port=2208 server_app=usmod pid=3284 app_name=amni traff_direct=unknown block_count=2645 logon_user=umfugi@stquidol239.www5.invalid msg=failure", "observer": { @@ -1122,7 +1122,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "March 17 17:35:40 edq5397.www.test proto=ipv6-icmp service=pop3 status=deny src=10.73.28.165 dst=10.221.206.74 src_port=3668 dst_port=1480 server_app=ihilmole pid=2314 app_name=litanim traff_direct=inbound block_count=5572 logon_user=quas@gia6531.mail.invalid msg=success", "observer": { @@ -1136,7 +1136,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 1 00:38:14 udan6536.www5.test proto=ipv6 service=ms-wbt-server status=deny src=10.85.104.146 dst=10.14.204.36 src_port=3442 dst_port=4887 server_app=qua pid=5284 app_name=ents traff_direct=inbound block_count=973 logon_user=emp@lamcola4879.www5.localdomain msg=success", "observer": { @@ -1150,7 +1150,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 15 07:40:49 rumet6923.www5.lan proto=rdp service=https status=deny src=10.208.18.210 dst=10.30.246.132 src_port=3601 dst_port=388 server_app=texplica pid=3990 app_name=ore traff_direct=outbound block_count=5624 logon_user=veniam@edquian330.mail.local msg=unknown", "observer": { @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "April 29 14:43:23 itse522.internal.localdomain proto=udp service=pop3 status=deny src=10.106.249.91 dst=10.19.119.17 src_port=1732 dst_port=3822 server_app=veleumi pid=4337 app_name=tvol traff_direct=unknown block_count=2783 logon_user=lit@santi837.api.domain msg=success", "observer": { @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 13 21:45:57 amc3059.local proto=igmp service=http status=deny src=10.29.109.126 dst=10.181.41.154 src_port=6261 dst_port=866 server_app=itseddo pid=5275 app_name=seos traff_direct=unknown block_count=6721 logon_user=labo@lpaquiof804.internal.invalid msg=failure", "observer": { @@ -1192,7 +1192,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "May 28 04:48:31 enbyCi3813.api.domain proto=ipv6-icmp service=https status=deny src=10.164.207.42 dst=10.164.120.197 src_port=1901 dst_port=2304 server_app=itametco pid=2286 app_name=remip traff_direct=external block_count=3116 logon_user=pta@nonn4478.host msg=unknown", "observer": { @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 11 11:51:06 liquipex1155.mail.corp proto=ipv6-icmp service=smtp status=deny src=10.183.189.133 dst=10.154.191.225 src_port=5347 dst_port=7856 server_app=Loremip pid=2990 app_name=tur traff_direct=unknown block_count=6105 logon_user=ita@amquaer3985.www5.example msg=success", "observer": { @@ -1220,7 +1220,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "June 25 18:53:40 isn3991.local proto=igmp service=smtp status=deny src=10.29.120.226 dst=10.103.189.199 src_port=1296 dst_port=767 server_app=exerci pid=226 app_name=eserun traff_direct=outbound block_count=5452 logon_user=emu@orem6317.local msg=failure", "observer": { @@ -1234,7 +1234,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 10 01:56:14 iumtotam1010.www5.corp proto=icmp service=https status=deny src=10.133.254.23 dst=10.210.153.7 src_port=6251 dst_port=7030 server_app=nofdeFi pid=4691 app_name=sautei traff_direct=external block_count=2088 logon_user=voluptas@velill3230.www.corp msg=success", "observer": { @@ -1248,7 +1248,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "July 24 08:58:48 onsecte91.www5.localdomain proto=tcp service=pop3 status=deny src=10.126.245.73 dst=10.91.2.135 src_port=180 dst_port=2141 server_app=ender pid=5647 app_name=rumSecti traff_direct=outbound block_count=4680 logon_user=olore@orumS757.www5.corp msg=success", "observer": { @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 7 16:01:23 abori7686.internal.host proto=rdp service=https status=deny src=10.183.243.246 dst=10.137.85.123 src_port=218 dst_port=7073 server_app=ntsunti pid=2313 app_name=magnam traff_direct=internal block_count=6402 logon_user=cid@emi4534.www.localdomain msg=failure", "observer": { @@ -1276,7 +1276,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "August 21 23:03:57 reprehen3513.test proto=ipv6 service=smtp status=deny src=10.61.225.196 dst=10.10.86.55 src_port=4720 dst_port=5132 server_app=isiu pid=1585 app_name=mmodi traff_direct=external block_count=3034 logon_user=eniamqu@inimav1576.mail.example msg=failure", "observer": { @@ -1290,7 +1290,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 5 06:06:31 orroquis284.api.domain proto=udp service=http status=deny src=10.125.143.153 dst=10.79.73.195 src_port=2657 dst_port=457 server_app=umf pid=3141 app_name=moll traff_direct=outbound block_count=7645 logon_user=emip@aturQu7083.mail.host msg=failure", "observer": { @@ -1304,7 +1304,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "September 19 13:09:05 tionula2060.www5.localhost proto=ipv6 service=ms-wbt-server status=deny src=10.240.216.85 dst=10.64.139.17 src_port=2046 dst_port=2438 server_app=ice pid=6331 app_name=aal traff_direct=external block_count=4982 logon_user=nimadmin@lumqui7769.mail.local msg=unknown", "observer": { @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 3 20:11:40 rumSecti111.www5.domain proto=ipv6 service=ms-wbt-server status=deny src=10.87.90.49 dst=10.222.245.80 src_port=1486 dst_port=4017 server_app=itaedict pid=4474 app_name=byCic traff_direct=inbound block_count=3380 logon_user=ptatemse@siarc6339.internal.corp msg=success", "observer": { @@ -1332,7 +1332,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "October 18 03:14:14 olores7881.local proto=udp service=pop3 status=deny src=10.143.53.214 dst=10.87.144.208 src_port=3310 dst_port=2440 server_app=ipsumq pid=4855 app_name=psaquaea traff_direct=unknown block_count=5772 logon_user=psumq@ptatev6552.www.test msg=success", "observer": { @@ -1346,7 +1346,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 1 10:16:48 tDuis3281.www5.localdomain proto=ipv6-icmp service=pop3 status=deny src=10.204.178.19 dst=10.105.97.134 src_port=616 dst_port=1935 server_app=oremque pid=1729 app_name=inimve traff_direct=unknown block_count=6564 logon_user=mexercit@byC5766.internal.home msg=success", "observer": { @@ -1360,7 +1360,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 15 17:19:22 uptasnul2751.www5.corp proto=rdp service=smtp status=deny src=10.161.64.168 dst=10.194.67.223 src_port=7154 dst_port=5767 server_app=tatemse pid=4493 app_name=amqui traff_direct=inbound block_count=3673 logon_user=tion@hender6628.local msg=unknown", "observer": { @@ -1374,7 +1374,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "November 30 00:21:57 upt6017.api.localdomain proto=tcp service=smtp status=deny src=10.100.154.220 dst=10.120.148.241 src_port=5535 dst_port=1655 server_app=eeufug pid=6094 app_name=modt traff_direct=external block_count=5150 logon_user=rsitam@xercit7649.www5.home msg=failure", "observer": { @@ -1388,7 +1388,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "December 14 07:24:31 tpers2217.internal.lan proto=udp service=ms-wbt-server status=deny src=10.116.153.19 dst=10.180.90.112 src_port=6610 dst_port=1936 server_app=olu pid=5012 app_name=dexercit traff_direct=outbound block_count=2216 logon_user=itessequ@porissu1470.domain msg=success", "observer": { diff --git a/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ea298cf0e28..13fa2bc8feb 100644 --- a/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiClient Endpoint Security processors: - set: field: ecs.version - value: '8.3.0' + value: '8.5.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_forticlient/data_stream/log/sample_event.json b/packages/fortinet_forticlient/data_stream/log/sample_event.json index be6f45153a8..b7a7d8448af 100644 --- a/packages/fortinet_forticlient/data_stream/log/sample_event.json +++ b/packages/fortinet_forticlient/data_stream/log/sample_event.json @@ -19,7 +19,7 @@ "port": 3994 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet_forticlient/docs/README.md b/packages/fortinet_forticlient/docs/README.md index 459afe7812a..48c644a11f4 100644 --- a/packages/fortinet_forticlient/docs/README.md +++ b/packages/fortinet_forticlient/docs/README.md @@ -34,7 +34,7 @@ An example event for `log` looks as following: "port": 3994 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -244,7 +244,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/fortinet_forticlient/manifest.yml b/packages/fortinet_forticlient/manifest.yml index e0318fee5a2..e3f0783c320 100644 --- a/packages/fortinet_forticlient/manifest.yml +++ b/packages/fortinet_forticlient/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_forticlient title: Fortinet FortiClient Logs -version: 1.1.3 +version: "1.2.0" release: ga description: Collect logs from Fortinet FortiClient instances with Elastic Agent. type: integration diff --git a/packages/fortinet_fortiedr/_dev/build/build.yml b/packages/fortinet_fortiedr/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/fortinet_fortiedr/_dev/build/build.yml +++ b/packages/fortinet_fortiedr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/fortinet_fortiedr/changelog.yml b/packages/fortinet_fortiedr/changelog.yml index beb1e967d80..a1fb2ec418b 100644 --- a/packages/fortinet_fortiedr/changelog.yml +++ b/packages/fortinet_fortiedr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.0.0" changes: - description: Initial version of Fortinet FortiEDR package diff --git a/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index fac7c348fd3..e16b54e9701 100644 --- a/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_fortiedr/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-18T06:42:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -92,7 +92,7 @@ { "@timestamp": "2019-09-18T07:42:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f681f963abf..1e4336c216c 100644 --- a/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortiedr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiEDR Endpoint Detection and Response processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_fortiedr/data_stream/log/sample_event.json b/packages/fortinet_fortiedr/data_stream/log/sample_event.json index fa2b4aa8cb2..d35217ffe10 100644 --- a/packages/fortinet_fortiedr/data_stream/log/sample_event.json +++ b/packages/fortinet_fortiedr/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124", diff --git a/packages/fortinet_fortiedr/docs/README.md b/packages/fortinet_fortiedr/docs/README.md index 7fa1bf3f27c..18a013e4346 100644 --- a/packages/fortinet_fortiedr/docs/README.md +++ b/packages/fortinet_fortiedr/docs/README.md @@ -28,7 +28,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124", diff --git a/packages/fortinet_fortiedr/manifest.yml b/packages/fortinet_fortiedr/manifest.yml index 19285ae3d3d..b701287ca4d 100644 --- a/packages/fortinet_fortiedr/manifest.yml +++ b/packages/fortinet_fortiedr/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortiedr title: Fortinet FortiEDR Logs -version: 1.0.0 +version: "1.1.0" release: ga description: Collect logs from Fortinet FortiEDR instances with Elastic Agent. type: integration diff --git a/packages/fortinet_fortigate/_dev/build/build.yml b/packages/fortinet_fortigate/_dev/build/build.yml index 5661d603a89..aaafc5d833b 100644 --- a/packages/fortinet_fortigate/_dev/build/build.yml +++ b/packages/fortinet_fortigate/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.5.1 diff --git a/packages/fortinet_fortigate/changelog.yml b/packages/fortinet_fortigate/changelog.yml index ba47c77b931..239755ba9eb 100644 --- a/packages/fortinet_fortigate/changelog.yml +++ b/packages/fortinet_fortigate/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.5" changes: - description: Improve compatibility with newer versions of FortiOS. diff --git a/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json b/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json index 8796d2c598a..d3a7e09bb9c 100644 --- a/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json +++ b/packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json @@ -20,7 +20,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "ftgd_blk", @@ -142,7 +142,7 @@ "port": 161 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -253,7 +253,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "ftgd_allow", @@ -374,7 +374,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "signature", @@ -503,7 +503,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "signature", @@ -643,7 +643,7 @@ ] }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dns-response", @@ -761,7 +761,7 @@ ] }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dns-response", @@ -867,7 +867,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "signature", @@ -998,7 +998,7 @@ ] }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dns-response", @@ -1112,7 +1112,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1212,7 +1212,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "ssl-anomalies", @@ -1306,7 +1306,7 @@ { "@timestamp": "2020-04-23T12:32:48.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1392,7 +1392,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1488,7 +1488,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1575,7 +1575,7 @@ { "@timestamp": "2020-04-23T14:32:09.000-03:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1638,7 +1638,7 @@ { "@timestamp": "2020-04-23T12:32:09.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1725,7 +1725,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1813,7 +1813,7 @@ { "@timestamp": "2020-04-23T14:24:13.000-03:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0100041006", @@ -1860,7 +1860,7 @@ { "@timestamp": "2020-04-23T12:23:47.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0107045057", @@ -1940,7 +1940,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2015,7 +2015,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2088,7 +2088,7 @@ { "@timestamp": "2020-04-23T14:16:42.000-03:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2158,7 +2158,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0100022915", @@ -2206,7 +2206,7 @@ { "@timestamp": "2020-04-23T12:16:02.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0100022913", @@ -2271,7 +2271,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dns", @@ -2382,7 +2382,7 @@ "port": 6000 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -2512,7 +2512,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -2631,7 +2631,7 @@ "packets": 40 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -2742,7 +2742,7 @@ "port": 1235 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "ip-conn", @@ -2860,7 +2860,7 @@ "port": 442 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "close", @@ -3016,7 +3016,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "app-ctrl-all", @@ -3136,7 +3136,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "category": [ @@ -3210,7 +3210,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3258,7 +3258,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3306,7 +3306,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3354,7 +3354,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3402,7 +3402,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3450,7 +3450,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3498,7 +3498,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3546,7 +3546,7 @@ { "@timestamp": "2021-05-07T08:31:14.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3598,7 +3598,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "email": { "from": { @@ -3692,7 +3692,7 @@ { "@timestamp": "2022-07-29T14:17:14.000+02:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0112053203", @@ -3739,7 +3739,7 @@ { "@timestamp": "2022-07-29T14:17:14.000+02:00", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "code": "0110052005", diff --git a/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 78ddebd88cb..26ade74cad0 100644 --- a/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing fortinet firewall logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/fortinet_fortigate/data_stream/log/sample_event.json b/packages/fortinet_fortigate/data_stream/log/sample_event.json index 8552aba2717..abe6d247ab8 100644 --- a/packages/fortinet_fortigate/data_stream/log/sample_event.json +++ b/packages/fortinet_fortigate/data_stream/log/sample_event.json @@ -33,7 +33,7 @@ "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "7cc48d16-ebf0-44b1-9094-fe2082d8f5a4", diff --git a/packages/fortinet_fortigate/docs/README.md b/packages/fortinet_fortigate/docs/README.md index 3060393cb83..a80bf500a9d 100644 --- a/packages/fortinet_fortigate/docs/README.md +++ b/packages/fortinet_fortigate/docs/README.md @@ -48,7 +48,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "7cc48d16-ebf0-44b1-9094-fe2082d8f5a4", @@ -691,7 +691,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | | network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | diff --git a/packages/fortinet_fortigate/manifest.yml b/packages/fortinet_fortigate/manifest.yml index 3929b013024..9f35cee6a42 100644 --- a/packages/fortinet_fortigate/manifest.yml +++ b/packages/fortinet_fortigate/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortigate title: Fortinet FortiGate Firewall Logs -version: 1.2.5 +version: "1.3.0" release: ga description: Collect logs from Fortinet FortiGate firewalls with Elastic Agent. type: integration diff --git a/packages/fortinet_fortimail/_dev/build/build.yml b/packages/fortinet_fortimail/_dev/build/build.yml index 5661d603a89..aaafc5d833b 100644 --- a/packages/fortinet_fortimail/_dev/build/build.yml +++ b/packages/fortinet_fortimail/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.5.1 diff --git a/packages/fortinet_fortimail/changelog.yml b/packages/fortinet_fortimail/changelog.yml index 6c5192c2fae..da8ff93b9db 100644 --- a/packages/fortinet_fortimail/changelog.yml +++ b/packages/fortinet_fortimail/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.2" changes: - description: Remove duplicate field. diff --git a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 0111dd83cba..899458e652e 100644 --- a/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-1-29 time=06:09:59 device_id=pexe log_id=nes log_part=eab type=event subtype=update pri=high msg=\"boNemoe\"", "observer": { @@ -16,7 +16,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-2-12 time=13:12:33 device_id=ehend log_id=ritquiin log_part=umqui type=virus subtype=infected pri=very-high from=\"mest\" to=enderitq client_name=\"sperna884.internal.domain\" client_ip=\"10.165.201.71\" session_id=\"pisciv\" msg=\"uii\"", "observer": { @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-2-26 time=20:15:08 device_id=doeiu log_id=nia log_part=olupt type=event subtype=config pri=low user=quipexe ui=alo(10.212.18.145) module=umdo submodule=itessequ msg=vol", "observer": { @@ -44,7 +44,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-3-12 time=03:17:42 device_id=uipexea log_id=tatio log_part=minim type=event subtype=pop3 pri=high user=ceroinBC ui=ratvolup action=deny status=iatu msg=\"ionofde\"", "observer": { @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-3-26 time=10:20:16 device_id=itati log_id=mfu log_part=uid type=event subtype=pop3 pri=very-high user=obeataev ui=lor action=block status=autfu msg=\"natura\"", "observer": { @@ -72,7 +72,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-4-9 time=17:22:51 device_id=llamcorp log_id=ari log_part=eataevit type=event subtype=system pri=high user=iam ui=mqua action=allow status=olab msg=mquisnos", "observer": { @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-4-24 time=00:25:25 device_id=enimad log_id=incididu log_part=eci type=virus pri=very-high from=tenbyCic to=boree src=10.98.69.43 session_id=\"iinea\" msg=ipit", "observer": { @@ -100,7 +100,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-5-8 time=07:27:59 device_id=taliqu log_id=temUten log_part=ccusan type=virus subtype=infected pri=low from=\"Ciceroi\" to=\"aveniam\" client_name=\"uradi7307.internal.corp\" client_ip=\"10.118.96.139\" session_id=\"sitas\" msg=ehenderi", "observer": { @@ -114,7 +114,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-5-22 time=14:30:33 device_id=smo log_id=litessec log_part=emporinc type=event subtype=pop3 pri=very-high user=ipsumq ui=atcu action=allow status=tessec msg=\"remipsum\"", "observer": { @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-6-5 time=21:33:08 device_id=ntutl log_id=caecatc log_part=onsequat type=event subtype=update pri=low msg=\"edquiano\"", "observer": { @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-6-20 time=04:35:42 device_id=idestla log_id=Nemoeni log_part=uradi type=statistics pri=very-high session_id=\"lup\" from=\"remeumf\" mailer=antiumto client_name=\"10.241.165.37\" MSISDN=aUteni resolved=ittenbyC to=\"aperi\" direction=\"inbound\" message_length=ita virus=\"ipi\" disposition=rsitamet classifier=\"lupt\" subject=\"xea\"", "observer": { @@ -156,7 +156,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-7-4 time=11:38:16 device_id=amvolup log_id=sequi log_part=rehend type=event subtype=webmail pri=high user=eme ui=numqu(10.232.149.140) action=allow status=lum msg=utali", "observer": { @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-7-18 time=18:40:50 device_id=estiae log_id=sci log_part=oei type=virus_file-signature pri=low snostrud to=nama src=\"10.24.67.250\" session_id=\"dolor\" msg=\"nnum\"", "observer": { @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-8-2 time=01:43:25 device_id=oluptas log_id=tNequepo log_part=lup type=event subtype=update pri=medium msg=equat", "observer": { @@ -198,7 +198,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-8-16 time=08:45:59 device_id=abi log_id=sectetur log_part=uioffi type=event subtype=update pri=high msg=veniamq", "observer": { @@ -212,7 +212,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-8-30 time=15:48:33 device_id=orem log_id=beata log_part=hitecto type=statistics pri=very-high session_id=\"texp\" client_name=\"[10.179.124.125]\"dst_ip=\"10.177.36.38\" from=\"sequine\" to=\"ectio\" polid=\"dutper\" domain=\"lamcolab3252.www.invalid\" subject=\"gel\" mailer=\"lorsitam\" resolved=\"mpo\" direction=\"inbound\" virus=\"ris\" disposition=\"uamqu\" classifier=\"lor\" message_length=oide", "observer": { @@ -226,7 +226,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-9-13 time=22:51:07 device_id=didunt log_id=uptatema log_part=intocc type=virus subtype=file-signature pri=very-high from=\"orema\" to=invento src=[10.164.39.248] session_id=\"nofdeFin\" msg=sequam", "observer": { @@ -240,7 +240,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-9-28 time=05:53:42 device_id=tvolu log_id=ecte log_part=tinvolu type=virus_file-signature pri=high from=\"ntiumdo\" to=\"autfu\" src=gnaaliq [10.52.135.156] session_id=\"litse\" msg=\"icabo\"", "observer": { @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-10-12 time=12:56:16 device_id=stru log_id=tectobe log_part=Nequepo type=event subtype=config pri=very-high user=pora ui=boree module=evolup submodule=ionofdeF msg=\"evelit\"", "observer": { @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-10-26 time=19:58:50 device_id=uatD log_id=ariatu log_part=edquiac type=event subtype=smtp pri=high user=atno ui=tani action=allow status=ntocca session_id=ostru log_part=ntoccae msg=autf", "observer": { @@ -282,7 +282,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-11-10 time=03:01:24 device_id=tenimad log_id=minimav log_part=udexerci type=spam pri=very-high session_id=\"itam\" client_name=\"str976.internal.localhost [10.166.225.26]\" from=tanimid to=umdo subject=\"natuse\" msg=\"gnamal\"", "observer": { @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-11-24 time=10:03:59 device_id=intoc log_id=rQuisau log_part=itess type=virus subtype=infected pri=high from=evit to=\"runtm\" client_name=\"molli4306.www5.home\" client_ip=\"10.218.243.47\" session_id=\"borios\" msg=rsitvolu", "observer": { @@ -310,7 +310,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-12-8 time=17:06:33 device_id=quamqua log_id=eacommod log_part=ctetura type=event subtype=imap pri=high user=tpersp ui=stla action=allow status=sequamni msg=uradi", "observer": { @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-12-23 time=00:09:07 device_id=dolore log_id=onsecte log_part=nBCSedut type=virus subtype=file-signature pri=high from=\"modocons\" to=gitsed src=\"10.16.177.212\" session_id=\"emp\" msg=\"Attachment file (pisciv) has sha1 hash value: lumdolor\"", "observer": { @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-1-6 time=07:11:41 device_id=uaUten log_id=nby log_part=mve type=event subtype=config pri=low user=isau ui=rautodi(10.96.97.81) module=pis submodule=nsequat msg=doloreme", "observer": { @@ -352,7 +352,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-1-20 time=14:14:16 device_id=aec log_id=fdeF log_part=iquidexe type=spam pri=low session_id=\"niamq\" client_name= \"lapariat7287.internal.host\" client_ip=\"10.140.7.83\" dst_ip=\"10.68.246.187\" from=\"icabo\" to=\"gna\" subject=\"con\" msg=\"preh\"", "observer": { @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-2-3 time=21:16:50 device_id=amcor log_id=ica log_part=lillum type=event subtype=admin pri=very-high user=dicta ui=taedicta action=accept status=poriss reason=failure msg=equaturv", "observer": { @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-2-18 time=04:19:24 device_id=tpersp log_id=llamc log_part=nte type=event subtype=pop3 pri=very-high user=utali ui=porinc(10.48.204.44) action=accept status=dat msg=aincidu", "observer": { @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-3-4 time=11:21:59 device_id=dipisci log_id=spernatu log_part=admi type=event subtype=pop3 pri=very-high user=quunt ui=olori action=allow status=autodit msg=elit", "observer": { @@ -408,7 +408,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-3-18 time=18:24:33 device_id=nte log_id=ulpa log_part=sitam type=virus subtype=file-signature pri=low enderit to=sequa src=\"[10.111.233.194]\" session_id=eirure msg=deserun", "observer": { @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-4-2 time=01:27:07 device_id=ptateve log_id=enderi log_part=ptatem type=event subtype=smtp pri=very-high user=fugi ui=labo action=block status=ullamcor session_id=itationu msg=proident", "observer": { @@ -436,7 +436,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-4-16 time=08:29:41 device_id=atione log_id=lores log_part=ritati type=statistics pri=very-high session_id=uii client_name=estl5804.internal.local client_ip=10.73.207.70 dst_ip=10.179.210.218 from=taut hfrom=tanimi to=rumSecti polid=iuntNe domain=atise3421.www5.localdomain mailer=oluptas resolved=emvele src_type=isnost direction=inbound virus=Sedut disposition=yCiceroi classifier=quunt message_length=acommod subject=sitvol", "observer": { @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-4-30 time=15:32:16 device_id=liquide log_id=odt log_part=Sedutpe type=event subtype=admin pri=medium user=rroq ui=rcit(10.43.62.246) action=accept status=estl reason=success msg=citatio", "observer": { @@ -464,7 +464,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-5-14 time=22:34:50 device_id=taedict log_id=edquian log_part=loremeu type=event subtype=admin pri=very-high user=volupta ui=dmi action=allow status=aaliq reason=unknown msg=lupta", "observer": { @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-5-29 time=05:37:24 device_id=occ log_id=oloreseo log_part=iruredol type=virus subtype=file-signature pri=very-high derit to=orese src=\"[10.28.105.124]\" session_id=\"strude\" msg=eritin", "observer": { @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-6-12 time=12:39:58 device_id=temUten log_id=dutper log_part=sitamet type=event subtype=admin pri=very-high user=illumqui ui=saq action=block status=ritqu reason=unknown msg=\"idolor\"", "observer": { @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-6-26 time=19:42:33 device_id=quide log_id=quaU log_part=undeomni type=virus_file-signature pri=medium acomm to=iutali src=\"[10.219.13.150]\" session_id=Finibus msg=radi", "observer": { @@ -520,7 +520,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-7-11 time=02:45:07 device_id=inrepr log_id=mol log_part=umdolors type=event subtype=pop3 pri=medium user=imad ui=oriosam(10.163.114.215) action=deny status=sitametc msg=onsequa", "observer": { @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-7-25 time=09:47:41 device_id=riosa log_id=tNe log_part=pisc type=event subtype=webmail pri=very-high user=caecat ui=rautod(10.124.32.120) action=accept status=atcupi msg=atem", "observer": { @@ -548,7 +548,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-8-8 time=16:50:15 device_id=undeom log_id=emullamc log_part=tec type=event subtype=imap pri=medium user=eetdo ui=tlab action=cancel status=liq msg=seddoeiu", "observer": { @@ -562,7 +562,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-8-22 time=23:52:50 device_id=edictasu log_id=mdolors log_part=oremi type=event subtype=imap pri=medium user=atis ui=atDuis action=accept status=nisiut msg=\"rumwri\"", "observer": { @@ -576,7 +576,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-9-6 time=06:55:24 device_id=lumqu log_id=onulamco log_part=ons type=event subtype=pop3 pri=low user=uptat ui=unt action=accept status=uido msg=tla", "observer": { @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-9-20 time=13:57:58 device_id=uamqu log_id=olori log_part=ido type=spam pri=low session_id=\"sunt\" from=\"autfugit\" to=\"emUte\" msg=iusmodi", "observer": { @@ -604,7 +604,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-10-4 time=21:00:32 device_id=umS log_id=iciadese log_part=riatur type=event subtype=webmail pri=very-high user=xeacommo ui=Cicero(10.247.53.179) action=cancel status=ditau msg=atemaccu", "observer": { @@ -618,7 +618,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-10-19 time=04:03:07 device_id=urau log_id=etur log_part=rsitvol type=event subtype=config pri=low user=laborum ui=ostr(10.70.91.185) module=lumdo submodule=acom msg=\"eFini\"", "observer": { @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-11-2 time=11:05:41 device_id=upta log_id=itessequ log_part=iusmodit type=event subtype=update pri=very-high msg=exerci", "observer": { @@ -646,7 +646,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-11-16 time=18:08:15 device_id=mmodoco log_id=amni log_part=atnul type=event subtype=webmail pri=medium user=iquidexe ui=illumq(10.215.65.52) action=accept status=tasnul msg=\"tuserr\"", "observer": { @@ -660,7 +660,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-12-1 time=01:10:49 device_id=porinc log_id=riame log_part=riat type=event subtype=admin pri=medium user=rumSec ui=orp action=deny status=udan reason=unknown msg=\"essequam\"", "observer": { @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-12-15 time=08:13:24 device_id=itse log_id=ilm log_part=mvel type=virus subtype=infected pri=high from=seos to=exercita client_name=\"edolori3822.api.home\" client_ip=\"10.63.177.46\" session_id=\"oluptate\" msg=lit", "observer": { @@ -688,7 +688,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-12-29 time=15:15:58 device_id=iciade log_id=uis log_part=amc type=event subtype=webmail pri=medium user=Ute ui=ptassita action=allow status=runtm msg=\"eturadip\"", "observer": { @@ -702,7 +702,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-1-12 time=22:18:32 device_id=colabori log_id=imidestl log_part=piscing type=virus subtype=file-signature pri=high from=\"isn\" to=smod src=\"idunt [10.29.120.226]\" session_id=\"atev\" msg=\"ectio\"", "observer": { @@ -716,7 +716,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-1-27 time=05:21:06 device_id=atcupid log_id=onse log_part=psa type=virus_file-signature pri=high destla to=\"fugitse\" src=[10.12.86.130] session_id=dese msg=\"Attachment file (duntutla) has sha1 hash value: lamco\"", "observer": { @@ -730,7 +730,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-2-10 time=12:23:41 device_id=gna log_id=ici log_part=quamnih type=event subtype=pop3 pri=low user=iameaque ui=identsun action=deny status=aquio msg=\"rspicia\"", "observer": { @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-2-24 time=19:26:15 device_id=uiineavo log_id=sistena log_part=uidexeac type=virus subtype=infected pri=high from=\"amquisno\" to=modoc client_name=\"magnam3267.corp\" client_ip=\"10.95.32.86\" session_id=\"Bonorum\" msg=lesti", "observer": { @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-3-11 time=02:28:49 device_id=lupta log_id=byC log_part=imadm type=spam pri=low session_id=\"nci\" from=\"orroquis\" to=\"ulapa\" subject=\"iumdo\" msg=\"iusmodit\"", "observer": { @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-3-25 time=09:31:24 device_id=obeataev log_id=umf log_part=olesti type=event subtype=config pri=low user=quaeabil ui=emip module=aturQu submodule=itesse msg=\"iamqui\"", "observer": { @@ -786,7 +786,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-4-8 time=16:33:58 device_id=inim log_id=etdol log_part=Sed type=event subtype=pop3 pri=very-high user=tten ui=etur action=allow status=mipsumqu msg=\"eprehen\"", "observer": { @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-4-22 time=23:36:32 device_id=itaedict log_id=olorema log_part=rep type=event subtype=update pri=low msg=ptatemse", "observer": { @@ -814,7 +814,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-5-7 time=06:39:06 device_id=eleumi log_id=edic log_part=udexerc type=event subtype=pop3 pri=low user=olabori ui=odic action=block status=lica msg=secil", "observer": { @@ -828,7 +828,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-5-21 time=13:41:41 device_id=nimadmin log_id=midest log_part=modt type=event subtype=update pri=very-high msg=tocca", "observer": { @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-6-4 time=20:44:15 device_id=usant log_id=mipsumq log_part=ident type=event subtype=config pri=very-high user=sequatD ui=ercitati(10.40.89.185) module=temse submodule=caecat msg=\"cusanti\"", "observer": { @@ -856,7 +856,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-6-19 time=03:46:49 device_id=conseq log_id=itame log_part=tenat type=virus subtype=infected pri=very-high from=\"yCiceroi\" to=\"nostrum\" client_name=\"orroquis5179.local\" client_ip=\"10.252.96.71\" session_id=\"tvolu\" msg=\"dutper\"", "observer": { @@ -870,7 +870,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-7-3 time=10:49:23 device_id=ugiatqu log_id=eruntmo log_part=nimve type=virus subtype=infected pri=very-high from=natus to=boreet client_name=\"luptasnu757.www.home\" client_ip=\"10.174.210.232\" session_id=ovolupta msg=\"volup\"", "observer": { @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-7-17 time=17:51:58 device_id=Bonoru log_id=rcitati log_part=nula type=event subtype=imap pri=medium user=deomni ui=adipi(10.120.232.62) action=block status=ntutl msg=\"volupt\"", "observer": { @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-8-1 time=00:54:32 device_id=mquameiu log_id=loremq log_part=turmagni type=event subtype=imap pri=very-high user=emUtenim ui=ende action=block status=amnis msg=rvelil", "observer": { @@ -912,7 +912,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-8-15 time=07:57:06 device_id=rumetMa log_id=mexerci log_part=urEx type=virus subtype=file-signature pri=medium liq to=abore src=10.200.225.45 session_id=dol msg=exe", "observer": { @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-8-29 time=14:59:40 device_id=audant log_id=rspicia log_part=pitl type=statistics pri=high session_id=mmod client_name=taevit4968.mail.local client_ip=10.144.111.42 dst_ip=10.62.61.1 from=lam hfrom=asnu to=com polid=rep domain=mveni5084.internal.local mailer=num resolved=ctetura src_type=quaerat direction=inbound virus=umexer disposition=amnih classifier=tper message_length=pisciv subject=tconsect", "observer": { @@ -940,7 +940,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-9-12 time=22:02:15 device_id=emipsumq log_id=culpaq log_part=quamq type=event subtype=pop3 pri=medium user=emvel ui=pta(10.183.213.223) action=block status=hend msg=remagna", "observer": { @@ -954,7 +954,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-9-27 time=05:04:49 device_id=lauda log_id=plicaboN log_part=dolo type=virus subtype=file-signature pri=medium from=\"elit\" to=sam src=\"tMal [10.52.190.18]\" session_id=isni msg=quid", "observer": { @@ -968,7 +968,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-10-11 time=12:07:23 device_id=inibus log_id=secte log_part=ctobeat type=event subtype=config pri=low user=iqui ui=animide module=pid submodule=itanimi msg=\"onoru\"", "observer": { @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-10-25 time=19:09:57 device_id=naaliq log_id=plica log_part=asiarc type=event subtype=imap pri=low user=seq ui=snula(10.203.110.206) action=deny status=dipi msg=ecatc", "observer": { @@ -996,7 +996,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-11-9 time=02:12:32 device_id=dolo log_id=velites log_part=oloremi type=virus_file-signature pri=high apari to=tsunt src=\"caecat [10.108.10.197]\" session_id=enim msg=\"Attachment file (umq) has sha1 hash value: sistena\"", "observer": { @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-11-23 time=09:15:06 device_id=imipsam log_id=eumiu log_part=tatevel type=event subtype=smtp pri=high user=quisnostui=sequines(10.115.154.104) action=cancelstatus=lorumsession_id=\"suntexpl\" msg=\"DSN: to \u003c\u003ciqu\u003e; reason:success; sessionid:tatis\"", "observer": { @@ -1024,7 +1024,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-12-7 time=16:17:40 device_id=econ log_id=aborio log_part=rve type=event subtype=smtp pri=medium user=nbyCiui=runtmollaction=blockstatus=velillumsession_id=\"ionev\" msg=\"to=\u003c\u003cvitaedi\u003e, delay=rna, xdelay=cons, mailer=ipv6-icmp, pri=lupta, relay=olaboris3175.internal.home[10.250.94.95], dsn=tno, stat=imvenia\"", "observer": { @@ -1038,7 +1038,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-12-21 time=23:20:14 device_id=atevelit log_id=ugitsed log_part=dminimve type=virus subtype=file-signature pri=very-high from=\"onse\" to=uiac src=tquii [10.164.49.95] session_id=emeumfu msg=\"inBCSedu\"", "observer": { @@ -1052,7 +1052,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-1-5 time=06:22:49 device_id=ddo log_id=emp log_part=inBC type=event subtype=smtp pri=low user=eacommui=aboNem(10.11.45.141) action=allowstatus=remasession_id=\"mcol\"msg=\"STARTTLS=tion, cert-subject=umquia, cert-issuer=lorsita, verifymsg=spici\"", "observer": { @@ -1066,7 +1066,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-1-19 time=13:25:23 device_id=odit log_id=vol log_part=epteurs type=statistics pri=very-high session_id=\"cteturad\" client_name=\"modi6930.internal.test[10.60.164.100]\"dst_ip=\"10.161.1.146\" from=\"etconse\" to=\"nproiden\" polid=\"ionem\" domain=\"taevitae6868.www.corp\" subject=\"ehende\" mailer=\"rep\" resolved=\"nostru\" direction=\"internal\" virus=\"ipiscin\" disposition=\"trudexe\" classifier=\"qua\" message_length=modit", "observer": { @@ -1080,7 +1080,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-2-2 time=20:27:57 device_id=orsit log_id=deFinibu log_part=iaecons type=event subtype=admin pri=very-high user=rautod ui=onorumet(10.157.118.41) action=cancel status=chit reason=unknown msg=\"erspici\"", "observer": { @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-2-17 time=03:30:32 device_id=quidol log_id=tinv log_part=Utenima type=statistics pri=high session_id=temqu client_name=uradip7802.mail.example client_ip=10.44.35.57 dst_ip=10.93.239.216 from=vento hfrom=litsed to=ciun polid=rehender domain=tetura7106.www5.corp mailer=eosquir resolved=tqu src_type=emips direction=internal virus=tinvolu disposition=ptat classifier=amquisn message_length=Finibus subject=nsequat", "observer": { @@ -1108,7 +1108,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-3-3 time=10:33:06 device_id=evelite log_id=remquela log_part=toreve type=event subtype=update pri=high msg=\"dolor\"", "observer": { @@ -1122,7 +1122,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-3-17 time=17:35:40 device_id=itse log_id=lapari log_part=Bonor type=event subtype=update pri=medium msg=exeaco", "observer": { @@ -1136,7 +1136,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-4-1 time=00:38:14 device_id=emvele log_id=tNeq log_part=olorsita type=virus_file-signature pri=medium eleumiu to=etdol src=\"imadmin [10.123.154.140]\" session_id=liqu msg=dolor", "observer": { @@ -1150,7 +1150,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-4-15 time=07:40:49 device_id=aliq log_id=utem log_part=oreetd type=event subtype=imap pri=very-high user=mremape ui=ude action=deny status=emac msg=rmagnido", "observer": { @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-4-29 time=14:43:23 device_id=pariatur log_id=cita log_part=tvo type=event subtype=admin pri=high user=rve ui=atemacc(10.141.108.1) action=deny status=ciunt reason=success msg=\"beataevi\"", "observer": { @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-5-13 time=21:45:57 device_id=imaven log_id=dmin log_part=sum type=event subtype=system pri=low user=lore ui=nim action=cancel status=edquiac msg=psamvolu", "observer": { @@ -1192,7 +1192,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-5-28 time=04:48:31 device_id=iade log_id=tae log_part=obe type=event subtype=admin pri=medium user=ulapari ui=rittenby(10.31.31.193) action=deny status=nvol reason=unknown msg=\"luptatem\"", "observer": { @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-6-11 time=11:51:06 device_id=conse log_id=ruredolo log_part=ati type=event subtype=system pri=low user=olors ui=roid(10.234.156.8) action=block status=uteiru msg=\"xer\"", "observer": { @@ -1220,7 +1220,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-6-25 time=18:53:40 device_id=nvol log_id=uame log_part=quia type=event subtype=update pri=very-high msg=\"labor\"", "observer": { @@ -1234,7 +1234,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-7-10 time=01:56:14 device_id=mwritte log_id=modit log_part=quamnih type=event subtype=config pri=medium user=itanimid ui=uiin module=nibusBo submodule=iusm msg=\"nostru\"", "observer": { @@ -1248,7 +1248,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-7-24 time=08:58:48 device_id=vel log_id=preh log_part=madmini type=event subtype=update pri=high msg=edutpers", "observer": { @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-8-7 time=16:01:23 device_id=sBonoru log_id=everi log_part=squ type=virus subtype=file-signature pri=medium from=\"utla\" to=nse src=10.160.236.78 session_id=nostrude msg=\"Attachment file (rinc) has sha1 hash value: tno\"", "observer": { @@ -1276,7 +1276,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-8-21 time=23:03:57 device_id=cid log_id=nonproi log_part=dolor type=event subtype=admin pri=medium user=molli ui=oeiusm(10.244.19.62) action=accept status=nnumquam reason=unknown msg=\"tdolore\"", "observer": { @@ -1290,7 +1290,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-9-5 time=06:06:31 device_id=icta log_id=epteu log_part=nvent type=event subtype=webmail pri=high user=mquiavol ui=odiconse(10.147.52.164) action=allow status=untutl msg=ugiatnul", "observer": { @@ -1304,7 +1304,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-9-19 time=13:09:05 device_id=quaturve log_id=elaudant log_part=olup type=spam pri=high session_id=\"iacon\" client_name= \"ncu3839.www.localhost\" client_ip=\"10.201.105.58\" dst_ip=\"10.251.183.113\" from=\"ent\" to=\"ionemu\" subject=\"eseosqu\" msg=\"uptatem\"", "observer": { @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-10-3 time=20:11:40 device_id=eprehen log_id=oinB log_part=lor type=statistics pri=low session_id=\"citatio\" client_name=\"[10.209.203.156]\"dst_ip=\"10.132.139.98\" from=\"pariat\" to=\"borisnis\" direction=\"unknown\" virus=\"oremagn\" disposition=\"emagna\" classifier=\"uidolor\" message_length=remag", "observer": { @@ -1332,7 +1332,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-10-18 time=03:14:14 device_id=tiumtot log_id=ulamcola log_part=epr type=event subtype=admin pri=low user=nculpa ui=enbyCice(10.152.196.145) action=block status=uptas reason=success msg=\"iadeseru\"", "observer": { @@ -1346,7 +1346,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-11-1 time=10:16:48 device_id=equ log_id=turadip log_part=ataev type=virus_file-signature pri=medium from=\"oree\" to=\"nimadmi\" src=\"utaliq [10.78.38.143]\" session_id=qui msg=\"Attachment file (epteurs) has sha1 hash value: did\"", "observer": { @@ -1360,7 +1360,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-11-15 time=17:19:22 device_id=sunt log_id=orumSe log_part=olupta type=event subtype=update pri=very-high msg=pta", "observer": { @@ -1374,7 +1374,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-11-30 time=00:21:57 device_id=ntutlabo log_id=leumiure log_part=tasnu type=event subtype=smtp pri=high user=amquaui=tionevol(10.209.124.81) action=allowstatus=tobesession_id=\"ssequa\" log_part=emp msg=\"to=\u003c\u003cemoeni, delay=officiad, xdelay=veniam, mailer=igmp, pri=entoreve, relay=ion3339.www.localdomain\"", "observer": { @@ -1388,7 +1388,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-12-14 time=07:24:31 device_id=int log_id=oremagn log_part=rnatur type=virus pri=medium from=uptatev to=\"oditem\" src=\"10.176.31.145\" session_id=\"ineavo\" msg=reseo", "observer": { diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ccb35fd2e46..310a74da302 100644 --- a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiMail processors: - set: field: ecs.version - value: '8.3.0' + value: '8.5.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_fortimail/data_stream/log/sample_event.json b/packages/fortinet_fortimail/data_stream/log/sample_event.json index f6886ac301c..07be8b05c5b 100644 --- a/packages/fortinet_fortimail/data_stream/log/sample_event.json +++ b/packages/fortinet_fortimail/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet_fortimail/docs/README.md b/packages/fortinet_fortimail/docs/README.md index 4fa561ec8c5..79b714582ad 100644 --- a/packages/fortinet_fortimail/docs/README.md +++ b/packages/fortinet_fortimail/docs/README.md @@ -28,7 +28,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -189,7 +189,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/fortinet_fortimail/manifest.yml b/packages/fortinet_fortimail/manifest.yml index 5b0bd837f74..7f2771fabaf 100644 --- a/packages/fortinet_fortimail/manifest.yml +++ b/packages/fortinet_fortimail/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortimail title: Fortinet FortiMail Logs -version: 1.1.2 +version: "1.2.0" release: ga description: Collect logs from Fortinet FortiMail instances with Elastic Agent. type: integration diff --git a/packages/fortinet_fortimanager/_dev/build/build.yml b/packages/fortinet_fortimanager/_dev/build/build.yml index 5661d603a89..aaafc5d833b 100644 --- a/packages/fortinet_fortimanager/_dev/build/build.yml +++ b/packages/fortinet_fortimanager/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.5.1 diff --git a/packages/fortinet_fortimanager/changelog.yml b/packages/fortinet_fortimanager/changelog.yml index c903c782330..1be4e230342 100644 --- a/packages/fortinet_fortimanager/changelog.yml +++ b/packages/fortinet_fortimanager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.3" changes: - description: Remove duplicate fields. diff --git a/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 1a8116cb8b3..ff73a6427b2 100644 --- a/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=iusm devname=\"modtempo\" devid=\"olab\" vd=nto date=2016-1-29 time=6:09:59 logid=sse type=exercita subtype=der level=very-high eventtime=odoco logtime=ria srcip=10.20.234.169 srcport=1001 srcintf=eth5722 srcintfrole=vol dstip=10.44.173.44 dstport=6125 dstintf=enp0s3068 dstintfrole=nseq poluuid=itinvol sessionid=psa proto=21 action=allow policyid=ntium policytype=psaq crscore=13.800000 craction=eab crlevel=aliqu appcat=Ute service=lupt srccountry=dolore dstcountry=sequa trandisp=abo tranip=10.189.58.145 tranport=5273 duration=14.119000 sentbyte=7880 rcvdbyte=449 sentpkt=mqui app=nci", "observer": { @@ -16,7 +16,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-2-12 time=1:12:33 logver=litesse devid=orev devname=pisciv logid=uii type=umexe subtype=estlabo level=high vd=iatnu srcip=10.182.84.248 srcport=4880 srcintf=enp0s208 dstip=10.162.33.193 dstport=7200 dstintf=enp0s2581 poluuid=nulapari sessionid=mwritten proto=prm action=accept policyid=uidolor trandisp=nibus duration=72.226000 sentbyte=6378 rcvdbyte=3879 devtype=riosam osname=anonnu osversion=1.410 mastersrcmac=ameaqu srcmac=01:00:5e:84:66:6c crscore=145.047000 craction=squame crlevel=ntex eventtype=eius user=luptat service=emape hostname=aer445.host profile=eumiu reqtype=uame url=https://www.example.net/orisn/cca.htm?ofdeF=metcons#roinBCS direction=external msg=com method=eataevi cat=byC catdesc=tinculp device_id=tur log_id=atio pri=high userfrom=atemsequ adminprof=nci timezone=CEST main_type=eFini trigger_policy=amco sub_type=exe severity_level=iatu policy=ionofde src=10.62.4.246 src_port=189 dst=10.171.204.166 dst_port=6668 http_method=mol http_url=taspe http_host=mvolu http_agent=radip http_session_id=tNequ signature_subclass=gelit signature_id=6728 srccountry=tconsec content_switch_name=nsequat server_pool_name=taev false_positive_mitigation=roidents user_name=oluptas monitor_status=llu http_refer=https://api.example.org/tamremap/tur.html?radipis=isetq#estqui http_version=uasiarch dev_id=emaper threat_weight=ssitasp history_threat_weight=eum threat_level=sum ftp_mode=uaerat ftp_cmd=boreet cipher_suite=onev msg_id=tenima", "observer": { @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=seq dtime=2016-02-26 20:15:08.252538723 +0000 UTC devid=olorema devname=ccaecat vd=veleumi date=2016-2-26 time=8:15:08 logid=tia type=enim subtype=dqu level=medium eventtime=uian logtime=tempo srcip=10.200.188.142 srcport=4665 srcintf=eth4496 srcintfrole=eetd dstip=10.94.103.117 dstport=513 dstintf=enp0s3491 dstintfrole=doloreeu poluuid=pori sessionid=occ proto=icmp action=allow policyid=reetdolo policytype=nrepreh crscore=18.839000 craction=uiano crlevel=mrema appcat=autfu service=natura srccountry=aboris dstcountry=ima trandisp=tanimi tranip=10.15.159.80 tranport=6378 duration=121.916000 sentbyte=6517 rcvdbyte=13 sentpkt=ugiatqu app=eacomm", "observer": { @@ -44,7 +44,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=liqu devname=\"lorem\" devid=\"emq\" vd=isiu date=2016-3-12 time=3:17:42 logid=nimadmi type=iatisu subtype=iat level=low eventtime=suntinc logtime=elits srcip=10.131.233.27 srcport=5037 srcintf=eth3676 srcintfrole=eataevit dstip=10.50.112.141 dstport=7303 dstintf=eth3391 dstintfrole=olab poluuid=mquisnos sessionid=loremagn proto=1 action=cancel policyid=tsed policytype=orai crscore=61.614000 craction=incididu crlevel=eci appcat=aali service=ametcons srccountry=porainc dstcountry=amquisno trandisp=iinea tranip=10.27.88.95 tranport=776 duration=5.911000 sentbyte=1147 rcvdbyte=3269 sentpkt=tvol app=moll", "observer": { @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-3-26 time=10:20:16 logver=inim devid=ema devname=roinBCSe logid=onse type=tae subtype=tatno level=very-high vd=oluptate srcip=10.52.54.178 srcport=4427 srcintf=lo1567 dstip=10.37.58.155 dstport=2430 dstintf=eth6096 poluuid=ciati sessionid=ercit proto=3 action=allow policyid=eniam trandisp=reetdolo duration=165.411000 sentbyte=7651 rcvdbyte=3982 devtype=rumet osname=oll osversion=1.5670 mastersrcmac=nido srcmac=01:00:5e:c3:0a:41 crscore=71.955000 craction=itlabori crlevel=Ciceroi eventtype=aveniam user=uradi service=nimadmin hostname=olo7148.mail.home profile=snulapar reqtype=aedic url=https://api.example.com/iumto/aboreetd.gif?dun=enim#saute direction=internal msg=eriame method=lorema cat=avol catdesc=labor device_id=atuse log_id=ddoeiu pri=high userfrom=idolore adminprof=onse timezone=PST main_type=tation trigger_policy=ips sub_type=emeumfug severity_level=upta policy=omn src=10.87.212.179 src_port=1758 dst=10.157.213.15 dst_port=3539 http_method=ali http_url=nsect http_host=ntutl http_agent=caecatc http_session_id=onsequat signature_subclass=siuta signature_id=2896 srccountry=loru content_switch_name=ema server_pool_name=par false_positive_mitigation=itaut user_name=rveli monitor_status=rsint http_refer=https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf http_version=antiumto dev_id=strude threat_weight=ctetura history_threat_weight=usmod threat_level=edqui ftp_mode=mquidol ftp_cmd=ita cipher_suite=ipi msg_id=rsitamet", "observer": { @@ -72,7 +72,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-4-9 time=5:22:51 logver=eseru devid=remeum devname=orain logid=quip type=oin subtype=uisquam level=high vd=tinvol srcip=10.19.68.92 srcport=1409 srcintf=enp0s33 dstip=10.38.22.45 dstport=7036 dstintf=lo1120 poluuid=ditautfu sessionid=piscing proto=icmp action=accept policyid=ostr trandisp=rudexerc duration=135.013000 sentbyte=3369 rcvdbyte=927 devtype=itaut osname=imaven osversion=1.152 mastersrcmac=umdolo srcmac=01:00:5e:f7:4a:fd crscore=169.252000 craction=tfug crlevel=icab eventtype=mwr user=fugi service=inculpaq hostname=agna7678.internal.host profile=equa reqtype=mexercit url=https://www.example.net/tasuntex/sunt.txt?ume=incidi#picia direction=unknown msg=olupt method=dit cat=sumquiad catdesc=dexeaco device_id=ivelits log_id=moenimi pri=medium userfrom=etdolo adminprof=inv timezone=CEST main_type=ommod trigger_policy=sequatur sub_type=uidolo severity_level=lumquido policy=nihi src=10.114.150.67 src_port=1407 dst=10.76.73.140 dst_port=3075 http_method=uines http_url=nsec http_host=onse http_agent=emips http_session_id=imadmi signature_subclass=ostrume signature_id=6051 srccountry=eataev content_switch_name=liquide server_pool_name=uasia false_positive_mitigation=emp user_name=aperia monitor_status=ofdeFini http_refer=https://example.org/vol/riat.htm?atvol=umiur#imad http_version=msequi dev_id=isnostru threat_weight=iquaUten history_threat_weight=santium threat_level=iciatisu ftp_mode=rehender ftp_cmd=eporroqu cipher_suite=uat msg_id=tem", "observer": { @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=suntinc date=2016-4-24 time=12:25:25 log_id=xeac devid=nidolo devname=tatn logid=eli type=nnu subtype=dolo level=low vd=nse srcip=10.202.204.239 srcport=7783 srcintf=lo2857 dstip=10.147.28.176 dstport=7432 dstintf=enp0s1462 poluuid=mporain sessionid=icons proto=0 action=accept policyid=sequi trandisp=rehend duration=3.138000 sentbyte=6354 rcvdbyte=3605 devtype=numqu osname=qui osversion=1.4059 mastersrcmac=equi srcmac=01:00:5e:68:86:a1 crscore=72.701000 craction=tat crlevel=ipitla eventtype=quae user=maccusa service=uptat hostname=equep5085.mail.domain profile=aqu reqtype=rpo url=https://www.example.org/inesci/serror.html?mqu=apariat#tlabore direction=internal msg=ihilm method=atDu cat=eav catdesc=ionevo device_id=remagn log_id=run pri=very-high userfrom=iamquis adminprof=quirat timezone=CET main_type=ittenbyC trigger_policy=isc sub_type=aturve severity_level=emulla policy=mpori src=10.195.36.51 src_port=3905 dst=10.95.64.124 dst_port=7042 http_method=iadese http_url=nsectet http_host=utla http_agent=utei http_session_id=laborum signature_subclass=tionof signature_id=7613 srccountry=oin content_switch_name=lapari server_pool_name=data false_positive_mitigation=dolor user_name=nnum monitor_status=eritqu http_refer=https://internal.example.net/wri/bor.jpg?hitect=dol#leumiu http_version=namali dev_id=taevit threat_weight=rinrepre history_threat_weight=etconse threat_level=tincu ftp_mode=ari ftp_cmd=exercit cipher_suite=sci msg_id=quamnih", "observer": { @@ -100,7 +100,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=occae dtime=2016-05-08 07:27:59.552538723 +0000 UTC devid=ctetura devname=labore vd=texp date=2016-5-8 time=7:27:59 logid=tMalor type=acc subtype=amc level=very-high eventtime=amest logtime=corp srcip=10.176.216.90 srcport=2428 srcintf=eth2591 srcintfrole=dantiumt dstip=10.186.85.3 dstport=5366 dstintf=lo821 dstintfrole=ento poluuid=pic sessionid=evita proto=prm action=allow policyid=duntut policytype=magni crscore=102.339000 craction=uptat crlevel=uam appcat=boris service=nti srccountry=abi dstcountry=sectetur trandisp=uioffi tranip=10.114.16.155 tranport=1608 duration=62.941000 sentbyte=5110 rcvdbyte=3818 sentpkt=ipi app=reseos", "observer": { @@ -114,7 +114,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=mcolab date=2016-5-22 time=2:30:33 log_id=neav devid=oquisqu devname=sperna logid=eabilloi type=estia subtype=tper level=very-high vd=volupt srcip=10.188.169.107 srcport=2138 srcintf=eth6448 dstip=10.214.7.83 dstport=1696 dstintf=lo1616 poluuid=tenatu sessionid=uun proto=HOPOPT action=cancel policyid=ectio trandisp=dutper duration=4.781000 sentbyte=3423 rcvdbyte=3252 devtype=radi osname=gel osversion=1.3917 mastersrcmac=iduntu srcmac=01:00:5e:21:f5:0a crscore=57.435000 craction=uamqu crlevel=lor eventtype=oide user=dolore service=amvolu hostname=eturadi6608.mail.host profile=aera reqtype=ate url=https://api.example.com/nimid/itatione.htm?umwr=oluptate#issus direction=inbound msg=uaUteni method=udantium cat=pre catdesc=xeacom device_id=stlabo log_id=dictasu pri=low userfrom=catc adminprof=nsect timezone=GMT-07:00 main_type=asia trigger_policy=econs sub_type=uir severity_level=dol policy=essecil src=10.23.62.94 src_port=4368 dst=10.61.163.4 dst_port=1232 http_method=luptatem http_url=atem http_host=gnido http_agent=ratvolu http_session_id=olup signature_subclass=numqua signature_id=1411 srccountry=inculpa content_switch_name=abo server_pool_name=veniamqu false_positive_mitigation=nse user_name=non monitor_status=paquioff http_refer=https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema http_version=intocc dev_id=liqu threat_weight=eporr history_threat_weight=xeacomm threat_level=mveleu ftp_mode=nofdeFin ftp_cmd=sequam cipher_suite=temvel msg_id=ris", "observer": { @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-6-5 time=9:33:08 logver=nisiuta devid=tvolu devname=ecte logid=tinvolu type=iurer subtype=iciadese level=medium vd=gnaaliq srcip=10.52.135.156 srcport=2660 srcintf=eth4502 dstip=10.133.89.11 dstport=1098 dstintf=lo4901 poluuid=sintoc sessionid=volupt proto=1 action=deny policyid=uiinea trandisp=Utenima duration=111.502000 sentbyte=1871 rcvdbyte=5074 devtype=ptatem osname=Nequepor osversion=1.2580 mastersrcmac=ugiatnu srcmac=01:00:5e:4a:7f:b8 crscore=103.738000 craction=mnisi crlevel=scivelit eventtype=tDuisaut user=oinBC service=quameius hostname=ipsumdol4488.api.localdomain profile=ommodico reqtype=ptas url=https://example.com/tetu/stru.htm?tlabore=Exc#pora direction=unknown msg=uteirure method=nevo cat=ide catdesc=aali device_id=adip log_id=tium pri=very-high userfrom=iusmodi adminprof=uamest timezone=PST main_type=uiac trigger_policy=epte sub_type=idolo severity_level=quinesc policy=madmi src=10.28.76.42 src_port=3427 dst=10.106.31.86 dst_port=4198 http_method=sno http_url=atno http_host=tani http_agent=volu http_session_id=nonn signature_subclass=inventor signature_id=6088 srccountry=autf content_switch_name=quamni server_pool_name=iatisu false_positive_mitigation=sec user_name=cons monitor_status=sBon http_refer=https://www.example.com/tae/ccaec.htm?aperiame=isc#ullamcor http_version=tobea dev_id=tor threat_weight=qui history_threat_weight=ntmollit threat_level=tenatus ftp_mode=cipitlab ftp_cmd=ipsumd cipher_suite=antiu msg_id=uirati", "observer": { @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ersp dtime=2016-06-20 04:35:42.332538723 +0000 UTC devid=tquov devname=diconseq vd=inven date=2016-6-20 time=4:35:42 logid=osquira type=tes subtype=mquame level=medium eventtime=tnulapa logtime=orain srcip=10.238.164.74 srcport=2201 srcintf=lo4249 srcintfrole=madmi dstip=10.106.162.153 dstport=341 dstintf=lo7114 dstintfrole=amvo poluuid=qui sessionid=tasn proto=1 action=accept policyid=squirati policytype=Sedutp crscore=92.058000 craction=nbyCic crlevel=utlabor appcat=itessequ service=porro srccountry=ine dstcountry=lup trandisp=tatemUt tranip=10.58.214.16 tranport=508 duration=166.566000 sentbyte=2715 rcvdbyte=7130 sentpkt=pici app=abor", "observer": { @@ -156,7 +156,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=tquiin dtime=2016-07-04 11:38:16.592538723 +0000 UTC devid=tse devname=tenimad vd=minimav date=2016-7-4 time=11:38:16 logid=udexerci type=naal subtype=lore level=high eventtime=idolore logtime=pid srcip=10.225.141.20 srcport=2282 srcintf=enp0s4046 srcintfrole=natuse dstip=10.217.150.196 dstport=4639 dstintf=lo2438 dstintfrole=archite poluuid=loreme sessionid=untu proto=6 action=cancel policyid=datatno policytype=siutali crscore=49.988000 craction=usmodte crlevel=msequi appcat=tau service=exercita srccountry=ris dstcountry=eumiu trandisp=orumSe tranip=10.110.31.190 tranport=945 duration=12.946000 sentbyte=248 rcvdbyte=5300 sentpkt=eeufugia app=evit", "observer": { @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-7-18 time=6:40:50 devname=molli device_id=velitse log_id=oditem type=generic subtype=gitsedqu pri=very-high devid=oremi devname=mestq logid=temUt type=olor subtype=ineavo level=very-high vd=mquelau srcip=10.168.236.85 srcport=6846 srcintf=eth651 dstip=10.140.113.244 dstport=4374 dstintf=lo4367 poluuid=fugitsed sessionid=quam proto=tcp action=deny policyid=fugiat trandisp=atisun duration=101.653000 sentbyte=3962 rcvdbyte=7741 devtype=dmin osname=fugi osversion=1.3319 mastersrcmac=inci srcmac=01:00:5e:e6:ad:ae crscore=39.291000 craction=avol crlevel=icero eventtype=xer user=emipsumd service=isisten hostname=cusant4946.www.domain profile=itecto reqtype=reetdol url=https://api.example.com/isnostr/umqu.htm?emquia=inesci#isnisi direction=unknown msg=aquioffi method=tamet cat=quatur catdesc=uisa device_id=eFi log_id=mexe pri=high userfrom=rpori adminprof=ice timezone=GMT+02:00 main_type=entorev trigger_policy=commodo sub_type=conseq severity_level=ame policy=tatn src=10.137.56.173 src_port=3932 dst=10.69.103.176 dst_port=1229 http_method=umdolo http_url=uptate http_host=amc http_agent=cusant http_session_id=orumSe signature_subclass=ratv signature_id=5227 srccountry=dutp content_switch_name=psaquaea server_pool_name=taevita false_positive_mitigation=ameiusm user_name=proide monitor_status=ano http_refer=https://www5.example.org/tvol/velitess.htm?edqui=nre#veli http_version=volupta dev_id=rnatu threat_weight=elitse history_threat_weight=ima threat_level=quasia ftp_mode=adi ftp_cmd=umwrit cipher_suite=uptate msg_id=mac", "observer": { @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=dolore devname=\"onsecte\" devid=\"nBCSedut\" vd=ugiat date=2016-8-2 time=1:43:25 logid=onulam type=ate subtype=odoconse level=high eventtime=quatu logtime=veli srcip=10.30.47.165 srcport=631 srcintf=eth267 srcintfrole=sectet dstip=10.5.235.217 dstport=3689 dstintf=lo5047 dstintfrole=pitl poluuid=por sessionid=quidexea proto=tcp action=deny policyid=runtmol policytype=texpli crscore=57.772000 craction=ptass crlevel=rita appcat=esseci service=tametcon srccountry=liqua dstcountry=mvele trandisp=isis tranip=10.25.212.118 tranport=1190 duration=179.686000 sentbyte=238 rcvdbyte=7122 sentpkt=dantium app=lor", "observer": { @@ -198,7 +198,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-8-16 time=8:45:59 logver=onemulla devid=dolorem devname=tvolu logid=nreprehe type=tetu subtype=mdol level=high vd=nby srcip=10.20.26.210 srcport=2791 srcintf=eth5968 dstip=10.85.96.153 dstport=5286 dstintf=eth4392 poluuid=nsequat sessionid=doloreme proto=0 action=deny policyid=reprehe trandisp=tincu duration=93.111000 sentbyte=2826 rcvdbyte=6247 devtype=lor osname=oraincid osversion=1.225 mastersrcmac=emeumfug srcmac=01:00:5e:1d:39:39 crscore=114.626000 craction=liqua crlevel=olo eventtype=psumqu user=untincul service=iduntu hostname=ccaeca5504.internal.example profile=reseo reqtype=oreetd url=https://example.org/tiaec/rumwrit.txt?oconsequ=edquiac#urerepr direction=external msg=ercit method=etMal cat=qua catdesc=rsita device_id=ate log_id=ipsamvo pri=low userfrom=adeseru adminprof=tdol timezone=CET main_type=rem trigger_policy=asper sub_type=idunt severity_level=luptat policy=eveli src=10.149.13.76 src_port=7809 dst=10.40.152.253 dst_port=1478 http_method=ritt http_url=iaeco http_host=equaturv http_agent=siu http_session_id=snost signature_subclass=tpersp signature_id=2624 srccountry=quaea content_switch_name=ametcons server_pool_name=utali false_positive_mitigation=porinc user_name=tetur monitor_status=xce http_refer=https://example.com/aincidu/nimadmin.jpg?itinv=eumfugi#etdolor http_version=lupta dev_id=xeaco threat_weight=nvolupt history_threat_weight=oremi threat_level=elites ftp_mode=nbyCi ftp_cmd=tevel cipher_suite=usc msg_id=rem", "observer": { @@ -212,7 +212,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=cab dtime=2016-08-30 15:48:33.632538723 +0000 UTC devid=atisund devname=xea vd=ites date=2016-8-30 time=3:48:33 logid=isetq type=iutali subtype=velite level=high eventtime=avolupt logtime=ariatur srcip=10.98.194.212 srcport=5469 srcintf=lo1208 srcintfrole=atisetqu dstip=10.51.213.42 dstport=988 dstintf=enp0s3449 dstintfrole=ilmol poluuid=eri sessionid=quunt proto=HOPOPT action=deny policyid=mquae policytype=eriti crscore=96.729000 craction=cidunt crlevel=plica appcat=ore service=quidolor srccountry=inven dstcountry=eufugi trandisp=accusant tranip=10.233.120.207 tranport=136 duration=171.844000 sentbyte=2859 rcvdbyte=4844 sentpkt=eaqu app=nvol", "observer": { @@ -226,7 +226,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=leumiu devname=\"tla\" devid=\"item\" vd=nimid date=2016-9-13 time=10:51:07 logid=dat type=periam subtype=dqu level=high eventtime=dminima logtime=dutpers srcip=10.245.187.229 srcport=4953 srcintf=lo3642 srcintfrole=prehen dstip=10.67.132.242 dstport=2340 dstintf=enp0s2700 dstintfrole=sequa poluuid=iosamnis sessionid=volupt proto=6 action=allow policyid=idid policytype=tesse crscore=64.509000 craction=boru crlevel=ptateve appcat=enderi service=ptatem srccountry=ptatevel dstcountry=tenatuse trandisp=psaqua tranip=10.241.132.176 tranport=7224 duration=167.705000 sentbyte=6595 rcvdbyte=7301 sentpkt=tame app=atione", "observer": { @@ -240,7 +240,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-9-28 time=5:53:42 logver=vitaedic devid=orin devname=uii logid=estl type=sitam subtype=orem level=very-high vd=uuntur srcip=10.210.28.247 srcport=3449 srcintf=eth4185 dstip=10.237.180.17 dstport=3023 dstintf=lo7672 poluuid=tate sessionid=onevo proto=6 action=allow policyid=aeconseq trandisp=lor duration=96.560000 sentbyte=2760 rcvdbyte=1775 devtype=emqu osname=riss osversion=1.1847 mastersrcmac=sitvol srcmac=01:00:5e:a5:5a:54 crscore=129.120000 craction=olorsi crlevel=aliq eventtype=mes user=mven service=olorsit hostname=tore7088.www.invalid profile=ruredo reqtype=mac url=https://mail.example.org/ptassita/its.gif?risnis=uov#itlab direction=outbound msg=sBono method=loremqu cat=tetur catdesc=amvo device_id=siuta log_id=urmagn pri=low userfrom=uptat adminprof=idex timezone=GMT+02:00 main_type=tatione trigger_policy=nimveni sub_type=idi severity_level=ore policy=quid src=10.212.214.4 src_port=6040 dst=10.199.47.220 dst_port=4084 http_method=oin http_url=hil http_host=cingel http_agent=modocon http_session_id=ipsu signature_subclass=ntNeq signature_id=1081 srccountry=aUt content_switch_name=boNem server_pool_name=nturm false_positive_mitigation=emips user_name=atv monitor_status=onu http_refer=https://www5.example.net/alorum/obeataev.gif?atDu=nsec#quidolor http_version=oqu dev_id=naaliq threat_weight=remeu history_threat_weight=osquir threat_level=mod ftp_mode=col ftp_cmd=mve cipher_suite=liquide msg_id=odt", "observer": { @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-10-12 time=12:56:16 logver=inv devid=rroq devname=rcit logid=aecatcup type=olabor subtype=estl level=very-high vd=citatio srcip=10.168.40.197 srcport=7699 srcintf=enp0s3071 dstip=10.206.69.135 dstport=6396 dstintf=eth3862 poluuid=utfug sessionid=aturQu proto=udp action=deny policyid=mipsamvo trandisp=eiusmod duration=91.147000 sentbyte=6153 rcvdbyte=4059 devtype=oreveri osname=ehende osversion=1.760 mastersrcmac=Except srcmac=01:00:5e:bf:07:ee crscore=45.760000 craction=dol crlevel=sciun eventtype=metcons user=itasper service=uae hostname=mve1890.internal.home profile=tatemU reqtype=mad url=https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut direction=unknown msg=dexerc method=strumex cat=eprehend catdesc=asnu device_id=hitec log_id=henderit pri=medium userfrom=perspici adminprof=ationul timezone=PST main_type=itsedq trigger_policy=uto sub_type=emUte severity_level=molestia policy=quir src=10.46.56.204 src_port=2463 dst=10.234.165.130 dst_port=7079 http_method=umf http_url=quames http_host=dolorsit http_agent=archite http_session_id=remq signature_subclass=veniamq signature_id=1236 srccountry=uta content_switch_name=emo server_pool_name=itq false_positive_mitigation=derit user_name=orese monitor_status=dolor http_refer=https://mail.example.com/ntexpl/dunt.jpg?yCic=nder#mdolore http_version=Cic dev_id=olorema threat_weight=mollita history_threat_weight=tatem threat_level=iae ftp_mode=quido ftp_cmd=emip cipher_suite=inBC msg_id=mol", "observer": { @@ -268,7 +268,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=turadipi date=2016-10-26 time=7:58:50 log_id=usmodi devid=ree devname=saquaea logid=ation type=luptas subtype=minim level=very-high vd=lorsi srcip=10.61.123.159 srcport=754 srcintf=eth7713 dstip=10.141.158.225 dstport=4690 dstintf=lo1586 poluuid=ate sessionid=idolor proto=1 action=block policyid=nreprehe trandisp=onse duration=71.505000 sentbyte=4010 rcvdbyte=4527 devtype=duntutla osname=ntium osversion=1.4450 mastersrcmac=asuntexp srcmac=01:00:5e:26:56:73 crscore=5.843000 craction=nse crlevel=modoc eventtype=boNem user=iumt service=tsed hostname=eturad6143.www.home profile=uamnihil reqtype=llam url=https://example.net/aparia/tatnon.jpg?rever=ore#offici direction=outbound msg=metco method=acom cat=ceroinB catdesc=nim device_id=utaliqu log_id=rsi pri=high userfrom=imadmi adminprof=isnis timezone=CEST main_type=olupta trigger_policy=tsuntinc sub_type=inrepreh severity_level=quovo policy=urExcep src=10.128.46.70 src_port=5269 dst=10.95.117.134 dst_port=1723 http_method=acommodi http_url=essecill http_host=billoi http_agent=moles http_session_id=dipiscin signature_subclass=olup signature_id=5976 srccountry=undeomni content_switch_name=accusa server_pool_name=natu false_positive_mitigation=liquid user_name=enim monitor_status=Finibus http_refer=https://www.example.org/xeacom/des.gif?umdolo=ntiu#radipisc http_version=Cice dev_id=taedi threat_weight=tquido history_threat_weight=ptasnula threat_level=oru ftp_mode=ill ftp_cmd=mporinc cipher_suite=onsectet msg_id=idolo", "observer": { @@ -282,7 +282,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2016-11-10 time=3:01:24 logver=edolo devid=ugiatquo devname=ntium logid=uptate type=lloinven subtype=econs level=medium vd=tetura srcip=10.135.106.42 srcport=6602 srcintf=lo154 dstip=10.224.30.160 dstport=5302 dstintf=eth1247 poluuid=etconsec sessionid=caboNem proto=21 action=cancel policyid=rumetMal trandisp=oconse duration=2.970000 sentbyte=7685 rcvdbyte=1506 devtype=sequam osname=oditempo osversion=1.7544 mastersrcmac=taliqui srcmac=01:00:5e:98:79:a3 crscore=78.248000 craction=rcitat crlevel=dolorema eventtype=emagn user=radipis service=ctetu hostname=orinrep5386.www.corp profile=stenatus reqtype=equep url=https://www.example.com/tali/BCS.txt?iqu=niamqu#equamnih direction=inbound msg=autemv method=emq cat=plicaboN catdesc=amc device_id=vol log_id=admi pri=medium userfrom=culpaq adminprof=saute timezone=GMT+02:00 main_type=ende trigger_policy=abor sub_type=magnid severity_level=adol policy=iutal src=10.208.21.135 src_port=2721 dst=10.253.228.140 dst_port=6748 http_method=ugitse http_url=quiineav http_host=billoinv http_agent=sci http_session_id=col signature_subclass=obea signature_id=5700 srccountry=tatev content_switch_name=luptas server_pool_name=uptatem false_positive_mitigation=oinv user_name=inculp monitor_status=onofd http_refer=https://internal.example.org/nisiu/imad.html?ptatem=itasp#dexe http_version=tat dev_id=onproide threat_weight=ntmo history_threat_weight=loreeu threat_level=temse ftp_mode=aspernat ftp_cmd=ume cipher_suite=caecat msg_id=rautod", "observer": { @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ercitat date=2016-11-24 time=10:03:59 log_id=lapar devid=ritati devname=edquia logid=itesse type=mullam subtype=mexerc level=medium vd=amvolu srcip=10.120.231.161 srcport=1129 srcintf=lo653 dstip=10.210.62.203 dstport=4381 dstintf=lo3057 poluuid=ataevita sessionid=oremqu proto=6 action=cancel policyid=velitsed trandisp=magnaali duration=92.900000 sentbyte=3984 rcvdbyte=4009 devtype=ulla osname=equatDu osversion=1.1710 mastersrcmac=aconse srcmac=01:00:5e:92:c2:23 crscore=20.350000 craction=squira crlevel=aliqui eventtype=ess user=uide service=scivel hostname=henderi724.www5.home profile=tquas reqtype=aquio url=https://www.example.com/iame/orroquis.htm?tiumd=ntmoll#mexer direction=internal msg=isnostru method=nofdeFi cat=aquioff catdesc=saqu device_id=remips log_id=illoi pri=medium userfrom=abori adminprof=uisnostr timezone=GMT+02:00 main_type=ilmole trigger_policy=ugi sub_type=niamquis severity_level=nisi policy=emveleum src=10.243.226.122 src_port=3512 dst=10.3.23.172 dst_port=7332 http_method=emullamc http_url=tec http_host=Nemo http_agent=tutlabo http_session_id=mveleum signature_subclass=liq signature_id=7229 srccountry=sBonorum content_switch_name=atems server_pool_name=quira false_positive_mitigation=tassita user_name=olorem monitor_status=sedquiac http_refer=https://www.example.com/atDuis/asnulapa.html?rumwri=velill#ore http_version=tation dev_id=loinve threat_weight=tatevel history_threat_weight=iumdolo threat_level=untu ftp_mode=ict ftp_cmd=squirati cipher_suite=tem msg_id=mestq", "observer": { @@ -310,7 +310,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=luptate date=2016-12-8 time=5:06:33 log_id=llamc devid=eleumiu devname=uei logid=Nequepo type=radipis subtype=cive level=low vd=orumSec srcip=10.56.74.7 srcport=6149 srcintf=eth2940 dstip=10.73.10.215 dstport=2079 dstintf=lo3472 poluuid=oeni sessionid=untutlab proto=0 action=cancel policyid=consecte trandisp=pteurs duration=26.872000 sentbyte=617 rcvdbyte=1651 devtype=ons osname=tiaecon osversion=1.5380 mastersrcmac=unt srcmac=01:00:5e:99:7b:4a crscore=124.392000 craction=queporro crlevel=uid eventtype=snostrum user=psa service=nculpaq hostname=reseosqu1629.mail.lan profile=utemvel reqtype=epteur url=https://www.example.net/iame/laudanti.htm?stquido=rsitvolu#mnisi direction=external msg=uameiusm method=adm cat=gelitsed catdesc=tiumto device_id=cor log_id=odoco pri=high userfrom=labore adminprof=ianonnu timezone=PST main_type=rum trigger_policy=erc sub_type=ehende severity_level=tutla policy=licaboNe src=10.94.242.80 src_port=2724 dst=10.106.85.174 dst_port=307 http_method=atiset http_url=serror http_host=onse http_agent=umquam http_session_id=emagn signature_subclass=emulla signature_id=1963 srccountry=iquaUt content_switch_name=mnihilm server_pool_name=redo false_positive_mitigation=etMaloru user_name=lmo monitor_status=iquidex http_refer=https://www.example.org/remipsu/tan.html?mcorpor=doconse#etdol http_version=dolorsi dev_id=nturmag threat_weight=tura history_threat_weight=osquirat threat_level=equat ftp_mode=aliquid ftp_cmd=usantiu cipher_suite=idunt msg_id=atqu", "observer": { @@ -324,7 +324,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=liquam dtime=2016-12-23 00:09:07.712538723 +0000 UTC devid=min devname=oluptat vd=odt date=2016-12-23 time=12:09:07 logid=rspici type=snisi subtype=magnaal level=low eventtime=etquasia logtime=nula srcip=10.117.63.181 srcport=5299 srcintf=lo7416 srcintfrole=Cicero dstip=10.247.53.179 dstport=6493 dstintf=lo3706 dstintfrole=atemaccu poluuid=veritat sessionid=aliquipe proto=3 action=block policyid=aer policytype=osquira crscore=171.144000 craction=minim crlevel=scipi appcat=tur service=acon srccountry=Nemoenim dstcountry=usm trandisp=labori tranip=10.168.20.20 tranport=68 duration=167.038000 sentbyte=7188 rcvdbyte=5749 sentpkt=xeac app=umdolors", "observer": { @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=uiadolo date=2017-1-6 time=7:11:41 log_id=empor devid=umexerci devname=duntut logid=uovol type=prehend subtype=eufug level=low vd=eufug srcip=10.100.53.8 srcport=4318 srcintf=eth5767 dstip=10.163.17.172 dstport=854 dstintf=enp0s3903 poluuid=upta sessionid=atc proto=3 action=block policyid=upta trandisp=itessequ duration=165.935000 sentbyte=4211 rcvdbyte=405 devtype=exerci osname=idata osversion=1.2208 mastersrcmac=usmod srcmac=01:00:5e:c0:47:f3 crscore=135.374000 craction=isiutali crlevel=iquidexe eventtype=illumq user=luptatem service=ite hostname=tasnul4179.internal.host profile=amvo reqtype=tnul url=https://www.example.org/ess/quiad.jpg?ten=litanim#rQuisaut direction=inbound msg=modico method=metco cat=cillu catdesc=iuntNeq device_id=eddoei log_id=rsin pri=very-high userfrom=eriam adminprof=pernat timezone=CEST main_type=imve trigger_policy=essequam sub_type=ueporro severity_level=aliqu policy=upt src=10.141.156.217 src_port=2700 dst=10.53.168.187 dst_port=73 http_method=emacc http_url=emp http_host=lamcola http_agent=veli http_session_id=venia signature_subclass=risni signature_id=1535 srccountry=uat content_switch_name=onemulla server_pool_name=riaturEx false_positive_mitigation=deri user_name=amqu monitor_status=lorsitam http_refer=https://api.example.org/onpr/litseddo.gif?oremqu=idex#radip http_version=upta dev_id=tetura threat_weight=rumet history_threat_weight=uptasnul threat_level=antiumdo ftp_mode=ecill ftp_cmd=iduntu cipher_suite=pisci msg_id=sunt", "observer": { @@ -352,7 +352,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-1-20 time=2:14:16 devname=oco device_id=aboree log_id=ainci type=generic subtype=osqu pri=very-high devid=sus devname=imavenia logid=expli type=ugiat subtype=rnat level=low vd=orem srcip=10.37.174.58 srcport=3193 srcintf=lo2990 dstip=10.249.60.66 dstport=4859 dstintf=enp0s1732 poluuid=eve sessionid=tco proto=3 action=accept policyid=oluptate trandisp=lit duration=70.988000 sentbyte=6327 rcvdbyte=837 devtype=oquisqu osname=turadip osversion=1.3402 mastersrcmac=amc srcmac=01:00:5e:dd:dc:44 crscore=160.379000 craction=apar crlevel=runtm eventtype=eturadip user=olorsi service=itseddo hostname=bore5546.www.local profile=labo reqtype=lpaquiof url=https://example.com/xeac/llitanim.txt?oreverit=scip#Finibus direction=inbound msg=eufugia method=ncididun cat=hen catdesc=periamea device_id=itametco log_id=vel pri=high userfrom=rere adminprof=pta timezone=CEST main_type=equeporr trigger_policy=met sub_type=volup severity_level=ptate policy=entsu src=10.44.198.184 src_port=5695 dst=10.189.82.19 dst_port=4267 http_method=odoc http_url=atura http_host=tur http_agent=tur http_session_id=atnonpr signature_subclass=ita signature_id=7570 srccountry=colabori content_switch_name=imidestl server_pool_name=piscing false_positive_mitigation=ceroi user_name=iconsequ monitor_status=iat http_refer=https://www.example.net/siuta/atev.htm?CSe=exerci#inesciu http_version=quid dev_id=atcupid threat_weight=onse history_threat_weight=psa threat_level=ate ftp_mode=con ftp_cmd=tqu cipher_suite=eirur msg_id=dese", "observer": { @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=mquisnos date=2017-2-3 time=9:16:50 log_id=lore devid=isci devname=Dui logid=reetdo type=ever subtype=civelits level=high vd=quiav srcip=10.154.34.15 srcport=5986 srcintf=enp0s4064 dstip=10.153.172.249 dstport=7030 dstintf=enp0s3067 poluuid=henderit sessionid=remq proto=21 action=cancel policyid=tla trandisp=arch duration=52.795000 sentbyte=5453 rcvdbyte=3097 devtype=ror osname=onsecte osversion=1.91 mastersrcmac=aecatcup srcmac=01:00:5e:58:7e:f5 crscore=133.560000 craction=quas crlevel=occaeca eventtype=eturadip user=ent service=rumSecti hostname=Utenima260.mail.invalid profile=cept reqtype=aedictas url=https://api.example.org/orio/gna.gif?aaliquaU=olu#iameaque direction=external msg=essequa method=aquio cat=rspicia catdesc=deom device_id=oluptat log_id=roinBCSe pri=medium userfrom=onproide adminprof=uamnih timezone=GMT+02:00 main_type=tatisetq trigger_policy=uidolo sub_type=umdolore severity_level=dmi policy=tam src=10.151.170.207 src_port=1400 dst=10.181.183.104 dst_port=5554 http_method=amni http_url=tatio http_host=amquisno http_agent=modoc http_session_id=magnam signature_subclass=uinesc signature_id=4248 srccountry=idatat content_switch_name=onev server_pool_name=orsi false_positive_mitigation=ntsunt user_name=iosamni monitor_status=idu http_refer=https://example.net/idolo/reet.txt?its=umdolor#isiu http_version=assi dev_id=eserun threat_weight=rvelill history_threat_weight=lupta threat_level=byC ftp_mode=imadm ftp_cmd=uta cipher_suite=tisu msg_id=remagnam", "observer": { @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=iumdo date=2017-2-18 time=4:19:24 log_id=iusmodit devid=aturv devname=ectetura logid=obeataev type=umf subtype=olesti level=low vd=quaeabil srcip=10.19.99.129 srcport=956 srcintf=eth62 dstip=10.205.132.218 dstport=1643 dstintf=enp0s5908 poluuid=inim sessionid=etdol proto=17 action=deny policyid=oremeumf trandisp=lesti duration=49.961000 sentbyte=3376 rcvdbyte=6209 devtype=enima osname=tnulapar osversion=1.7278 mastersrcmac=sequ srcmac=01:00:5e:4a:1d:f8 crscore=84.522000 craction=tionula crlevel=accus eventtype=uatu user=mquis service=lab hostname=uido2046.mail.lan profile=tena reqtype=aal url=https://mail.example.org/nimadmin/lumqui.txt?iquip=tinculpa#umtota direction=external msg=rumSecti method=riamea cat=eca catdesc=oluptate device_id=Duisa log_id=consequa pri=low userfrom=iaecon adminprof=aevitaed timezone=PT main_type=rep trigger_policy=remap sub_type=deri severity_level=quaeratv policy=involu src=10.70.7.23 src_port=2758 dst=10.130.240.11 dst_port=6515 http_method=odic http_url=iuta http_host=liquaUte http_agent=scivelit http_session_id=Nequ signature_subclass=quid signature_id=1044 srccountry=lloinve content_switch_name=borisnis server_pool_name=onorumet false_positive_mitigation=ptatema user_name=eavolup monitor_status=ipsumq http_refer=https://www.example.org/tno/iss.gif?ptatev=atu#teturad http_version=eturad dev_id=tDuis threat_weight=mwritten history_threat_weight=tat threat_level=equ ftp_mode=sumdolo ftp_cmd=idolorem cipher_suite=temvele msg_id=oremque", "observer": { @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=inimve devname=\"uio\" devid=\"mexercit\" vd=byC date=2017-3-4 time=11:21:59 logid=uae type=oremip subtype=its level=very-high eventtime=iavol logtime=natuserr srcip=10.37.161.101 srcport=1552 srcintf=enp0s6659 srcintfrole=evit dstip=10.111.182.212 dstport=4493 dstintf=lo6533 dstintfrole=lamco poluuid=tion sessionid=hender proto=icmp action=deny policyid=seq policytype=rumSe crscore=88.660000 craction=madmi crlevel=tlabore appcat=idunt service=expl srccountry=olore dstcountry=uian trandisp=atuserro tranip=10.17.209.252 tranport=2119 duration=135.770000 sentbyte=313 rcvdbyte=6509 sentpkt=oinBCS app=itsedd", "observer": { @@ -408,7 +408,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ipis devname=\"itautfu\" devid=\"nesci\" vd=tam date=2017-3-18 time=6:24:33 logid=sin type=idexeac subtype=nimadmin level=medium eventtime=edutper logtime=tevelite srcip=10.158.175.98 srcport=1491 srcintf=enp0s7649 srcintfrole=oinBCSed dstip=10.170.196.181 dstport=6994 dstintf=enp0s5873 dstintfrole=obeatae poluuid=iquid sessionid=evo proto=udp action=allow policyid=mqu policytype=pteursi crscore=98.596000 craction=expl crlevel=essecill appcat=totamre service=rpo srccountry=velites dstcountry=nonpro trandisp=nula tranip=10.153.166.133 tranport=4638 duration=39.506000 sentbyte=6610 rcvdbyte=1936 sentpkt=olu app=imide", "observer": { @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-4-2 time=1:27:07 logver=amn devid=itessequ devname=porissu logid=umd type=sumd subtype=sectetur level=low vd=aUtenima srcip=10.62.10.137 srcport=5596 srcintf=lo6539 dstip=10.138.249.251 dstport=630 dstintf=eth1576 poluuid=deritinv sessionid=evelite proto=6 action=accept policyid=stiaecon trandisp=usBono duration=155.835000 sentbyte=3942 rcvdbyte=5360 devtype=ttenb osname=olor osversion=1.5978 mastersrcmac=lapa srcmac=01:00:5e:b0:3e:44 crscore=105.845000 craction=lors crlevel=oluptat eventtype=enimad user=tis service=qua hostname=con6049.internal.lan profile=quelaud reqtype=luptat url=https://internal.example.com/temse/caecat.jpg?emeu=tatemac#quisn direction=inbound msg=teursint method=etMa cat=llita catdesc=ntsunt device_id=nturmag log_id=uredol pri=high userfrom=temsequi adminprof=mquia timezone=ET main_type=enbyCic trigger_policy=iveli sub_type=conseq severity_level=itame policy=tenat src=10.63.171.91 src_port=4396 dst=10.48.25.200 dst_port=5179 http_method=nse http_url=mveniam http_host=tuser http_agent=mmo http_session_id=eve signature_subclass=nbyCicer signature_id=6129 srccountry=ciad content_switch_name=ugiatqu server_pool_name=eruntmo false_positive_mitigation=nimve user_name=usanti monitor_status=ion http_refer=https://mail.example.org/gelits/iavo.txt?udexerc=ovolupta#volup http_version=macc dev_id=ria threat_weight=beat history_threat_weight=rro threat_level=tuser ftp_mode=ctasu ftp_cmd=irat cipher_suite=sitame msg_id=oinven", "observer": { @@ -436,7 +436,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ute dtime=2017-04-16 08:29:41.792538723 +0000 UTC devid=mexer devname=iam vd=Bonoru date=2017-4-16 time=8:29:41 logid=rcitati type=nula subtype=ameaquei level=low eventtime=adipi logtime=mquis srcip=10.174.17.46 srcport=2743 srcintf=eth6814 srcintfrole=ine dstip=10.77.105.81 dstport=4455 dstintf=enp0s7799 dstintfrole=orem poluuid=giatqu sessionid=rsint proto=udp action=allow policyid=paq policytype=uianon crscore=60.762000 craction=uisautem crlevel=mquameiu appcat=loremq service=turmagni srccountry=ores dstcountry=ddoe trandisp=uid tranip=10.38.168.190 tranport=7260 duration=129.140000 sentbyte=368 rcvdbyte=7791 sentpkt=incidi app=aedictas", "observer": { @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=temaccus devname=\"ons\" devid=\"unt\" vd=liq date=2017-4-30 time=3:32:16 logid=abore type=iumdo subtype=oreeu level=high eventtime=exe logtime=tis srcip=10.36.99.207 srcport=4829 srcintf=lo497 srcintfrole=tvol dstip=10.225.37.73 dstport=5630 dstintf=eth1882 dstintfrole=eniamqu poluuid=iumt sessionid=porissus proto=udp action=cancel policyid=tsunt policytype=rnat crscore=88.508000 craction=ured crlevel=ctetu appcat=oreeu service=uasiarch srccountry=Malor dstcountry=boriosa trandisp=cillumdo tranip=10.166.142.198 tranport=4151 duration=1.040000 sentbyte=465 rcvdbyte=7663 sentpkt=oreetd app=lor", "observer": { @@ -464,7 +464,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=etc devname=\"eturadip\" devid=\"nost\" vd=atus date=2017-5-14 time=10:34:50 logid=tassitas type=obea subtype=velite level=medium eventtime=litse logtime=san srcip=10.66.90.225 srcport=4846 srcintf=lo4891 srcintfrole=moenimi dstip=10.214.156.161 dstport=3854 dstintf=eth1188 dstintfrole=ati poluuid=rauto sessionid=doloreeu proto=6 action=block policyid=eumfu policytype=docons crscore=3.408000 craction=eumf crlevel=roquisq appcat=uasi service=maveniam srccountry=uis dstcountry=lill trandisp=remeum tranip=10.145.194.12 tranport=1001 duration=25.398000 sentbyte=6452 rcvdbyte=6820 sentpkt=aturE app=umto", "observer": { @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=pariat devname=\"iutal\" devid=\"teturad\" vd=ese date=2017-5-29 time=5:37:24 logid=eddoei type=lorumw subtype=eca level=medium eventtime=nimve logtime=duntut srcip=10.6.242.108 srcport=3373 srcintf=lo3230 srcintfrole=qua dstip=10.156.208.5 dstport=7612 dstintf=lo1800 dstintfrole=quisn poluuid=pteu sessionid=uatD proto=0 action=cancel policyid=antiu policytype=velillum crscore=166.389000 craction=iatquovo crlevel=lapari appcat=Mal service=itinvo srccountry=snulap dstcountry=cidu trandisp=hilmol tranip=10.163.36.101 tranport=253 duration=72.488000 sentbyte=1880 rcvdbyte=4638 sentpkt=ident app=scip", "observer": { @@ -492,7 +492,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-6-12 time=12:39:58 devname=uamqu device_id=iusmodi log_id=esciun type=generic subtype=tasnul pri=medium devid=ccusant devname=epteurs logid=rmag type=quisquam subtype=eporroqu level=very-high vd=dit srcip=10.25.134.171 srcport=7867 srcintf=eth4543 dstip=10.43.235.230 dstport=2198 dstintf=lo4581 poluuid=BCSe sessionid=rem proto=0 action=allow policyid=eeufug trandisp=ntin duration=6.686000 sentbyte=5763 rcvdbyte=1048 devtype=cinge osname=tatem osversion=1.4713 mastersrcmac=eritqu srcmac=01:00:5e:ed:6b:57 crscore=10.603000 craction=nimip crlevel=iutaliq eventtype=olore user=onemul service=trudexe hostname=remeum2641.www5.corp profile=Quisa reqtype=quiav url=https://www5.example.com/elit/sam.htm?nevolu=unt#isni direction=outbound msg=ecillum method=olor cat=amei catdesc=doconseq device_id=conseq log_id=emve pri=very-high userfrom=tiu adminprof=wri timezone=GMT-07:00 main_type=asper trigger_policy=dictasun sub_type=psa severity_level=lorese policy=olupta src=10.220.148.127 src_port=6681 dst=10.68.233.163 dst_port=3126 http_method=itanimi http_url=onoru http_host=data http_agent=ugits http_session_id=ittenb signature_subclass=tobeatae signature_id=5617 srccountry=quis content_switch_name=exe server_pool_name=naa false_positive_mitigation=equat user_name=estiaec monitor_status=pitlabo http_refer=https://example.net/rcitat/ree.htm?ionofdeF=rsp#imipsa http_version=nostrum dev_id=autodita threat_weight=ntut history_threat_weight=temveleu threat_level=itametco ftp_mode=etcons ftp_cmd=etco cipher_suite=iuntN msg_id=utfugi", "observer": { @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=isnostru date=2017-6-26 time=7:42:33 log_id=nul devid=ntocca devname=trudex logid=tvol type=lup subtype=mipsamv level=medium vd=qua srcip=10.249.194.7 srcport=4987 srcintf=enp0s2282 dstip=10.57.116.17 dstport=90 dstintf=enp0s7442 poluuid=xcep sessionid=gnidol proto=0 action=allow policyid=uaeab trandisp=ptat duration=136.310000 sentbyte=1078 rcvdbyte=6196 devtype=eturadip osname=amquaera osversion=1.4481 mastersrcmac=equ srcmac=01:00:5e:00:fd:79 crscore=18.750000 craction=olesti crlevel=edquia eventtype=ihi user=undeomn service=ape hostname=itaspe3216.localdomain profile=onsecte reqtype=prehende url=https://example.org/porro/issu.htm?inculpa=ruredol#iadeseru direction=unknown msg=numq method=quae cat=periam catdesc=ain device_id=umiurer log_id=mquido pri=very-high userfrom=onorume adminprof=abill timezone=GMT+02:00 main_type=uov trigger_policy=mini sub_type=mve severity_level=tionev policy=uasiarch src=10.116.82.108 src_port=7276 dst=10.94.177.125 dst_port=6683 http_method=nimides http_url=olorsit http_host=naaliq http_agent=plica http_session_id=asiarc signature_subclass=lor signature_id=5152 srccountry=snula content_switch_name=pici server_pool_name=bori false_positive_mitigation=dipi user_name=ecatc monitor_status=quovolu http_refer=https://example.net/itse/sse.gif?lupt=quatur#dminim http_version=ptatevel dev_id=aperiame threat_weight=stenat history_threat_weight=uianonnu threat_level=tatiset ftp_mode=quira ftp_cmd=ciatisun cipher_suite=duntutl msg_id=nven", "observer": { @@ -520,7 +520,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-7-11 time=2:45:07 devname=saq device_id=asiarch log_id=ssuscipi type=generic subtype=utla pri=medium devid=tquovo devname=fugi logid=nse type=nesciu subtype=todit level=very-high vd=inrepreh srcip=10.14.192.162 srcport=2536 srcintf=enp0s4429 dstip=10.179.128.6 dstport=3375 dstintf=enp0s4580 poluuid=ptate sessionid=volupta proto=3 action=cancel policyid=utla trandisp=emi duration=171.651000 sentbyte=3313 rcvdbyte=7131 devtype=velites osname=oloremi osversion=1.4442 mastersrcmac=apari srcmac=01:00:5e:0c:fb:2b crscore=140.065000 craction=uel crlevel=fficiad eventtype=teirured user=nostru service=rcit hostname=mea6298.api.example profile=eumiu reqtype=tatevel url=https://mail.example.org/uamquaer/texplica.gif?sequa=lorum#suntexpl direction=inbound msg=Sedut method=tatis cat=audant catdesc=obeata device_id=uredol log_id=uptat pri=low userfrom=entorev adminprof=quuntur timezone=GMT+02:00 main_type=exercit trigger_policy=dexer sub_type=idolor severity_level=onpr policy=uira src=10.115.121.243 src_port=550 dst=10.113.152.241 dst_port=2330 http_method=ali http_url=udexerci http_host=uae http_agent=imveni http_session_id=econ signature_subclass=aborio signature_id=1122 srccountry=setquas content_switch_name=nbyCi server_pool_name=runtmoll false_positive_mitigation=busBon user_name=norumetM monitor_status=isno http_refer=https://internal.example.com/ameaq/Quis.html?lestiae=iav#umiure http_version=isiut dev_id=tin threat_weight=rporiss history_threat_weight=billoinv threat_level=etconse ftp_mode=nesciu ftp_cmd=mali cipher_suite=roinBCSe msg_id=eetdolor", "observer": { @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-7-25 time=9:47:41 logver=upt devid=equamni devname=atcupi logid=enima type=uptateve subtype=fugitsed level=medium vd=lorem srcip=10.68.159.207 srcport=3320 srcintf=enp0s7206 dstip=10.139.195.188 dstport=893 dstintf=enp0s6960 poluuid=lits sessionid=tvolu proto=17 action=accept policyid=ollitan trandisp=temseq duration=0.684000 sentbyte=3045 rcvdbyte=6863 devtype=edictasu osname=eturadi osversion=1.3804 mastersrcmac=edquiano srcmac=01:00:5e:09:79:f2 crscore=11.231000 craction=taevitae crlevel=tevel eventtype=tatemse user=gitsed service=agn hostname=iqu7510.internal.corp profile=equeporr reqtype=amremap url=https://www5.example.org/aqu/utemvele.gif?serrorsi=tsedquia#rsit direction=unknown msg=ntutlabo method=idex cat=nihilmo catdesc=reetdo device_id=xeaco log_id=taliqu pri=medium userfrom=hite adminprof=umfugi timezone=CT main_type=dminimve trigger_policy=remips sub_type=laboreet severity_level=uptate policy=tot src=10.49.82.45 src_port=435 dst=10.179.153.97 dst_port=1908 http_method=ade http_url=nihilmol http_host=nder http_agent=ano http_session_id=rumexer signature_subclass=eab signature_id=2387 srccountry=saquaeab content_switch_name=eli server_pool_name=rissusci false_positive_mitigation=ectetur user_name=dictasun monitor_status=inimv http_refer=https://api.example.org/volup/untNeq.htm?mremaper=uteirur#ntium http_version=ide dev_id=quunturm threat_weight=quovo history_threat_weight=quaturve threat_level=ntiumdol ftp_mode=conse ftp_cmd=aturve cipher_suite=edqui msg_id=tvolu", "observer": { @@ -548,7 +548,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ore devname=\"lors\" devid=\"saute\" vd=ecillumd date=2017-8-8 time=4:50:15 logid=iumto type=sequatu subtype=tiumtot level=medium eventtime=mdoloree logtime=que srcip=10.98.52.184 srcport=7402 srcintf=eth3784 srcintfrole=ita dstip=10.99.55.115 dstport=1537 dstintf=eth855 dstintfrole=isnostru poluuid=iad sessionid=ngelits proto=tcp action=accept policyid=billoi policytype=reseo crscore=158.047000 craction=uov crlevel=pariat appcat=icaboNe service=boreetd srccountry=uir dstcountry=rumex trandisp=ectobea tranip=10.205.83.138 tranport=6239 duration=170.113000 sentbyte=3290 rcvdbyte=722 sentpkt=ibus app=lumdol", "observer": { @@ -562,7 +562,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=onnu devname=\"reprehe\" devid=\"metMa\" vd=emoen date=2017-8-22 time=11:52:50 logid=ptate type=mipsumqu subtype=turad level=high eventtime=billo logtime=doloremi srcip=10.197.128.162 srcport=2052 srcintf=lo6750 srcintfrole=ionof dstip=10.90.189.248 dstport=1293 dstintf=lo2402 dstintfrole=roi poluuid=reh sessionid=volup proto=prm action=allow policyid=iconsequ policytype=ueporr crscore=127.832000 craction=archite crlevel=tur appcat=ddo service=emp srccountry=inBC dstcountry=did trandisp=atcupi tranip=10.228.11.50 tranport=984 duration=3.401000 sentbyte=6907 rcvdbyte=422 sentpkt=mcol app=tion", "observer": { @@ -576,7 +576,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-9-6 time=6:55:24 devname=moll device_id=roinBCS log_id=odit type=event subtype=vol pri=low desc=aloru user=cteturad userfrom=modi msg=cip action=deny adom=ntoccae2859.www.test session_id=incididu", "observer": { @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-9-20 time=1:57:58 devname=uinesci device_id=otamr log_id=tsed type=generic subtype=rExc pri=medium devid=saute devname=umdol logid=rerepr type=ipiscin subtype=trudexe level=high vd=ineavol srcip=10.29.34.211 srcport=5638 srcintf=eth1805 dstip=10.161.15.82 dstport=6598 dstintf=enp0s5799 poluuid=aco sessionid=eFini proto=17 action=cancel policyid=mipsa trandisp=uas duration=118.122000 sentbyte=1737 rcvdbyte=6283 devtype=umexe osname=xce osversion=1.7318 mastersrcmac=suntex srcmac=01:00:5e:5b:68:89 crscore=29.865000 craction=rcitati crlevel=siutali eventtype=uiratio user=ficia service=orsit hostname=deFinibu3940.internal.lan profile=rautod reqtype=onorumet url=https://www5.example.com/etcon/chit.txt?erspici=itinvolu#adeserun direction=unknown msg=tinv method=Utenima cat=nse catdesc=umq device_id=enim log_id=oreve pri=low userfrom=snisiu adminprof=atem timezone=ET main_type=vento trigger_policy=litsed sub_type=ciun severity_level=rehender policy=tetura src=10.124.71.88 src_port=7540 dst=10.22.248.52 dst_port=6566 http_method=cons http_url=tinvolu http_host=ptat http_agent=amquisn http_session_id=Finibus signature_subclass=nsequat signature_id=3661 srccountry=scipi content_switch_name=rem server_pool_name=reh false_positive_mitigation=rsitame user_name=tcons monitor_status=squamest http_refer=https://mail.example.com/emveleum/siuta.html?ate=epteur#onproi http_version=usmodit dev_id=orese threat_weight=umdolore history_threat_weight=umqui threat_level=adipisci ftp_mode=eir ftp_cmd=ull cipher_suite=tlabor msg_id=itecto", "observer": { @@ -604,7 +604,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-10-4 time=9:00:32 logver=ametcons devid=velite devname=ipexeac logid=explicab type=samvolu subtype=teiru level=low vd=orinrep srcip=10.228.213.136 srcport=7247 srcintf=lo1719 dstip=10.185.107.27 dstport=2257 dstintf=enp0s4999 poluuid=iduntutl sessionid=mipsumd proto=udp action=block policyid=quelauda trandisp=rcit duration=166.303000 sentbyte=7229 rcvdbyte=6230 devtype=orese osname=evelite osversion=1.4895 mastersrcmac=oremipsu srcmac=01:00:5e:cd:f6:0e crscore=37.237000 craction=equunt crlevel=mto eventtype=iae user=dent service=Uten hostname=tatiset4191.localdomain profile=aconseq reqtype=mquamei url=https://api.example.org/fug/liquid.txt?ptate=lloi#nseq direction=external msg=isetqua method=ianonn cat=oluptas catdesc=doe device_id=quipex log_id=rchitect pri=very-high userfrom=Bonor adminprof=ipex timezone=PT main_type=upta trigger_policy=ivel sub_type=tmollita severity_level=tionofd policy=iatnula src=10.185.37.176 src_port=1859 dst=10.26.58.20 dst_port=2809 http_method=essequam http_url=undeo http_host=ficiade http_agent=uiinea http_session_id=uianonn signature_subclass=eavolupt signature_id=784 srccountry=elitsedq content_switch_name=liquam server_pool_name=sinto false_positive_mitigation=edi user_name=eumiure monitor_status=ore http_refer=https://internal.example.com/mSe/sis.gif?rchite=rcit#orumwri http_version=tiae dev_id=giat threat_weight=nculpa history_threat_weight=olupt threat_level=tvol ftp_mode=ostru ftp_cmd=mea cipher_suite=tuserror msg_id=agnama", "observer": { @@ -618,7 +618,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=deritq dtime=2017-10-19 04:03:07.172538723 +0000 UTC devid=boreetdo devname=teni vd=iin date=2017-10-19 time=4:03:07 logid=nostr type=luptatem subtype=tNequepo level=low eventtime=eumfug logtime=sper srcip=10.200.12.126 srcport=2347 srcintf=enp0s7374 srcintfrole=liqu dstip=10.14.145.107 dstport=4362 dstintf=enp0s7861 dstintfrole=aliq poluuid=utem sessionid=oreetd proto=HOPOPT action=block policyid=Nequepo policytype=edictas crscore=55.933000 craction=tur crlevel=borisnis appcat=elitsedd service=hitecto srccountry=loremi dstcountry=nven trandisp=isci tranip=10.250.231.196 tranport=5863 duration=4.105000 sentbyte=2763 rcvdbyte=5047 sentpkt=aquioff app=cip", "observer": { @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=onsequat dtime=2017-11-02 11:05:41.432538723 +0000 UTC devid=tiumd devname=atuse vd=imad date=2017-11-2 time=11:05:41 logid=tura type=equuntur subtype=rve level=high eventtime=mqua logtime=xer srcip=10.225.34.176 srcport=5569 srcintf=lo2867 srcintfrole=amquisn dstip=10.21.203.112 dstport=5930 dstintf=enp0s1294 dstintfrole=sum poluuid=lloinve sessionid=eni proto=HOPOPT action=cancel policyid=edquiac policytype=psamvolu crscore=80.314000 craction=unturma crlevel=iavol appcat=psumdol service=urautodi srccountry=equamni dstcountry=fugia trandisp=uptate tranip=10.103.36.192 tranport=1974 duration=129.001000 sentbyte=2801 rcvdbyte=2565 sentpkt=imidest app=citation", "observer": { @@ -646,7 +646,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=nof devname=\"usantiu\" devid=\"periam\" vd=remip date=2017-11-16 time=6:08:15 logid=dexea type=aturExc subtype=antiumto level=low eventtime=obe logtime=niamqu srcip=10.140.59.161 srcport=3599 srcintf=eth575 srcintfrole=tev dstip=10.5.67.140 dstport=5687 dstintf=enp0s6143 dstintfrole=intoc poluuid=obeataev sessionid=rrorsit proto=udp action=accept policyid=umquid policytype=olabo crscore=79.046000 craction=dolor crlevel=rsp appcat=quir service=giatqu srccountry=olors dstcountry=roid trandisp=lorum tranip=10.118.111.183 tranport=5410 duration=96.462000 sentbyte=6821 rcvdbyte=6222 sentpkt=mipsu app=nvol", "observer": { @@ -660,7 +660,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-12-1 time=1:10:49 logver=llu devid=quaUt devname=labor logid=oris type=tatemse subtype=uta level=very-high vd=tse srcip=10.170.104.148 srcport=5722 srcintf=lo259 dstip=10.60.92.40 dstport=5836 dstintf=enp0s4446 poluuid=dicons sessionid=BCSedutp proto=udp action=accept policyid=ritatise trandisp=nihilm duration=104.607000 sentbyte=6659 rcvdbyte=5351 devtype=isauteir osname=eritquii osversion=1.4493 mastersrcmac=uisno srcmac=01:00:5e:e9:ec:d5 crscore=34.736000 craction=itaed crlevel=invol eventtype=Loremips user=cidun service=tassitas hostname=nimadmi4084.api.home profile=eufugia reqtype=nor url=https://example.net/aturQui/tquii.html?uiac=squ#litess direction=unknown msg=involupt method=itempo cat=upt catdesc=rve device_id=amq log_id=abillo pri=high userfrom=ationem adminprof=Nem timezone=OMST main_type=ollita trigger_policy=dipisci sub_type=amnisiu severity_level=ptat policy=epr src=10.7.70.169 src_port=2514 dst=10.28.212.191 dst_port=1997 http_method=nostru http_url=Loremip http_host=veleumiu http_agent=rcita http_session_id=turad signature_subclass=sequamni signature_id=4799 srccountry=ollita content_switch_name=ectetu server_pool_name=radi false_positive_mitigation=ula user_name=itsed monitor_status=rad http_refer=https://internal.example.com/ididu/autodit.gif?seru=oriss#imadmin http_version=suntexpl dev_id=urve threat_weight=sBonoru history_threat_weight=everi threat_level=squ ftp_mode=emagnaal ftp_cmd=nih cipher_suite=ncididu msg_id=itati", "observer": { @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2017-12-15 time=8:13:24 logver=estla devid=ione devname=ecillum logid=maccu type=ame subtype=pitlabo level=very-high vd=urExc srcip=10.37.124.214 srcport=6919 srcintf=lo7727 dstip=10.37.111.228 dstport=7082 dstintf=enp0s20 poluuid=dmini sessionid=tquid proto=17 action=block policyid=iatisun trandisp=cto duration=144.899000 sentbyte=2372 rcvdbyte=7417 devtype=imadmini osname=iatisund osversion=1.6506 mastersrcmac=aUtenim srcmac=01:00:5e:28:0c:11 crscore=172.422000 craction=etdol crlevel=sed eventtype=uep user=ametco service=nde hostname=reprehe3525.www5.example profile=mquisno reqtype=eaco url=https://mail.example.org/mvele/teveli.htm?Nequepor=luptate#aturvel direction=internal msg=dexea method=sedquia cat=litesse catdesc=ntmo device_id=aliqu log_id=iqu pri=very-high userfrom=ationula adminprof=doconse timezone=CEST main_type=oreeufug trigger_policy=ptatems sub_type=tenima severity_level=emagnam policy=iaco src=10.148.197.60 src_port=5711 dst=10.143.144.52 dst_port=974 http_method=nvo http_url=lab http_host=sedqui http_agent=iuntNe http_session_id=tdolor signature_subclass=Ute signature_id=2191 srccountry=uepor content_switch_name=umSecti server_pool_name=eabil false_positive_mitigation=ibusB user_name=rporis monitor_status=etco http_refer=https://example.org/ereprehe/olu.html?liqu=ipsu#siarch http_version=itautfu dev_id=rrorsi threat_weight=ole history_threat_weight=odi threat_level=tper ftp_mode=olor ftp_cmd=corpo cipher_suite=commod msg_id=iumd", "observer": { @@ -688,7 +688,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=aborisn dtime=2017-12-29 15:15:58.472538723 +0000 UTC devid=onproid devname=sitv vd=equam date=2017-12-29 time=3:15:58 logid=bor type=ameaquei subtype=aeca level=very-high eventtime=aperiam logtime=ngelit srcip=10.217.145.137 srcport=5242 srcintf=enp0s6940 srcintfrole=orema dstip=10.22.149.132 dstport=7725 dstintf=lo7156 dstintfrole=neavolup poluuid=lits sessionid=Nemoen proto=0 action=block policyid=rur policytype=quaturve crscore=166.007000 craction=oeiusmod crlevel=uidolore appcat=iacon service=ncu srccountry=quaturve dstcountry=ciad trandisp=diconseq tranip=10.251.183.113 tranport=2604 duration=161.433000 sentbyte=5697 rcvdbyte=7299 sentpkt=eseosqu app=uptatem", "observer": { @@ -702,7 +702,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=uamnihil devname=\"nisi\" devid=\"imadm\" vd=siutali date=2018-1-12 time=10:18:32 logid=mfugi type=ceroinBC subtype=lorumw level=low eventtime=squir logtime=commod srcip=10.183.16.252 srcport=3150 srcintf=lo6718 srcintfrole=eabillo dstip=10.203.66.175 dstport=3904 dstintf=enp0s3868 dstintfrole=dipisciv poluuid=nsequun sessionid=hen proto=icmp action=accept policyid=velillum policytype=itamet crscore=123.013000 craction=hil crlevel=itl appcat=idolo service=ncidid srccountry=oid dstcountry=iarchit trandisp=volupt tranip=10.51.60.203 tranport=5315 duration=165.955000 sentbyte=7551 rcvdbyte=1519 sentpkt=ten app=Utenim", "observer": { @@ -716,7 +716,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-1-27 time=5:21:06 logver=uasiarch devid=iamquisn devname=magnama logid=reprehe type=citatio subtype=dolo level=medium vd=esciunt srcip=10.133.245.26 srcport=1727 srcintf=enp0s2674 dstip=10.76.87.30 dstport=2858 dstintf=enp0s2918 poluuid=remag sessionid=roinBCSe proto=HOPOPT action=accept policyid=labori trandisp=ditau duration=39.920000 sentbyte=5413 rcvdbyte=6650 devtype=tam osname=olu osversion=1.409 mastersrcmac=iut srcmac=01:00:5e:5c:c2:50 crscore=69.137000 craction=boris crlevel=ris eventtype=nisiuta user=utper service=uipexe hostname=ursint411.www.lan profile=gnamali reqtype=iumdo url=https://example.org/tem/iadeseru.jpg?olorsita=odoco#etc direction=internal msg=lamco method=natuser cat=Excepteu catdesc=omnis device_id=tati log_id=orinc pri=very-high userfrom=eturadi adminprof=cinge timezone=PT main_type=ira trigger_policy=niamq sub_type=quatD severity_level=nevol policy=lumquid src=10.157.14.165 src_port=7170 dst=10.61.200.105 dst_port=2813 http_method=tquov http_url=natu http_host=doei http_agent=acomm http_session_id=veleumi signature_subclass=volupt signature_id=6822 srccountry=itatise content_switch_name=ure server_pool_name=userro false_positive_mitigation=oree user_name=nimadmi monitor_status=utaliq http_refer=https://example.com/tinvolu/uredol.txt?did=lamcol#idolor http_version=tutlabor dev_id=nse threat_weight=rauto history_threat_weight=rese threat_level=nonproi ftp_mode=doconse ftp_cmd=henderi cipher_suite=tisunde msg_id=ende", "observer": { @@ -730,7 +730,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-2-10 time=12:23:41 logver=commod devid=oris devname=rcita logid=ataev type=oris subtype=incidi level=high vd=tutlabo srcip=10.32.66.161 srcport=881 srcintf=lo4523 dstip=10.134.238.8 dstport=2976 dstintf=enp0s1238 poluuid=edquiac sessionid=sit proto=HOPOPT action=allow policyid=olo trandisp=laboris duration=163.866000 sentbyte=7328 rcvdbyte=5375 devtype=tutl osname=nevolu osversion=1.5475 mastersrcmac=ostru srcmac=01:00:5e:e9:5f:84 crscore=157.516000 craction=aven crlevel=idolore eventtype=psaqu user=psa service=pta hostname=ididunt7607.mail.localhost profile=ntutlabo reqtype=leumiure url=https://mail.example.net/epteurs/usmodtem.gif?itvo=asi#tobe direction=internal msg=Lore method=oin cat=eritquii catdesc=taliqui device_id=ecatcu log_id=entoreve pri=high userfrom=umquam adminprof=onev timezone=CET main_type=tionev trigger_policy=ali sub_type=ionu severity_level=perna policy=moll src=10.242.178.15 src_port=3948 dst=10.217.111.77 dst_port=7309 http_method=datatno http_url=equepor http_host=antium http_agent=ugiatn http_session_id=utpe signature_subclass=hend signature_id=1170 srccountry=agnamali content_switch_name=ptateve server_pool_name=aliqua false_positive_mitigation=officiad user_name=nimadmin monitor_status=iavol http_refer=https://example.net/iumtota/qui.jpg?quel=ugitsed#ritatis http_version=olor dev_id=emoenim threat_weight=turadipi history_threat_weight=umSec threat_level=onsecte ftp_mode=inibusBo ftp_cmd=tqui cipher_suite=sequun msg_id=nimadm", "observer": { @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-2-24 time=7:26:15 logver=vitaedic devid=remip devname=rsita logid=rehe type=aper subtype=gnaa level=low vd=uta srcip=10.161.128.235 srcport=6280 srcintf=eth2121 dstip=10.84.29.117 dstport=1245 dstintf=eth7500 poluuid=errorsi sessionid=umwr proto=HOPOPT action=cancel policyid=cupida trandisp=rinc duration=5.709000 sentbyte=289 rcvdbyte=6059 devtype=dquia osname=ommod osversion=1.142 mastersrcmac=dico srcmac=01:00:5e:06:53:8a crscore=35.836000 craction=imipsa crlevel=iscinge eventtype=ora user=meumfug service=inimve hostname=mco2906.domain profile=sitvolu reqtype=eratv url=https://www.example.com/iadolo/cidu.txt?aliquide=redolori#eav direction=inbound msg=nse method=turQuis cat=tat catdesc=pta device_id=henderi log_id=onsec pri=high userfrom=itaspern adminprof=tau timezone=GMT+02:00 main_type=rsintoc trigger_policy=boreetd sub_type=rehende severity_level=sitamet policy=xerc src=10.199.119.251 src_port=7286 dst=10.86.152.227 dst_port=850 http_method=ant http_url=tiu http_host=ommodoco http_agent=rehe http_session_id=eseosqu signature_subclass=oeius signature_id=641 srccountry=eaqueip content_switch_name=laud server_pool_name=uido false_positive_mitigation=uis user_name=msequin monitor_status=autem http_refer=https://internal.example.org/ipi/qua.htm?itat=adipisc#omnisist http_version=orroqui dev_id=sci threat_weight=psamvolu history_threat_weight=itsedqui threat_level=oreve ftp_mode=omn ftp_cmd=onevol cipher_suite=ese msg_id=reprehen", "observer": { @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-3-11 time=2:28:49 logver=eumfugia devid=nimvenia devname=dol logid=rissusc type=lit subtype=quin level=low vd=eddoei srcip=10.35.73.208 srcport=7081 srcintf=eth6552 dstip=10.216.120.61 dstport=6389 dstintf=eth2068 poluuid=dolor sessionid=emUteni proto=tcp action=deny policyid=illoin trandisp=rinre duration=166.295000 sentbyte=5988 rcvdbyte=3374 devtype=olorem osname=mquae osversion=1.1789 mastersrcmac=rQuis srcmac=01:00:5e:b5:9a:3e crscore=5.250000 craction=enimadmi crlevel=elit eventtype=uia user=tem service=unt hostname=ntex5135.corp profile=mqua reqtype=equa url=https://internal.example.com/isc/umdol.jpg?atn=sectet#boreetd direction=outbound msg=olorin method=oluptat cat=olors catdesc=mSecti device_id=ius log_id=quian pri=low userfrom=urExce adminprof=upt timezone=PST main_type=pteurs trigger_policy=intocc sub_type=abo severity_level=orisnis policy=reseo src=10.239.194.105 src_port=3629 dst=10.234.171.117 dst_port=4488 http_method=tenatus http_url=odic http_host=ono http_agent=umtota http_session_id=consequ signature_subclass=ine signature_id=3409 srccountry=dex content_switch_name=ipis server_pool_name=nsecte false_positive_mitigation=miurere user_name=tat monitor_status=pitlabor http_refer=https://example.com/olupta/ape.jpg?mnisiut=eabil#olu http_version=uaUte dev_id=empor threat_weight=ate history_threat_weight=eca threat_level=inre ftp_mode=aliqu ftp_cmd=orem cipher_suite=dquian msg_id=isaute", "observer": { @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=emagnaal dtime=2018-03-25 09:31:24.032538723 +0000 UTC devid=uunturm devname=nonnumq vd=tqu date=2018-3-25 time=9:31:24 logid=ntocca type=emquelau subtype=adolorsi level=medium eventtime=maliquam logtime=ovol srcip=10.34.41.75 srcport=4436 srcintf=enp0s7638 srcintfrole=eseosqu dstip=10.249.16.201 dstport=4293 dstintf=lo5084 dstintfrole=mvele poluuid=qui sessionid=etMa proto=3 action=accept policyid=aspe policytype=uradipi crscore=22.220000 craction=atu crlevel=amremape appcat=illoinve service=uis srccountry=itanimi dstcountry=rinc trandisp=isistena tranip=10.107.168.208 tranport=1864 duration=45.477000 sentbyte=1067 rcvdbyte=2855 sentpkt=ctionofd app=uianonnu", "observer": { @@ -786,7 +786,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=nisiste date=2018-4-8 time=4:33:58 log_id=sedqu devid=itautfu devname=aaliq logid=tDui type=ernatur subtype=itsed level=low vd=xeacomm srcip=10.112.57.220 srcport=5803 srcintf=enp0s1897 dstip=10.19.151.236 dstport=884 dstintf=enp0s4144 poluuid=estiaeco sessionid=vele proto=HOPOPT action=allow policyid=yCiceroi trandisp=loremeu duration=156.263000 sentbyte=3719 rcvdbyte=7292 devtype=colab osname=itte osversion=1.6905 mastersrcmac=orumS srcmac=01:00:5e:c1:b8:93 crscore=60.950000 craction=uptat crlevel=incidun eventtype=agnaaliq user=aturQuis service=cepteurs hostname=tat1845.internal.invalid profile=rumetMal reqtype=tiumtot url=https://www.example.com/imadm/ugiat.txt?Nequepor=nisiu#ptat direction=inbound msg=eddoe method=seq cat=uae catdesc=tobeata device_id=ctas log_id=vol pri=high userfrom=gna adminprof=itautf timezone=ET main_type=eprehe trigger_policy=ariatu sub_type=aqueip severity_level=aqueip policy=rautod src=10.96.168.24 src_port=6206 dst=10.109.106.194 dst_port=5356 http_method=Sedut http_url=stiaec http_host=rveli http_agent=serr http_session_id=umdolo signature_subclass=iduntut signature_id=4281 srccountry=rorsitv content_switch_name=caboNemo server_pool_name=cididun false_positive_mitigation=iamqu user_name=ommodoc monitor_status=mwrit http_refer=https://www5.example.com/madminim/onse.txt?reeuf=orinrepr#tinvo http_version=oru dev_id=ainc threat_weight=aeab history_threat_weight=iat threat_level=acom ftp_mode=olo ftp_cmd=eipsaq cipher_suite=enatu msg_id=mfu", "observer": { @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=aliqui date=2018-4-22 time=11:36:32 log_id=uipexea devid=sauteiru devname=nibusB logid=eetdolo type=issuscip subtype=iduntu level=high vd=rinc srcip=10.109.224.208 srcport=1769 srcintf=enp0s3638 dstip=10.31.34.96 dstport=4651 dstintf=enp0s390 poluuid=atis sessionid=edol proto=icmp action=deny policyid=adip trandisp=ugiatq duration=128.795000 sentbyte=4249 rcvdbyte=6693 devtype=atemUte osname=emag osversion=1.1353 mastersrcmac=ecatcup srcmac=01:00:5e:63:85:d2 crscore=62.286000 craction=oin crlevel=isautem eventtype=eiusm user=assit service=ulpaq hostname=ulamc767.internal.lan profile=iades reqtype=mremape url=https://mail.example.net/ionemu/nul.jpg?volupt=ori#sed direction=inbound msg=maveniam method=ctobeat cat=emoenim catdesc=oqui device_id=olab log_id=remagnam pri=high userfrom=mSecti adminprof=volupt timezone=OMST main_type=ela trigger_policy=fugits sub_type=litseddo severity_level=idestl policy=ptasn src=10.112.155.228 src_port=5011 dst=10.47.191.95 dst_port=6242 http_method=velillu http_url=radipi http_host=iatn http_agent=aturE http_session_id=beat signature_subclass=pern signature_id=7568 srccountry=itvolupt content_switch_name=uradip server_pool_name=perspi false_positive_mitigation=uaer user_name=aed monitor_status=tectobe http_refer=https://example.org/scingeli/uatDuis.gif?apari=itesseci#utali http_version=ofdeFin dev_id=siutaliq threat_weight=urvel history_threat_weight=turE threat_level=ntium ftp_mode=imadmi ftp_cmd=dquiac cipher_suite=liquide msg_id=uatD", "observer": { @@ -814,7 +814,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=gnidolor dtime=2018-05-07 06:39:06.812538723 +0000 UTC devid=BCSedut devname=metco vd=vel date=2018-5-7 time=6:39:06 logid=tmol type=acommodi subtype=ccaecat level=low eventtime=mqu logtime=mips srcip=10.103.169.94 srcport=2174 srcintf=lo5821 srcintfrole=osqu dstip=10.140.137.17 dstport=446 dstintf=enp0s4444 dstintfrole=iono poluuid=atcupi sessionid=dexe proto=0 action=allow policyid=exerci policytype=ems crscore=15.728000 craction=nulapa crlevel=tess appcat=eroi service=enby srccountry=riatur dstcountry=amrema trandisp=illum tranip=10.62.241.218 tranport=7444 duration=5.969000 sentbyte=4832 rcvdbyte=6033 sentpkt=urere app=involu", "observer": { @@ -828,7 +828,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=tem devname=\"litsedq\" devid=\"amre\" vd=orpori date=2018-5-21 time=1:41:41 logid=sistena type=iam subtype=saquae level=low eventtime=itanimid logtime=ianonnum srcip=10.90.229.92 srcport=6796 srcintf=lo1752 srcintfrole=inculp dstip=10.251.212.166 dstport=3925 dstintf=eth1592 dstintfrole=aboNemo poluuid=tsedquia sessionid=ididun proto=21 action=cancel policyid=enim policytype=gnido crscore=85.453000 craction=erepr crlevel=tsedqu appcat=uisa service=uptat srccountry=siutal dstcountry=umetMalo trandisp=onevolu tranip=10.77.105.160 tranport=5541 duration=155.903000 sentbyte=5294 rcvdbyte=2687 sentpkt=ira app=umfu", "observer": { @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-6-4 time=8:44:15 logver=uamq devid=mnisist devname=dutp logid=ecillu type=ipsaqu subtype=asun level=very-high vd=llumd srcip=10.100.223.157 srcport=1307 srcintf=eth5742 dstip=10.232.243.87 dstport=4546 dstintf=lo299 poluuid=atisetq sessionid=mSectio proto=0 action=cancel policyid=nonnumqu trandisp=atis duration=63.050000 sentbyte=3508 rcvdbyte=205 devtype=uam osname=tisunde osversion=1.4261 mastersrcmac=rured srcmac=01:00:5e:8a:c1:2a crscore=19.243000 craction=meumfug crlevel=iam eventtype=animi user=porainc service=nsectetu hostname=spici5547.internal.test profile=tate reqtype=sintocca url=https://mail.example.org/asuntex/uovolup.html?amali=uiav#henderi direction=internal msg=tnul method=ons cat=radip catdesc=amremap device_id=dolorsit log_id=atisund pri=very-high userfrom=uredo adminprof=uamni timezone=CT main_type=quisqua trigger_policy=sedquian sub_type=lamcorpo severity_level=rem policy=apariat src=10.216.49.112 src_port=4521 dst=10.112.242.68 dst_port=3105 http_method=aut http_url=eriti http_host=ipsum http_agent=com http_session_id=uptate signature_subclass=tevelite signature_id=5880 srccountry=nimadmi content_switch_name=mquiado server_pool_name=agn false_positive_mitigation=dip user_name=urmag monitor_status=nim http_refer=https://www5.example.net/tutlabo/incid.gif?ptate=tconsect#usm http_version=uunturma dev_id=namaliqu threat_weight=tatemacc history_threat_weight=licab threat_level=roidents ftp_mode=volupta ftp_cmd=stiaeco cipher_suite=tanim msg_id=osam", "observer": { @@ -856,7 +856,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-6-19 time=3:46:49 logver=tla devid=nimve devname=edutpe logid=tenb type=billoinv subtype=asia level=medium vd=paquioff srcip=10.252.175.174 srcport=1995 srcintf=enp0s1531 dstip=10.196.226.219 dstport=545 dstintf=lo2390 poluuid=uaera sessionid=nsequa proto=tcp action=accept policyid=orporis trandisp=oluptate duration=28.731000 sentbyte=2397 rcvdbyte=1768 devtype=itvolu osname=citation osversion=1.491 mastersrcmac=aincid srcmac=01:00:5e:7e:ea:3f crscore=149.960000 craction=tNeque crlevel=uidolore eventtype=uatDuisa user=usB service=magnaali hostname=istenatu3686.invalid profile=remagna reqtype=eritqu url=https://example.org/mnisiut/porinci.htm?norum=emUten#dminimve direction=internal msg=oremagna method=nulamc cat=tempori catdesc=rsintocc device_id=nderit log_id=etco pri=very-high userfrom=lore adminprof=ameiusmo timezone=PT main_type=veniamqu trigger_policy=equat sub_type=reeu severity_level=atemacc policy=rsitvolu src=10.182.58.108 src_port=4811 dst=10.96.100.84 dst_port=2253 http_method=utlabore http_url=texplica http_host=boru http_agent=ntut http_session_id=elaud signature_subclass=acomm signature_id=5667 srccountry=emUten content_switch_name=uamni server_pool_name=laboris false_positive_mitigation=pers user_name=lpaquiof monitor_status=isisten http_refer=https://api.example.net/seddoei/rnatur.jpg?olores=idolorem#umdolors http_version=uid dev_id=numqua threat_weight=citatio history_threat_weight=sed threat_level=mUten ftp_mode=eursint ftp_cmd=velillum cipher_suite=oin msg_id=teurs", "observer": { @@ -870,7 +870,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=untutl devname=\"cons\" devid=\"vel\" vd=illumdo date=2018-7-3 time=10:49:23 logid=rios type=deF subtype=dutpe level=very-high eventtime=itan logtime=uisnos srcip=10.228.61.5 srcport=1179 srcintf=eth4741 srcintfrole=lites dstip=10.246.41.77 dstport=1217 dstintf=lo7502 dstintfrole=olu poluuid=ectet sessionid=tquovo proto=17 action=block policyid=lapa policytype=xeacom crscore=22.822000 craction=qui crlevel=henderi appcat=rainc service=dminim srccountry=sse dstcountry=tatem trandisp=umexe tranip=10.157.22.21 tranport=5252 duration=135.630000 sentbyte=2167 rcvdbyte=2952 sentpkt=quamei app=nvento", "observer": { @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=qua devname=\"llumdo\" devid=\"tot\" vd=itquii date=2018-7-17 time=5:51:58 logid=psu type=iat subtype=ept level=high eventtime=ectob logtime=aUtenim srcip=10.242.119.111 srcport=645 srcintf=lo1640 srcintfrole=tDuisa dstip=10.239.231.168 dstport=88 dstintf=lo3385 dstintfrole=nimi poluuid=niamqu sessionid=uioffi proto=1 action=allow policyid=consequa policytype=tionu crscore=60.452000 craction=quines crlevel=entsu appcat=ineavol service=abor srccountry=giatq dstcountry=nonpro trandisp=elitsedd tranip=10.188.131.18 tranport=981 duration=46.954000 sentbyte=2770 rcvdbyte=4226 sentpkt=tam app=uovo", "observer": { @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=orinrepr date=2018-8-1 time=12:54:32 log_id=untut devid=siu devname=lorem logid=icons type=hende subtype=umdol level=medium vd=psaq srcip=10.24.154.250 srcport=2108 srcintf=eth2707 dstip=10.124.187.230 dstport=6119 dstintf=lo105 poluuid=mqu sessionid=tse proto=udp action=accept policyid=ueip trandisp=amvo duration=20.956000 sentbyte=2068 rcvdbyte=306 devtype=reetdolo osname=tten osversion=1.979 mastersrcmac=usa srcmac=01:00:5e:6a:a6:c9 crscore=45.307000 craction=oremagna crlevel=siuta eventtype=amnihil user=nderit service=ficia hostname=tru3812.mail.lan profile=olo reqtype=xer url=https://api.example.net/nsec/smo.gif?etq=trumexe#rai direction=outbound msg=tNequepo method=byCicer cat=imvenia catdesc=ipit device_id=tdolorem log_id=nderitin pri=low userfrom=enderitq adminprof=amvolu timezone=GMT-07:00 main_type=temvele trigger_policy=ofd sub_type=quam severity_level=umdol policy=porincid src=10.106.101.87 src_port=7569 dst=10.247.124.74 dst_port=2491 http_method=inea http_url=ipsu http_host=iden http_agent=oreseo http_session_id=edictasu signature_subclass=aerat signature_id=4358 srccountry=lites content_switch_name=col server_pool_name=litsedd false_positive_mitigation=mnis user_name=ainci monitor_status=aturve http_refer=https://api.example.com/mporain/secte.txt?amqui=rume#uptate http_version=tisundeo dev_id=uid threat_weight=eFini history_threat_weight=mnis threat_level=tametco ftp_mode=snisiut ftp_cmd=lit cipher_suite=laborio msg_id=aaliqu", "observer": { @@ -912,7 +912,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-8-15 time=7:57:06 devname=mid device_id=henderi log_id=consec type=event subtype=dquia pri=high desc=isiutali user=rehe userfrom=volupta msg=etcons action=deny adom=etdol408.internal.home session_id=agnamali", "observer": { @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-8-29 time=2:59:40 logver=cae devid=Utenimad devname=onsequ logid=Bon type=amquisno subtype=mullam level=very-high vd=admi srcip=10.111.106.60 srcport=5449 srcintf=lo5820 dstip=10.142.181.192 dstport=4386 dstintf=lo6200 poluuid=lmolest sessionid=miurerep proto=17 action=allow policyid=Sed trandisp=isau duration=66.574000 sentbyte=75 rcvdbyte=806 devtype=idest osname=ostru osversion=1.4342 mastersrcmac=enimip srcmac=01:00:5e:11:d6:5d crscore=66.141000 craction=umquiado crlevel=taspe eventtype=empori user=mipsum service=tium hostname=riaturE1644.www5.example profile=ender reqtype=uine url=https://internal.example.com/dolo/exeacom.txt?tlab=eufugiat#upta direction=internal msg=reetdo method=mad cat=mdolor catdesc=amcorpor device_id=oremquel log_id=san pri=high userfrom=amqui adminprof=itatise timezone=GMT-07:00 main_type=cia trigger_policy=lup sub_type=cipitla severity_level=niam policy=mullamc src=10.215.144.167 src_port=6675 dst=10.162.114.52 dst_port=2925 http_method=quepor http_url=Lor http_host=ten http_agent=exeacomm http_session_id=cusan signature_subclass=oquisq signature_id=4993 srccountry=ihilmol content_switch_name=seosqui server_pool_name=tiset false_positive_mitigation=ciade user_name=erspici monitor_status=xercitat http_refer=https://internal.example.net/utlab/entoreve.html?umdol=nseq#autodita http_version=loreme dev_id=eratv threat_weight=tametcon history_threat_weight=orsi threat_level=ull ftp_mode=mcor ftp_cmd=iamquis cipher_suite=aeabi msg_id=ore", "observer": { @@ -940,7 +940,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-9-12 time=10:02:15 logver=catcup devid=ectetur devname=cons logid=spiciati type=upidata subtype=utlabo level=high vd=ersp srcip=10.101.207.156 srcport=2086 srcintf=enp0s4931 dstip=10.12.8.82 dstport=4369 dstintf=enp0s7520 poluuid=nemull sessionid=trumex proto=6 action=accept policyid=doloremq trandisp=iade duration=26.420000 sentbyte=5013 rcvdbyte=7641 devtype=uidolo osname=ita osversion=1.6452 mastersrcmac=rchite srcmac=01:00:5e:41:90:bf crscore=107.693000 craction=tionem crlevel=volupta eventtype=adol user=econsequ service=orever hostname=mdolo7008.api.corp profile=reetdolo reqtype=psam url=https://www5.example.org/orumet/aliqu.txt?tion=sun#utod direction=outbound msg=rinci method=uamestqu cat=riatu catdesc=ulaparia device_id=remagna log_id=fugi pri=very-high userfrom=xerc adminprof=caecat timezone=OMST main_type=cor trigger_policy=nonnumqu sub_type=uidexea severity_level=emu policy=asia src=10.162.128.87 src_port=6214 dst=10.78.75.82 dst_port=7799 http_method=uptat http_url=con http_host=tem http_agent=orpori http_session_id=lor signature_subclass=quiinea signature_id=7098 srccountry=rroquis content_switch_name=dolorema server_pool_name=prehe false_positive_mitigation=bori user_name=Sedutp monitor_status=ritinvo http_refer=https://internal.example.net/ica/nat.jpg?ddoe=nsequ#lloinve http_version=tdolo dev_id=billoi threat_weight=sequu history_threat_weight=ffic threat_level=imadmini ftp_mode=isnostru ftp_cmd=ostr cipher_suite=tinvo msg_id=lorumwr", "observer": { @@ -954,7 +954,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ctetura devname=\"reseosqu\" devid=\"ittenbyC\" vd=tlabor date=2018-9-27 time=5:04:49 logid=auteir type=uredolo subtype=uido level=medium eventtime=quiratio logtime=aincidu srcip=10.75.198.93 srcport=1982 srcintf=eth725 srcintfrole=umqu dstip=10.137.36.151 dstport=196 dstintf=lo1813 dstintfrole=rspici poluuid=duntutla sessionid=emeu proto=1 action=block policyid=atemUten policytype=turadipi crscore=16.226000 craction=estqu crlevel=orinre appcat=prehen service=equa srccountry=ciatisun dstcountry=mdolorem trandisp=nnumq tranip=10.51.106.43 tranport=6486 duration=78.551000 sentbyte=3531 rcvdbyte=5464 sentpkt=oremeumf app=volupt", "observer": { @@ -968,7 +968,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=tnulapa devname=\"caecatcu\" devid=\"xcepte\" vd=deserun date=2018-10-11 time=12:07:23 logid=mvol type=erep subtype=teurs level=low eventtime=tiumdol logtime=byCicer srcip=10.154.151.111 srcport=5860 srcintf=eth1273 srcintfrole=uisnos dstip=10.7.230.206 dstport=5757 dstintf=lo1291 dstintfrole=pisc poluuid=eumfu sessionid=tseddoe proto=HOPOPT action=allow policyid=emulla policytype=bill crscore=147.522000 craction=oditaut crlevel=oloremqu appcat=untNeque service=reetdol srccountry=perspi dstcountry=tlab trandisp=udexerci tranip=10.249.93.150 tranport=799 duration=113.020000 sentbyte=2808 rcvdbyte=5744 sentpkt=ovolup app=squ", "observer": { @@ -982,7 +982,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-10-25 time=7:09:57 logver=dolor devid=lit devname=ptatem logid=oeiusmod type=ugi subtype=utaliq level=very-high vd=toc srcip=10.76.177.154 srcport=1428 srcintf=eth4425 dstip=10.207.160.170 dstport=7037 dstintf=lo1570 poluuid=reseo sessionid=iration proto=tcp action=deny policyid=magn trandisp=iaecon duration=54.100000 sentbyte=622 rcvdbyte=6280 devtype=ill osname=oris osversion=1.5718 mastersrcmac=ulamcol srcmac=01:00:5e:19:ce:4b crscore=142.771000 craction=oNe crlevel=utfu eventtype=santiumd user=cididunt service=ctasu hostname=itse5466.api.example profile=ica reqtype=mnisis url=https://internal.example.com/nonnumqu/isciveli.gif?wri=aute#iscin direction=outbound msg=uat method=itasper cat=nibusBo catdesc=volupta device_id=olorinr log_id=iameaq pri=high userfrom=docons adminprof=uun timezone=OMST main_type=mremap trigger_policy=ate sub_type=agnaal severity_level=ibusB policy=mexe src=10.217.209.221 src_port=3639 dst=10.26.4.3 dst_port=5291 http_method=rsitame http_url=eca http_host=quirat http_agent=urmagn http_session_id=essec signature_subclass=prehende signature_id=1261 srccountry=setquas content_switch_name=nti server_pool_name=osamnis false_positive_mitigation=atisetqu user_name=ciduntut monitor_status=atisu http_refer=https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu http_version=suntincu dev_id=lore threat_weight=equatu history_threat_weight=enbyCi threat_level=dolo ftp_mode=adipi ftp_cmd=beata cipher_suite=evelites msg_id=ipiscive", "observer": { @@ -996,7 +996,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=umtot date=2018-11-9 time=2:12:32 log_id=eumiurer devid=inv devname=eac logid=rainc type=tinculp subtype=uianon level=high vd=corpori srcip=10.232.131.132 srcport=581 srcintf=enp0s6255 dstip=10.232.246.98 dstport=1854 dstintf=enp0s1526 poluuid=ivelit sessionid=itlabori proto=icmp action=accept policyid=oide trandisp=magni duration=72.993000 sentbyte=5817 rcvdbyte=6960 devtype=rrorsit osname=emipsu osversion=1.6603 mastersrcmac=temUte srcmac=01:00:5e:fe:be:28 crscore=134.746000 craction=hitec crlevel=sci eventtype=luptatev user=ruredo service=iamquis hostname=dquiac6194.api.lan profile=nidolo reqtype=runtmoll url=https://www5.example.org/utlabo/scip.html?voluptas=inv#upta direction=external msg=ors method=olupta cat=raincidu catdesc=nisi device_id=uipexea log_id=taedic pri=high userfrom=ugi adminprof=urExcep timezone=CET main_type=usant trigger_policy=uidolore sub_type=litse severity_level=ugitse policy=utfugi src=10.241.140.241 src_port=1813 dst=10.180.162.174 dst_port=7186 http_method=ido http_url=atnu http_host=ssuscipi http_agent=evita http_session_id=tconsect signature_subclass=lpaquiof signature_id=532 srccountry=lors content_switch_name=Finibus server_pool_name=totam false_positive_mitigation=idat user_name=nulapar monitor_status=git http_refer=https://www5.example.com/odtem/tati.jpg?ueips=umqu#ntexpli http_version=siuta dev_id=porincid threat_weight=itame history_threat_weight=inv threat_level=remaper ftp_mode=quaUteni ftp_cmd=evelit cipher_suite=oluptat msg_id=ditem", "observer": { @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2018-11-23 time=9:15:06 devname=oditautf device_id=asiarc log_id=eddoei type=generic subtype=iatqu pri=very-high devid=itessec devname=dat logid=tdol type=emul subtype=ariatu level=high vd=reseo srcip=10.53.70.207 srcport=1793 srcintf=lo2279 dstip=10.73.140.61 dstport=2114 dstintf=lo368 poluuid=stlabo sessionid=atema proto=1 action=deny policyid=orporiss trandisp=iamq duration=128.426000 sentbyte=1800 rcvdbyte=5783 devtype=pis osname=riosam osversion=1.2052 mastersrcmac=iosam srcmac=01:00:5e:21:d3:0a crscore=65.426000 craction=archi crlevel=nes eventtype=atvolupt user=umwritt service=uae hostname=amco1592.mail.host profile=aaliq reqtype=olupta url=https://internal.example.com/ssusci/snostrud.txt?dolo=siutaliq#obeata direction=outbound msg=tame method=olo cat=vel catdesc=equamn device_id=tempora log_id=enimip pri=very-high userfrom=saqua adminprof=aperia timezone=OMST main_type=tNeque trigger_policy=metcon sub_type=enimadmi severity_level=orem policy=corpor src=10.110.99.222 src_port=5685 dst=10.62.140.108 dst_port=1225 http_method=ssitasp http_url=ptat http_host=asp http_agent=uatDui http_session_id=nofdeFin signature_subclass=unde signature_id=3979 srccountry=seruntm content_switch_name=aera server_pool_name=scive false_positive_mitigation=ngelit user_name=moenimi monitor_status=mqu http_refer=https://mail.example.org/ueipsaq/upid.gif?utla=emUte#tisund http_version=tutla dev_id=isund threat_weight=atemU history_threat_weight=uidex threat_level=uptate ftp_mode=eac ftp_cmd=peria cipher_suite=amaliq msg_id=ium", "observer": { @@ -1024,7 +1024,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ptate date=2018-12-7 time=4:17:40 log_id=tenatu devid=emo devname=ratio logid=maperia type=Maloru subtype=sumquia level=low vd=imadmini srcip=10.237.5.219 srcport=3828 srcintf=eth4604 dstip=10.197.99.150 dstport=3877 dstintf=enp0s7388 poluuid=odo sessionid=itseddoe proto=prm action=accept policyid=itinvo trandisp=uiavol duration=96.864000 sentbyte=2685 rcvdbyte=7612 devtype=urmagn osname=ficiade osversion=1.2691 mastersrcmac=equ srcmac=01:00:5e:f5:2a:24 crscore=163.671000 craction=mipsum crlevel=dolor eventtype=cupidata user=niamquis service=lapariat hostname=dicta7226.mail.example profile=eddoei reqtype=cingel url=https://api.example.com/temporai/umw.jpg?mveniamq=litsed#ptasn direction=unknown msg=loinv method=umd cat=madmi catdesc=xercit device_id=avolup log_id=etdo pri=medium userfrom=veleum adminprof=emUten timezone=CT main_type=proiden trigger_policy=cita sub_type=iac severity_level=ntincul policy=mnisiste src=10.4.244.115 src_port=4588 dst=10.53.50.77 dst_port=5330 http_method=lorem http_url=lore http_host=orroqu http_agent=tlabo http_session_id=iameaque signature_subclass=sautemve signature_id=6466 srccountry=emoe content_switch_name=ameiusmo server_pool_name=ntiumtot false_positive_mitigation=aeab user_name=idolo monitor_status=temac http_refer=https://api.example.net/ollita/idolore.html?illu=iut#asiarc http_version=imidest dev_id=mwri threat_weight=orsi history_threat_weight=ritinvol threat_level=rporiss ftp_mode=atu ftp_cmd=ddo cipher_suite=veli msg_id=ata", "observer": { @@ -1038,7 +1038,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=lor dtime=2018-12-21 23:20:14.972538723 +0000 UTC devid=ori devname=eleumiu vd=amre date=2018-12-21 time=11:20:14 logid=atur type=untex subtype=Except level=very-high eventtime=econse logtime=iac srcip=10.221.100.157 srcport=865 srcintf=lo4518 srcintfrole=mqu dstip=10.236.211.111 dstport=1801 dstintf=enp0s454 dstintfrole=rauto poluuid=pteursi sessionid=iquamqua proto=tcp action=allow policyid=psumqui policytype=equeporr crscore=32.741000 craction=cusanti crlevel=doloreme appcat=nsecte service=reprehen srccountry=taspe dstcountry=litess trandisp=enimadm tranip=10.120.212.78 tranport=119 duration=17.257000 sentbyte=4752 rcvdbyte=3484 sentpkt=ntsuntin app=ectetur", "observer": { @@ -1052,7 +1052,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-1-5 time=6:22:49 logver=intocca devid=vel devname=xeacom logid=orum type=voluptat subtype=nsequ level=medium vd=tenimad srcip=10.140.215.210 srcport=7229 srcintf=lo568 dstip=10.71.213.217 dstport=7475 dstintf=eth5820 poluuid=lup sessionid=reetdolo proto=HOPOPT action=accept policyid=dolor trandisp=emagnam duration=154.150000 sentbyte=2336 rcvdbyte=5326 devtype=emull osname=enatuser osversion=1.3052 mastersrcmac=ectob srcmac=01:00:5e:4a:5d:af crscore=9.013000 craction=niamqu crlevel=nrep eventtype=lauda user=ionevo service=busB hostname=pidatatn2627.www.localdomain profile=eritinvo reqtype=quiav url=https://mail.example.org/ngelit/dipiscin.gif?serro=ctet#umiurere direction=inbound msg=ciun method=ssitaspe cat=deomnis catdesc=ulamcol device_id=onn log_id=redol pri=medium userfrom=utlabore adminprof=nci timezone=OMST main_type=liqu trigger_policy=ectetura sub_type=aUte severity_level=untNeque policy=roi src=10.210.82.202 src_port=2749 dst=10.208.231.15 dst_port=412 http_method=rios http_url=diconseq http_host=tenima http_agent=iusm http_session_id=mveleumi signature_subclass=equinesc signature_id=5076 srccountry=mfugiatq content_switch_name=dmini server_pool_name=emveleu false_positive_mitigation=loree user_name=riatur monitor_status=tempor http_refer=https://internal.example.com/spiciati/tise.gif?ctas=rvelillu#qua http_version=ciat dev_id=iamq threat_weight=porin history_threat_weight=yCi threat_level=arc ftp_mode=santium ftp_cmd=numquame cipher_suite=umfugi msg_id=amestqui", "observer": { @@ -1066,7 +1066,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=tesseq devname=\"nimides\" devid=\"iusmodte\" vd=involup date=2019-1-19 time=1:25:23 logid=edd type=dolorsi subtype=mcolabo level=low eventtime=exe logtime=nve srcip=10.226.255.3 srcport=5449 srcintf=lo7680 srcintfrole=iaconseq dstip=10.123.59.69 dstport=5399 dstintf=lo5835 dstintfrole=ntsunti poluuid=bor sessionid=uisnos proto=6 action=accept policyid=tation policytype=seddoe crscore=21.625000 craction=eur crlevel=ntmolli appcat=pitl service=nulap srccountry=ipexe dstcountry=aqueipsa trandisp=psum tranip=10.53.251.202 tranport=7501 duration=131.751000 sentbyte=6876 rcvdbyte=220 sentpkt=ugi app=ptate", "observer": { @@ -1080,7 +1080,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=rur devname=\"edut\" devid=\"sitametc\" vd=iarchite date=2019-2-2 time=8:27:57 logid=uide type=iono subtype=aboris level=very-high eventtime=imidest logtime=ulamc srcip=10.3.85.176 srcport=318 srcintf=eth2546 srcintfrole=uptateve dstip=10.212.56.26 dstport=3032 dstintf=enp0s2353 dstintfrole=loin poluuid=cinge sessionid=tutl proto=udp action=block policyid=nesciu policytype=ueip crscore=162.484000 craction=orumSe crlevel=mSe appcat=itame service=quaturv srccountry=lumdolor dstcountry=persp trandisp=leumi tranip=10.29.141.252 tranport=2077 duration=106.468000 sentbyte=3472 rcvdbyte=7868 sentpkt=orum app=reseos", "observer": { @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-2-17 time=3:30:32 devname=orem device_id=seq log_id=cus type=generic subtype=tnulap pri=very-high devid=psamvolu devname=inculp logid=eni type=tcupid subtype=ercita level=very-high vd=olorinr srcip=10.110.166.81 srcport=7354 srcintf=lo3023 dstip=10.181.48.82 dstport=1225 dstintf=eth7640 poluuid=conseq sessionid=Nemoen proto=6 action=cancel policyid=umquamei trandisp=nih duration=55.527000 sentbyte=3449 rcvdbyte=4658 devtype=quia osname=eabill osversion=1.95 mastersrcmac=oeiusmo srcmac=01:00:5e:82:ca:1b crscore=67.321000 craction=rumwrit crlevel=tionofd eventtype=ill user=orroquis service=laparia hostname=emveleu4029.api.local profile=tconse reqtype=ntsun url=https://internal.example.net/inc/riaturEx.htm?mnihilm=itinvo#lestia direction=external msg=metcons method=lumd cat=liquaUt catdesc=snos device_id=maccusan log_id=oeni pri=medium userfrom=tiaecon adminprof=tincu timezone=GMT-07:00 main_type=untmoll trigger_policy=par sub_type=idatatno severity_level=tfugit policy=tla src=10.126.11.186 src_port=589 dst=10.236.175.163 dst_port=6562 http_method=atemqui http_url=icaboN http_host=Utenimad http_agent=res http_session_id=officiad signature_subclass=nsectet signature_id=3977 srccountry=temU content_switch_name=ciduntut server_pool_name=ionofd false_positive_mitigation=etqua user_name=udantiu monitor_status=tium http_refer=https://internal.example.net/leumiu/iuta.html?tfugit=rorsitv#tiaecons http_version=uamestq dev_id=aliquaUt threat_weight=boreet history_threat_weight=mquam threat_level=volu ftp_mode=nof ftp_cmd=boNe cipher_suite=ovolu msg_id=cid", "observer": { @@ -1108,7 +1108,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=equamn devname=\"mes\" devid=\"itatio\" vd=ssecillu date=2019-3-3 time=10:33:06 logid=oeius type=itin subtype=nostrud level=medium eventtime=byCic logtime=mnisiuta srcip=10.171.60.173 srcport=209 srcintf=lo1917 srcintfrole=usmodite dstip=10.11.150.136 dstport=3615 dstintf=lo5438 dstintfrole=olup poluuid=urQuis sessionid=iquip proto=1 action=cancel policyid=untutl policytype=elite crscore=176.898000 craction=ipsaq crlevel=spici appcat=nvolupt service=antiu srccountry=llumquid dstcountry=paq trandisp=olup tranip=10.83.98.220 tranport=1300 duration=73.115000 sentbyte=5812 rcvdbyte=3339 sentpkt=amquis app=umtotam", "observer": { @@ -1122,7 +1122,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=pitlabo dtime=2019-03-17 17:35:40.532538723 +0000 UTC devid=lorsita devname=datatno vd=emac date=2019-3-17 time=5:35:40 logid=uiavo type=tdo subtype=ratvolup level=high eventtime=dolo logtime=quioffic srcip=10.238.49.73 srcport=1554 srcintf=enp0s11 srcintfrole=riatu dstip=10.74.88.209 dstport=740 dstintf=lo5287 dstintfrole=quep poluuid=tfugitse sessionid=oenimips proto=udp action=deny policyid=mdo policytype=map crscore=148.871000 craction=osqui crlevel=consequ appcat=catcupid service=velitess srccountry=sit dstcountry=ipisc trandisp=onsectet tranip=10.92.3.166 tranport=5777 duration=156.314000 sentbyte=715 rcvdbyte=3946 sentpkt=itvol app=dolo", "observer": { @@ -1136,7 +1136,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=amquisno dtime=2019-04-01 00:38:14.792538723 +0000 UTC devid=uptasnul devname=ptate vd=deri date=2019-4-1 time=12:38:14 logid=periamea type=equatD subtype=quaturQu level=high eventtime=rpo logtime=inr srcip=10.119.248.36 srcport=2450 srcintf=enp0s1885 srcintfrole=ten dstip=10.187.107.47 dstport=288 dstintf=lo2445 dstintfrole=fugia poluuid=psa sessionid=iset proto=prm action=allow policyid=ecte policytype=ionemull crscore=84.399000 craction=sBo crlevel=nimides appcat=iurere service=edolorin srccountry=labor dstcountry=quelaud trandisp=ira tranip=10.84.200.121 tranport=3226 duration=128.212000 sentbyte=2150 rcvdbyte=4329 sentpkt=nos app=icta", "observer": { @@ -1150,7 +1150,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=itseddo devname=\"tasu\" devid=\"mquae\" vd=CSedu date=2019-4-15 time=7:40:49 logid=atae type=aeconseq subtype=boNemo level=very-high eventtime=nemulla logtime=tmollit srcip=10.167.128.229 srcport=4052 srcintf=eth1833 srcintfrole=ciatisu dstip=10.135.213.17 dstport=6427 dstintf=eth6468 dstintfrole=ritat poluuid=dipi sessionid=asnulapa proto=prm action=block policyid=onsequa policytype=seddoe crscore=23.021000 craction=Bonorume crlevel=emeumfu appcat=tla service=uidexea srccountry=odtem dstcountry=nvolupt trandisp=stia tranip=10.30.239.222 tranport=1546 duration=10.721000 sentbyte=6561 rcvdbyte=1057 sentpkt=itectobe app=rroq", "observer": { @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-4-29 time=2:43:23 devname=uunt device_id=pic log_id=unt type=generic subtype=emUt pri=medium devid=pernatur devname=orem logid=enbyCice type=velil subtype=nsequat level=low vd=duntutl srcip=10.238.172.76 srcport=156 srcintf=lo1215 dstip=10.201.119.253 dstport=2230 dstintf=enp0s7218 poluuid=nimad sessionid=tionu proto=udp action=block policyid=emagna trandisp=quin duration=68.078000 sentbyte=2527 rcvdbyte=1150 devtype=consequ osname=min osversion=1.1028 mastersrcmac=edicta srcmac=01:00:5e:cd:6c:ed crscore=163.905000 craction=itinvolu crlevel=urerepre eventtype=iumdol user=serror service=uptass hostname=rspic5637.api.local profile=itatise reqtype=iut url=https://api.example.net/ita/esse.txt?amquis=iatquovo#rExce direction=inbound msg=uraut method=reetdol cat=umtotam catdesc=itaedi device_id=ant log_id=tiumt pri=very-high userfrom=ratvolup adminprof=iamqu timezone=CT main_type=quaturve trigger_policy=tsunti sub_type=ero severity_level=iusmodi policy=acomm src=10.169.133.219 src_port=92 dst=10.115.166.48 dst_port=7491 http_method=eleumiur http_url=ididun http_host=edi http_agent=gia http_session_id=uaturQui signature_subclass=emi signature_id=5446 srccountry=etM content_switch_name=eve server_pool_name=iru false_positive_mitigation=ipit user_name=emq monitor_status=elitsedq http_refer=https://www.example.net/onsequat/emagnaa.gif?itse=tco#nnumqua http_version=erit dev_id=lorsitam threat_weight=emagnama history_threat_weight=ute threat_level=Excep ftp_mode=utpersp ftp_cmd=rehe cipher_suite=tiumt msg_id=ulamc", "observer": { @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=runt date=2019-5-13 time=9:45:57 log_id=emipsu devid=icaboNem devname=Except logid=fugits type=maliquam subtype=mav level=very-high vd=ecill srcip=10.36.122.89 srcport=5040 srcintf=lo3887 dstip=10.206.76.186 dstport=741 dstintf=eth2435 poluuid=atisund sessionid=enbyCic proto=1 action=block policyid=nrepre trandisp=uisautem duration=145.667000 sentbyte=4247 rcvdbyte=4374 devtype=tio osname=aconseq osversion=1.4195 mastersrcmac=enatuser srcmac=01:00:5e:1a:9c:4f crscore=124.786000 craction=rcitatio crlevel=olore eventtype=ntexp user=atio service=roquisqu hostname=rror3870.www5.local profile=volu reqtype=occ url=https://www5.example.net/culpa/isun.txt?cola=tura#rat direction=internal msg=sect method=ing cat=nis catdesc=aboreet device_id=ulapari log_id=isetqu pri=high userfrom=ons adminprof=Sedu timezone=CEST main_type=icaboNem trigger_policy=enderi sub_type=edqu severity_level=cita policy=uidolore src=10.146.255.40 src_port=3003 dst=10.226.39.82 dst_port=3950 http_method=oluptate http_url=orumwrit http_host=aconse http_agent=ites http_session_id=abori signature_subclass=dolor signature_id=3543 srccountry=amqu content_switch_name=uamest server_pool_name=ntoccaec false_positive_mitigation=ites user_name=caecatcu monitor_status=iof http_refer=https://api.example.com/uae/mdolo.txt?aute=itatise#utpers http_version=equunt dev_id=Nemo threat_weight=itse history_threat_weight=lillumq threat_level=idid ftp_mode=uis ftp_cmd=velits cipher_suite=mmodo msg_id=rporissu", "observer": { @@ -1192,7 +1192,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=utemvel dtime=2019-05-28 04:48:31.832538723 +0000 UTC devid=exercita devname=emaperi vd=aspernat date=2019-5-28 time=4:48:31 logid=ddoei type=nihi subtype=umfu level=low eventtime=ehen logtime=olupt srcip=10.53.82.96 srcport=7088 srcintf=eth297 srcintfrole=nostru dstip=10.224.212.88 dstport=5404 dstintf=lo4266 dstintfrole=natuserr poluuid=ipi sessionid=eniamqui proto=icmp action=deny policyid=urvelill policytype=iadese crscore=174.116000 craction=isundeo crlevel=emq appcat=rehender service=uat srccountry=apa dstcountry=tani trandisp=per tranip=10.35.240.70 tranport=2587 duration=62.993000 sentbyte=7102 rcvdbyte=2380 sentpkt=ataevit app=chi", "observer": { @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=lorsita devname=\"oeius\" devid=\"trud\" vd=aco date=2019-6-11 time=11:51:06 logid=uei type=tsedqu subtype=agni level=very-high eventtime=rsint logtime=catc srcip=10.186.253.240 srcport=6982 srcintf=enp0s5429 srcintfrole=end dstip=10.233.128.7 dstport=2455 dstintf=eth5315 dstintfrole=onnumq poluuid=lupt sessionid=ugiatq proto=prm action=cancel policyid=utla policytype=iosamn crscore=164.209000 craction=tor crlevel=toreve appcat=ita service=orain srccountry=tnulap dstcountry=aevitae trandisp=aqu tranip=10.66.149.234 tranport=6236 duration=128.130000 sentbyte=6344 rcvdbyte=475 sentpkt=loremeu app=tate", "observer": { @@ -1220,7 +1220,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=elaud dtime=2019-06-25 18:53:40.352538723 +0000 UTC devid=iad devname=irat vd=upi date=2019-6-25 time=6:53:40 logid=rsintocc type=itanim subtype=sinto level=medium eventtime=lore logtime=eabi srcip=10.227.133.134 srcport=3351 srcintf=enp0s4820 srcintfrole=erspici dstip=10.46.11.114 dstport=4009 dstintf=enp0s7159 dstintfrole=oremq poluuid=rspiciat sessionid=ptas proto=tcp action=cancel policyid=ore policytype=dut crscore=128.554000 craction=remape crlevel=itectob appcat=sedquia service=mquisnos srccountry=mwritt dstcountry=avolupt trandisp=lumdolo tranip=10.173.140.201 tranport=6422 duration=133.394000 sentbyte=7249 rcvdbyte=1387 sentpkt=str app=sit", "observer": { @@ -1234,7 +1234,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=elillum dtime=2019-07-10 01:56:14.612538723 +0000 UTC devid=isnos devname=emp vd=eos date=2019-7-10 time=1:56:14 logid=sciveli type=Bonoru subtype=rai level=low eventtime=omm logtime=cepteu srcip=10.205.18.11 srcport=6737 srcintf=eth4759 srcintfrole=ueipsa dstip=10.69.130.207 dstport=1191 dstintf=eth614 dstintfrole=architec poluuid=era sessionid=ptatem proto=udp action=cancel policyid=isi policytype=ssecill crscore=44.181000 craction=exerci crlevel=ptatemUt appcat=temqu service=ofd srccountry=nimvenia dstcountry=ari trandisp=eir tranip=10.170.236.123 tranport=4346 duration=150.036000 sentbyte=6877 rcvdbyte=1751 sentpkt=orum app=tation", "observer": { @@ -1248,7 +1248,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=repre date=2019-7-24 time=8:58:48 log_id=ore devid=ionemu devname=rehend logid=uiad type=tasu subtype=sciun level=high vd=taev srcip=10.196.124.206 srcport=7569 srcintf=enp0s2181 dstip=10.186.88.110 dstport=4203 dstintf=enp0s5497 poluuid=asnulapa sessionid=hende proto=0 action=deny policyid=ntmolli trandisp=uto duration=178.755000 sentbyte=6361 rcvdbyte=1742 devtype=ipsu osname=taedi osversion=1.2682 mastersrcmac=acom srcmac=01:00:5e:99:e3:a5 crscore=175.099000 craction=Cic crlevel=aturveli eventtype=lica user=Exc service=amvolup hostname=velill3821.mail.invalid profile=asnulap reqtype=usmodte url=https://example.com/loremag/mqu.gif?bore=lapari#aborios direction=external msg=lorem method=mnisiuta cat=quiadolo catdesc=abo device_id=msequine log_id=mrem pri=medium userfrom=atuserr adminprof=nsequatu timezone=ET main_type=uptasnu trigger_policy=atemUt sub_type=iurere severity_level=oident policy=volup src=10.97.254.192 src_port=302 dst=10.124.34.251 dst_port=3899 http_method=imide http_url=sequa http_host=ine http_agent=ollitan http_session_id=eacomm signature_subclass=onseq signature_id=6250 srccountry=reetd content_switch_name=equamnih server_pool_name=tevelite false_positive_mitigation=sitvolup user_name=epor monitor_status=atatnonp http_refer=https://example.org/elauda/ria.htm?uptatemU=iono#quun http_version=itationu dev_id=eniamqui threat_weight=adolo history_threat_weight=oreetdol threat_level=uinesciu ftp_mode=sciun ftp_cmd=tametc cipher_suite=rExcep msg_id=avolup", "observer": { @@ -1262,7 +1262,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=olores devname=\"ineavol\" devid=\"bori\" vd=taev date=2019-8-7 time=4:01:23 logid=ngelit type=uidexea subtype=stiaec level=very-high eventtime=quipex logtime=rsintoc srcip=10.9.41.221 srcport=4010 srcintf=eth434 srcintfrole=estlabor dstip=10.81.58.91 dstport=2247 dstintf=lo6072 dstintfrole=udexerci poluuid=onemul sessionid=elaud proto=tcp action=cancel policyid=trudexe policytype=tiumtota crscore=53.861000 craction=ariaturE crlevel=fug appcat=umqu service=umqu srccountry=roide dstcountry=tio trandisp=autem tranip=10.204.98.238 tranport=3885 duration=108.380000 sentbyte=2498 rcvdbyte=3936 sentpkt=aquioffi app=aliqui", "observer": { @@ -1276,7 +1276,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-8-21 time=11:03:57 devname=unti device_id=tena log_id=velits type=event subtype=oditautf pri=high desc=rmagni user=tiono userfrom=utemvele msg=taevi action=cancel adom=xplicabo4308.www.example session_id=tquo", "observer": { @@ -1290,7 +1290,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=nrepr devname=\"uipex\" devid=\"alorumw\" vd=nibus date=2019-9-5 time=6:06:31 logid=eiusmo type=rci subtype=seosquir level=medium eventtime=ume logtime=ercitati srcip=10.35.84.125 srcport=341 srcintf=enp0s2388 srcintfrole=pernatu dstip=10.37.120.29 dstport=4170 dstintf=enp0s1127 dstintfrole=tasuntex poluuid=etura sessionid=taedi proto=udp action=accept policyid=quiacon policytype=udexerc crscore=66.169000 craction=undeomni crlevel=ritquiin appcat=taspern service=iadeser srccountry=nos dstcountry=mollita trandisp=eserun tranip=10.212.208.70 tranport=3237 duration=36.569000 sentbyte=5330 rcvdbyte=11 sentpkt=otamr app=eveli", "observer": { @@ -1304,7 +1304,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=temsequi devname=\"aturvel\" devid=\"elaudan\" vd=alorum date=2019-9-19 time=1:09:05 logid=olor type=inesc subtype=tlaborio level=high eventtime=equeporr logtime=seq srcip=10.143.65.84 srcport=2670 srcintf=enp0s5828 srcintfrole=ddoeiu dstip=10.199.201.26 dstport=3770 dstintf=eth4236 dstintfrole=ore poluuid=onse sessionid=abo proto=1 action=accept policyid=magnaa policytype=tateveli crscore=94.258000 craction=xplica crlevel=dex appcat=rsintocc service=iusmo srccountry=oquisqu dstcountry=ullamcor trandisp=remagn tranip=10.207.207.106 tranport=2048 duration=94.877000 sentbyte=6896 rcvdbyte=7419 sentpkt=tvolup app=ites", "observer": { @@ -1318,7 +1318,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=rExce dtime=2019-10-03 20:11:40.172538723 +0000 UTC devid=rittenby devname=gni vd=ritq date=2019-10-3 time=8:11:40 logid=lestiaec type=rissusci subtype=fdeFi level=high eventtime=ehende logtime=riatu srcip=10.204.27.48 srcport=5998 srcintf=lo7358 srcintfrole=emaperia dstip=10.163.236.253 dstport=7768 dstintf=enp0s2100 dstintfrole=sequatu poluuid=ugi sessionid=oditau proto=1 action=block policyid=mvele policytype=atae crscore=123.668000 craction=imips crlevel=admi appcat=ocons service=tiumdol srccountry=sunt dstcountry=rrorsi trandisp=remagna tranip=10.41.61.88 tranport=426 duration=82.943000 sentbyte=525 rcvdbyte=3702 sentpkt=dolor app=ips", "observer": { @@ -1332,7 +1332,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=ipitlab dtime=2019-10-18 03:14:14.432538723 +0000 UTC devid=ipsa devname=dents vd=erepreh date=2019-10-18 time=3:14:14 logid=amest type=dolore subtype=xer level=medium eventtime=onemul logtime=off srcip=10.246.81.164 srcport=3453 srcintf=lo3071 srcintfrole=ende dstip=10.185.44.26 dstport=3193 dstintf=lo7861 dstintfrole=tationul poluuid=tam sessionid=byCic proto=0 action=cancel policyid=cons policytype=serro crscore=5.473000 craction=uiac crlevel=aecatcu appcat=sed service=uisnostr srccountry=aquei dstcountry=ation trandisp=sumqu tranip=10.53.110.111 tranport=2549 duration=141.141000 sentbyte=5569 rcvdbyte=5239 sentpkt=entore app=uaturQ", "observer": { @@ -1346,7 +1346,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=xpli date=2019-11-1 time=10:16:48 log_id=quae devid=totamre devname=lam logid=quamestq type=porai subtype=oinve level=medium vd=hender srcip=10.84.154.230 srcport=1335 srcintf=enp0s1127 dstip=10.212.63.179 dstport=6790 dstintf=eth1762 poluuid=eufugia sessionid=temqu proto=3 action=allow policyid=tvolup trandisp=lori duration=130.339000 sentbyte=4763 rcvdbyte=4334 devtype=rnatur osname=etdolo osversion=1.802 mastersrcmac=adipisci srcmac=01:00:5e:7b:68:0e crscore=36.122000 craction=culpaq crlevel=quis eventtype=lupt user=upt service=aboN hostname=cupida6106.www5.local profile=tdo reqtype=asperna url=https://api.example.com/aco/empo.jpg?iumdol=iusm#ido direction=unknown msg=peri method=aspernat cat=seq catdesc=olup device_id=uamqu log_id=veli pri=high userfrom=etco adminprof=nulap timezone=CT main_type=radip trigger_policy=tali sub_type=ntin severity_level=loreseos policy=ites src=10.109.172.90 src_port=2785 dst=10.146.77.206 dst_port=1554 http_method=amnihilm http_url=ipsamv http_host=proid http_agent=xcep http_session_id=udantium signature_subclass=sum signature_id=1723 srccountry=iaecon content_switch_name=euf server_pool_name=norume false_positive_mitigation=hilmo user_name=aquaeab monitor_status=eporr http_refer=https://www.example.com/metMalo/santiu.jpg?icon=enderit#roquisqu http_version=lapa dev_id=imadm threat_weight=giatquo history_threat_weight=oeiusm threat_level=oreeuf ftp_mode=iusmodt ftp_cmd=umwrit cipher_suite=atatn msg_id=uatD", "observer": { @@ -1360,7 +1360,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-11-15 time=5:19:22 devname=ptate device_id=Nemoe log_id=cupidat type=generic subtype=onsequ pri=high devid=nostr devname=umtotam logid=mqua type=emU subtype=gnido level=very-high vd=plicab srcip=10.8.161.226 srcport=3191 srcintf=eth5256 dstip=10.13.234.237 dstport=3760 dstintf=enp0s1149 poluuid=oeiusmo sessionid=nisi proto=6 action=allow policyid=lupt trandisp=tlaborio duration=18.804000 sentbyte=1061 rcvdbyte=6464 devtype=itan osname=iquidexe osversion=1.2314 mastersrcmac=fugia srcmac=01:00:5e:09:8f:0e crscore=5.320000 craction=onof crlevel=quam eventtype=rure user=ipis service=liqu hostname=unt2122.internal.local profile=orsitame reqtype=tassitas url=https://example.org/uidolor/turve.htm?temporai=uasiarch#ect direction=unknown msg=occae method=lpaqu cat=minimav catdesc=col device_id=riamea log_id=ern pri=low userfrom=odtempo adminprof=con timezone=CEST main_type=offici trigger_policy=uipexe sub_type=ium severity_level=quamqua policy=nsequatu src=10.38.18.72 src_port=3177 dst=10.202.250.141 dst_port=1824 http_method=volu http_url=quatDui http_host=stenat http_agent=liquip http_session_id=eiusmodt signature_subclass=dmi signature_id=4174 srccountry=ameaque content_switch_name=pitlabor server_pool_name=essequa false_positive_mitigation=ini user_name=maperia monitor_status=ovolup http_refer=https://mail.example.com/veniamq/uisno.htm?luptas=omm#eaquei http_version=iveli dev_id=lill threat_weight=voluptat history_threat_weight=aturveli threat_level=incidunt ftp_mode=tatnonp ftp_cmd=abi cipher_suite=nimave msg_id=atu", "observer": { @@ -1374,7 +1374,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "logver=siu date=2019-11-30 time=12:21:57 log_id=inrepr devid=cero devname=ita logid=xercitat type=meumfug subtype=umt level=very-high vd=laparia srcip=10.195.87.127 srcport=760 srcintf=lo3094 dstip=10.52.118.202 dstport=6556 dstintf=enp0s5751 poluuid=ectobe sessionid=rehender proto=udp action=block policyid=orinc trandisp=tcons duration=52.473000 sentbyte=7043 rcvdbyte=4714 devtype=suscipi osname=imipsam osversion=1.4674 mastersrcmac=hilm srcmac=01:00:5e:73:ca:c1 crscore=54.412000 craction=etd crlevel=erspici eventtype=tfug user=atatno service=sed hostname=luptat2613.internal.localhost profile=olupt reqtype=mipsum url=https://www.example.net/Maloru/lapariat.htm?tlabori=rehender#odtempo direction=inbound msg=alorum method=tmollit cat=bori catdesc=antium device_id=reetdo log_id=rchitec pri=medium userfrom=cipitlab adminprof=venia timezone=CT main_type=quid trigger_policy=mwrit sub_type=cid severity_level=lupt policy=adipisc src=10.182.124.88 src_port=116 dst=10.139.144.75 dst_port=5037 http_method=utodi http_url=isiutali http_host=oremeu http_agent=mquaerat http_session_id=conse signature_subclass=mestq signature_id=5535 srccountry=turQuisa content_switch_name=itasper server_pool_name=cidu false_positive_mitigation=ips user_name=modo monitor_status=ela http_refer=https://example.org/unti/niamqu.html?ris=veli#giatnu http_version=tanimide dev_id=ectetur threat_weight=umexer history_threat_weight=nim threat_level=nisiuta ftp_mode=cipitla ftp_cmd=ditautf cipher_suite=oluptasn msg_id=madmin", "observer": { @@ -1388,7 +1388,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "message": "date=2019-12-14 time=7:24:31 logver=imadm devid=stla devname=cab logid=orr type=olu subtype=quatDu level=low vd=siste srcip=10.151.47.249 srcport=6697 srcintf=lo5632 dstip=10.155.194.6 dstport=3005 dstintf=enp0s6106 poluuid=quatDu sessionid=deFinib proto=HOPOPT action=block policyid=taedic trandisp=ffi duration=130.219000 sentbyte=2693 rcvdbyte=568 devtype=consequ osname=rumw osversion=1.1386 mastersrcmac=temveleu srcmac=01:00:5e:df:96:27 crscore=104.315000 craction=item crlevel=remipsum eventtype=olupt user=usc service=ernat hostname=neavo4796.internal.domain profile=tatemac reqtype=exer url=https://www5.example.com/xea/ssecill.html?quianonn=quun#one direction=internal msg=riame method=uaUte cat=quae catdesc=utlabor device_id=ameius log_id=tate pri=very-high userfrom=lupta adminprof=atemseq timezone=CEST main_type=amcolab trigger_policy=ectobea sub_type=itsedq severity_level=pta policy=remipsu src=10.35.10.19 src_port=3941 dst=10.188.124.185 dst_port=5837 http_method=tali http_url=tasper http_host=amquisn http_agent=esciu http_session_id=iamea signature_subclass=perspi signature_id=7117 srccountry=emaccus content_switch_name=expl server_pool_name=giat false_positive_mitigation=uscipi user_name=dolo monitor_status=tionevol http_refer=https://internal.example.com/uptatema/dutpers.htm?tion=iumdol#ept http_version=Mal dev_id=tquasia threat_weight=ficiad history_threat_weight=roinBC threat_level=eufu ftp_mode=tio ftp_cmd=equatDu cipher_suite=exea msg_id=tasnulap", "observer": { diff --git a/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a24b95d5897..d0cdc38ea16 100644 --- a/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortimanager/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Fortinet Manager/Analyzer processors: - set: field: ecs.version - value: '8.3.0' + value: '8.5.0' - set: field: observer.vendor value: Fortinet diff --git a/packages/fortinet_fortimanager/data_stream/log/sample_event.json b/packages/fortinet_fortimanager/data_stream/log/sample_event.json index 0959ccecbb2..5fa6abb55e3 100644 --- a/packages/fortinet_fortimanager/data_stream/log/sample_event.json +++ b/packages/fortinet_fortimanager/data_stream/log/sample_event.json @@ -27,7 +27,7 @@ "port": 6125 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/fortinet_fortimanager/docs/README.md b/packages/fortinet_fortimanager/docs/README.md index 11dc58117b6..40bb8a40b4d 100644 --- a/packages/fortinet_fortimanager/docs/README.md +++ b/packages/fortinet_fortimanager/docs/README.md @@ -42,7 +42,7 @@ An example event for `log` looks as following: "port": 6125 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", @@ -250,7 +250,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/fortinet_fortimanager/manifest.yml b/packages/fortinet_fortimanager/manifest.yml index 9b55ff1b02a..9faf317da5f 100644 --- a/packages/fortinet_fortimanager/manifest.yml +++ b/packages/fortinet_fortimanager/manifest.yml @@ -1,6 +1,6 @@ name: fortinet_fortimanager title: Fortinet FortiManager Logs -version: 1.1.3 +version: "1.2.0" release: ga description: Collect logs from Fortinet FortiManager instances with Elastic Agent. type: integration diff --git a/packages/gcp/_dev/build/build.yml b/packages/gcp/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/gcp/_dev/build/build.yml +++ b/packages/gcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index faf03fd2c43..799052937d6 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.14.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.13.0" changes: - description: Migrate dashboard by values diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index bddb1cf4fa7..e556319c81c 100644 --- a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -14,7 +14,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GetResourceBillingInfo", @@ -77,7 +77,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "beta.compute.machineTypes.aggregatedList", @@ -162,7 +162,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -259,7 +259,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "beta.compute.instances.aggregatedList", @@ -343,7 +343,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -471,7 +471,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "v1.compute.images.insert", @@ -603,7 +603,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "beta.compute.instances.stop", @@ -684,7 +684,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.core.v1.nodes.list", @@ -761,7 +761,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.extensions.v1beta1.ingresses.list", @@ -841,7 +841,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.get", @@ -918,7 +918,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.get", @@ -997,7 +997,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "google.iam.admin.v1.ListServiceAccounts", @@ -1065,7 +1065,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", @@ -1215,7 +1215,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "io.k8s.apps.v1.deployments.patch", @@ -1586,7 +1586,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "google.container.v1.ClusterManager.GetCluster", @@ -1665,7 +1665,7 @@ "provider": "gcp" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "storage.objects.get", diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 29baf0ede71..4d46a30642a 100644 --- a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/audit/sample_event.json b/packages/gcp/data_stream/audit/sample_event.json index 095cfe4a146..f59e6c3b3d7 100644 --- a/packages/gcp/data_stream/audit/sample_event.json +++ b/packages/gcp/data_stream/audit/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 6e53dd86f1a..ba693e0251e 100644 --- a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -36,7 +36,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -127,7 +127,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -243,7 +243,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -356,7 +356,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -450,7 +450,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -540,7 +540,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -609,7 +609,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -689,7 +689,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -758,7 +758,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -826,7 +826,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -924,7 +924,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1001,7 +1001,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1078,7 +1078,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1155,7 +1155,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1232,7 +1232,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1309,7 +1309,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1377,7 +1377,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1445,7 +1445,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1532,7 +1532,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1614,7 +1614,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", @@ -1695,7 +1695,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dns-query", diff --git a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index c9acc2a47cd..515069f944b 100644 --- a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/dns/sample_event.json b/packages/gcp/data_stream/dns/sample_event.json index 060beed6e64..252f5d08f83 100644 --- a/packages/gcp/data_stream/dns/sample_event.json +++ b/packages/gcp/data_stream/dns/sample_event.json @@ -46,7 +46,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "0168f0f0-b64d-4a7a-ba00-c309f9e7f0ca", diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index 219a3834987..542069bf998 100644 --- a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -17,7 +17,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -122,7 +122,7 @@ "port": 57794 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -327,7 +327,7 @@ "port": 3389 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -422,7 +422,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -520,7 +520,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -616,7 +616,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -712,7 +712,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -810,7 +810,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -908,7 +908,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1006,7 +1006,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1104,7 +1104,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1300,7 +1300,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1409,7 +1409,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1509,7 +1509,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1598,7 +1598,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1706,7 +1706,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1814,7 +1814,7 @@ "port": 3389 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -1911,7 +1911,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2019,7 +2019,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", @@ -2127,7 +2127,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "firewall-rule", diff --git a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 05c30443fac..6dd7d6ffcbc 100644 --- a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud Firewall Logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/firewall/sample_event.json b/packages/gcp/data_stream/firewall/sample_event.json index b2ce153fb88..353ed93685c 100644 --- a/packages/gcp/data_stream/firewall/sample_event.json +++ b/packages/gcp/data_stream/firewall/sample_event.json @@ -27,7 +27,7 @@ "port": 3389 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json b/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json index cb02b1de243..a522dad2b97 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json +++ b/packages/gcp/data_stream/loadbalancing_logs/_dev/test/pipeline/test-load-balancer.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -114,7 +114,7 @@ "domain": "pictures.example.com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -221,7 +221,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml index eb4ae24a860..a54227ffce0 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/loadbalancing_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/loadbalancing_logs/sample_event.json b/packages/gcp/data_stream/loadbalancing_logs/sample_event.json index 2f777d56509..28e30b40e36 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/sample_event.json +++ b/packages/gcp/data_stream/loadbalancing_logs/sample_event.json @@ -29,7 +29,7 @@ "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json index 54d456bef23..1215795fdc7 100644 --- a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json @@ -23,7 +23,7 @@ "port": 33478 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ "port": 33970 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -216,7 +216,7 @@ "port": 33576 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -310,7 +310,7 @@ "port": 59679 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -386,7 +386,7 @@ "port": 50646 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -543,7 +543,7 @@ "port": 33692 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -658,7 +658,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -749,7 +749,7 @@ "port": 33554 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -852,7 +852,7 @@ "port": 33880 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -950,7 +950,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1033,7 +1033,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1136,7 +1136,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1251,7 +1251,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1354,7 +1354,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1457,7 +1457,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1543,7 +1543,7 @@ "port": 46864 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1627,7 +1627,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1728,7 +1728,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1825,7 +1825,7 @@ "port": 65320 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1915,7 +1915,7 @@ "port": 33562 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2012,7 +2012,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2085,7 +2085,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2186,7 +2186,7 @@ "port": 33548 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2272,7 +2272,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2361,7 +2361,7 @@ "port": 33542 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2464,7 +2464,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2573,7 +2573,7 @@ "port": 34836 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2646,7 +2646,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2744,7 +2744,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2830,7 +2830,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -2931,7 +2931,7 @@ "port": 33534 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3034,7 +3034,7 @@ "port": 33694 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3131,7 +3131,7 @@ "port": 65263 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3209,7 +3209,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3324,7 +3324,7 @@ "port": 49680 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3416,7 +3416,7 @@ "port": 33862 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3500,7 +3500,7 @@ "port": 65321 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3578,7 +3578,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3688,7 +3688,7 @@ "port": 60112 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3779,7 +3779,7 @@ "port": 33552 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3894,7 +3894,7 @@ "port": 33524 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -3985,7 +3985,7 @@ "port": 33548 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4088,7 +4088,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4197,7 +4197,7 @@ "port": 33924 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4281,7 +4281,7 @@ "port": 65271 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4354,7 +4354,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4433,7 +4433,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4528,7 +4528,7 @@ "port": 65316 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4606,7 +4606,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4709,7 +4709,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4819,7 +4819,7 @@ "port": 33558 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4905,7 +4905,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -4989,7 +4989,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5073,7 +5073,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5158,7 +5158,7 @@ "port": 50438 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5239,7 +5239,7 @@ "port": 59623 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5317,7 +5317,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5432,7 +5432,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5518,7 +5518,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5602,7 +5602,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5686,7 +5686,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5775,7 +5775,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5884,7 +5884,7 @@ "port": 33602 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -5957,7 +5957,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6046,7 +6046,7 @@ "port": 33534 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6155,7 +6155,7 @@ "port": 52260 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6245,7 +6245,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6348,7 +6348,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6439,7 +6439,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6554,7 +6554,7 @@ "port": 33554 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6651,7 +6651,7 @@ "port": 53706 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6729,7 +6729,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6827,7 +6827,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -6916,7 +6916,7 @@ "port": 33556 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7014,7 +7014,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7098,7 +7098,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7193,7 +7193,7 @@ "port": 34090 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7277,7 +7277,7 @@ "port": 34178 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7361,7 +7361,7 @@ "port": 33064 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7434,7 +7434,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7529,7 +7529,7 @@ "port": 58216 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7619,7 +7619,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7722,7 +7722,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7808,7 +7808,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -7897,7 +7897,7 @@ "port": 33510 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8006,7 +8006,7 @@ "port": 34906 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8090,7 +8090,7 @@ "port": 52454 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8163,7 +8163,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8252,7 +8252,7 @@ "port": 33530 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8367,7 +8367,7 @@ "port": 33570 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8470,7 +8470,7 @@ "port": 33858 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8573,7 +8573,7 @@ "port": 33590 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8671,7 +8671,7 @@ "port": 60108 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8774,7 +8774,7 @@ "port": 33536 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8865,7 +8865,7 @@ "port": 33560 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -8968,7 +8968,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9078,7 +9078,7 @@ "port": 33874 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9169,7 +9169,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9272,7 +9272,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9375,7 +9375,7 @@ "port": 33538 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9490,7 +9490,7 @@ "port": 33690 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9581,7 +9581,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9696,7 +9696,7 @@ "port": 33572 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9799,7 +9799,7 @@ "port": 33968 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9890,7 +9890,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -9999,7 +9999,7 @@ "port": 57300 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10072,7 +10072,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10173,7 +10173,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10276,7 +10276,7 @@ "port": 33880 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10367,7 +10367,7 @@ "port": 33574 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10476,7 +10476,7 @@ "port": 65315 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10566,7 +10566,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10652,7 +10652,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10747,7 +10747,7 @@ "port": 54662 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10825,7 +10825,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -10928,7 +10928,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11043,7 +11043,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11129,7 +11129,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11230,7 +11230,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11321,7 +11321,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11424,7 +11424,7 @@ "port": 33576 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11539,7 +11539,7 @@ "port": 33540 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11630,7 +11630,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11745,7 +11745,7 @@ "port": 33538 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11831,7 +11831,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11915,7 +11915,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -11999,7 +11999,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12083,7 +12083,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12178,7 +12178,7 @@ "port": 65317 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12256,7 +12256,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12354,7 +12354,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12446,7 +12446,7 @@ "port": 52328 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12524,7 +12524,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12633,7 +12633,7 @@ "port": 37292 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12711,7 +12711,7 @@ "port": 33876 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12806,7 +12806,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12901,7 +12901,7 @@ "port": 59790 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -12991,7 +12991,7 @@ "port": 33552 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13094,7 +13094,7 @@ "port": 33556 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13191,7 +13191,7 @@ "port": 65257 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13269,7 +13269,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13384,7 +13384,7 @@ "port": 33692 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13481,7 +13481,7 @@ "port": 65262 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13556,7 +13556,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13671,7 +13671,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13754,7 +13754,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13855,7 +13855,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -13938,7 +13938,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14033,7 +14033,7 @@ "port": 65322 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14111,7 +14111,7 @@ "port": 33568 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14226,7 +14226,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14312,7 +14312,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14396,7 +14396,7 @@ "port": 33564 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14491,7 +14491,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14587,7 +14587,7 @@ "port": 60126 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14684,7 +14684,7 @@ "port": 32882 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14757,7 +14757,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14852,7 +14852,7 @@ "port": 39568 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -14931,7 +14931,7 @@ "port": 58026 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15021,7 +15021,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15124,7 +15124,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15212,7 +15212,7 @@ "port": 33874 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15310,7 +15310,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15405,7 +15405,7 @@ "port": 41818 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15489,7 +15489,7 @@ "port": 60640 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15567,7 +15567,7 @@ "port": 33966 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15667,7 +15667,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15782,7 +15782,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15870,7 +15870,7 @@ "port": 33524 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -15970,7 +15970,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16080,7 +16080,7 @@ "port": 53104 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16166,7 +16166,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16250,7 +16250,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16332,7 +16332,7 @@ "port": 58100 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16413,7 +16413,7 @@ "port": 60756 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16486,7 +16486,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16578,7 +16578,7 @@ "port": 60122 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16662,7 +16662,7 @@ "port": 53972 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16740,7 +16740,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16838,7 +16838,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -16922,7 +16922,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17006,7 +17006,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17101,7 +17101,7 @@ "port": 65274 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17174,7 +17174,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17275,7 +17275,7 @@ "port": 33530 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17372,7 +17372,7 @@ "port": 65275 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17456,7 +17456,7 @@ "port": 34450 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17529,7 +17529,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17624,7 +17624,7 @@ "port": 53879 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17708,7 +17708,7 @@ "port": 60968 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17781,7 +17781,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17865,7 +17865,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -17960,7 +17960,7 @@ "port": 14236 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18035,7 +18035,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18138,7 +18138,7 @@ "port": 33690 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18241,7 +18241,7 @@ "port": 33562 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18339,7 +18339,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18440,7 +18440,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18531,7 +18531,7 @@ "port": 33590 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18646,7 +18646,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18749,7 +18749,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18835,7 +18835,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -18936,7 +18936,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19027,7 +19027,7 @@ "port": 33968 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19125,7 +19125,7 @@ "port": 52780 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19209,7 +19209,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19296,7 +19296,7 @@ "port": 44128 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19383,7 +19383,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19480,7 +19480,7 @@ "port": 54812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19570,7 +19570,7 @@ "port": 33564 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19667,7 +19667,7 @@ "port": 49438 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19745,7 +19745,7 @@ "port": 33550 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19855,7 +19855,7 @@ "port": 60110 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -19947,7 +19947,7 @@ "port": 51348 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20037,7 +20037,7 @@ "port": 33560 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20140,7 +20140,7 @@ "port": 33510 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20231,7 +20231,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20334,7 +20334,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20443,7 +20443,7 @@ "port": 41822 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20533,7 +20533,7 @@ "port": 33532 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20636,7 +20636,7 @@ "port": 33568 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20739,7 +20739,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20842,7 +20842,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -20945,7 +20945,7 @@ "port": 53106 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21042,7 +21042,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21120,7 +21120,7 @@ "port": 33532 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21223,7 +21223,7 @@ "port": 33858 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21326,7 +21326,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21429,7 +21429,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21532,7 +21532,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21647,7 +21647,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21738,7 +21738,7 @@ "port": 33558 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21836,7 +21836,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -21931,7 +21931,7 @@ "port": 33542 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22022,7 +22022,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22125,7 +22125,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22228,7 +22228,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22338,7 +22338,7 @@ "port": 33550 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22424,7 +22424,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22525,7 +22525,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22628,7 +22628,7 @@ "port": 33970 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22719,7 +22719,7 @@ "port": 33536 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22834,7 +22834,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -22931,7 +22931,7 @@ "port": 65319 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23021,7 +23021,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23112,7 +23112,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23227,7 +23227,7 @@ "port": 33966 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23330,7 +23330,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23416,7 +23416,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23500,7 +23500,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23584,7 +23584,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23679,7 +23679,7 @@ "port": 50364 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23752,7 +23752,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23836,7 +23836,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -23931,7 +23931,7 @@ "port": 53096 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24009,7 +24009,7 @@ "port": 33570 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24118,7 +24118,7 @@ "port": 33126 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24191,7 +24191,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24292,7 +24292,7 @@ "port": 52430 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24389,7 +24389,7 @@ "port": 34536 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24467,7 +24467,7 @@ "port": 33572 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24570,7 +24570,7 @@ "port": 33540 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24673,7 +24673,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24788,7 +24788,7 @@ "port": 53096 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24879,7 +24879,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -24988,7 +24988,7 @@ "port": 65318 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25061,7 +25061,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25156,7 +25156,7 @@ "port": 56478 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25246,7 +25246,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25332,7 +25332,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25421,7 +25421,7 @@ "port": 33694 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25530,7 +25530,7 @@ "port": 65276 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25608,7 +25608,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25717,7 +25717,7 @@ "port": 56410 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25796,7 +25796,7 @@ "port": 51950 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25886,7 +25886,7 @@ "port": 33876 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -25972,7 +25972,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26057,7 +26057,7 @@ "port": 58658 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26130,7 +26130,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26214,7 +26214,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26304,7 +26304,7 @@ "port": 65272 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26377,7 +26377,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26469,7 +26469,7 @@ "port": 45224 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26542,7 +26542,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26637,7 +26637,7 @@ "port": 65277 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26710,7 +26710,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26805,7 +26805,7 @@ "port": 59924 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26889,7 +26889,7 @@ "port": 65273 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -26962,7 +26962,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27043,7 +27043,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27138,7 +27138,7 @@ "port": 34646 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27208,7 +27208,7 @@ "port": 5601 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27294,7 +27294,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27397,7 +27397,7 @@ "port": 9200 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -27512,7 +27512,7 @@ "port": 33574 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml index 52c89261fa7..98afb264cf7 100644 --- a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud VPC Flow Logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/vpcflow/sample_event.json b/packages/gcp/data_stream/vpcflow/sample_event.json index a1244c2cca0..b21842f55b3 100644 --- a/packages/gcp/data_stream/vpcflow/sample_event.json +++ b/packages/gcp/data_stream/vpcflow/sample_event.json @@ -27,7 +27,7 @@ "port": 9200 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md index 1d599665e0e..578110a9846 100644 --- a/packages/gcp/docs/README.md +++ b/packages/gcp/docs/README.md @@ -343,7 +343,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", @@ -599,7 +599,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", @@ -847,7 +847,7 @@ An example event for `vpcflow` looks as following: "port": 9200 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", @@ -1095,7 +1095,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "0168f0f0-b64d-4a7a-ba00-c309f9e7f0ca", diff --git a/packages/gcp/docs/audit.md b/packages/gcp/docs/audit.md index ec4a74ece55..e338fd39489 100644 --- a/packages/gcp/docs/audit.md +++ b/packages/gcp/docs/audit.md @@ -170,7 +170,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/docs/dns.md b/packages/gcp/docs/dns.md index b346d9f7517..905312af23f 100644 --- a/packages/gcp/docs/dns.md +++ b/packages/gcp/docs/dns.md @@ -148,7 +148,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "0168f0f0-b64d-4a7a-ba00-c309f9e7f0ca", diff --git a/packages/gcp/docs/firewall.md b/packages/gcp/docs/firewall.md index 48e690fcf4e..ab4eae518ff 100644 --- a/packages/gcp/docs/firewall.md +++ b/packages/gcp/docs/firewall.md @@ -159,7 +159,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/docs/loadbalancing.md b/packages/gcp/docs/loadbalancing.md index b7f53f6ca7f..2c0a7774c4d 100644 --- a/packages/gcp/docs/loadbalancing.md +++ b/packages/gcp/docs/loadbalancing.md @@ -38,7 +38,7 @@ An example event for `loadbalancing` looks as following: "port": 8080 }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "df142714-8028-4ef0-a80c-4eb03051c084", diff --git a/packages/gcp/docs/vpcflow.md b/packages/gcp/docs/vpcflow.md index 65a292796ac..4a995facb07 100644 --- a/packages/gcp/docs/vpcflow.md +++ b/packages/gcp/docs/vpcflow.md @@ -156,7 +156,7 @@ An example event for `vpcflow` looks as following: "port": 9200 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08bce509-f1bf-4b71-8b6b-b8965e7a733b", diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index eecda9f04ba..6f4816fc295 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.13.0" +version: "2.14.0" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/gcp_pubsub/_dev/build/build.yml b/packages/gcp_pubsub/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/gcp_pubsub/_dev/build/build.yml +++ b/packages/gcp_pubsub/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/gcp_pubsub/changelog.yml b/packages/gcp_pubsub/changelog.yml index b960d585276..689c488c72e 100644 --- a/packages/gcp_pubsub/changelog.yml +++ b/packages/gcp_pubsub/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/gcp_pubsub/manifest.yml b/packages/gcp_pubsub/manifest.yml index 57808a3c072..2816792b853 100644 --- a/packages/gcp_pubsub/manifest.yml +++ b/packages/gcp_pubsub/manifest.yml @@ -1,6 +1,6 @@ name: gcp_pubsub title: Custom Google Pub/Sub Logs -version: "1.2.0" +version: "1.3.0" release: ga description: Collect Logs from Google Pub/Sub topics type: integration diff --git a/packages/github/_dev/build/build.yml b/packages/github/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/github/_dev/build/build.yml +++ b/packages/github/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index b8fdf3f2028..3cc319e4454 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Add org endpoints for code_scanning and secret_scanning along with dashboards diff --git a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json index e7dd1d6d0b3..5f05bb2445f 100644 --- a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json +++ b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-03-04T23:24:11.067Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -36,7 +36,7 @@ { "@timestamp": "2020-03-04T23:24:11.273Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -69,7 +69,7 @@ { "@timestamp": "2020-03-04T23:24:11.179Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -152,7 +152,7 @@ { "@timestamp": "2020-03-04T23:24:11.101Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -185,7 +185,7 @@ { "@timestamp": "2020-03-04T23:24:11.214Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -218,7 +218,7 @@ { "@timestamp": "2020-03-04T23:24:11.364Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -301,7 +301,7 @@ { "@timestamp": "2020-03-04T23:42:30.878Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -347,7 +347,7 @@ { "@timestamp": "2020-03-04T23:24:11.144Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -380,7 +380,7 @@ { "@timestamp": "2020-03-04T23:24:11.325Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -413,7 +413,7 @@ { "@timestamp": "2020-03-05T02:45:22.166Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -464,7 +464,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.create", @@ -498,7 +498,7 @@ { "@timestamp": "2020-03-04T23:24:11.399Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "organization_default_label.create", @@ -531,7 +531,7 @@ { "@timestamp": "2020-03-04T23:24:08.566Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -582,7 +582,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.oauth_app_access_approved", @@ -625,7 +625,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.create", @@ -670,7 +670,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -774,7 +774,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -863,7 +863,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -915,7 +915,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.create", @@ -1012,7 +1012,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -1062,7 +1062,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1101,7 +1101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -1153,7 +1153,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-01-25T22:02:24.633Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1288,7 +1288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -1340,7 +1340,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -1386,7 +1386,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1425,7 +1425,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -1472,7 +1472,7 @@ { "@timestamp": "2021-01-26T01:10:57.848Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.actions_enabled", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -1549,7 +1549,7 @@ { "@timestamp": "2021-01-25T21:57:02.014Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -1600,7 +1600,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1685,7 +1685,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "integration_installation.create", @@ -1770,7 +1770,7 @@ { "@timestamp": "2021-01-25T21:57:36.834Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -1821,7 +1821,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.create", @@ -1860,7 +1860,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.invite_member", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.create", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -2000,7 +2000,7 @@ { "@timestamp": "2021-01-25T22:00:13.018Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.add_member", @@ -2051,7 +2051,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -2103,7 +2103,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -2142,7 +2142,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2181,7 +2181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2220,7 +2220,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2259,7 +2259,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2298,7 +2298,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2337,7 +2337,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2376,7 +2376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2454,7 +2454,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2493,7 +2493,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.add_member", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -2573,7 +2573,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2612,7 +2612,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -2649,7 +2649,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.transfer", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2732,7 +2732,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2771,7 +2771,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -2808,7 +2808,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2847,7 +2847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -2893,7 +2893,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2932,7 +2932,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3006,7 +3006,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -3091,7 +3091,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -3128,7 +3128,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3165,7 +3165,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3239,7 +3239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3276,7 +3276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -3313,7 +3313,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -3350,7 +3350,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3387,7 +3387,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3424,7 +3424,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3461,7 +3461,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3498,7 +3498,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3535,7 +3535,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3572,7 +3572,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3609,7 +3609,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3646,7 +3646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3683,7 +3683,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3757,7 +3757,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -3794,7 +3794,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -3831,7 +3831,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3870,7 +3870,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3907,7 +3907,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create_review_request", @@ -3944,7 +3944,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -3981,7 +3981,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -4057,7 +4057,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.create", @@ -4096,7 +4096,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.add_member", @@ -4134,7 +4134,7 @@ { "@timestamp": "2021-07-03T03:33:42.495Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.update_default_branch", @@ -4173,7 +4173,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.remove_member", @@ -4225,7 +4225,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -4277,7 +4277,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.add_member", @@ -4320,7 +4320,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.remove_member", @@ -4372,7 +4372,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.create", @@ -4411,7 +4411,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.remove_member", @@ -4463,7 +4463,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.update_repository_permission", @@ -4508,7 +4508,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.remove_member", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -4606,7 +4606,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.destroy", @@ -4645,7 +4645,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.remove_member", @@ -4697,7 +4697,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "project.create", @@ -4731,7 +4731,7 @@ { "@timestamp": "2021-09-20T13:54:28.095Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.actions_enabled", @@ -4770,7 +4770,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -4809,7 +4809,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -4848,7 +4848,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -4887,7 +4887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -4926,7 +4926,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -4965,7 +4965,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review.submit", @@ -5002,7 +5002,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5041,7 +5041,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -5080,7 +5080,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -5119,7 +5119,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -5171,7 +5171,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "required_status_check.create", @@ -5210,7 +5210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5249,7 +5249,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5288,7 +5288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -5327,7 +5327,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5405,7 +5405,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.create", @@ -5448,7 +5448,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5487,7 +5487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -5533,7 +5533,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -5579,7 +5579,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.create", @@ -5618,7 +5618,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -5657,7 +5657,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -5696,7 +5696,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5735,7 +5735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -5774,7 +5774,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -5808,7 +5808,7 @@ { "@timestamp": "2021-09-17T16:59:20.413Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.actions_enabled", @@ -5847,7 +5847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -5886,7 +5886,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.create", @@ -5929,7 +5929,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -5968,7 +5968,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "required_status_check.create", @@ -6007,7 +6007,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.rename", @@ -6046,7 +6046,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6085,7 +6085,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6124,7 +6124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -6163,7 +6163,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6202,7 +6202,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.access", @@ -6241,7 +6241,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6280,7 +6280,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -6319,7 +6319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -6358,7 +6358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -6397,7 +6397,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6436,7 +6436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -6475,7 +6475,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6514,7 +6514,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "project.create", @@ -6553,7 +6553,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.audit_log_export", @@ -6596,7 +6596,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_member", @@ -6648,7 +6648,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6687,7 +6687,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6726,7 +6726,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.merge", @@ -6765,7 +6765,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -6804,7 +6804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -6843,7 +6843,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -6882,7 +6882,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request_review_comment.create", @@ -6919,7 +6919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -6962,7 +6962,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -7008,7 +7008,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -7047,7 +7047,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -7086,7 +7086,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.create", @@ -7131,7 +7131,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "team.add_repository", @@ -7177,7 +7177,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -7216,7 +7216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -7255,7 +7255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -7294,7 +7294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_pull_request_reviews_enforcement_level", @@ -7333,7 +7333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -7372,7 +7372,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -7411,7 +7411,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "repo.change_merge_setting", @@ -7450,7 +7450,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.create", @@ -7489,7 +7489,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "protected_branch.policy_override", @@ -7528,7 +7528,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pull_request.ready_for_review", @@ -7567,7 +7567,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.audit_log_git_event_export", @@ -7610,7 +7610,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "git.clone", diff --git a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7a962c1608c..4f1e3548caa 100644 --- a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: diff --git a/packages/github/data_stream/audit/sample_event.json b/packages/github/data_stream/audit/sample_event.json index 0b2230dfe34..8cc87eb01b7 100644 --- a/packages/github/data_stream/audit/sample_event.json +++ b/packages/github/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", diff --git a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json index 6032742764d..45cc3141ffb 100644 --- a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json +++ b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-13T12:29:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -80,7 +80,7 @@ { "@timestamp": "2020-02-13T12:29:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -168,7 +168,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -236,7 +236,7 @@ { "@timestamp": "2022-07-07T17:10:47.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -317,7 +317,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -385,7 +385,7 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -453,7 +453,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -520,7 +520,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", @@ -601,7 +601,7 @@ { "@timestamp": "2022-08-01T23:53:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "code_scanning", diff --git a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml index 56cbcd6c4c6..42d4f2384a6 100644 --- a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.action value: "code_scanning" diff --git a/packages/github/data_stream/code_scanning/sample_event.json b/packages/github/data_stream/code_scanning/sample_event.json index e170178e6af..1b4174b130c 100644 --- a/packages/github/data_stream/code_scanning/sample_event.json +++ b/packages/github/data_stream/code_scanning/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", diff --git a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json index 61693638313..0e3ea89bec6 100644 --- a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json +++ b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -110,7 +110,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -218,7 +218,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -330,7 +330,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -438,7 +438,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -527,7 +527,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -636,7 +636,7 @@ { "@timestamp": "2022-07-12T03:02:16.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", @@ -753,7 +753,7 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "event": { "action": "dependabot", diff --git a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml index 5e101a3fe3a..1bebbd7871d 100644 --- a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: "8.3.0" + value: "8.5.0" - set: field: event.action value: "dependabot" diff --git a/packages/github/data_stream/dependabot/sample_event.json b/packages/github/data_stream/dependabot/sample_event.json index f84fe8595ee..697d0a137ee 100644 --- a/packages/github/data_stream/dependabot/sample_event.json +++ b/packages/github/data_stream/dependabot/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", diff --git a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json index 04a24c610e8..9c672748f02 100644 --- a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json +++ b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-07T02:47:13.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -65,7 +65,7 @@ { "@timestamp": "2020-11-06T18:18:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -103,7 +103,7 @@ { "@timestamp": "2022-07-07T12:56:24.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -152,7 +152,7 @@ { "@timestamp": "2022-07-07T12:54:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -191,7 +191,7 @@ { "@timestamp": "2022-07-07T12:48:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -230,7 +230,7 @@ { "@timestamp": "2022-07-07T10:52:40.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -269,7 +269,7 @@ { "@timestamp": "2022-07-07T12:45:43.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -322,7 +322,7 @@ { "@timestamp": "2022-07-07T09:47:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", @@ -361,7 +361,7 @@ { "@timestamp": "2022-07-07T10:13:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret_scanning", diff --git a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml index da68293715f..c6077156379 100644 --- a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing GitHub audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.action value: "secret_scanning" diff --git a/packages/github/data_stream/secret_scanning/sample_event.json b/packages/github/data_stream/secret_scanning/sample_event.json index 599daf86299..d376dbaf6bb 100644 --- a/packages/github/data_stream/secret_scanning/sample_event.json +++ b/packages/github/data_stream/secret_scanning/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", diff --git a/packages/github/docs/README.md b/packages/github/docs/README.md index ca18389c64e..128d75ea50d 100644 --- a/packages/github/docs/README.md +++ b/packages/github/docs/README.md @@ -85,7 +85,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", @@ -255,7 +255,7 @@ An example event for `code_scanning` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", @@ -432,7 +432,7 @@ An example event for `secret_scanning` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", @@ -620,7 +620,7 @@ An example event for `dependabot` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "358f43b3-c9c2-445b-a26f-fc366493cc2e", diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index 577ae18ff7e..c18743d5a75 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 1.5.0 +version: "1.6.0" release: ga description: Collect logs from GitHub with Elastic Agent. type: integration diff --git a/packages/google_workspace/_dev/build/build.yml b/packages/google_workspace/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/google_workspace/_dev/build/build.yml +++ b/packages/google_workspace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index c910f999e98..07e9c3ef423 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.4" changes: - description: Parse event parameters for user_accounts data stream. diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json index 7def7223d10..ffaeb906931 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_APPLICATION_SETTING", @@ -101,7 +101,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_APPLICATION_SETTING", @@ -198,7 +198,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_APPLICATION_SETTING", @@ -295,7 +295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -380,7 +380,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GPLUS_PREMIUM_FEATURES", @@ -457,7 +457,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_MANAGED_CONFIGURATION", @@ -533,7 +533,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_MANAGED_CONFIGURATION", @@ -609,7 +609,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_MANAGED_CONFIGURATION", @@ -686,7 +686,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json index c801745780f..fc24834270b 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_BUILDING", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_BUILDING", @@ -155,7 +155,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_BUILDING", @@ -236,7 +236,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE", @@ -312,7 +312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE", @@ -388,7 +388,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -464,7 +464,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -540,7 +540,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -622,7 +622,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME_CALENDAR_RESOURCE", @@ -699,7 +699,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE", @@ -780,7 +780,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CALENDAR_SETTING", @@ -877,7 +877,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CANCEL_CALENDAR_EVENTS", @@ -958,7 +958,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RELEASE_CALENDAR_RESOURCES", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json index c33980cb3fd..cfea1cf1102 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MEET_INTEROP_CREATE_GATEWAY", @@ -78,7 +78,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MEET_INTEROP_DELETE_GATEWAY", @@ -153,7 +153,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -229,7 +229,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHAT_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json index 52d239d6fd5..1d76aa92ba3 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING", @@ -103,7 +103,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DEVICE_STATE", @@ -181,7 +181,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -281,7 +281,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -513,7 +513,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -593,7 +593,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -674,7 +674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -749,7 +749,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -824,7 +824,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -901,7 +901,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INSERT_CHROME_OS_PRINTER", @@ -976,7 +976,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_CHROME_OS_PRINTER", @@ -1051,7 +1051,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINTER", @@ -1128,7 +1128,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_SETTING", @@ -1209,7 +1209,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CHROME_OS_USER_SETTING", @@ -1290,7 +1290,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ISSUE_DEVICE_COMMAND", @@ -1370,7 +1370,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -1448,7 +1448,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -1523,7 +1523,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_DEVICE", @@ -1599,7 +1599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json index 4dcb965217a..8d2b7bb9215 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json index 52013c52716..6d7e01b4a0e 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ASSIGN_ROLE", @@ -90,7 +90,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_ROLE", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_ROLE", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_PRIVILEGE", @@ -321,7 +321,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_PRIVILEGE", @@ -400,7 +400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME_ROLE", @@ -476,7 +476,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_ROLE", @@ -552,7 +552,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNASSIGN_ROLE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json index 5e295c320b8..a5cb292e9aa 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TRANSFER_DOCUMENT_OWNERSHIP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DRIVE_DATA_RESTORE", @@ -172,7 +172,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DOCS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json index 2d0c0da357c..6dba0df5218 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ACCOUNT_AUTO_RENEWAL", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_APPLICATION", @@ -156,7 +156,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_APPLICATION_TO_WHITELIST", @@ -232,7 +232,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ADVERTISEMENT_OPTION", @@ -309,7 +309,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_ALERT", @@ -384,7 +384,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ALERT_CRITERIA", @@ -459,7 +459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_ALERT", @@ -534,7 +534,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ALERT_RECEIVERS_CHANGED", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME_ALERT", @@ -685,7 +685,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ALERT_STATUS_CHANGED", @@ -762,7 +762,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_DOMAIN_ALIAS", @@ -838,7 +838,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_DOMAIN_ALIAS", @@ -914,7 +914,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SKIP_DOMAIN_ALIAS_MX", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS_MX", @@ -1066,7 +1066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS", @@ -1143,7 +1143,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -1220,7 +1220,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -1297,7 +1297,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_API_ACCESS", @@ -1375,7 +1375,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -1459,7 +1459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_API_CLIENT_ACCESS", @@ -1539,7 +1539,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_LICENSES_REDEEMED", @@ -1616,7 +1616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1692,7 +1692,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_PRIMARY_DOMAIN", @@ -1768,7 +1768,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_WHITELIST_SETTING", @@ -1846,7 +1846,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1927,7 +1927,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -2004,7 +2004,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_FEEDBACK_SOLICITATION", @@ -2082,7 +2082,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_CONTACT_SHARING", @@ -2159,7 +2159,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -2234,7 +2234,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_USE_CUSTOM_LOGO", @@ -2311,7 +2311,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CUSTOM_LOGO", @@ -2386,7 +2386,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -2463,7 +2463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -2541,7 +2541,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -2616,7 +2616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VIEW_DNS_LOGIN_DETAILS", @@ -2766,7 +2766,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -2843,7 +2843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -2920,7 +2920,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DOMAIN_NAME", @@ -2996,7 +2996,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -3072,7 +3072,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -3149,7 +3149,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_TRUSTED_DOMAINS", @@ -3224,7 +3224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_TRUSTED_DOMAINS", @@ -3299,7 +3299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_EDU_TYPE", @@ -3376,7 +3376,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -3453,7 +3453,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_SSO_ENABLED", @@ -3530,7 +3530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_SSL", @@ -3607,7 +3607,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -3682,7 +3682,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GENERATE_TRANSFER_TOKEN", @@ -3752,7 +3752,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -3829,7 +3829,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_LOGIN_BORDER_COLOR", @@ -3906,7 +3906,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -3983,7 +3983,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PLAY_FOR_WORK_ENROLL", @@ -4059,7 +4059,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PLAY_FOR_WORK_UNENROLL", @@ -4134,7 +4134,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MX_RECORD_VERIFICATION_CLAIM", @@ -4218,7 +4218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_NEW_APP_FEATURES", @@ -4295,7 +4295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -4372,7 +4372,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPLOAD_OAUTH_CERTIFICATE", @@ -4447,7 +4447,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -4522,7 +4522,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_OPEN_ID_ENABLED", @@ -4599,7 +4599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ORGANIZATION_NAME", @@ -4676,7 +4676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_OUTBOUND_RELAY", @@ -4757,7 +4757,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -4834,7 +4834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -4911,7 +4911,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -4988,7 +4988,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -5066,7 +5066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_APPLICATION", @@ -5142,7 +5142,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -5218,7 +5218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -5295,7 +5295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_RESELLER_ACCESS", @@ -5369,7 +5369,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RULE_ACTIONS_CHANGED", @@ -5444,7 +5444,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_RULE", @@ -5519,7 +5519,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_RULE_CRITERIA", @@ -5594,7 +5594,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_RULE", @@ -5669,7 +5669,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME_RULE", @@ -5743,7 +5743,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RULE_STATUS_CHANGED", @@ -5820,7 +5820,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_SECONDARY_DOMAIN", @@ -5896,7 +5896,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_SECONDARY_DOMAIN", @@ -5972,7 +5972,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SKIP_SECONDARY_DOMAIN_MX", @@ -6048,7 +6048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -6124,7 +6124,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN", @@ -6200,7 +6200,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -6277,7 +6277,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_SSO_SETTINGS", @@ -6353,7 +6353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GENERATE_PIN", @@ -6423,7 +6423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_RULE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json index d3cf4129d5b..34d17feb862 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DROP_FROM_QUARANTINE", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EMAIL_LOG_SEARCH", @@ -168,7 +168,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EMAIL_UNDELETE", @@ -252,7 +252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_EMAIL_SETTING", @@ -349,7 +349,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_GMAIL_SETTING", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_GMAIL_SETTING", @@ -515,7 +515,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_GMAIL_SETTING", @@ -598,7 +598,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REJECT_FROM_QUARANTINE", @@ -676,7 +676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RELEASE_FROM_QUARANTINE", @@ -754,7 +754,7 @@ { "@timestamp": "2022-03-07T04:48:46.816Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EMAIL_LOG_SEARCH", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json index 6acd12f5e12..78294699687 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_GROUP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_GROUP", @@ -173,7 +173,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_GROUP_DESCRIPTION", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_LIST_DOWNLOAD", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_GROUP_MEMBER", @@ -423,7 +423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_GROUP_MEMBER", @@ -516,7 +516,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_GROUP_MEMBER", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -706,7 +706,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -801,7 +801,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_MEMBER_BULK_UPLOAD", @@ -878,7 +878,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GROUP_MEMBERS_DOWNLOAD", @@ -949,7 +949,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_GROUP_NAME", @@ -1036,7 +1036,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_GROUP_SETTING", @@ -1127,7 +1127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "WHITELISTED_GROUPS_UPDATED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json index e45aadc8b0c..f7895a82066 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ORG_USERS_LICENSE_ASSIGNMENT", @@ -82,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -161,7 +161,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_LICENSE_ASSIGNMENT", @@ -246,7 +246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -323,7 +323,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_LICENSE_REASSIGNMENT", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ORG_LICENSE_REVOKE", @@ -488,7 +488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_LICENSE_REVOKE", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_DYNAMIC_LICENSE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json index eb9b52ac460..afaf5260494 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_CANCELLED", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ACTION_REQUESTED", @@ -187,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_MOBILE_CERTIFICATE", @@ -270,7 +270,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMPANY_DEVICES_BULK_CREATION", @@ -345,7 +345,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -421,7 +421,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMPANY_DEVICE_DELETION", @@ -497,7 +497,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_WIPED", @@ -649,7 +649,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -738,7 +738,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -816,7 +816,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -900,7 +900,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -1074,7 +1074,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_APPROVE", @@ -1160,7 +1160,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_BLOCK", @@ -1246,7 +1246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_DELETE", @@ -1332,7 +1332,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_WIPE", @@ -1418,7 +1418,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_SETTING", @@ -1502,7 +1502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -1580,7 +1580,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1661,7 +1661,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1742,7 +1742,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1823,7 +1823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1904,7 +1904,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_MOBILE_CERTIFICATE", @@ -1987,7 +1987,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -2057,7 +2057,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -2127,7 +2127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -2197,7 +2197,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -2267,7 +2267,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_ACCOUNT_WIPE", @@ -2353,7 +2353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -2439,7 +2439,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json index 3f6640bdc09..86812961d6d 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_LICENSES_ENABLED", @@ -84,7 +84,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -247,7 +247,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -405,7 +405,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ASSIGN_CUSTOM_LOGO", @@ -480,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNASSIGN_CUSTOM_LOGO", @@ -555,7 +555,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_ENROLLMENT_TOKEN", @@ -630,7 +630,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_ENROLLMENT_TOKEN", @@ -705,7 +705,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHROME_LICENSES_ALLOWED", @@ -786,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_ORG_UNIT", @@ -861,7 +861,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_ORG_UNIT", @@ -936,7 +936,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -1011,7 +1011,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOVE_ORG_UNIT", @@ -1087,7 +1087,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EDIT_ORG_UNIT_NAME", @@ -1163,7 +1163,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -1238,7 +1238,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_SERVICE_ENABLED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json index 84ab6e79a0e..3bf46253ea0 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ALLOW_STRONG_AUTHENTICATION", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -162,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -243,7 +243,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -327,7 +327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -491,7 +491,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BLOCK_ON_DEVICE_ACCESS", @@ -571,7 +571,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -662,7 +662,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -753,7 +753,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -844,7 +844,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -935,7 +935,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -1025,7 +1025,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_CAA_ENABLEMENT", @@ -1098,7 +1098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CAA_ERROR_MESSAGE", @@ -1174,7 +1174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -1262,7 +1262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1337,7 +1337,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1412,7 +1412,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -1503,7 +1503,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENFORCE_STRONG_AUTHENTICATION", @@ -1600,7 +1600,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1678,7 +1678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1769,7 +1769,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1850,7 +1850,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_SESSION_LENGTH", @@ -1925,7 +1925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNBLOCK_ON_DEVICE_ACCESS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json index 3883cf6e0eb..15b9a22f62b 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_WEB_ADDRESS", @@ -89,7 +89,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_WEB_ADDRESS", @@ -175,7 +175,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_SITES_SETTING", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -341,7 +341,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VIEW_SITE_DETAILS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json index f6c6dc0cf1c..b4321bf8e19 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_2SV_SCRATCH_CODES", @@ -85,7 +85,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GENERATE_2SV_SCRATCH_CODES", @@ -167,7 +167,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_3LO_DEVICE_TOKENS", @@ -253,7 +253,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_3LO_TOKEN", @@ -338,7 +338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_RECOVERY_EMAIL", @@ -420,7 +420,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_RECOVERY_PHONE", @@ -502,7 +502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GRANT_ADMIN_PRIVILEGE", @@ -584,7 +584,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_ADMIN_PRIVILEGE", @@ -666,7 +666,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_ASP", @@ -751,7 +751,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -834,7 +834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BULK_UPLOAD", @@ -913,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -998,7 +998,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CANCEL_USER_INVITE", @@ -1083,7 +1083,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_CUSTOM_FIELD", @@ -1170,7 +1170,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_EXTERNAL_ID", @@ -1254,7 +1254,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_GENDER", @@ -1338,7 +1338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_IM", @@ -1422,7 +1422,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ENABLE_USER_IP_WHITELIST", @@ -1506,7 +1506,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_KEYWORD", @@ -1590,7 +1590,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_LANGUAGE", @@ -1674,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_LOCATION", @@ -1758,7 +1758,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_ORGANIZATION", @@ -1842,7 +1842,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_PHONE_NUMBER", @@ -1926,7 +1926,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_RECOVERY_EMAIL", @@ -2008,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_RECOVERY_PHONE", @@ -2090,7 +2090,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_RELATION", @@ -2174,7 +2174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_USER_ADDRESS", @@ -2258,7 +2258,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_EMAIL_MONITOR", @@ -2352,7 +2352,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_DATA_TRANSFER_REQUEST", @@ -2438,7 +2438,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -2521,7 +2521,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_ACCOUNT_INFO_DUMP", @@ -2606,7 +2606,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_EMAIL_MONITOR", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_MAILBOX_DUMP", @@ -2776,7 +2776,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_FIRST_NAME", @@ -2860,7 +2860,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GMAIL_RESET_USER", @@ -2943,7 +2943,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_LAST_NAME", @@ -3027,7 +3027,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -3110,7 +3110,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -3193,7 +3193,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ADD_NICKNAME", @@ -3276,7 +3276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_NICKNAME", @@ -3359,7 +3359,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_PASSWORD", @@ -3441,7 +3441,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -3525,7 +3525,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -3595,7 +3595,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_RECOVERY_EMAIL", @@ -3677,7 +3677,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REMOVE_RECOVERY_PHONE", @@ -3759,7 +3759,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REQUEST_ACCOUNT_INFO", @@ -3841,7 +3841,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REQUEST_MAILBOX_DUMP", @@ -3931,7 +3931,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RESEND_USER_INVITE", @@ -4016,7 +4016,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RESET_SIGNIN_COOKIES", @@ -4098,7 +4098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -4180,7 +4180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REVOKE_SECURITY_KEY", @@ -4262,7 +4262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_INVITE", @@ -4347,7 +4347,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "VIEW_TEMP_PASSWORD", @@ -4432,7 +4432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TURN_OFF_2_STEP_VERIFICATION", @@ -4514,7 +4514,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNBLOCK_USER_SESSION", @@ -4596,7 +4596,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNENROLL_USER_FROM_TITANIUM", @@ -4678,7 +4678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ARCHIVE_USER", @@ -4760,7 +4760,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE_BIRTHDATE", @@ -4843,7 +4843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE_USER", @@ -4925,7 +4925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE_USER", @@ -5007,7 +5007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DOWNGRADE_USER_FROM_GPLUS", @@ -5089,7 +5089,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -5171,7 +5171,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DOWNLOAD_USERLIST_CSV", @@ -5241,7 +5241,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "MOVE_USER_TO_ORG_UNIT", @@ -5327,7 +5327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -5410,7 +5410,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RENAME_USER", @@ -5493,7 +5493,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -5575,7 +5575,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SUSPEND_USER", @@ -5657,7 +5657,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNARCHIVE_USER", @@ -5739,7 +5739,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNDELETE_USER", @@ -5821,7 +5821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UNSUSPEND_USER", @@ -5903,7 +5903,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPGRADE_USER_TO_GPLUS", @@ -5985,7 +5985,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USERS_BULK_UPLOAD", @@ -6061,7 +6061,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 7bb4bf069fa..0b6ac028efc 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/admin/sample_event.json b/packages/google_workspace/data_stream/admin/sample_event.json index f0559d0b602..25052763072 100644 --- a/packages/google_workspace/data_stream/admin/sample_event.json +++ b/packages/google_workspace/data_stream/admin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json index 539a8ae2a39..6ec5bc7ac0e 100644 --- a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json +++ b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add_to_folder", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "approval_canceled", @@ -187,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "approval_comment_added", @@ -279,7 +279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "approval_requested", @@ -371,7 +371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "approval_reviewer_responded", @@ -463,7 +463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create", @@ -553,7 +553,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete", @@ -643,7 +643,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "download", @@ -733,7 +733,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "edit", @@ -823,7 +823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add_lock", @@ -913,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "move", @@ -1007,7 +1007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "preview", @@ -1097,7 +1097,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "print", @@ -1187,7 +1187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove_from_folder", @@ -1279,7 +1279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rename", @@ -1371,7 +1371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "untrash", @@ -1461,7 +1461,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sheets_import_range", @@ -1551,7 +1551,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "trash", @@ -1641,7 +1641,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove_lock", @@ -1731,7 +1731,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "upload", @@ -1821,7 +1821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "view", @@ -1912,7 +1912,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_acl_editors", @@ -2008,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_document_access_scope", @@ -2105,7 +2105,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_document_visibility", @@ -2202,7 +2202,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "shared_drive_membership_change", @@ -2299,7 +2299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "shared_drive_settings_change", @@ -2396,7 +2396,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sheets_import_range_access_change", @@ -2488,7 +2488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_user_access", diff --git a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml index 6d5eb64af3a..5952a6f0bf7 100644 --- a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: file diff --git a/packages/google_workspace/data_stream/drive/sample_event.json b/packages/google_workspace/data_stream/drive/sample_event.json index 9d200cea3d7..2702e6639da 100644 --- a/packages/google_workspace/data_stream/drive/sample_event.json +++ b/packages/google_workspace/data_stream/drive/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json index af9a5db6eec..1bc2ebca2c9 100644 --- a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json +++ b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_acl_permission", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept_invitation", @@ -180,7 +180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "approve_join_request", @@ -272,7 +272,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "join", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "request_to_join", @@ -442,7 +442,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_basic_setting", @@ -530,7 +530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create_group", @@ -614,7 +614,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete_group", @@ -698,7 +698,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_identity_setting", @@ -786,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add_info_setting", @@ -873,7 +873,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_info_setting", @@ -961,7 +961,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove_info_setting", @@ -1048,7 +1048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_new_members_restrictions_setting", @@ -1136,7 +1136,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_post_replies_setting", @@ -1224,7 +1224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_spam_moderation_setting", @@ -1312,7 +1312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "change_topic_setting", @@ -1400,7 +1400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "moderate_message", @@ -1489,7 +1489,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "always_post_from_user", @@ -1581,7 +1581,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add_user", @@ -1674,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ban_user_with_moderation", @@ -1767,7 +1767,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "revoke_invitation", @@ -1859,7 +1859,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "invite_user", @@ -1951,7 +1951,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reject_join_request", @@ -2043,7 +2043,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reinvite_user", @@ -2135,7 +2135,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove_user", diff --git a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml index c48fbde1a82..6ec1a546c4c 100644 --- a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/groups/sample_event.json b/packages/google_workspace/data_stream/groups/sample_event.json index ca9c8963796..66691813331 100644 --- a/packages/google_workspace/data_stream/groups/sample_event.json +++ b/packages/google_workspace/data_stream/groups/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json index 3839dee83d8..dd18846c64b 100644 --- a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json +++ b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account_disabled_password_leak", @@ -82,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "suspicious_login", @@ -162,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "suspicious_login_less_secure_app", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "suspicious_programmatic_login", @@ -322,7 +322,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account_disabled_generic", @@ -401,7 +401,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account_disabled_spamming_through_relay", @@ -480,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account_disabled_spamming", @@ -559,7 +559,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account_disabled_hijacked", @@ -640,7 +640,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "gov_attack_warning", @@ -710,7 +710,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_failure", @@ -787,7 +787,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_challenge", @@ -863,7 +863,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_verification", @@ -939,7 +939,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logout", @@ -1013,7 +1013,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml index 44494dc58cd..29ddf0471dc 100644 --- a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: authentication diff --git a/packages/google_workspace/data_stream/login/sample_event.json b/packages/google_workspace/data_stream/login/sample_event.json index b391f392c61..28a0dcefb9b 100644 --- a/packages/google_workspace/data_stream/login/sample_event.json +++ b/packages/google_workspace/data_stream/login/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json index cc65299b2db..f1d0067f294 100644 --- a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json +++ b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_failure", @@ -83,7 +83,7 @@ { "@timestamp": "2020-10-02T15:00:01.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_success", diff --git a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml index 1f823a20ea5..b4985da2eed 100644 --- a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.type value: start diff --git a/packages/google_workspace/data_stream/saml/sample_event.json b/packages/google_workspace/data_stream/saml/sample_event.json index df238f80a36..19f42760613 100644 --- a/packages/google_workspace/data_stream/saml/sample_event.json +++ b/packages/google_workspace/data_stream/saml/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json index 168635ad94f..0a8bf157b9c 100644 --- a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json +++ b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "2sv_disable", @@ -74,7 +74,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "2sv_enroll", @@ -145,7 +145,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password_edit", @@ -216,7 +216,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recovery_email_edit", @@ -287,7 +287,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recovery_phone_edit", @@ -358,7 +358,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recovery_secret_qa_edit", @@ -429,7 +429,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "titanium_enroll", @@ -500,7 +500,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "titanium_unenroll", @@ -571,7 +571,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "email_forwarding_out_of_domain", diff --git a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml index d7cfb1103ea..88b6819c3ea 100644 --- a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.type value: change diff --git a/packages/google_workspace/data_stream/user_accounts/sample_event.json b/packages/google_workspace/data_stream/user_accounts/sample_event.json index 42bec86b931..c81302e3ea2 100644 --- a/packages/google_workspace/data_stream/user_accounts/sample_event.json +++ b/packages/google_workspace/data_stream/user_accounts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/docs/README.md b/packages/google_workspace/docs/README.md index 6c1e16db264..971ed5f9e67 100644 --- a/packages/google_workspace/docs/README.md +++ b/packages/google_workspace/docs/README.md @@ -69,7 +69,7 @@ An example event for `saml` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -286,7 +286,7 @@ An example event for `user_accounts` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -489,7 +489,7 @@ An example event for `login` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -707,7 +707,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1035,7 +1035,7 @@ An example event for `drive` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1288,7 +1288,7 @@ An example event for `groups` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 65b965291f9..ac18a5f6c30 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace -version: 1.7.4 +version: "1.8.0" release: ga description: Collect logs from Google Workspace with Elastic Agent. type: integration diff --git a/packages/hashicorp_vault/_dev/build/build.yml b/packages/hashicorp_vault/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/hashicorp_vault/_dev/build/build.yml +++ b/packages/hashicorp_vault/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 44111fa98b8..76b30808726 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Update mappings for Hashicorp Vault 1.11. diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index cc4f420ad76..92e18cecc3f 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-01T20:29:04.356Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", @@ -93,7 +93,7 @@ { "@timestamp": "2020-12-01T20:29:04.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", @@ -202,7 +202,7 @@ { "@timestamp": "2021-07-19T17:19:00.673Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", @@ -260,7 +260,7 @@ { "@timestamp": "2021-07-19T17:19:00.674Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", @@ -324,7 +324,7 @@ { "@timestamp": "2021-06-29T17:26:11.402Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -407,7 +407,7 @@ { "@timestamp": "2021-06-29T17:26:11.409Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -504,7 +504,7 @@ { "@timestamp": "2021-06-29T18:01:29.545Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -585,7 +585,7 @@ { "@timestamp": "2021-06-29T18:01:29.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -710,7 +710,7 @@ { "@timestamp": "2021-12-30T17:11:12.468Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "help", diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json index 46932e83a39..913f28e1093 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-04-09T21:04:29.640Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -69,7 +69,7 @@ { "@timestamp": "2018-04-09T21:04:29.642Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -163,7 +163,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", @@ -252,7 +252,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "update", diff --git a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 088e882fd1f..1d1dbbba28a 100644 --- a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault audit logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/hashicorp_vault/data_stream/audit/sample_event.json b/packages/hashicorp_vault/data_stream/audit/sample_event.json index 28d4e3b8afc..15c1b5887b8 100644 --- a/packages/hashicorp_vault/data_stream/audit/sample_event.json +++ b/packages/hashicorp_vault/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "03109bfa-7015-46bd-9433-3879357210cd", diff --git a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 6051e30d5a9..2694185db79 100644 --- a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-16T06:30:48.194Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -27,7 +27,7 @@ { "@timestamp": "2021-07-16T06:33:08.867Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -50,7 +50,7 @@ { "@timestamp": "2021-07-09T17:20:27.184Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -77,7 +77,7 @@ { "@timestamp": "2021-07-09T17:20:27.190Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -100,7 +100,7 @@ { "@timestamp": "2021-07-09T17:20:27.182Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -127,7 +127,7 @@ { "@timestamp": "2021-07-09T17:20:27.212Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -151,7 +151,7 @@ { "@timestamp": "2021-07-09T17:04:06.945Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -175,7 +175,7 @@ { "@timestamp": "2021-07-16T19:05:02.795Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -198,7 +198,7 @@ { "@timestamp": "2021-07-09T17:01:42.203Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -222,7 +222,7 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -245,7 +245,7 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -272,7 +272,7 @@ { "@timestamp": "2021-07-22T17:33:20.691Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f1fab77e3e1..351cf76d3fb 100644 --- a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault operational logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/hashicorp_vault/data_stream/log/sample_event.json b/packages/hashicorp_vault/data_stream/log/sample_event.json index 553e8f166e3..67b572d891e 100644 --- a/packages/hashicorp_vault/data_stream/log/sample_event.json +++ b/packages/hashicorp_vault/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml index 54b147e0942..7c33eaf4c52 100644 --- a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml @@ -11,7 +11,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: service.type value: hashicorp_vault diff --git a/packages/hashicorp_vault/data_stream/metrics/sample_event.json b/packages/hashicorp_vault/data_stream/metrics/sample_event.json index 56425016afb..5ec99168e86 100644 --- a/packages/hashicorp_vault/data_stream/metrics/sample_event.json +++ b/packages/hashicorp_vault/data_stream/metrics/sample_event.json @@ -13,7 +13,7 @@ "type": "metrics" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/docs/README.md b/packages/hashicorp_vault/docs/README.md index 8f0f0804dfc..5e1cfa3232f 100644 --- a/packages/hashicorp_vault/docs/README.md +++ b/packages/hashicorp_vault/docs/README.md @@ -97,7 +97,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "03109bfa-7015-46bd-9433-3879357210cd", @@ -331,7 +331,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 173084aa768..c0619c7ddcd 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: "1.7.0" +version: "1.8.0" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration diff --git a/packages/hid_bravura_monitor/_dev/build/build.yml b/packages/hid_bravura_monitor/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/hid_bravura_monitor/_dev/build/build.yml +++ b/packages/hid_bravura_monitor/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index b091e687739..8bf80e19920 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.3" changes: - description: Remove duplicate field. diff --git a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json index ce67e4fcde6..6ac9009c05c 100644 --- a/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json +++ b/packages/hid_bravura_monitor/data_stream/log/_dev/test/pipeline/test-hid-bravura-monitor.log-expected.json @@ -3,10 +3,10 @@ { "@timestamp": "2021-01-16T00:38:18.515Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657142483Z", + "ingested": "2022-11-04T08:04:59.287385927Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -33,10 +33,10 @@ { "@timestamp": "2021-01-16T00:35:25.258Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657146169Z", + "ingested": "2022-11-04T08:04:59.287397064Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -63,10 +63,10 @@ { "@timestamp": "2021-01-27T00:31:24.499Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657147458Z", + "ingested": "2022-11-04T08:04:59.287398736Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -93,10 +93,10 @@ { "@timestamp": "2021-01-16T00:35:34.317Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657148565Z", + "ingested": "2022-11-04T08:04:59.287399752Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -123,10 +123,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657149633Z", + "ingested": "2022-11-04T08:04:59.287400679Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -160,10 +160,10 @@ { "@timestamp": "2021-01-16T11:54:34.234Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657150699Z", + "ingested": "2022-11-04T08:04:59.287401613Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -197,10 +197,10 @@ { "@timestamp": "2021-10-21T19:13:31.679Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657152043Z", + "ingested": "2022-11-04T08:04:59.287402538Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -227,10 +227,10 @@ { "@timestamp": "2021-01-16T00:35:32.941Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657153088Z", + "ingested": "2022-11-04T08:04:59.287403538Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -269,10 +269,10 @@ { "@timestamp": "2021-01-16T11:54:18.663Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657154149Z", + "ingested": "2022-11-04T08:04:59.287404454Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -308,10 +308,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657155192Z", + "ingested": "2022-11-04T08:04:59.287405362Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -345,10 +345,10 @@ { "@timestamp": "2021-02-05T08:41:11.845Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657156253Z", + "ingested": "2022-11-04T08:04:59.287406286Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -380,10 +380,10 @@ { "@timestamp": "2021-02-05T08:43:13.839Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657157482Z", + "ingested": "2022-11-04T08:04:59.287407425Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -416,10 +416,10 @@ { "@timestamp": "2021-01-16T11:54:25.839Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657158543Z", + "ingested": "2022-11-04T08:04:59.287408377Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -452,10 +452,10 @@ { "@timestamp": "2021-01-27T14:36:47.026Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657159626Z", + "ingested": "2022-11-04T08:04:59.287409327Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -489,10 +489,10 @@ { "@timestamp": "2021-02-04T18:03:38.605Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657160674Z", + "ingested": "2022-11-04T08:04:59.287410245Z", "timezone": "UTC" }, "hid_bravura_monitor": { @@ -527,10 +527,10 @@ { "@timestamp": "2021-01-16T00:35:32.958Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { - "ingested": "2022-07-27T20:14:14.657161826Z", + "ingested": "2022-11-04T08:04:59.287450703Z", "timezone": "UTC" }, "hid_bravura_monitor": { diff --git a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3a9e7b70e53..6ffbad2acf6 100644 --- a/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing hid_bravura_monitor logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' description: Set ecs.version to 1.12.0 - set: field: event.ingested diff --git a/packages/hid_bravura_monitor/data_stream/log/sample_event.json b/packages/hid_bravura_monitor/data_stream/log/sample_event.json index a6619fa684b..6fe784ec826 100644 --- a/packages/hid_bravura_monitor/data_stream/log/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/log/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", diff --git a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json index b7fb108670e..be025fc449b 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/_dev/test/pipeline/test-hid-bravura-monitor-events.json-expected.json @@ -3,11 +3,11 @@ { "@timestamp": "2020-05-13T09:04:04.755Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "118", - "ingested": "2022-07-27T20:14:14.876564183Z", + "ingested": "2022-11-04T08:04:59.514345669Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, @@ -46,11 +46,11 @@ { "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "64", - "ingested": "2022-07-27T20:14:14.876567654Z", + "ingested": "2022-11-04T08:04:59.514357508Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, @@ -92,11 +92,11 @@ { "@timestamp": "2021-11-03T20:05:14.092Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "94", - "ingested": "2022-07-27T20:14:14.876568928Z", + "ingested": "2022-11-04T08:04:59.514359189Z", "kind": "event", "provider": "Hitachi-Hitachi ID Systems-Hitachi ID Suite" }, diff --git a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml index a7eb3c92bd4..304809898c5 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/elasticsearch/ingest_pipeline/default.yml @@ -356,7 +356,7 @@ processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: log.level diff --git a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json index 0fdff9a5252..9f9d486e89c 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/winlog/sample_event.json @@ -85,6 +85,6 @@ "type": "filebeat" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" } } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index 48383fa128b..b4d38848d76 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -168,7 +168,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", @@ -525,7 +525,7 @@ An example event for `winlog` looks as following: "type": "filebeat" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" } } ``` diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index eb84150daee..e12995e6ad9 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: "1.2.3" +version: "1.3.0" categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. diff --git a/packages/http_endpoint/_dev/build/build.yml b/packages/http_endpoint/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/http_endpoint/_dev/build/build.yml +++ b/packages/http_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/http_endpoint/changelog.yml b/packages/http_endpoint/changelog.yml index a98b74d178b..3b9736969fa 100644 --- a/packages/http_endpoint/changelog.yml +++ b/packages/http_endpoint/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/http_endpoint/manifest.yml b/packages/http_endpoint/manifest.yml index 92ac2c70754..d7838ae1f6c 100644 --- a/packages/http_endpoint/manifest.yml +++ b/packages/http_endpoint/manifest.yml @@ -3,7 +3,7 @@ name: http_endpoint title: Custom HTTP Endpoint Logs description: Collect JSON data from listening HTTP port with Elastic Agent. type: integration -version: "1.3.0" +version: "1.4.0" release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/httpjson/_dev/build/build.yml b/packages/httpjson/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/httpjson/_dev/build/build.yml +++ b/packages/httpjson/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml index 6fab3562343..812535cee47 100644 --- a/packages/httpjson/changelog.yml +++ b/packages/httpjson/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.1" changes: - description: Update docs remnaing Custom HTTPJSON to Custom API diff --git a/packages/httpjson/manifest.yml b/packages/httpjson/manifest.yml index 3adf26e2ef7..43ea6e85402 100644 --- a/packages/httpjson/manifest.yml +++ b/packages/httpjson/manifest.yml @@ -3,7 +3,7 @@ name: httpjson title: Custom API description: Collect custom events from an API endpoint with Elastic agent' type: integration -version: 1.5.1 +version: "1.6.0" release: ga conditions: kibana.version: "^8.4.0" diff --git a/packages/imperva/_dev/build/build.yml b/packages/imperva/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/imperva/_dev/build/build.yml +++ b/packages/imperva/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 9ee48eae3d7..73316616852 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.10.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json index 8c9f7f62c01..74602a345f2 100644 --- a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.70.155.35,dstPort=892,dbUsername=tatno,srcIP=10.81.122.126,srcPort=4141,creatTime=29 January 2016 06:09:59,srvGroup=uam,service=untutl,appName=rad,event#=taliqu,eventType=Login,usrGroup=ommod,usrAuth=True,application=\"scivel\",osUsername=aqui,srcHost=radipis5408.mail.local,dbName=enatuse,schemaName=magn,bindVar=equuntu,sqlError=failure,respSize=5910,respTime=10.347000,affRows=sum,action=\"cancel\",rawQuery=\"sit\"", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=nimadmin,createTime=2016-02-12 13:12:33,eventType=erep,eventSev=low,username=temq,subsystem=ugiatqu,message=\"eacomm\"", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.58.116.231,dstPort=996,dbUsername=qua,srcIP=10.159.182.171,srcPort=3947,creatTime=2016-02-26 20:15:08,srvGroup=apariat,service=mol,appName=pteursi,event#=onse,eventType=rumet,usrGroup=oll,usrAuth=erc,application=\"taliqu\",osUsername=temUten,srcHost=ccusan7572.api.home,dbName=aveniam,schemaName=uradi,bindVar=nimadmin,sqlError=failure,respSize=3626,respTime=79.328000,affRows=ender,action=\"accept\",rawQuery=\"ehenderi\"", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.232.27.250,dstPort=7838,dbUsername=mquidol,srcIP=10.18.124.28,srcPort=7668,creatTime=12 March 2016 03:17:42,srvGroup=rsitamet,service=lupt,appName=xea,event#=qua,eventType=Login,usrGroup=luptatev,usrAuth=False,application=\"admi\",osUsername=modocons,srcHost=elaudant5931.internal.invalid,dbName=lores,schemaName=lapariat,bindVar=eddoei,sqlError=failure,respSize=6564,respTime=87.496000,affRows=nimadmin,action=\"cancel\",rawQuery=\"xercitat\"", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=ationemu,event#=ice,createTime=2016-03-26 10:20:16,updateTime=estiae,alertSev=high,group=laborum,ruleName=\"tionof\",evntDesc=\"snostrud\",category=nama,disposition=quisnos,eventType=ite,proto=icmp,srcPort=2707,srcIP=10.6.137.200,dstPort=5697,dstIP=10.197.250.10,policyName=\"bor\",occurrences=7243,httpHost=hitect,webMethod=dol,url=\"https://internal.example.net/namali/taevit.html?nsecte=itame#eumfug\",webQuery=\"lit\",soapAction=asun,resultCode=estia,sessionID=eaq,username=occae,addUsername=ctetura,responseTime=labore,responseSize=texp,direction=external,dbUsername=adeseru,queryGroup=emoe,application=\"eaq\",srcHost=amest4147.mail.host,osUsername=intoc,schemaName=oluptas,dbName=tNequepo,hdrName=lup,action=cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=sperna,event#=eabilloi,createTime=2016-04-09 17:22:51,updateTime=estia,alertSev=medium,group=tlab,ruleName=\"volupt\",evntDesc=\"osqui\",category=xerc,disposition=iutali,eventType=fdeFi,proto=igmp,srcPort=1696,srcIP=10.179.124.125,dstPort=5473,dstIP=10.36.194.106,policyName=\"eprehend\",occurrences=2462,httpHost=dutper,webMethod=lamcolab,url=\"https://example.net/tlabo/uames.gif?mpo=offi#giatnu\",webQuery=\"ulapa\",soapAction=liqui,resultCode=quioffi,sessionID=uptate,username=ncidid,addUsername=quaturve,responseTime=sequa,responseSize=aera,direction=outbound,dbUsername=rvel,queryGroup=uid,application=\"onsecte\",srcHost=eratv6205.internal.lan,osUsername=reme,schemaName=acommod,dbName=uaUteni,hdrName=udantium,action=accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.149.43,dstPort=3304,dbUsername=eveli,srcIP=10.211.105.204,srcPort=2742,creatTime=2016-04-24 00:25:25,srvGroup=aliquide,service=ofde,appName=equat,event#=derit,eventType=Logout,usrGroup=dexea,usrAuth=True,application=\"atcu\",osUsername=labor,srcHost=didunt1355.corp,dbName=udan,schemaName=orema,bindVar=invento,sqlError=failure,respSize=6855,respTime=74.098000,affRows=nofdeFin,action=\"accept\",rawQuery=\"rau\"", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.191.180,dstPort=5848,dbUsername=ipsumdol,srcIP=10.112.250.193,srcPort=5705,creatTime=2016-05-08 07:27:59,srvGroup=urerepr,service=ese,appName=isaute,event#=ptatemq,eventType=Logout,usrGroup=luptatev,usrAuth=False,application=\"tlabore\",osUsername=Exc,srcHost=pora6854.www5.home,dbName=nevo,schemaName=ide,bindVar=aali,sqlError=success,respSize=6852,respTime=49.573000,affRows=etcons,action=\"cancel\",rawQuery=\"tenbyCi\"", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.251.20.13,dstPort=264,dbUsername=iquipe,srcIP=10.192.34.76,srcPort=1450,creatTime=2016-05-22 14:30:33,srvGroup=upida,service=tvolupt,appName=eufugi,event#=pici,eventType=abor,usrGroup=utpe,usrAuth=onsequ,application=\"temqu\",osUsername=ovol,srcHost=ptasn6599.www.localhost,dbName=lore,schemaName=tnonpro,bindVar=ionemu,sqlError=success,respSize=3645,respTime=20.909000,affRows=tanimid,action=\"deny\",rawQuery=\"uamni\"", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.74.105.218,dstPort=2438,dbUsername=archite,srcIP=10.59.138.212,srcPort=7829,creatTime=2016-06-05 21:33:08,srvGroup=asi,service=datatno,appName=siutali,event#=amnih,eventType=Logout,usrGroup=ium,usrAuth=True,application=\"esciuntN\",osUsername=idunt,srcHost=ptasnu6684.mail.lan,dbName=orumSe,schemaName=boree,bindVar=intoc,sqlError=success,respSize=248,respTime=158.450000,affRows=eeufugia,action=\"block\",rawQuery=\"ofdeFini\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.168.159.13,dstPort=3319,dbUsername=inci,srcIP=10.230.173.4,srcPort=2631,creatTime=2016-06-20 04:35:42,srvGroup=avol,service=icero,appName=xer,event#=emipsumd,eventType=Logout,usrGroup=isisten,usrAuth=False,application=\"cusant\",osUsername=atemq,srcHost=rinre2977.api.corp,dbName=totamre,schemaName=isnostr,bindVar=umqu,sqlError=success,respSize=6135,respTime=86.668000,affRows=inesci,action=\"accept\",rawQuery=\"uia\"", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.49.167.57,dstPort=2119,dbUsername=tali,srcIP=10.41.21.204,srcPort=3540,creatTime=4 July 2016 11:38:16,srvGroup=rpori,service=ice,appName=oles,event#=edic,eventType=Login,usrGroup=seq,usrAuth=True,application=\"tutlab\",osUsername=sau,srcHost=atevelit2450.local,dbName=aperia,schemaName=ccaeca,bindVar=umdolo,sqlError=failure,respSize=6818,respTime=115.224000,affRows=stenatu,action=\"block\",rawQuery=\"orumSe\"", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=dutp,event#=psaquaea,createTime=2016-07-18 18:40:50,updateTime=taevita,alertSev=high,group=siut,ruleName=\"tconsect\",evntDesc=\"aquae\",category=boreetdo,disposition=aturve,eventType=ditemp,proto=ipv6,srcPort=3406,srcIP=10.216.125.252,dstPort=5592,dstIP=10.62.147.186,policyName=\"eumiure\",occurrences=4603,httpHost=ima,webMethod=quasia,url=\"https://example.org/umwrit/uptate.html?ctetura=aveni#elit\",webQuery=\"seosqui\",soapAction=sequamni,resultCode=uradi,sessionID=tot,username=llamco,addUsername=nea,responseTime=psum,responseSize=tasnulap,direction=inbound,dbUsername=umSe,queryGroup=xeacomm,application=\"cinge\",srcHost=itla658.api.localhost,osUsername=lorsita,schemaName=dolore,dbName=uptate,hdrName=quidexea,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=ate,event#=odoconse,createTime=2016-08-02 01:43:25,updateTime=emp,alertSev=very-high,group=veli,ruleName=\"tenim\",evntDesc=\"rumet\",category=verita,disposition=sectet,eventType=etdo,proto=tcp,srcPort=3689,srcIP=10.52.125.9,dstPort=2538,dstIP=10.204.128.215,policyName=\"ama\",occurrences=332,httpHost=runtmol,webMethod=texpli,url=\"https://api.example.org/roidents/tem.txt?tametcon=liqua#mvele\",webQuery=\"isis\",soapAction=uasiar,resultCode=utlab,sessionID=emUteni,username=rum,addUsername=gnaaliqu,responseTime=teirured,responseSize=onemulla,direction=external,dbUsername=bor,queryGroup=rauto,application=\"ationev\",srcHost=umdolor4389.api.home,osUsername=paquioff,schemaName=nci,dbName=isau,hdrName=rautodi,action=deny", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.68.129,dstPort=2558,dbUsername=icabo,srcIP=10.34.148.166,srcPort=3022,creatTime=2016-08-16 08:45:59,srvGroup=preh,service=ercit,appName=etMal,event#=qua,eventType=rsita,usrGroup=ate,usrAuth=ipsamvo,application=\"onula\",osUsername=miu,srcHost=rationev6444.localhost,dbName=tatem,schemaName=untutlab,bindVar=amcor,sqlError=failure,respSize=5427,respTime=176.685000,affRows=oremq,action=\"block\",rawQuery=\"uisaute\"", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.226.101.180,dstPort=1000,dbUsername=siu,srcIP=10.134.5.40,srcPort=7284,creatTime=30 August 2016 15:48:33,srvGroup=llamc,service=nte,appName=mvel,event#=nof,eventType=Login,usrGroup=usmodi,usrAuth=False,application=\"mvolu\",osUsername=conse,srcHost=ipi7727.www5.domain,dbName=isiu,schemaName=licabo,bindVar=enimadmi,sqlError=success,respSize=6356,respTime=41.238000,affRows=xeaco,action=\"deny\",rawQuery=\"amcor\"", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.126.26.131,dstPort=2595,dbUsername=velite,srcIP=10.30.98.10,srcPort=7576,creatTime=13 September 2016 22:51:07,srvGroup=itation,service=sequatD,appName=nimave,event#=isciv,eventType=Login,usrGroup=rroqu,usrAuth=False,application=\"nofd\",osUsername=dipisci,srcHost=spernatu5539.domain,dbName=quunt,schemaName=olori,bindVar=mquae,sqlError=unknown,respSize=7717,respTime=96.729000,affRows=cidunt,action=\"accept\",rawQuery=\"borisnis\"", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.190.10.219,dstPort=5530,dbUsername=accusant,srcIP=10.233.120.207,srcPort=136,creatTime=2016-09-28 05:53:42,srvGroup=stenatu,service=inibu,appName=est,event#=uptatemU,eventType=Logout,usrGroup=leumiu,usrAuth=False,application=\"tla\",osUsername=item,srcHost=nimid372.api.corp,dbName=atcupid,schemaName=quamnih,bindVar=dminima,sqlError=success,respSize=3278,respTime=60.949000,affRows=tame,action=\"cancel\",rawQuery=\"reetd\"", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=sitam,createTime=2016-10-12 12:56:16,eventType=rad,eventSev=low,username=sequa,subsystem=iosamnis,message=\"volupt\"", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.100.98.56,dstPort=1089,dbUsername=boru,srcIP=10.248.184.200,srcPort=5315,creatTime=2016-10-26 19:58:50,srvGroup=ptatem,service=ptatevel,appName=tenatuse,event#=psaqua,eventType=Logout,usrGroup=ullamcor,usrAuth=False,application=\"itationu\",osUsername=proident,srcHost=maliquam2147.internal.home,dbName=lores,schemaName=ritati,bindVar=orisni,sqlError=failure,respSize=5923,respTime=179.541000,affRows=sitam,action=\"deny\",rawQuery=\"mmodoc\"", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.197.6.245,dstPort=27,dbUsername=dtempo,srcIP=10.82.28.220,srcPort=3570,creatTime=10 November 2016 03:01:24,srvGroup=imad,service=tinvolup,appName=tsed,event#=inv,eventType=Login,usrGroup=rroq,usrAuth=False,application=\"rcit\",osUsername=aecatcup,srcHost=olabor2983.internal.localhost,dbName=citatio,schemaName=oluptat,bindVar=mveniamq,sqlError=success,respSize=3071,respTime=120.142000,affRows=eaqueips,action=\"allow\",rawQuery=\"aturve\"", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.6.27.103,dstPort=3179,dbUsername=redol,srcIP=10.167.252.183,srcPort=2003,creatTime=24 November 2016 10:03:59,srvGroup=doei,service=cipitl,appName=caboNemo,event#=dexerc,eventType=Login,usrGroup=strumex,usrAuth=True,application=\"eprehend\",osUsername=asnu,srcHost=hitec2111.mail.corp,dbName=perspici,schemaName=ationul,bindVar=mquisn,sqlError=failure,respSize=6606,respTime=155.907000,affRows=emUte,action=\"cancel\",rawQuery=\"ccae\"", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=ntNe,event#=itanim,createTime=2016-12-08 17:06:33,updateTime=nesciun,alertSev=medium,group=mollita,ruleName=\"tatem\",evntDesc=\"iae\",category=quido,disposition=emip,eventType=inBC,proto=tcp,srcPort=6165,srcIP=10.88.45.111,dstPort=6735,dstIP=10.81.184.7,policyName=\"saquaea\",occurrences=6344,httpHost=eetd,webMethod=illu,url=\"https://mail.example.com/lorsi/repreh.gif?sitamet=utlabo#tetur\",webQuery=\"tionula\",soapAction=ritqu,resultCode=ecatcupi,sessionID=uamei,username=undeomni,addUsername=tas,responseTime=autfugi,responseSize=tasun,direction=external,dbUsername=eratv,queryGroup=ipsa,application=\"asuntexp\",srcHost=adminim2559.www5.invalid,osUsername=lmole,schemaName=iameaque,dbName=nderi,hdrName=ssusci,action=\"deny\",errormsg=\"failure\"", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.3.140,dstPort=6127,dbUsername=scipitl,srcIP=10.29.119.245,srcPort=1179,creatTime=2016-12-23 00:09:07,srvGroup=olli,service=rever,appName=ore,event#=offici,eventType=Logout,usrGroup=ection,usrAuth=False,application=\"roquisqu\",osUsername=edolorin,srcHost=dolorem6882.api.local,dbName=rsi,schemaName=taliqui,bindVar=mides,sqlError=success,respSize=5140,respTime=119.229000,affRows=tcu,action=\"cancel\",rawQuery=\"inrepreh\"", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=dipiscin,event#=olup,createTime=2017-01-06 07:11:41,updateTime=aco,alertSev=medium,group=accusa,ruleName=\"natu\",evntDesc=\"liquid\",category=enim,disposition=Finibus,eventType=radi,proto=rdp,srcPort=2064,srcIP=10.218.123.234,dstPort=57,dstIP=10.110.133.7,policyName=\"radipisc\",occurrences=5347,httpHost=nibus,webMethod=vitaed,url=\"https://example.org/etconsec/elillum.htm?mporinc=onsectet#idolo\",webQuery=\"atemUte\",soapAction=docon,resultCode=mdolore,sessionID=eosquira,username=pta,addUsername=snos,responseTime=orsi,responseSize=tetura,direction=external,dbUsername=lorsita,queryGroup=eavol,application=\"osamnis\",srcHost=temaccu5302.test,osUsername=etconsec,schemaName=caboNem,dbName=urExcept,hdrName=rumetMal,action=\"allow\",errormsg=\"unknown\"", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.105.190.170,dstPort=2519,dbUsername=doeiu,srcIP=10.182.152.242,srcPort=1877,creatTime=2017-01-20 14:14:16,srvGroup=orumw,service=redol,appName=ecillum,event#=isci,eventType=Logout,usrGroup=dolor,usrAuth=True,application=\"tiumto\",osUsername=litan,srcHost=nder347.www.corp,dbName=alorum,schemaName=mquisn,bindVar=atq,sqlError=unknown,respSize=3474,respTime=68.556000,affRows=ugiatquo,action=\"block\",rawQuery=\"equamnih\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=citati,event#=uamei,createTime=2017-02-03 21:16:50,updateTime=eursinto,alertSev=low,group=tutla,ruleName=\"licaboNe\",evntDesc=\"tautfug\",category=giatquov,disposition=olu,eventType=rmagnido,proto=ipv6-icmp,srcPort=7647,srcIP=10.59.188.188,dstPort=7082,dstIP=10.123.166.197,policyName=\"ici\",occurrences=7102,httpHost=mips,webMethod=itae,url=\"https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu\",webQuery=\"tan\",soapAction=quiac,resultCode=sunt,sessionID=autfugit,username=emUte,addUsername=iusmodi,responseTime=fdeFi,responseSize=Except,direction=inbound,dbUsername=equat,queryGroup=aliquid,application=\"usantiu\",srcHost=idunt4633.internal.host,osUsername=liquam,schemaName=min,dbName=oluptat,hdrName=odt,action=block", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.72.75.207,dstPort=6336,dbUsername=urau,srcIP=10.201.168.116,srcPort=2037,creatTime=2017-02-18 04:19:24,srvGroup=utali,service=sed,appName=xeac,event#=umdolors,eventType=Logout,usrGroup=lumdo,usrAuth=False,application=\"acom\",osUsername=eFini,srcHost=ectob4634.mail.localhost,dbName=prehend,schemaName=eufug,bindVar=roquisq,sqlError=unknown,respSize=3348,respTime=79.765000,affRows=civelits,action=\"accept\",rawQuery=\"reet\"", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.9.46.123,dstPort=586,dbUsername=mfu,srcIP=10.58.133.175,srcPort=1634,creatTime=4 March 2017 11:21:59,srvGroup=llumq,service=tenim,appName=eiusmo,event#=ainc,eventType=Login,usrGroup=miurerep,usrAuth=True,application=\"lestia\",osUsername=nde,srcHost=snu6436.www.local,dbName=texplica,schemaName=oco,bindVar=aboree,sqlError=unknown,respSize=3795,respTime=14.713000,affRows=edquian,action=\"block\",rawQuery=\"uames\"", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.169.50.59,dstPort=7693,dbUsername=pta,srcIP=10.70.29.203,srcPort=5994,creatTime=18 March 2017 18:24:33,srvGroup=piciatis,service=destla,appName=fugitse,event#=minimve,eventType=Login,usrGroup=serrorsi,usrAuth=False,application=\"tametco\",osUsername=mquisnos,srcHost=lore7099.www.host,dbName=isn,schemaName=veniamq,bindVar=lup,sqlError=unknown,respSize=2358,respTime=94.460000,affRows=ipitlabo,action=\"block\",rawQuery=\"prehen\"", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.165.182.111,dstPort=5525,dbUsername=ames,srcIP=10.137.85.123,srcPort=218,creatTime=2017-04-02 01:27:07,srvGroup=amquisno,service=modoc,appName=magnam,event#=uinesc,eventType=Logout,usrGroup=cid,usrAuth=True,application=\"emi\",osUsername=Bonorum,srcHost=lesti6939.api.local,dbName=idu,schemaName=sis,bindVar=idolo,sqlError=success,respSize=6401,respTime=171.434000,affRows=its,action=\"block\",rawQuery=\"edutp\"", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=enimadmi,createTime=2017-04-16 08:29:41,eventType=tateveli,eventSev=high,username=sumdolo,subsystem=idolorem,message=\"temvele\"", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=inimve,event#=uio,createTime=2017-04-30 15:32:16,updateTime=mexercit,alertSev=high,group=onofdeF,ruleName=\"ibusBo\",evntDesc=\"orin\",category=enia,disposition=iavol,eventType=natuserr,proto=rdp,srcPort=3327,srcIP=10.64.184.196,dstPort=6659,dstIP=10.173.178.109,policyName=\"tatemse\",occurrences=4493,httpHost=amqui,webMethod=lamco,url=\"https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi\",webQuery=\"tlabore\",soapAction=idunt,resultCode=expl,sessionID=olore,username=uian,addUsername=atuserro,responseTime=madminim,responseSize=tobeata,direction=inbound,dbUsername=ioff,queryGroup=oinBCS,application=\"itsedd\",srcHost=upt6017.api.localdomain,osUsername=nesci,schemaName=tam,dbName=sin,hdrName=idexeac,action=\"block\",errormsg=\"failure\"", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.90.50.149,dstPort=1936,dbUsername=olu,srcIP=10.168.225.209,srcPort=6,creatTime=2017-05-14 22:34:50,srvGroup=taliq,service=tautfugi,appName=fdeFinib,event#=uip,eventType=Logout,usrGroup=ectobea,usrAuth=True,application=\"dat\",osUsername=aUtenima,srcHost=turQuis4046.api.test,dbName=deomnisi,schemaName=olupta,bindVar=oll,sqlError=success,respSize=1127,respTime=55.870000,affRows=evelite,action=\"block\",rawQuery=\"iav\"", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.59.182.36,dstPort=5792,dbUsername=mtota,srcIP=10.18.150.82,srcPort=6648,creatTime=29 May 2017 05:37:24,srvGroup=rit,service=eumfu,appName=lors,event#=oluptat,eventType=Login,usrGroup=enimad,usrAuth=True,application=\"tis\",osUsername=qua,srcHost=con6049.internal.lan,dbName=quelaud,schemaName=luptat,bindVar=rinrep,sqlError=unknown,respSize=6112,respTime=135.357000,affRows=nimv,action=\"allow\",rawQuery=\"tconse\"", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=rem,createTime=2017-06-12 12:39:58,eventType=ulamcola,eventSev=very-high,username=llita,subsystem=ntsunt,message=\"nturmag\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.228.229.144,dstPort=3236,dbUsername=ametcons,srcIP=10.151.240.35,srcPort=3197,creatTime=2017-06-26 19:42:33,srvGroup=roquisq,service=uasi,appName=maveniam,event#=uis,eventType=lill,usrGroup=remeum,usrAuth=mmod,application=\"taevit\",osUsername=ama,srcHost=tatnonp1371.www.invalid,dbName=xercit,schemaName=lam,bindVar=asnu,sqlError=failure,respSize=4325,respTime=168.492000,affRows=eriam,action=\"cancel\",rawQuery=\"aquae\"", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.242.48.203,dstPort=1102,dbUsername=ese,srcIP=10.147.142.242,srcPort=2586,creatTime=2017-07-11 02:45:07,srvGroup=eca,service=ctionofd,appName=mpori,event#=olupt,eventType=Logout,usrGroup=ola,usrAuth=False,application=\"ptat\",osUsername=quasi,srcHost=tium3542.internal.invalid,dbName=squamest,schemaName=quisn,bindVar=pteu,sqlError=success,respSize=3970,respTime=11.548000,affRows=antium,action=\"block\",rawQuery=\"velillum\"", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=lapari,event#=Mal,createTime=2017-07-25 09:47:41,updateTime=itinvo,alertSev=very-high,group=paq,ruleName=\"emipsumq\",evntDesc=\"culpaq\",category=quamq,disposition=usan,eventType=tdolo,proto=ipv6,srcPort=4723,srcIP=10.213.165.165,dstPort=3787,dstIP=10.254.10.98,policyName=\"adipisc\",occurrences=7365,httpHost=tasnul,webMethod=uptasn,url=\"https://example.net/itati/oidentsu.gif?eporroqu=aturve#temqui\",webQuery=\"lup\",soapAction=aeca,resultCode=isau,sessionID=giat,username=ttenb,addUsername=eirure,responseTime=boreetd,responseSize=tNe,direction=outbound,dbUsername=eeufug,queryGroup=ntin,application=\"iades\",srcHost=radipis3991.mail.invalid,osUsername=civeli,schemaName=eufugia,dbName=utlabore,hdrName=tamr,action=\"cancel\",errormsg=\"success\"", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=onemul,createTime=2017-08-08 16:50:15,eventType=trudexe,eventSev=very-high,username=ura,subsystem=oreeufug,message=\"Quisa\"", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=llitani,event#=uscipit,createTime=2017-08-22 23:52:50,updateTime=luptat,alertSev=very-high,group=etco,ruleName=\"iuntN\",evntDesc=\"utfugi\",category=ursintoc,disposition=tio,eventType=mmodicon,proto=ipv6,srcPort=5439,srcIP=10.116.1.130,dstPort=3402,dstIP=10.169.28.157,policyName=\"exeacomm\",occurrences=1295,httpHost=ionula,webMethod=pexeaco,url=\"https://api.example.org/uamqua/Neq.gif?eumiu=nim#pteurs\",webQuery=\"ercitati\",soapAction=atem,resultCode=serro,sessionID=lumquid,username=eturadip,addUsername=amquaera,responseTime=rsitamet,responseSize=leumiur,direction=internal,dbUsername=utod,queryGroup=olesti,application=\"edquia\",srcHost=ihi7294.www5.localhost,osUsername=reseo,schemaName=amco,dbName=ons,hdrName=onsecte,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.29.138.31,dstPort=5871,dbUsername=volupta,srcIP=10.45.69.152,srcPort=4083,creatTime=6 September 2017 06:55:24,srvGroup=emi,service=uaerat,appName=iduntu,event#=samvol,eventType=Login,usrGroup=equa,usrAuth=False,application=\"apari\",osUsername=tsunt,srcHost=caecat4920.api.host,dbName=enim,schemaName=umq,bindVar=sistena,sqlError=failure,respSize=744,respTime=33.416000,affRows=temquia,action=\"deny\",rawQuery=\"eumiu\"", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.152.213.228,dstPort=3387,dbUsername=ptatev,srcIP=10.100.113.11,srcPort=6971,creatTime=2017-09-20 13:57:58,srvGroup=aliqu,service=sequine,appName=utaliqui,event#=isciv,eventType=Logout,usrGroup=osqu,usrAuth=False,application=\"ptatemse\",osUsername=itationu,srcHost=setquas6188.internal.local,dbName=magnaali,schemaName=velillum,bindVar=ionev,sqlError=success,respSize=7245,respTime=131.118000,affRows=ameaq,action=\"cancel\",rawQuery=\"Except\"", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=uiac,createTime=2017-10-04 21:00:32,eventType=tquii,eventSev=low,username=reme,subsystem=emeumfu,message=\"inBCSedu\"", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.208.33.55,dstPort=1849,dbUsername=ulapari,srcIP=10.248.102.129,srcPort=3510,creatTime=2017-10-19 04:03:07,srvGroup=iatn,service=saquaeab,appName=eli,event#=rissusci,eventType=Logout,usrGroup=ectetur,usrAuth=True,application=\"dictasun\",osUsername=inimv,srcHost=nibusBo3674.www5.localhost,dbName=ntut,schemaName=mremaper,bindVar=uteirur,sqlError=unknown,respSize=6433,respTime=111.360000,affRows=isni,action=\"accept\",rawQuery=\"quovo\"", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.203.164.132,dstPort=6213,dbUsername=mporin,srcIP=10.109.230.216,srcPort=4447,creatTime=2017-11-02 11:05:41,srvGroup=uov,service=pariat,appName=icaboNe,event#=boreetd,eventType=Logout,usrGroup=uir,usrAuth=True,application=\"rumex\",osUsername=ectobea,srcHost=totamr7676.www5.home,dbName=imadm,schemaName=ibus,bindVar=lumdol,sqlError=success,respSize=547,respTime=166.971000,affRows=reprehe,action=\"block\",rawQuery=\"ihil\"", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.151.203.60,dstPort=482,dbUsername=dol,srcIP=10.117.81.75,srcPort=3365,creatTime=16 November 2017 18:08:15,srvGroup=iciatis,service=agn,appName=cul,event#=tate,eventType=Login,usrGroup=psam,usrAuth=True,application=\"itaedi\",osUsername=exeac,srcHost=idents7231.mail.home,dbName=veniamqu,schemaName=iconsequ,bindVar=ueporr,sqlError=unknown,respSize=484,respTime=27.563000,affRows=tur,action=\"block\",rawQuery=\"onorumet\"", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.224.217.153,dstPort=6339,dbUsername=eriti,srcIP=10.45.152.205,srcPort=6907,creatTime=1 December 2017 01:10:49,srvGroup=riame,service=datatn,appName=seq,event#=mquis,eventType=Login,usrGroup=tur,usrAuth=True,application=\"itation\",osUsername=utlabo,srcHost=tat50.mail.host,dbName=essequam,schemaName=imav,bindVar=mtot,sqlError=success,respSize=922,respTime=17.709000,affRows=prehend,action=\"allow\",rawQuery=\"liquid\"", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=umq,event#=ipsu,createTime=2017-12-15 08:13:24,updateTime=oremip,alertSev=low,group=odit,ruleName=\"vol\",evntDesc=\"epteurs\",category=itse,disposition=rever,eventType=sBonoru,proto=udp,srcPort=2652,srcIP=10.60.164.100,dstPort=5119,dstIP=10.1.193.187,policyName=\"yCice\",occurrences=508,httpHost=ionem,webMethod=taevitae,url=\"https://api.example.net/quam/saute.htm?nostru=docons#emipsumq\",webQuery=\"orinr\",soapAction=ineavol,resultCode=umdo,sessionID=tass,username=ugi,addUsername=riat,responseTime=atvol,responseSize=emipsum,direction=internal,dbUsername=uameiu,queryGroup=quiado,application=\"conse\",srcHost=mips3283.corp,osUsername=hite,schemaName=adipis,dbName=abo,hdrName=suntex,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.244.203,dstPort=806,dbUsername=mquamei,srcIP=10.146.228.234,srcPort=4346,creatTime=2017-12-29 15:15:58,srvGroup=rissusci,service=uaturQ,appName=iusmod,event#=susc,eventType=taed,usrGroup=eatae,usrAuth=siutali,application=\"oloremq\",osUsername=sum,srcHost=aliquip7229.mail.domain,dbName=doe,schemaName=eiusm,bindVar=oremipsu,sqlError=failure,respSize=3058,respTime=133.358000,affRows=llum,action=\"allow\",rawQuery=\"mto\"", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.122.127.237,dstPort=1138,dbUsername=consecte,srcIP=10.86.121.152,srcPort=3971,creatTime=2018-01-12 22:18:32,srvGroup=mquamei,service=litesse,appName=fug,event#=liquid,eventType=Logout,usrGroup=uidex,usrAuth=False,application=\"umdolo\",osUsername=nimv,srcHost=fde7756.mail.corp,dbName=usmod,schemaName=ine,bindVar=qui,sqlError=success,respSize=2771,respTime=136.167000,affRows=orsitame,action=\"block\",rawQuery=\"ipex\"", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.201.223.119,dstPort=3614,dbUsername=rcit,srcIP=10.204.223.184,srcPort=6092,creatTime=2018-01-27 05:21:06,srvGroup=giat,service=nculpa,appName=olupt,event#=tvol,eventType=Logout,usrGroup=ostru,usrAuth=True,application=\"mea\",osUsername=tuserror,srcHost=agnama5013.internal.example,dbName=boreetdo,schemaName=teni,bindVar=iin,sqlError=unknown,respSize=4113,respTime=161.837000,affRows=tNeq,action=\"block\",rawQuery=\"liq\"", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.12.126,dstPort=2347,dbUsername=magnido,srcIP=10.223.56.33,srcPort=5899,creatTime=10 February 2018 12:23:41,srvGroup=ing,service=amal,appName=aliq,event#=utem,eventType=Login,usrGroup=oreetd,usrAuth=True,application=\"itatis\",osUsername=Nequepo,srcHost=edictas4693.home,dbName=borisnis,schemaName=elitsedd,bindVar=hitecto,sqlError=failure,respSize=3243,respTime=75.415000,affRows=imven,action=\"block\",rawQuery=\"hende\"", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=deseru,event#=aquioff,createTime=2018-02-24 19:26:15,updateTime=cip,alertSev=very-high,group=onsequat,ruleName=\"tiumd\",evntDesc=\"atuse\",category=imad,disposition=tura,eventType=equuntur,proto=ipv6,srcPort=428,srcIP=10.94.89.177,dstPort=1752,dstIP=10.65.225.101,policyName=\"nulapari\",occurrences=2513,httpHost=ostrumex,webMethod=eruntmol,url=\"https://internal.example.com/imide/uiineav.htm?lloinve=eni#asia\",webQuery=\"edquiac\",soapAction=psamvolu,resultCode=teturad,sessionID=ritq,username=tuserror,addUsername=tla,responseTime=orroq,responseSize=modtempo,direction=outbound,dbUsername=uptate,queryGroup=sumqui,application=\"eritin\",srcHost=nibu2565.api.local,osUsername=citation,schemaName=emquel,dbName=rspiciat,hdrName=iavol,action=\"cancel\",errormsg=\"unknown\"", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.65.174.196,dstPort=472,dbUsername=iin,srcIP=10.191.184.105,srcPort=6821,creatTime=2018-03-11 02:28:49,srvGroup=iat,service=orain,appName=equaturQ,event#=llu,eventType=quaUt,usrGroup=labor,usrAuth=oris,application=\"tatemse\",osUsername=uta,srcHost=tsun7120.home,dbName=per,schemaName=tione,bindVar=nibus,sqlError=unknown,respSize=5836,respTime=61.864000,affRows=olo,action=\"deny\",rawQuery=\"BCSedutp\"", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=tdolor,event#=Ute,createTime=2018-03-25 09:31:24,updateTime=tura,alertSev=very-high,group=umSecti,ruleName=\"eabil\",evntDesc=\"ibusB\",category=rporis,disposition=etco,eventType=mip,proto=rdp,srcPort=6078,srcIP=10.224.148.48,dstPort=2803,dstIP=10.41.181.179,policyName=\"siarch\",occurrences=7468,httpHost=setq,webMethod=rumwr,url=\"https://api.example.com/ptatem/mporain.gif?corpo=commod#iumd\",webQuery=\"ntore\",soapAction=tect,resultCode=ion,sessionID=tutl,username=niam,addUsername=oru,responseTime=mcorp,responseSize=uelaud,direction=outbound,dbUsername=ameiu,queryGroup=utei,application=\"caecat\",srcHost=lumquid6940.mail.localdomain,osUsername=equepor,schemaName=iosamn,dbName=erspicia,hdrName=neavolup,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.21.208.103,dstPort=5543,dbUsername=imidest,srcIP=10.21.61.134,srcPort=6124,creatTime=2018-04-08 16:33:58,srvGroup=iacon,service=ncu,appName=quaturve,event#=ciad,eventType=Logout,usrGroup=diconseq,usrAuth=False,application=\"utod\",osUsername=ostr,srcHost=amcorp7299.api.example,dbName=uptatem,schemaName=mipsa,bindVar=nproide,sqlError=success,respSize=7766,respTime=91.186000,affRows=siutali,action=\"deny\",rawQuery=\"nemullam\"", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.23.6.216,dstPort=4578,dbUsername=iarchit,srcIP=10.221.192.116,srcPort=4688,creatTime=2018-04-22 23:36:32,srvGroup=usBonor,service=mide,appName=sten,event#=enderi,eventType=Logout,usrGroup=labore,usrAuth=False,application=\"uasiarch\",osUsername=iamquisn,srcHost=magnama868.api.local,dbName=Section,schemaName=tevelite,bindVar=esciunt,sqlError=success,respSize=639,respTime=6.388000,affRows=borisnis,action=\"accept\",rawQuery=\"oremagn\"", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=rcita,event#=ataev,createTime=2018-05-07 06:39:06,updateTime=oris,alertSev=very-high,group=tate,ruleName=\"tutlabo\",evntDesc=\"nto\",category=sciv,disposition=tlabo,eventType=nsequun,proto=ipv6,srcPort=2976,srcIP=10.191.142.143,dstPort=5850,dstIP=10.240.62.238,policyName=\"sintoc\",occurrences=7580,httpHost=laboris,webMethod=ali,url=\"https://www5.example.net/aUten/edutpers.gif?apariatu=mnisis#onsequa\",webQuery=\"sunt\",soapAction=orumSe,resultCode=olupta,sessionID=emveleum,username=modtempo,addUsername=mfugi,responseTime=roqui,responseSize=ntutlabo,direction=external,dbUsername=isq,queryGroup=eacommo,application=\"amqua\",srcHost=tionevol3157.mail.invalid,osUsername=nofde,schemaName=animide,dbName=Lore,hdrName=oin,action=cancel", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=ecatcu,event#=entoreve,createTime=2018-05-21 13:41:41,updateTime=ion,alertSev=very-high,group=onev,ruleName=\"atu\",evntDesc=\"adeseru\",category=sitas,disposition=eni,eventType=cte,proto=igmp,srcPort=3124,srcIP=10.178.79.217,dstPort=7499,dstIP=10.111.22.134,policyName=\"datatno\",occurrences=3538,httpHost=siar,webMethod=orisnis,url=\"https://www.example.net/mvolup/pidat.jpg?ents=nsec#iaeco\",webQuery=\"ommodoco\",soapAction=ritinv,resultCode=rita,sessionID=oidents,username=ccusan,addUsername=inimav,responseTime=quel,responseSize=ugitsed,direction=external,dbUsername=idolor,queryGroup=xplic,application=\"stenat\",srcHost=mquis319.api.local,osUsername=inibusBo,schemaName=tqui,dbName=sequun,hdrName=nimadm,action=deny", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.161.225.172,dstPort=3708,dbUsername=meaqu,srcIP=10.77.86.215,srcPort=6390,creatTime=4 June 2018 20:44:15,srvGroup=con,service=aeabil,appName=iumtot,event#=edicta,eventType=Login,usrGroup=itaspern,usrAuth=False,application=\"tau\",osUsername=rcit,srcHost=urad5712.api.host,dbName=sitamet,schemaName=xerc,bindVar=mcolabor,sqlError=success,respSize=7286,respTime=143.926000,affRows=evita,action=\"block\",rawQuery=\"ant\"", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.186.133.184,dstPort=7864,dbUsername=boriosa,srcIP=10.211.161.187,srcPort=843,creatTime=2018-06-19 03:46:49,srvGroup=laud,service=uido,appName=uis,event#=msequin,eventType=autem,usrGroup=mporai,usrAuth=ipi,application=\"qua\",osUsername=acons,srcHost=enbyCic4659.www5.example,dbName=orroqui,schemaName=sci,bindVar=psamvolu,sqlError=unknown,respSize=1578,respTime=66.164000,affRows=temse,action=\"deny\",rawQuery=\"onevol\"", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.160.147.230,dstPort=2126,dbUsername=nimvenia,srcIP=10.254.198.47,srcPort=3925,creatTime=2018-07-03 10:49:23,srvGroup=lit,service=quin,appName=adipisc,event#=sedqui,eventType=ueporroq,usrGroup=dolo,usrAuth=adm,application=\"dolor\",osUsername=ndeomnis,srcHost=inBCSed5308.api.corp,dbName=modicons,schemaName=illoin,bindVar=rinre,sqlError=unknown,respSize=5988,respTime=34.664000,affRows=olorem,action=\"cancel\",rawQuery=\"dquiaco\"", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.40.24.93,dstPort=7487,dbUsername=mSecti,srcIP=10.182.197.243,srcPort=3687,creatTime=2018-07-17 17:51:58,srvGroup=xerci,service=qua,appName=iaecons,event#=pteurs,eventType=Logout,usrGroup=intocc,usrAuth=True,application=\"abo\",osUsername=orisnis,srcHost=reseo2067.api.localdomain,dbName=nsectetu,schemaName=exerci,bindVar=lit,sqlError=success,respSize=4129,respTime=171.277000,affRows=ono,action=\"cancel\",rawQuery=\"equuntu\"", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.249.13.159,dstPort=3023,dbUsername=uisautei,srcIP=10.108.130.106,srcPort=7601,creatTime=1 August 2018 00:54:32,srvGroup=scinge,service=lum,appName=iinea,event#=xercit,eventType=Login,usrGroup=reh,usrAuth=False,application=\"velitess\",osUsername=colab,srcHost=itte6905.mail.invalid,dbName=tesseq,schemaName=exeacomm,bindVar=uptat,sqlError=success,respSize=1044,respTime=112.679000,affRows=ptatema,action=\"cancel\",rawQuery=\"cepteurs\"", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=ioffic,event#=rumetMal,createTime=2018-08-15 07:57:06,updateTime=tiumtot,alertSev=very-high,group=caboNe,ruleName=\"ptate\",evntDesc=\"enimips\",category=Nequepor,disposition=nisiu,eventType=ptat,proto=ggp,srcPort=4082,srcIP=10.64.94.174,dstPort=3852,dstIP=10.39.244.49,policyName=\"ctas\",occurrences=7128,httpHost=sequ,webMethod=gna,url=\"https://internal.example.org/aev/uovolup.txt?aqueip=aqueip#rautod\",webQuery=\"tur\",soapAction=minimav,resultCode=uovo,sessionID=aven,username=Sedut,addUsername=stiaec,responseTime=rveli,responseSize=serr,direction=internal,dbUsername=uid,queryGroup=lamcor,application=\"rorsitv\",srcHost=caboNemo274.www.host,osUsername=estiae,schemaName=iunt,dbName=eFinibu,hdrName=uisaut,action=cancel", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=odit,createTime=2018-08-29 14:59:40,eventType=ercitati,eventSev=very-high,username=imad,subsystem=olo,message=\"deserun\"", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=scingeli,createTime=2018-09-12 22:02:15,eventType=uatDuis,eventSev=medium,username=apari,subsystem=itesseci,message=\"utali\"", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.203.143,dstPort=6889,dbUsername=utoditau,srcIP=10.134.135.22,srcPort=1809,creatTime=27 September 2018 05:04:49,srvGroup=serror,service=itl,appName=Bonoru,event#=rumetMa,eventType=Login,usrGroup=entor,usrAuth=False,application=\"urere\",osUsername=involu,srcHost=qui5978.api.test,dbName=amre,schemaName=orpori,bindVar=sistena,sqlError=failure,respSize=7868,respTime=5.277000,affRows=borisn,action=\"cancel\",rawQuery=\"quatu\"", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.43.244.252,dstPort=1752,dbUsername=inculp,srcIP=10.251.212.166,srcPort=3925,creatTime=11 October 2018 12:07:23,srvGroup=iur,service=aboNemo,appName=tsedquia,event#=ididun,eventType=Login,usrGroup=tatiset,usrAuth=False,application=\"enim\",osUsername=gnido,srcHost=iamq2577.internal.corp,dbName=uisa,schemaName=uptat,bindVar=siutal,sqlError=unknown,respSize=6947,respTime=144.976000,affRows=tempori,action=\"accept\",rawQuery=\"lamco\"", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=nimve,createTime=2018-10-25 19:09:57,eventType=edutpe,eventSev=medium,username=isunde,subsystem=nimadm,message=\"cepte\"", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.20.231.188,dstPort=1200,dbUsername=tesseq,srcIP=10.88.189.164,srcPort=1373,creatTime=2018-11-09 02:12:32,srvGroup=iusmod,service=aincid,appName=giatq,event#=tion,eventType=Logout,usrGroup=tNeque,usrAuth=False,application=\"uidolore\",osUsername=uatDuisa,srcHost=usB4127.localhost,dbName=ufugia,schemaName=mqu,bindVar=remagna,sqlError=failure,respSize=1623,respTime=33.468000,affRows=Uteni,action=\"cancel\",rawQuery=\"porinci\"", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=edd,createTime=2018-11-23 09:15:06,eventType=uianon,eventSev=low,username=quamquae,subsystem=aaliq,message=\"nos\"", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.231.77.26,dstPort=7082,dbUsername=rehe,srcIP=10.225.11.197,srcPort=3513,creatTime=7 December 2018 16:17:40,srvGroup=siarchi,service=seddoeiu,appName=lorinrep,event#=isq,eventType=Login,usrGroup=quines,usrAuth=False,application=\"entsu\",osUsername=ineavol,srcHost=abor3266.mail.home,dbName=voluptat,schemaName=volu,bindVar=iutaliqu,sqlError=failure,respSize=3064,respTime=61.960000,affRows=iusmo,action=\"allow\",rawQuery=\"uovo\"", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.148.3.197,dstPort=979,dbUsername=usa,srcIP=10.106.166.105,srcPort=4567,creatTime=2018-12-21 23:20:14,srvGroup=oremagna,service=siuta,appName=amnihil,event#=nderit,eventType=ficia,usrGroup=tru,usrAuth=tionu,application=\"natuser\",osUsername=olupt,srcHost=eprehe2455.www.home,dbName=smo,schemaName=avolup,bindVar=litse,sqlError=failure,respSize=2658,respTime=84.894000,affRows=untutlab,action=\"allow\",rawQuery=\"byCicer\"", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.172.121.239,dstPort=5339,dbUsername=iuta,srcIP=10.57.169.205,srcPort=3093,creatTime=2019-01-05 06:22:49,srvGroup=reeufugi,service=oloree,appName=xeaco,event#=urm,eventType=Logout,usrGroup=mpo,usrAuth=False,application=\"cept\",osUsername=ctas,srcHost=destla2110.www5.localdomain,dbName=inea,schemaName=ipsu,bindVar=iden,sqlError=failure,respSize=392,respTime=19.061000,affRows=reetd,action=\"cancel\",rawQuery=\"maven\"", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.234.200,dstPort=3833,dbUsername=tisundeo,srcIP=10.42.218.103,srcPort=3315,creatTime=19 January 2019 13:25:23,srvGroup=mnis,service=tametco,appName=snisiut,event#=lit,eventType=Login,usrGroup=laborio,usrAuth=False,application=\"aaliqu\",osUsername=tevelit,srcHost=exerc3694.api.home,dbName=consec,schemaName=dquia,bindVar=cep,sqlError=success,respSize=6709,respTime=34.273000,affRows=volupta,action=\"allow\",rawQuery=\"ipex\"", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.111.132.221,dstPort=2262,dbUsername=ali,srcIP=10.76.121.224,srcPort=4305,creatTime=2019-02-02 20:27:57,srvGroup=xcep,service=ehen,appName=remap,event#=mUt,eventType=Logout,usrGroup=admi,usrAuth=True,application=\"siarch\",osUsername=oloremi,srcHost=ididu5928.www5.local,dbName=tNe,schemaName=scive,bindVar=tcupi,sqlError=unknown,respSize=6155,respTime=139.491000,affRows=Sed,action=\"cancel\",rawQuery=\"ita\"", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.195.8.141,dstPort=4342,dbUsername=enimip,srcIP=10.17.214.21,srcPort=4821,creatTime=17 February 2019 03:30:32,srvGroup=umquiado,service=taspe,appName=empori,event#=mipsum,eventType=Login,usrGroup=tium,usrAuth=True,application=\"riaturE\",osUsername=ota,srcHost=boriosa7066.www.corp,dbName=Nequep,schemaName=dolo,bindVar=exeacom,sqlError=success,respSize=469,respTime=146.775000,affRows=eufugiat,action=\"accept\",rawQuery=\"non\"", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.173.13.179,dstPort=1211,dbUsername=ptasn,srcIP=10.179.60.167,srcPort=1124,creatTime=2019-03-03 10:33:06,srvGroup=amqui,service=itatise,appName=utlab,event#=ostr,eventType=Logout,usrGroup=liqu,usrAuth=True,application=\"cons\",osUsername=apar,srcHost=ssusc1892.internal.host,dbName=xplic,schemaName=isn,bindVar=quepor,sqlError=failure,respSize=758,respTime=58.800000,affRows=etur,action=\"block\",rawQuery=\"cusan\"", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.42.135.34,dstPort=4361,dbUsername=tiset,srcIP=10.178.190.123,srcPort=3288,creatTime=2019-03-17 17:35:40,srvGroup=xercitat,service=ueporr,appName=utlab,event#=entoreve,eventType=Logout,usrGroup=lmolest,usrAuth=False,application=\"ser\",osUsername=ore,srcHost=iatisund424.mail.localdomain,dbName=tametcon,schemaName=orsi,bindVar=ull,sqlError=success,respSize=2290,respTime=1.468000,affRows=etdolore,action=\"cancel\",rawQuery=\"ore\"", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=ectetur,createTime=2019-04-01 00:38:14,eventType=cons,eventSev=medium,username=fugit,subsystem=dantiu,message=\"ntutla\"", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.207.198.239,dstPort=4735,dbUsername=Loremips,srcIP=10.8.147.176,srcPort=5920,creatTime=15 April 2019 07:40:49,srvGroup=odtem,service=ite,appName=tseddo,event#=ptatems,eventType=Login,usrGroup=ori,usrAuth=False,application=\"exerc\",osUsername=aUteni,srcHost=uidolo7626.local,dbName=rchite,schemaName=incididu,bindVar=idolor,sqlError=failure,respSize=3043,respTime=36.712000,affRows=oinB,action=\"accept\",rawQuery=\"econsequ\"", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.116.26.185,dstPort=595,dbUsername=oNe,srcIP=10.206.221.180,srcPort=6818,creatTime=2019-04-29 14:43:23,srvGroup=repr,service=idu,appName=otam,event#=amquaera,eventType=rumS,usrGroup=uelau,usrAuth=quidolor,application=\"cca\",osUsername=litesseq,srcHost=dmini3435.internal.domain,dbName=rumexerc,schemaName=nseq,bindVar=quisnost,sqlError=unknown,respSize=3218,respTime=26.485000,affRows=orisnisi,action=\"block\",rawQuery=\"nul\"", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.86.180.150,dstPort=5495,dbUsername=mnisis,srcIP=10.253.127.130,srcPort=5339,creatTime=2019-05-13 21:45:57,srvGroup=isciveli,service=urve,appName=sundeomn,event#=tasu,eventType=Logout,usrGroup=equunt,usrAuth=True,application=\"uat\",osUsername=itasper,srcHost=nibusBo1864.domain,dbName=ent,schemaName=etconsec,bindVar=docons,sqlError=failure,respSize=4564,respTime=4.592000,affRows=mremap,action=\"allow\",rawQuery=\"sperna\"", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=mexe,event#=sequatDu,createTime=2019-05-28 04:48:31,updateTime=ssuscip,alertSev=high,group=ciade,ruleName=\"busBonor\",evntDesc=\"enima\",category=emseq,disposition=osamni,eventType=umetMa,proto=ipv6-icmp,srcPort=4469,srcIP=10.220.175.201,dstPort=579,dstIP=10.158.161.5,policyName=\"eab\",occurrences=4098,httpHost=ciduntut,webMethod=atisu,url=\"https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu\",webQuery=\"suntincu\",soapAction=lore,resultCode=equatu,sessionID=enbyCi,username=dolo,addUsername=adipi,responseTime=beata,responseSize=evelites,direction=inbound,dbUsername=tNeq,queryGroup=umtot,application=\"eumiurer\",srcHost=inv6528.www5.example,osUsername=rrors,schemaName=dolo,dbName=tsed,hdrName=corpori,action=allow", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,event#=uioff,createTime=2019-06-11 11:51:06,eventType=ema,eventSev=low,username=mpo,subsystem=deritinv,message=\"ten\"", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.150.27.144,dstPort=5627,dbUsername=res,srcIP=10.248.16.82,srcPort=6834,creatTime=25 June 2019 18:53:40,srvGroup=loinv,service=umd,appName=madmi,event#=xercit,eventType=Login,usrGroup=avolup,usrAuth=True,application=\"etdo\",osUsername=tuserror,srcHost=nisiutal4437.www.example,dbName=uipex,schemaName=ditautf,bindVar=orr,sqlError=failure,respSize=4367,respTime=25.972000,affRows=uptas,action=\"cancel\",rawQuery=\"osquira\"", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.146.131.76,dstPort=2281,dbUsername=orsi,srcIP=10.173.19.140,srcPort=7780,creatTime=2019-07-10 01:56:14,srvGroup=atu,service=ddo,appName=veli,event#=ata,eventType=Logout,usrGroup=untmoll,usrAuth=False,application=\"ididun\",osUsername=olo,srcHost=tqui5172.www.local,dbName=untex,schemaName=Except,bindVar=elitsedd,sqlError=failure,respSize=5844,respTime=52.550000,affRows=cingel,action=\"allow\",rawQuery=\"seos\"", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.69.5.227,dstPort=5845,dbUsername=doloreme,srcIP=10.171.175.165,srcPort=5776,creatTime=2019-07-24 08:58:48,srvGroup=taspe,service=litess,appName=enimadm,event#=corpori,eventType=onemull,usrGroup=emeu,usrAuth=uisaute,application=\"tvol\",osUsername=ntocc,srcHost=intocca6708.mail.corp,dbName=dquiaco,schemaName=rumw,bindVar=ula,sqlError=failure,respSize=5201,respTime=46.690000,affRows=quam,action=\"deny\",rawQuery=\"edquian\"", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.213.214.118,dstPort=7851,dbUsername=ate,srcIP=10.253.175.129,srcPort=5547,creatTime=7 August 2019 16:01:23,srvGroup=rsi,service=tuser,appName=equinesc,event#=ectet,eventType=Login,usrGroup=emull,usrAuth=False,application=\"enatuser\",osUsername=epteurs,srcHost=isetqu2843.www.invalid,dbName=niamqu,schemaName=nrep,bindVar=lauda,sqlError=failure,respSize=6260,respTime=9.295000,affRows=aincidu,action=\"deny\",rawQuery=\"ipsamvol\"", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=estquido,event#=eufugiat,createTime=2019-08-21 23:03:57,updateTime=minima,alertSev=high,group=bor,ruleName=\"uisnos\",evntDesc=\"loi\",category=tation,disposition=seddoe,eventType=adol,proto=rdp,srcPort=7756,srcIP=10.149.91.130,dstPort=3548,dstIP=10.89.26.170,policyName=\"aqueipsa\",occurrences=5863,httpHost=ide,webMethod=atcupi,url=\"https://www.example.com/sit/ugi.gif?sitametc=rur#edut\",webQuery=\"sitametc\",soapAction=iarchite,resultCode=uide,sessionID=iono,username=aboris,addUsername=eturad,responseTime=ipiscive,responseSize=sequu,direction=internal,dbUsername=epteur,queryGroup=iqu,application=\"uptateve\",srcHost=commodo6041.mail.localhost,osUsername=atus,schemaName=orumetMa,dbName=inventor,hdrName=dolo,action=block", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=tmolli,event#=orumSe,createTime=2019-09-05 06:06:31,updateTime=mSe,alertSev=high,group=teturad,ruleName=\"alorumwr\",evntDesc=\"pis\",category=idol,disposition=mmodico,eventType=emaccu,proto=rdp,srcPort=5818,srcIP=10.52.106.68,dstPort=856,dstIP=10.81.108.232,policyName=\"atemq\",occurrences=5098,httpHost=volupta,webMethod=Quisaut,url=\"https://internal.example.net/obeatae/sedqui.jpg?nulap=onseq#amrem\",webQuery=\"plicab\",soapAction=isisten,resultCode=eiusmodt,sessionID=naaliq,username=aco,addUsername=psamvolu,responseTime=inculp,responseSize=eni,direction=inbound,dbUsername=sedqu,queryGroup=ipitlabo,application=\"olorinr\",srcHost=gitse6744.api.local,osUsername=neavolup,schemaName=uaturve,dbName=lapa,hdrName=uepor,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=umquamei,event#=nih,createTime=2019-09-19 13:09:05,updateTime=tionev,alertSev=high,group=quia,ruleName=\"eabill\",evntDesc=\"itatiset\",category=uaerat,disposition=met,eventType=isno,proto=icmp,srcPort=2572,srcIP=10.230.48.97,dstPort=1991,dstIP=10.223.10.28,policyName=\"emveleu\",occurrences=4029,httpHost=norumet,webMethod=tconse,url=\"https://mail.example.com/iaturE/inc.htm?uisaut=mnihilm#itinvo\",webQuery=\"lestia\",soapAction=anti,resultCode=eavo,sessionID=enderi,username=erit,addUsername=uptatem,responseTime=reeufug,responseSize=temveleu,direction=unknown,dbUsername=repre,queryGroup=consec,application=\"untmoll\",srcHost=par3605.internal.localdomain,osUsername=usmodte,schemaName=untex,dbName=ommodi,hdrName=ntiu,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.42.231,dstPort=2143,dbUsername=res,srcIP=10.161.212.150,srcPort=2748,creatTime=3 October 2019 20:11:40,srvGroup=corporis,service=turExc,appName=urvelil,event#=ulapa,eventType=Login,usrGroup=abi,usrAuth=False,application=\"ameiusm\",osUsername=tasnul,srcHost=isau4356.www.home,dbName=niamqui,schemaName=sequamn,bindVar=onse,sqlError=failure,respSize=4846,respTime=6.993000,affRows=aliquaUt,action=\"deny\",rawQuery=\"natus\"", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=emp,event#=suscipit,createTime=2019-10-18 03:14:14,updateTime=iaconseq,alertSev=medium,group=sciuntNe,ruleName=\"nevo\",evntDesc=\"stiaec\",category=officia,disposition=ametcon,eventType=gnid,proto=ipv6,srcPort=5677,srcIP=10.226.75.20,dstPort=3896,dstIP=10.247.108.144,policyName=\"iutaliqu\",occurrences=3711,httpHost=onsectet,webMethod=iat,url=\"https://www5.example.org/elaud/temsequ.htm?dolo=iciatisu#eip\",webQuery=\"iquaUte\",soapAction=aborumSe,resultCode=writt,sessionID=dent,username=tema,addUsername=saquaeab,responseTime=rpo,responseSize=inr,direction=internal,dbUsername=edquiac,queryGroup=olore,application=\"urEx\",srcHost=labo3477.www5.domain,osUsername=maccusan,schemaName=fugia,dbName=psa,hdrName=iset,action=\"block\",errormsg=\"success\"", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.192.15.65,dstPort=3328,dbUsername=nimides,srcIP=10.97.22.61,srcPort=6420,creatTime=2019-11-01 10:16:48,srvGroup=labor,service=quelaud,appName=ira,event#=gna,eventType=aparia,usrGroup=ntoreve,usrAuth=remips,application=\"uptatemU\",osUsername=illumd,srcHost=itseddo2209.mail.domain,dbName=olu,schemaName=rExcep,bindVar=turExcep,sqlError=success,respSize=4173,respTime=166.270000,affRows=duntutla,action=\"block\",rawQuery=\"tmollit\"", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,alert#=venia,event#=Loremi,createTime=2019-11-15 17:19:22,updateTime=uisnostr,alertSev=medium,group=vol,ruleName=\"ommodi\",evntDesc=\"ritat\",category=dipi,disposition=asnulapa,eventType=atev,proto=tcp,srcPort=7469,srcIP=10.197.254.133,dstPort=2009,dstIP=10.116.76.161,policyName=\"tla\",occurrences=2608,httpHost=ender,webMethod=quid,url=\"https://mail.example.net/teturad/nimide.htm?ueporroq=writ#ema\",webQuery=\"ioffici\",soapAction=agni,resultCode=tat,sessionID=metconse,username=ide,addUsername=equu,responseTime=pernatur,responseSize=orem,direction=outbound,dbUsername=caecatc,queryGroup=iarc,application=\"emquia\",srcHost=duntutl3396.api.host,osUsername=idu,schemaName=trudex,dbName=ncul,hdrName=mcorpor,action=cancel", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.28.77.79,dstPort=3615,dbUsername=upta,srcIP=10.144.14.15,srcPort=1150,creatTime=30 November 2019 00:21:57,srvGroup=consequ,service=min,appName=riame,event#=gnaal,eventType=Login,usrGroup=nti,usrAuth=True,application=\"tetura\",osUsername=utlab,srcHost=colabo6686.internal.invalid,dbName=uptass,schemaName=rspic,bindVar=itsedq,sqlError=success,respSize=4810,respTime=22.348000,affRows=iut,action=\"deny\",rawQuery=\"nemu\"", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.177.182,dstPort=317,dbUsername=quei,srcIP=10.18.15.43,srcPort=2224,creatTime=2019-12-14 07:24:31,srvGroup=reetdol,service=umtotam,appName=itaedi,event#=ant,eventType=tiumt,usrGroup=taedicta,usrAuth=mveniamq,application=\"exerci\",osUsername=quaturve,srcHost=tsunti1164.www.example,dbName=equatur,schemaName=caecat,bindVar=oreetd,sqlError=unknown,respSize=983,respTime=113.318000,affRows=nderit,action=\"accept\",rawQuery=\"icer\"", "tags": [ diff --git a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml index 5b5ae67afea..e4e9ef3a94b 100644 --- a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Imperva SecureSphere processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/imperva/data_stream/securesphere/sample_event.json b/packages/imperva/data_stream/securesphere/sample_event.json index 83db52d4020..d1c0b81caa3 100644 --- a/packages/imperva/data_stream/securesphere/sample_event.json +++ b/packages/imperva/data_stream/securesphere/sample_event.json @@ -19,7 +19,7 @@ "port": 892 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index eeba87bf5d4..95635f4a575 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: "0.10.1" +version: "0.11.0" description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/infoblox_bloxone_ddi/_dev/build/build.yml b/packages/infoblox_bloxone_ddi/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/infoblox_bloxone_ddi/_dev/build/build.yml +++ b/packages/infoblox_bloxone_ddi/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/infoblox_bloxone_ddi/changelog.yml b/packages/infoblox_bloxone_ddi/changelog.yml index 38f8bf5e7fb..7eaf6efba83 100644 --- a/packages/infoblox_bloxone_ddi/changelog.yml +++ b/packages/infoblox_bloxone_ddi/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '0.1.1' changes: - description: Fix documentation build error. diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json index bbdca4c5c4f..e6529a4d850 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml index b0f1d73624d..780bacbf06a 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DHCP lease logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json index 9af8ef3adac..0aff1c75da3 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json index 89ec403825e..dcce31b3cc0 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/_dev/test/pipeline/test-pipeline-dns-config.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -649,7 +649,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml index 0e61d025ff7..d807b8de3ea 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DNS config logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json index c2849e4b322..6187d4abe36 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/sample_event.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json b/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json index 044d3ead4f3..1b1c8d6274c 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/_dev/test/pipeline/test-pipeline-dns-data.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml index 63d1e8b3690..1d283c497f0 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing DNS data logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json b/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json index 9c800807b8b..e4ae0da81b8 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/sample_event.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", diff --git a/packages/infoblox_bloxone_ddi/docs/README.md b/packages/infoblox_bloxone_ddi/docs/README.md index 5b86bc24bb5..e044d77f671 100644 --- a/packages/infoblox_bloxone_ddi/docs/README.md +++ b/packages/infoblox_bloxone_ddi/docs/README.md @@ -73,7 +73,7 @@ An example event for `dhcp_lease` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", @@ -255,7 +255,7 @@ An example event for `dns_config` looks as following: } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", @@ -1283,7 +1283,7 @@ An example event for `dns_data` looks as following: } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "40a09f39-a5b9-4b21-8605-6f6e9cd36138", diff --git a/packages/infoblox_bloxone_ddi/manifest.yml b/packages/infoblox_bloxone_ddi/manifest.yml index 5c792577316..f46270abde8 100644 --- a/packages/infoblox_bloxone_ddi/manifest.yml +++ b/packages/infoblox_bloxone_ddi/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_bloxone_ddi title: Infoblox BloxOne DDI -version: '0.1.1' +version: "0.2.0" license: basic description: Collect logs from Infoblox BloxOne DDI with Elastic Agent. type: integration diff --git a/packages/infoblox_nios/_dev/build/build.yml b/packages/infoblox_nios/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/infoblox_nios/_dev/build/build.yml +++ b/packages/infoblox_nios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 9d31c2a2dcb..3cb73215a06 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,5 +1,8 @@ -# newer versions go on top - +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '1.3.3' changes: - description: Little Bugfix for timezone handling on the @timestamp field diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json index 75d4dcbd628..707baf43f12 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-03-18T13:24:41.705Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logout", @@ -57,7 +57,7 @@ { "@timestamp": "2022-04-13T16:44:36.850Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_denied", @@ -112,7 +112,7 @@ { "@timestamp": "2022-03-21T08:53:51.087Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_allowed", @@ -171,7 +171,7 @@ { "@timestamp": "2011-10-19T19:48:37.299Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_allowed", @@ -224,7 +224,7 @@ { "@timestamp": "2011-10-19T14:02:32.750Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login_denied", @@ -273,7 +273,7 @@ { "@timestamp": "2011-10-19T12:43:47.375Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "first_login", @@ -321,7 +321,7 @@ { "@timestamp": "2011-10-19T13:07:33.343Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password_reset_error", @@ -366,7 +366,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified", @@ -413,7 +413,7 @@ { "@timestamp": "2022-03-24T09:37:29.261Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -460,7 +460,7 @@ { "@timestamp": "2022-03-18T11:46:38.877Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified", @@ -507,7 +507,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "called", @@ -553,7 +553,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -600,7 +600,7 @@ { "@timestamp": "2022-03-24T09:28:24.476Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "called", @@ -646,7 +646,7 @@ { "@timestamp": "2022-03-21T15:08:08.238Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -693,7 +693,7 @@ { "@timestamp": "2022-03-21T15:08:08.239Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -740,7 +740,7 @@ { "@timestamp": "2022-03-21T15:08:48.455Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted", @@ -787,7 +787,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted", @@ -834,7 +834,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", @@ -881,7 +881,7 @@ { "@timestamp": "2022-03-22T13:26:54.596Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified", @@ -928,7 +928,7 @@ { "@timestamp": "2022-03-18T12:40:05.241Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified", @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-18T13:40:05.000Z", @@ -1006,7 +1006,7 @@ { "@timestamp": "2022-03-29T19:29:20.468Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "called", @@ -1049,7 +1049,7 @@ { "@timestamp": "2022-03-21T17:19:02.204Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified", @@ -1092,7 +1092,7 @@ { "@timestamp": "2022-03-29T18:30:58.656Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json index 5eccad59648..6d344d52bd5 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json @@ -7,7 +7,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -52,7 +52,7 @@ "mac": "00-50-56-81-14-6C" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -99,7 +99,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdiscover", @@ -148,7 +148,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdiscover", @@ -199,7 +199,7 @@ "mac": "00-50-56-83-D0-F6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdiscover", @@ -249,7 +249,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdiscover", @@ -295,7 +295,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdiscover", @@ -347,7 +347,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -408,7 +408,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -468,7 +468,7 @@ "mac": "26-9A-76-87-8A-06" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -525,7 +525,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -584,7 +584,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -642,7 +642,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -702,7 +702,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -759,7 +759,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -815,7 +815,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -866,7 +866,7 @@ "mac": "00-50-56-83-D3-83" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -923,7 +923,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -979,7 +979,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -1033,7 +1033,7 @@ "mac": "00-50-56-83-96-03" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -1086,7 +1086,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -1136,7 +1136,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -1189,7 +1189,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprequest", @@ -1247,7 +1247,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1308,7 +1308,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1368,7 +1368,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpoffer", @@ -1424,7 +1424,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1483,7 +1483,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1541,7 +1541,7 @@ "mac": "00-00-00-00-00-00" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1602,7 +1602,7 @@ "mac": "9A-DF-6E-F6-1F-23" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1657,7 +1657,7 @@ "mac": "CC-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpack", @@ -1715,7 +1715,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprelease", @@ -1771,7 +1771,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcprelease", @@ -1824,7 +1824,7 @@ "mac": "00-50-56-83-6C-A0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpexpire", @@ -1867,7 +1867,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpinform", @@ -1915,7 +1915,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpinform", @@ -1962,7 +1962,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpinform", @@ -2016,7 +2016,7 @@ "mac": "34-29-8F-71-B8-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdecline", @@ -2068,7 +2068,7 @@ "mac": "00-C0-DD-07-18-E2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpdecline", @@ -2121,7 +2121,7 @@ "mac": "F4-30-B9-17-AB-0E" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpnak", @@ -2170,7 +2170,7 @@ "ip": "192.168.0.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpleasequery", @@ -2215,7 +2215,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2254,7 +2254,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2293,7 +2293,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2332,7 +2332,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2371,7 +2371,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2410,7 +2410,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2449,7 +2449,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2488,7 +2488,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2527,7 +2527,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2566,7 +2566,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2605,7 +2605,7 @@ { "@timestamp": "2022-03-27T08:32:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-27T08:32:59.000Z", @@ -2648,7 +2648,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "encapsulated solicit", @@ -2693,7 +2693,7 @@ "ip": "2a02:cf40::" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "advertise na", @@ -2740,7 +2740,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "relay-forward", @@ -2788,7 +2788,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "encapsulating advertise", @@ -2830,7 +2830,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sending relay-reply", diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index ea0e0fe6a4d..2c7cc5378fa 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -41,7 +41,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -101,7 +101,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -181,7 +181,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -244,7 +244,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -328,7 +328,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -379,7 +379,7 @@ "port": 59735 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-09T23:59:59.000Z", @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-09T23:59:59.000Z", @@ -481,7 +481,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -580,7 +580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -691,7 +691,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -737,7 +737,7 @@ "port": 46982 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -841,7 +841,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -894,7 +894,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -947,7 +947,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -989,7 +989,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1033,7 +1033,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1123,7 +1123,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-03-11T23:51:31.000Z", @@ -1175,7 +1175,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-04-14T16:17:20.000Z", @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-04-14T16:16:05.000Z", @@ -1288,7 +1288,7 @@ "port": 64727 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-04-14T16:16:05.000Z", @@ -1364,7 +1364,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2022-10-04T10:18:07.000Z", diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 21357a16582..de92e6ec85c 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: field: event.original patterns: diff --git a/packages/infoblox_nios/data_stream/log/sample_event.json b/packages/infoblox_nios/data_stream/log/sample_event.json index 1743327eb02..974238a493f 100644 --- a/packages/infoblox_nios/data_stream/log/sample_event.json +++ b/packages/infoblox_nios/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4d88038c-4b3b-4bb4-95f4-cc5789c88852", diff --git a/packages/infoblox_nios/docs/README.md b/packages/infoblox_nios/docs/README.md index 56530394679..3e7a03236b0 100644 --- a/packages/infoblox_nios/docs/README.md +++ b/packages/infoblox_nios/docs/README.md @@ -161,7 +161,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4d88038c-4b3b-4bb4-95f4-cc5789c88852", diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index a9c8dd0e428..aec169c1b5a 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: '1.3.3' +version: "1.4.0" license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration diff --git a/packages/iptables/_dev/build/build.yml b/packages/iptables/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/iptables/_dev/build/build.yml +++ b/packages/iptables/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index d1008999356..a66b2fbd3b3 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.0" changes: - description: Allow parsing of ulogd v2 TOS field in logs. diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json index 562011f38ab..6edc0ca579a 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -108,7 +108,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -208,7 +208,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -302,7 +302,7 @@ "mac": "90-10-28-5F-62-24" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -438,7 +438,7 @@ "port": 1433 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -502,7 +502,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -581,7 +581,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -660,7 +660,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -739,7 +739,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -803,7 +803,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -870,7 +870,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -937,7 +937,7 @@ "port": 139 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -1001,7 +1001,7 @@ "port": 8088 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop_input", @@ -1072,7 +1072,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1135,7 +1135,7 @@ "mac": "90-10-12-34-56-78" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1204,7 +1204,7 @@ "port": 48689 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -1348,7 +1348,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -1431,7 +1431,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -1506,7 +1506,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -1581,7 +1581,7 @@ "port": 9000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1633,7 +1633,7 @@ "mac": "0A-EA-10-00-F0-06" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json index d0757913c9f..6f67920fb33 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json @@ -20,7 +20,7 @@ "port": 40702 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json index 8c4f64f357f..c7ac13ff5b6 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json @@ -20,7 +20,7 @@ "port": 48689 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -88,7 +88,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -164,7 +164,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -247,7 +247,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -322,7 +322,7 @@ "port": 1443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "accept", @@ -395,7 +395,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -437,7 +437,7 @@ "port": 7914 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "port": 51179 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -520,7 +520,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -562,7 +562,7 @@ "port": 51182 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -603,7 +603,7 @@ "port": 49209 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0be900eb1b8..915d5e6ef9e 100644 --- a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for iptables logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # These two fields are treated as immutable in the case reindexing. - set: diff --git a/packages/iptables/data_stream/log/sample_event.json b/packages/iptables/data_stream/log/sample_event.json index 8b0dfd088de..bfa4d719509 100644 --- a/packages/iptables/data_stream/log/sample_event.json +++ b/packages/iptables/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "660f37cf-e109-4766-b85b-8150ca4cd173", diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 69e36e147c0..35515ebbeb9 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "660f37cf-e109-4766-b85b-8150ca4cd173", diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 70555d5bdb1..b5262b4aeec 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.1.0" +version: "1.2.0" release: ga description: Collect logs from Iptables with Elastic Agent. type: integration diff --git a/packages/jamf_compliance_reporter/_dev/build/build.yml b/packages/jamf_compliance_reporter/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/jamf_compliance_reporter/_dev/build/build.yml +++ b/packages/jamf_compliance_reporter/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/jamf_compliance_reporter/changelog.yml b/packages/jamf_compliance_reporter/changelog.yml index 2468e638dcf..69ad82ae7d9 100644 --- a/packages/jamf_compliance_reporter/changelog.yml +++ b/packages/jamf_compliance_reporter/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.2.1" changes: - description: Remove duplicate field. diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json index a7c0e018908..054fd422ddc 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-app-metrics.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-15T18:30:27.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "app_metrics", diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json index 9c233d73a97..dd9d4642917 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-04T01:56:59.281Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -143,7 +143,7 @@ { "@timestamp": "2019-10-15T18:33:10.518Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -274,7 +274,7 @@ { "@timestamp": "2019-10-15T18:31:00.736Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -419,7 +419,7 @@ { "@timestamp": "2019-10-04T02:06:53.885Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -563,7 +563,7 @@ { "@timestamp": "2019-10-13T07:35:04.499Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -726,7 +726,7 @@ { "@timestamp": "2019-10-15T18:34:41.174Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "150" @@ -867,7 +867,7 @@ { "@timestamp": "2019-10-15T18:30:12.223Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1045,7 +1045,7 @@ { "@timestamp": "2019-10-04T02:07:12.671Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1183,7 +1183,7 @@ { "@timestamp": "2019-10-02T16:21:03.400Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1320,7 +1320,7 @@ { "@timestamp": "2019-10-15T17:57:25.519Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1450,7 +1450,7 @@ { "@timestamp": "2019-10-04T02:07:20.363Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1629,7 +1629,7 @@ { "@timestamp": "2019-10-15T18:23:50.822Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1770,7 +1770,7 @@ { "@timestamp": "2019-10-10T21:16:18.957Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -1909,7 +1909,7 @@ { "@timestamp": "2019-10-10T21:17:59.235Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2042,7 +2042,7 @@ { "@timestamp": "2019-10-15T18:17:16.978Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2183,7 +2183,7 @@ { "@timestamp": "2019-10-15T17:37:31.350Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2343,7 +2343,7 @@ { "@timestamp": "2019-10-04T02:07:03.295Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2464,7 +2464,7 @@ { "@timestamp": "2019-10-15T18:34:40.882Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2619,7 +2619,7 @@ { "@timestamp": "2019-10-15T15:16:00.270Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2763,7 +2763,7 @@ { "@timestamp": "2019-10-10T17:56:24.088Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -2903,7 +2903,7 @@ { "@timestamp": "2019-10-15T18:25:30.525Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3018,7 +3018,7 @@ { "@timestamp": "2019-10-15T18:25:54.133Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3133,7 +3133,7 @@ { "@timestamp": "2019-10-15T18:33:06.553Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3248,7 +3248,7 @@ { "@timestamp": "2019-10-15T17:57:31.064Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3363,7 +3363,7 @@ { "@timestamp": "2019-10-04T02:07:15.007Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3497,7 +3497,7 @@ { "@timestamp": "2019-10-04T01:57:00.582Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3628,7 +3628,7 @@ { "@timestamp": "2019-10-13T22:24:19.201Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3757,7 +3757,7 @@ { "@timestamp": "2019-10-04T01:57:00.567Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -3888,7 +3888,7 @@ { "@timestamp": "2019-10-04T01:57:00.560Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4021,7 +4021,7 @@ { "@timestamp": "2019-10-15T15:16:00.338Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4159,7 +4159,7 @@ { "@timestamp": "2019-10-15T15:16:00.338Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4291,7 +4291,7 @@ { "@timestamp": "2019-10-15T16:59:30.567Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4424,7 +4424,7 @@ { "@timestamp": "2019-10-04T02:07:19.630Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4598,7 +4598,7 @@ { "@timestamp": "2019-10-04T02:07:19.468Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4724,7 +4724,7 @@ { "@timestamp": "2019-10-15T17:37:31.441Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "0" @@ -4879,7 +4879,7 @@ { "@timestamp": "2019-10-04T02:07:12.671Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "10" diff --git a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json index c93c7740eaa..fb871d80dc6 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json +++ b/packages/jamf_compliance_reporter/data_stream/log/_dev/test/pipeline/test-pipeline-event.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-14T01:49:46.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audio_video_device_event", @@ -61,7 +61,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "audit_class_verification_event", @@ -117,7 +117,7 @@ { "@timestamp": "2019-10-12T14:32:01.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "compliance_reporter_tamper_event", @@ -201,7 +201,7 @@ { "@timestamp": "2019-10-15T18:34:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_event", @@ -285,7 +285,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "gatekeeper_info_event", @@ -338,7 +338,7 @@ { "@timestamp": "2019-10-04T02:25:42.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "gatekeeper_manual_overrides", @@ -480,7 +480,7 @@ { "@timestamp": "2019-10-15T18:30:11.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "gatekeeper_quarantine_log", @@ -542,7 +542,7 @@ { "@timestamp": "2019-10-14T01:15:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "hardware_event", @@ -617,7 +617,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "license_info_event", @@ -677,7 +677,7 @@ { "@timestamp": "2019-10-02T16:17:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "preference_list_event", @@ -781,7 +781,7 @@ { "@timestamp": "2019-10-06T23:37:31.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "print_event_information", @@ -844,7 +844,7 @@ { "@timestamp": "2020-07-10T19:32:06.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "prohibited_app_blocked", @@ -991,7 +991,7 @@ { "@timestamp": "2019-10-14T14:18:07.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "signal_event", @@ -1041,7 +1041,7 @@ { "@timestamp": "2019-10-15T18:19:10.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "unified_log_event", @@ -1125,7 +1125,7 @@ { "@timestamp": "2019-10-12T14:32:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "xprotect_definitions_version_info", @@ -1180,7 +1180,7 @@ { "@timestamp": "2019-10-11T19:17:42.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "xprotect_event_log", diff --git a/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c46da7db37a..f7613a07331 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_compliance_reporter/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Jamf Compliance Reporter logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/jamf_compliance_reporter/data_stream/log/sample_event.json b/packages/jamf_compliance_reporter/data_stream/log/sample_event.json index 3cb55d32189..bc08583f37b 100644 --- a/packages/jamf_compliance_reporter/data_stream/log/sample_event.json +++ b/packages/jamf_compliance_reporter/data_stream/log/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "985a5119-d47f-4fe6-82fb-657252e78af0", diff --git a/packages/jamf_compliance_reporter/docs/README.md b/packages/jamf_compliance_reporter/docs/README.md index 1bdc04b9e37..5e4d125a88c 100644 --- a/packages/jamf_compliance_reporter/docs/README.md +++ b/packages/jamf_compliance_reporter/docs/README.md @@ -82,7 +82,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.2.0" + "version": "8.5.0" }, "elastic_agent": { "id": "985a5119-d47f-4fe6-82fb-657252e78af0", diff --git a/packages/jamf_compliance_reporter/manifest.yml b/packages/jamf_compliance_reporter/manifest.yml index abca6d10740..246c25cb385 100644 --- a/packages/jamf_compliance_reporter/manifest.yml +++ b/packages/jamf_compliance_reporter/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: jamf_compliance_reporter title: Jamf Compliance Reporter -version: 0.2.1 +version: "0.3.0" license: basic description: Collect logs from Jamf Compliance Reporter with Elastic Agent. type: integration diff --git a/packages/juniper_junos/_dev/build/build.yml b/packages/juniper_junos/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/juniper_junos/_dev/build/build.yml +++ b/packages/juniper_junos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index 6f1e621514b..1865d08f82c 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.4.2" changes: - description: Remove duplicate field. diff --git a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 93260253347..736f880bf77 100644 --- a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 29 06:09:59 ceroinBC.exe[6713]: RPD_SCHED_TASK_LONGRUNTIME: : exe ran for 7309(5049)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 12 13:12:33 DCD_FILTER_LIB_ERROR message repeated [7608]: llu: Filter library initialization failed", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 26 20:15:08 MIB2D_TRAP_SEND_FAILURE: restart [6747]: sum: uaerat: cancel: success", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 12 03:17:42 seq olorema6148.www.localdomain: fug5500.www.domain IFP trace\u003e node: dqu", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 26 10:20:16 ssb SNMPD_CONTEXT_ERROR: [7400]: emq: isiu: success in 6237 context 5367", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 9 17:22:51 RPD_KRT_IFL_CELL_RELAY_MODE_UNSPECIFIED: restart [7618]: ionul: ifl : nibus, unknown", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 24 00:25:25 CHASSISD_SNMP_TRAP10 message repeated [1284]: ume: SNMP trap: failure: ono", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 8 07:27:59 sunt prehen6218.www.localhost: onse.exe[254]: RPD_KRT_IFL_CELL_RELAY_MODE_INVALID: : ifl : inibusBo, failure", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 22 14:30:33 iamquis quirat6972.www5.lan: isc.exe[3237]: SNMPD_USER_ERROR: : conseq: unknown in 6404 user 'atiset' 4068", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 5 21:33:08 fpc9 RPD_TASK_REINIT: [4621]: lita: Reinitializing", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 20 04:35:42 fpc4 LOGIN_FAILED: [2227]: oinBC: Login failed for user quameius from host ipsumdol4488.api.localdomain", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 4 11:38:16 NASD_PPP_SEND_PARTIAL: restart [3994]: aper: Unable to send all of message: santiumd", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 18 18:40:50 UI_COMMIT_AT_FAILED message repeated [7440]: temqu: success, minimav", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 2 01:43:25 rnatur ofdeFin7811.lan: emipsumd.exe[5020]: BOOTPD_NEW_CONF: : New configuration installed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 16 08:45:59 RPD_RIP_JOIN_MULTICAST message repeated [60]: onemulla: Unable to join multicast group enp0s4292: unknown", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 30 15:48:33 FSAD_TERMINATED_CONNECTION: restart [6703]: xea: Open file ites` closed due to unknown", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 13 22:51:07 RPD_KRT_IFL_GENERATION message repeated [5539]: eri: ifl lo2169 generation mismatch -- unknown", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 28 05:53:42 cfeb UI_COMMIT_ROLLBACK_FAILED: [3453]: avolu: Automatic rollback failed", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 12 12:56:16 mquisn.exe[3993]: RMOPD_usage : failure: midest", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 26 19:58:50 undeomni.exe[4938]: RPD_ISIS_LSPCKSUM: : IS-IS 715 LSP checksum error, interface enp0s1965, LSP id tasun, sequence 3203, checksum eratv, lifetime ipsa", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 10 03:01:24 kmd: restart ", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 24 10:03:59 ever.exe[6463]: LOGIN_FAILED: : Login failed for user atq from host erspi4926.www5.test", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 8 17:06:33 CHASSISD_MBUS_ERROR message repeated [72]: iadese: nisiu imad: management bus failed sanity test", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 23 00:09:07 niamquis.exe[1471]: TFTPD_NAK_ERR : nak error ptatems, 357", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 6 07:11:41 UI_DUPLICATE_UID: restart [3350]: atqu: Users naturau have the same UID olorsita", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 20 14:14:16 piscivel.exe[4753]: TFTPD_CREATE_ERR: : check_space unknown", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 3 21:16:50 fpc4 RPD_START: [1269]: riat: Start 181 version version built 7425", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 18 04:19:24 fpc2 COSMAN: : uptasnul: delete class_to_ifl table 2069, ifl 3693", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 4 11:21:59 orum oinBCSed3073.www.lan: ilm.exe[3193]: SNMPD_TRAP_QUEUE_MAX_ATTEMPTS: : fugiatqu: after 4003 attempts, deleting 4568 traps queued to exercita", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 18 18:24:33 TFTPD_BIND_ERR: restart [1431]: ntut: bind: failure", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 2 01:27:07 lite ugia517.api.host: doei.exe[7073]: RPD_LDP_SESSIONDOWN: : LDP session 10.88.126.165 is down, failure", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 16 08:29:41 fpc6 SNMPD_CONTEXT_ERROR: [180]: eturadip: ent: unknown in 5848 context 316", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 30 15:32:16 NASD_CHAP_INVALID_CHAP_IDENTIFIER message repeated [796]: iumdo: lo2721: received aturv expected CHAP ID: ectetura", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 14 22:34:50 UI_LOAD_EVENT message repeated [6342]: seq: User 'moll' is performing a 'allow'", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 29 05:37:24 fdeFin.exe[4053]: SNMP_TRAP_TRACE_ROUTE_TEST_FAILED : traceRouteCtlOwnerIndex = 1450, traceRouteCtlTestName = edic", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 12 12:39:58 SNMPD_RTSLIB_ASYNC_EVENT: restart [508]: uae: oremip: sequence mismatch failure", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 26 19:42:33 tesse olupta2743.internal.localdomain: ine.exe[3181]: BOOTPD_TIMEOUT: : Timeout success unreasonable", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 11 02:45:07 NASD_RADIUS_MESSAGE_UNEXPECTED message repeated [33]: abore: Unknown response from RADIUS server: unknown", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 25 09:47:41 PWC_LOCKFILE_BAD_FORMAT: restart [3426]: illum: PID lock file has bad format: eprehe", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 8 16:50:15 snostr.exe[1613]: RPD_KRT_AFUNSUPRT : tec: received itaspe message with unsupported address family 4176", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 22 23:52:50 oreeufug.exe[6086]: PWC_PROCESS_FORCED_HOLD : Process plicaboN forcing hold down of child 619 until signal", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 6 06:55:24 MIB2D_IFL_IFINDEX_FAILURE message repeated [4115]: tiu: SNMP index assigned to wri changed from 3902 to unknown", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 20 13:57:58 mwr cia5990.api.localdomain: pitlabo.exe[3498]: UI_DBASE_MISMATCH_MAJOR: : Database header major version number mismatch for file 'ende': expecting 6053, got 4884", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 4 21:00:32 iuntN utfugi851.www5.invalid: nul.exe[1005]: SNMPD_VIEW_INSTALL_DEFAULT: : eetdo: success installing default 1243 view 5146", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 19 04:03:07 DCD_PARSE_STATE_EMERGENCY message repeated [2498]: uptatem: An unhandled state was encountered during interface parsing", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 2 11:05:41 loremagn acons3820.internal.home: ain.exe[7192]: LOGIN_PAM_MAX_RETRIES: : Too many retries while authenticating user iquipex", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 16 18:08:15 onorume.exe[3290]: BOOTPD_NO_BOOTSTRING : No boot string found for type veleu", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 1 01:10:49 eirured sequamn5243.mail.home: sshd: sshd: SSHD_LOGIN_FAILED: Login failed for user 'ciatisun' from host '10.252.209.246'.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 15 08:13:24 COS: restart : Received FC-\u003eQ map, caecat", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 29 15:15:58 cgatool message repeated : nvolupta: generated address is success", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 12 22:18:32 CHASSISD_SNMP_TRAP6 message repeated [4667]: idolor: SNMP trap generated: success (les)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 27 05:21:06 ssb FLOW_REASSEMBLE_SUCCEED: : Packet merged source 10.102.228.136 destination 10.151.136.250 ipid upt succeed", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 10 12:23:41 DFWD_PARSE_FILTER_EMERGENCY message repeated [2037]: serrorsi: tsedquia encountered errors while parsing filter index file", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 24 19:26:15 remips laboreet5949.mail.test: tesse.exe[4358]: RPD_LDP_SESSIONDOWN: : LDP session 10.148.255.126 is down, unknown", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 11 02:28:49 fpc2 NASD_CHAP_REPLAY_ATTACK_DETECTED: [mipsumqu]: turad: eth680.6195: received doloremi unknown.iciatis", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 25 09:31:24 rema mcol7795.domain: mquis lsys_ssam_handler: : processing lsys root-logical-system tur", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 8 16:33:58 UI_LOST_CONN message repeated [7847]: loreeuf: Lost connection to daemon orainci", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 22 23:36:32 PWC_PROCESS_HOLD: restart [1791]: itse: Process lapari holding down child 2702 until signal", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 7 06:39:06 undeo ficiade4365.mail.domain: norum.exe[4443]: LIBSERVICED_SOCKET_BIND: : dantium: unable to bind socket ors: failure", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 21 13:41:41 liq eleumiu2852.lan: mfugiat.exe[3946]: LOGIN_FAILED: : Login failed for user olu from host mSect5899.domain", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 4 20:44:15 idolo.exe[6535]: MIB2D_IFL_IFINDEX_FAILURE: : SNMP index assigned to deseru changed from 6460 to unknown", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 19 03:46:49 modtempo.exe[5276]: CHASSISD_RELEASE_MASTERSHIP: : Release mastership notification", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 3 10:49:23 fpc4 PWC_PROCESS_HOLD: [3450]: dexea: Process aturExc holding down child 7343 until signal", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 17 17:51:58 ame.exe[226]: SERVICED_RTSOCK_SEQUENCE : boreet: routing socket sequence error, unknown", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 1 00:54:32 consect6919.mail.localdomain iset.exe[940]: idpinfo: urere", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 15 07:57:06 RPD_KRT_NOIFD: restart [4822]: oreeufug: No device 5020 for interface lo4593", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 29 14:59:40 eprehen oinB3432.api.invalid: citatio.exe[5029]: craftd: , unknown", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 12 22:02:15 ACCT_CU_RTSLIB_error message repeated [7583]: eetd: liquide getting class usage statistics for interface enp0s2674: success", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 27 05:04:49 userro oree nimadmi7341.www.home RT_FLOW - kmd [", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 11 12:07:23 LOGIN_PAM_NONLOCAL_USER: restart [686]: rauto: User rese authenticated but has no local login ID", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 25 19:09:57 doconse.exe[6184]: RPD_KRT_NOIFD : No device 5991 for interface enp0s7694", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 9 02:12:32 quidolor1064.www.domain: uspinfo: : flow_print_session_summary_output received rcita", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 23 09:15:06 RPD_TASK_REINIT: restart [1810]: mfugi: Reinitializing", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 7 16:17:40 inibusBo.exe[2509]: ECCD_TRACE_FILE_OPEN_FAILED : allow: failure", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 21 23:20:14 ECCD_TRACE_FILE_OPEN_FAILED message repeated [2815]: rudexer: accept: unknown", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 5 06:22:49 eseosqu oeius641.api.home: laud.exe[913]: LOGIN_FAILED: : Login failed for user turQ from host tod6376.mail.host", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jan 19 13:25:23 ine.exe[1578]: FSAD_CONNTIMEDOUT : Connection timed out to the client (oreve2538.www.localdomain, 10.44.24.103) having request type reprehen", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 2 20:27:57 UI_SCHEMA_SEQUENCE_ERROR: restart [734]: rinre: Schema sequence number mismatch", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Feb 17 03:30:32 LIBJNX_EXEC_PIPE: restart [946]: olors: Unable to create pipes for command 'deny': unknown", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 3 10:33:06 UI_DBASE_MISMATCH_EXTENT: restart [4686]: isnost: Database header extent mismatch for file 'lumdolor': expecting 559, got 7339", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Mar 17 17:35:40 NASD_usage message repeated [7744]: eumfu: unknown: quidex", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 1 00:38:14 /kmd: ", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 15 07:40:49 sshd message repeated : very-high: can't get client address: unknown", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Apr 29 14:43:23 fpc4 RPD_LDP_NBRUP: [4279]: stlaboru: LDP neighbor 10.248.68.242 (eth1282) is success", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 13 21:45:57 uun iduntutl4723.example: uel.exe[5770]: SNMPD_TRAP_QUEUE_DRAINED: : metco: traps queued to vel sent successfully", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 28 04:48:31 fpc8 ECCD_PCI_WRITE_FAILED: [4837]: radip: cancel: success", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 11 11:51:06 TFTPD_RECVCOMPLETE_INFO message repeated [7501]: piciatis: Received 3501 blocks of 5877 size for file 'tatisetq'", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jun 25 18:53:40 usp_trace_ipc_reconnect message repeated illum.exe:USP trace client cannot reconnect to server", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 10 01:56:14 amnis atevelit2799.internal.host: tatiset.exe IFP trace\u003e BCHIP: : cannot write ucode mask reg", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Jul 24 08:58:48 RPD_MPLS_LSP_DOWN message repeated [5094]: moditemp: MPLS LSP eth2042 unknown", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 7 16:01:23 CHASSISD_PARSE_INIT: restart [4153]: uatDuisa: Parsing configuration file 'usB'", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Aug 21 23:03:57 RMOPD_ROUTING_INSTANCE_NO_INFO: restart [6922]: upidatat: No information for routing instance non: failure", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 5 06:06:31 Utenimad.exe[4305]: CHASSISD_TERM_SIGNAL: : Received SIGTERM request, success", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Sep 19 13:09:05 tseddo.exe[484]: RPD_OSPF_NBRUP : OSPF neighbor 10.49.190.163 (lo50) aUteni due to failure", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 3 20:11:40 cfeb NASD_usage: [6968]: litseddo: failure: metconse", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Oct 18 03:14:14 RPD_LDP_NBRDOWN message repeated [4598]: emu: LDP neighbor 10.101.99.109 (eth4282) is success", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 1 10:16:48 RPD_RDISC_NOMULTI message repeated [4764]: con: Ignoring interface 594 on lo7449 -- unknown", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 15 17:19:22 BOOTPD_NEW_CONF: restart [1768]: isquames: New configuration installed", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Nov 30 00:21:57 SNMP_TRAP_LINK_DOWN message repeated [7368]: ngelit: ifIndex 4197, ifAdminStatus ons, ifOperStatus unknown, ifName lo3193", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "Dec 14 07:24:31 MIB2D_ATM_ERROR message repeated [4927]: udexerci: voluptat: failure", "tags": [ diff --git a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 62c896785b4..6b537dbe6cf 100644 --- a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Juniper JUNOS processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_junos/data_stream/log/sample_event.json b/packages/juniper_junos/data_stream/log/sample_event.json index e37da3517d6..b6ea40937e7 100644 --- a/packages/juniper_junos/data_stream/log/sample_event.json +++ b/packages/juniper_junos/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/docs/README.md b/packages/juniper_junos/docs/README.md index 35e66eba67c..e4280a9eeef 100644 --- a/packages/juniper_junos/docs/README.md +++ b/packages/juniper_junos/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 5c42b41dd6d..aa1feae9667 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: "0.4.2" +version: "0.5.0" description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_netscreen/_dev/build/build.yml b/packages/juniper_netscreen/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/juniper_netscreen/_dev/build/build.yml +++ b/packages/juniper_netscreen/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 0f7c677efaa..686ed5afaf0 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.4.2" changes: - description: Remove duplicate field. diff --git a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 2a89fa3b7c7..cdb1706854f 100644 --- a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF)", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 .", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo)", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33)", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25)", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi.", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User \"ntiumto\" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07)", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet.", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem.", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam)", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu \u003e nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)\u003c\u003ccolabori\u003e", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 .", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15)", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58)", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06)", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe.", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24)", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-\u003e untrust-vr: exer", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router \"asper\" used by OSPF, BGP routing instances id has been uninitialized. (dictasun)", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32)", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06)", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57)", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users.", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49)", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31)", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected!", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57)", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40)", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22)", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57)", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change", "tags": [ diff --git a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml index cfdf8864435..afd64477270 100644 --- a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Netscreen processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_netscreen/data_stream/log/sample_event.json b/packages/juniper_netscreen/data_stream/log/sample_event.json index 981f92eb79c..b5c8f727f55 100644 --- a/packages/juniper_netscreen/data_stream/log/sample_event.json +++ b/packages/juniper_netscreen/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "11de7269-3d5a-4523-8b1f-e40ea1e2be97", diff --git a/packages/juniper_netscreen/docs/README.md b/packages/juniper_netscreen/docs/README.md index a0e1544b4e9..8aba3f3ce07 100644 --- a/packages/juniper_netscreen/docs/README.md +++ b/packages/juniper_netscreen/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "11de7269-3d5a-4523-8b1f-e40ea1e2be97", diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index d8dec961332..201e48caf59 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: "0.4.2" +version: "0.5.0" description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/_dev/build/build.yml b/packages/juniper_srx/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/juniper_srx/_dev/build/build.yml +++ b/packages/juniper_srx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 401ebe83774..1559c465772 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.2" changes: - description: Remove duplicate field. diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json index a3c472b1886..ea9aebaad71 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware_detected", @@ -105,7 +105,7 @@ { "@timestamp": "2016-09-20T17:43:30.330Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware_detected", @@ -168,7 +168,7 @@ { "@timestamp": "2016-09-20T17:40:30.050Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json index 4174f181ff2..9c318b566b2 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json @@ -30,7 +30,7 @@ "port": 10400 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -131,7 +131,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_deny", @@ -225,7 +225,7 @@ "port": 2003 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_deny", @@ -337,7 +337,7 @@ "port": 902 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -463,7 +463,7 @@ "port": 768 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -579,7 +579,7 @@ "port": 46384 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -689,7 +689,7 @@ "port": 46384 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -809,7 +809,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -926,7 +926,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -1045,7 +1045,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -1177,7 +1177,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -1287,7 +1287,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -1407,7 +1407,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1526,7 +1526,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1654,7 +1654,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -1784,7 +1784,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1921,7 +1921,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2056,7 +2056,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -2192,7 +2192,7 @@ "port": 768 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2301,7 +2301,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_deny", @@ -2406,7 +2406,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -2546,7 +2546,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2667,7 +2667,7 @@ "port": 8883 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", @@ -2794,7 +2794,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2909,7 +2909,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_close", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json index 91ca4599ebb..6af0a2a2943 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json @@ -22,7 +22,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security_threat", @@ -150,7 +150,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security_threat", @@ -278,7 +278,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security_threat", @@ -397,7 +397,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "security_threat", @@ -501,7 +501,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application_ddos", @@ -577,7 +577,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application_ddos", @@ -672,7 +672,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application_ddos", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json index 041fdd6e861..1253bfefc2e 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json @@ -23,7 +23,7 @@ "port": 1433 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sweep_detected", @@ -114,7 +114,7 @@ "port": 139 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack_detected", @@ -204,7 +204,7 @@ "port": 50010 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flood_detected", @@ -298,7 +298,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flood_detected", @@ -389,7 +389,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "fragment_detected", @@ -478,7 +478,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -567,7 +567,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tunneling_screen", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "tunneling_screen", @@ -748,7 +748,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flood_detected", @@ -807,7 +807,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flood_detected", @@ -883,7 +883,7 @@ "port": 10778 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "scan_detected", @@ -953,7 +953,7 @@ "port": 7 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "illegal_tcp_flag_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json index daf7a83204a..966fdc54a9f 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json @@ -23,7 +23,7 @@ "port": 24039 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware_detected", @@ -127,7 +127,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "malware_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json index fb458d6a3de..73cdbe909cb 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "web_filter", @@ -113,7 +113,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -199,7 +199,7 @@ "port": 47095 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "virus_detected", @@ -299,7 +299,7 @@ "port": 33578 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -387,7 +387,7 @@ "port": 51727 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -444,7 +444,7 @@ "ip": "10.10.10.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "antispam_filter", @@ -515,7 +515,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "content_filter", @@ -610,7 +610,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "web_filter", @@ -700,7 +700,7 @@ "port": 47095 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "virus_detected", @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -889,7 +889,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "web_filter", @@ -969,7 +969,7 @@ "port": 58954 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f9086cb5e86..387edc086c1 100644 --- a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ description: Pipeline for parsing junipersrx firewall logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/juniper_srx/data_stream/log/sample_event.json b/packages/juniper_srx/data_stream/log/sample_event.json index 2f4880e6c7e..00908cb22b7 100644 --- a/packages/juniper_srx/data_stream/log/sample_event.json +++ b/packages/juniper_srx/data_stream/log/sample_event.json @@ -33,7 +33,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index 9bf889cc4ac..a522996b98c 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: "1.5.2" +version: "1.6.0" description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/keycloak/_dev/build/build.yml b/packages/keycloak/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/keycloak/_dev/build/build.yml +++ b/packages/keycloak/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index b00d03589f3..72b74470af5 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 61663db90c2..530c8523f82 100644 --- a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-22T21:01:42.548-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'", @@ -26,7 +26,7 @@ { "@timestamp": "2021-10-22T21:01:42.667-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication", @@ -49,7 +49,7 @@ { "@timestamp": "2021-10-22T21:01:42.912-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ", @@ -72,7 +72,7 @@ { "@timestamp": "2021-10-22T21:01:43.208-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ", @@ -95,7 +95,7 @@ { "@timestamp": "2021-10-22T21:01:43.299-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server", @@ -118,7 +118,7 @@ { "@timestamp": "2021-10-22T21:01:43.307-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)", @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management", @@ -164,7 +164,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990", @@ -187,7 +187,7 @@ { "@timestamp": "2021-10-22T21:01:45.403-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN_ERROR", @@ -250,7 +250,7 @@ { "@timestamp": "2021-10-22T21:20:42.120-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN_ERROR", @@ -325,7 +325,7 @@ { "@timestamp": "2021-10-22T21:24:41.076-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN_ERROR", @@ -394,7 +394,7 @@ { "@timestamp": "2021-10-22T21:31:31.555-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN_ERROR", @@ -457,7 +457,7 @@ { "@timestamp": "2021-10-22T20:58:02.700-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN_ERROR", @@ -532,7 +532,7 @@ { "@timestamp": "2021-10-22T22:11:31.257-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGIN", @@ -608,7 +608,7 @@ { "@timestamp": "2021-10-22T22:11:32.131-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CODE_TO_TOKEN", @@ -666,7 +666,7 @@ { "@timestamp": "2021-10-22T22:12:09.871-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE-USER", @@ -734,7 +734,7 @@ { "@timestamp": "2021-10-22T22:12:13.599-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UPDATE-USER", @@ -802,7 +802,7 @@ { "@timestamp": "2021-10-22T22:14:29.031-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE-GROUP", @@ -869,7 +869,7 @@ { "@timestamp": "2021-10-22T22:16:12.150-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE-CLIENT_SCOPE", @@ -933,7 +933,7 @@ { "@timestamp": "2021-10-22T22:45:12.592-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "LOGOUT", @@ -1001,7 +1001,7 @@ { "@timestamp": "2021-10-22T22:46:14.913-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DELETE-GROUP", @@ -1068,7 +1068,7 @@ { "@timestamp": "2021-10-22T23:05:03.371-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "CREATE-GROUP", diff --git a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b9a8de1cd19..8344deb9906 100644 --- a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing keycloak logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/keycloak/data_stream/log/sample_event.json b/packages/keycloak/data_stream/log/sample_event.json index 9c0e547d466..3aa2475e200 100644 --- a/packages/keycloak/data_stream/log/sample_event.json +++ b/packages/keycloak/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/docs/README.md b/packages/keycloak/docs/README.md index ffdf12b8ea4..1e2a506ea38 100644 --- a/packages/keycloak/docs/README.md +++ b/packages/keycloak/docs/README.md @@ -146,7 +146,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 73e9d0dcd52..d9e2dcbede8 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: "1.5.1" +version: "1.6.0" release: ga description: Collect logs from Keycloak with Elastic Agent. type: integration diff --git a/packages/lastpass/_dev/build/build.yml b/packages/lastpass/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/lastpass/_dev/build/build.yml +++ b/packages/lastpass/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/lastpass/changelog.yml b/packages/lastpass/changelog.yml index 546ce72bd63..b62bf1a712b 100644 --- a/packages/lastpass/changelog.yml +++ b/packages/lastpass/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '0.1.0' changes: - description: Initial Release. diff --git a/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json b/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json index b4be28448fe..a84f2f4c479 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json +++ b/packages/lastpass/data_stream/detailed_shared_folder/_dev/test/pipeline/test-detailed-shared-folder.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "state", diff --git a/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml index 54ad9feb034..bfd88c79401 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/detailed_shared_folder/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Detailed Shared Folder logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json b/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json index 8a28f66faa0..9f0c5a73fb1 100644 --- a/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json +++ b/packages/lastpass/data_stream/detailed_shared_folder/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", diff --git a/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json b/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json index 82570d2ec76..ec353578b1b 100644 --- a/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json +++ b/packages/lastpass/data_stream/event_report/_dev/test/pipeline/test-event-report.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Login Verification Email Sent", @@ -57,7 +57,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Multifactor Enabled", @@ -111,7 +111,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Enterprise API Secret regenerated", @@ -162,7 +162,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Master Password Changed", @@ -216,7 +216,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SAML Login", @@ -274,7 +274,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Delete Policy", @@ -331,7 +331,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add Policy", @@ -388,7 +388,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Reporting", @@ -442,7 +442,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Get User Data", @@ -496,7 +496,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Get Shared Folder Data", @@ -550,7 +550,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Log in", @@ -608,7 +608,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Failed Login Attempt", @@ -663,7 +663,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Log in", @@ -721,7 +721,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Login to Admin Console", @@ -781,7 +781,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Employee Account Created", @@ -855,7 +855,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Employee Invited", @@ -926,7 +926,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Make Admin", @@ -986,7 +986,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Login to Admin Console", @@ -1043,7 +1043,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Make Admin", @@ -1100,7 +1100,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Site Added", @@ -1155,7 +1155,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Deleted Sites", @@ -1212,7 +1212,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Site Added", @@ -1267,7 +1267,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Deleted Sites", @@ -1327,7 +1327,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Created Shared Folder", @@ -1382,7 +1382,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Deleted Shared Folder", @@ -1437,7 +1437,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add Secure Note", @@ -1493,7 +1493,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Open Secure Note", @@ -1548,7 +1548,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Open Secure Note", @@ -1604,7 +1604,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add to Shared Folder", @@ -1662,7 +1662,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Create Group", @@ -1724,7 +1724,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Adding User to Group", @@ -1789,7 +1789,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Created LastPass Account", @@ -1850,7 +1850,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update Folder Permissions", @@ -1913,7 +1913,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Master Password Reset by Super Admin", @@ -1973,7 +1973,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Employee Account Deleted", @@ -2035,7 +2035,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Require Password Change", @@ -2095,7 +2095,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove Admin", @@ -2155,7 +2155,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Edit Secure Note", @@ -2210,7 +2210,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Renamed Shared Folder", @@ -2266,7 +2266,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Move to Shared Folder", @@ -2322,7 +2322,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Move to Shared Folder", @@ -2377,7 +2377,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Move from Shared Folder", @@ -2433,7 +2433,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Move from Shared Folder", @@ -2488,7 +2488,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Limit Shared Folder", @@ -2544,7 +2544,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Removed From Shared Folder", @@ -2600,7 +2600,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Delete Shared Sites", @@ -2656,7 +2656,7 @@ { "@timestamp": "2015-07-17T09:51:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Move from Shared Folder", diff --git a/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml index ed8c26d1150..7ba954247d6 100644 --- a/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Event Report logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/event_report/sample_event.json b/packages/lastpass/data_stream/event_report/sample_event.json index a475d69598f..798093d7fee 100644 --- a/packages/lastpass/data_stream/event_report/sample_event.json +++ b/packages/lastpass/data_stream/event_report/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", diff --git a/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json b/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json index 4c73aa4c304..2b53937d160 100644 --- a/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json +++ b/packages/lastpass/data_stream/user/_dev/test/pipeline/test-pipeline-user.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml index 0bb9fed6e04..2dc06b63c29 100644 --- a/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml +++ b/packages/lastpass/data_stream/user/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing User logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/lastpass/data_stream/user/sample_event.json b/packages/lastpass/data_stream/user/sample_event.json index efc9ed9fd86..de1a49602b8 100644 --- a/packages/lastpass/data_stream/user/sample_event.json +++ b/packages/lastpass/data_stream/user/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", diff --git a/packages/lastpass/docs/README.md b/packages/lastpass/docs/README.md index c1f5a4400db..dfa1e6a5c3f 100644 --- a/packages/lastpass/docs/README.md +++ b/packages/lastpass/docs/README.md @@ -67,7 +67,7 @@ An example event for `detailed_shared_folder` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", @@ -211,7 +211,7 @@ An example event for `event_report` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", @@ -372,7 +372,7 @@ An example event for `user` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c8a45af4-c8db-4a9e-bad1-f0fd8ef21467", diff --git a/packages/lastpass/manifest.yml b/packages/lastpass/manifest.yml index c7a5ef3fc22..78c08a499cb 100644 --- a/packages/lastpass/manifest.yml +++ b/packages/lastpass/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: lastpass title: LastPass -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from LastPass with Elastic Agent. type: integration diff --git a/packages/m365_defender/_dev/build/build.yml b/packages/m365_defender/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/m365_defender/_dev/build/build.yml +++ b/packages/m365_defender/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index c2fe07780e4..1febff21b7c 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json index 736cd68444b..7cc0b85dfa8 100644 --- a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json +++ b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json @@ -6,7 +6,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", @@ -119,7 +119,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", @@ -219,7 +219,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", @@ -320,7 +320,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", @@ -413,7 +413,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", @@ -506,7 +506,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", @@ -595,7 +595,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", @@ -688,7 +688,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", @@ -759,7 +759,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", @@ -834,7 +834,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SuspiciousActivity", diff --git a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 664c950d4eb..69a5015b824 100644 --- a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing m365 defender logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/m365_defender/data_stream/log/sample_event.json b/packages/m365_defender/data_stream/log/sample_event.json index 3bf348538a1..9eca01a1e9e 100644 --- a/packages/m365_defender/data_stream/log/sample_event.json +++ b/packages/m365_defender/data_stream/log/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "66ee0cf6-0f3a-4a85-bb44-eb9ba0cc0863", diff --git a/packages/m365_defender/docs/README.md b/packages/m365_defender/docs/README.md index 965ef6b14f1..3a396e79e69 100644 --- a/packages/m365_defender/docs/README.md +++ b/packages/m365_defender/docs/README.md @@ -41,7 +41,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "66ee0cf6-0f3a-4a85-bb44-eb9ba0cc0863", diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index 0791bdb0a30..93fe933cac2 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: Microsoft M365 Defender -version: 1.2.0 +version: "1.3.0" description: Collect logs from Microsoft M365 Defender with Elastic Agent. categories: - "network" diff --git a/packages/mattermost/_dev/build/build.yml b/packages/mattermost/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/mattermost/_dev/build/build.yml +++ b/packages/mattermost/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index a766778f3b2..e328fcf60b2 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.2" changes: - description: Add link to Mattermost documentation. diff --git a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index cf977b03a2d..3255a67d0af 100644 --- a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-12-04T23:19:32.051Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updateConfig", @@ -85,7 +85,7 @@ { "@timestamp": "2021-12-04T23:19:48.599Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updateConfig", @@ -167,7 +167,7 @@ { "@timestamp": "2021-12-04T23:19:51.324Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Logout", @@ -250,7 +250,7 @@ { "@timestamp": "2021-12-04T23:19:58.729Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login", @@ -337,7 +337,7 @@ { "@timestamp": "2021-12-04T23:20:33.027Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchUser", @@ -433,7 +433,7 @@ { "@timestamp": "2021-12-04T23:20:37.771Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchUser", @@ -529,7 +529,7 @@ { "@timestamp": "2021-12-04T23:20:53.063Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updatePassword", @@ -620,7 +620,7 @@ { "@timestamp": "2021-12-04T23:28:18.032Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updatePreferences", @@ -703,7 +703,7 @@ { "@timestamp": "2021-12-04T23:28:19.342Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "createPost", @@ -797,7 +797,7 @@ { "@timestamp": "2021-12-05T00:01:23.974Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "createChannel", @@ -889,7 +889,7 @@ { "@timestamp": "2021-12-05T00:01:48.946Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchChannel", @@ -986,7 +986,7 @@ { "@timestamp": "2021-12-05T00:01:52.914Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleteChannel", @@ -1078,7 +1078,7 @@ { "@timestamp": "2021-12-05T00:02:01.482Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "api.channel.delete_channel.deleted.app_error" @@ -1178,7 +1178,7 @@ { "@timestamp": "2021-12-05T00:02:09.835Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "error": { "code": "app.channel.update.bad_id" @@ -1286,7 +1286,7 @@ { "@timestamp": "2021-12-05T00:02:25.202Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "restoreChannel", @@ -1378,7 +1378,7 @@ { "@timestamp": "2021-12-05T00:02:31.485Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "convertChannelToPrivate", @@ -1478,7 +1478,7 @@ { "@timestamp": "2021-12-05T00:02:56.786Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removeChannelMember", @@ -1573,7 +1573,7 @@ { "@timestamp": "2021-12-05T00:03:01.043Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "getConfig", @@ -1656,7 +1656,7 @@ { "@timestamp": "2021-12-05T00:03:13.849Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "createChannel", @@ -1748,7 +1748,7 @@ { "@timestamp": "2021-12-05T00:04:01.294Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleteChannel", @@ -1840,7 +1840,7 @@ { "@timestamp": "2021-12-05T00:12:11.211Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "getConfig", @@ -1923,7 +1923,7 @@ { "@timestamp": "2021-12-05T00:12:23.085Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchTeam", @@ -2025,7 +2025,7 @@ { "@timestamp": "2021-12-05T00:12:29.655Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchTeam", @@ -2127,7 +2127,7 @@ { "@timestamp": "2021-12-05T00:12:46.044Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "createTeam", @@ -2224,7 +2224,7 @@ { "@timestamp": "2021-12-05T00:18:13.183Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removeTeamMember", @@ -2329,7 +2329,7 @@ { "@timestamp": "2021-12-05T00:18:17.907Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "revokeAllSessionsForUser", @@ -2411,7 +2411,7 @@ { "@timestamp": "2021-12-05T01:02:56.163Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "patchUser", @@ -2511,7 +2511,7 @@ { "@timestamp": "2021-12-05T01:13:26.358Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "addTeamMembers", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-12-05T01:13:08.904Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "addTeamMembers", @@ -2722,7 +2722,7 @@ { "@timestamp": "2021-12-05T01:20:06.246Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "addTeamMembers", @@ -2833,7 +2833,7 @@ { "@timestamp": "2021-12-05T17:21:36.724Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleteTeam", @@ -2909,7 +2909,7 @@ { "@timestamp": "2021-12-05T17:24:33.077Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "updateUserActive", diff --git a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 28dc41c3a7f..a33f5c2c8bf 100644 --- a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Mattermost audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mattermost/data_stream/audit/sample_event.json b/packages/mattermost/data_stream/audit/sample_event.json index 771a6c9540c..57084634311 100644 --- a/packages/mattermost/data_stream/audit/sample_event.json +++ b/packages/mattermost/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/docs/README.md b/packages/mattermost/docs/README.md index ceb1cdc8c05..3bb1efaeffe 100644 --- a/packages/mattermost/docs/README.md +++ b/packages/mattermost/docs/README.md @@ -138,7 +138,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/mattermost/manifest.yml b/packages/mattermost/manifest.yml index 9af061f14f0..3875ee81238 100644 --- a/packages/mattermost/manifest.yml +++ b/packages/mattermost/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mattermost title: "Mattermost" -version: 1.4.2 +version: "1.5.0" license: basic description: Collect logs from Mattermost with Elastic Agent. type: integration diff --git a/packages/microsoft_defender_endpoint/_dev/build/build.yml b/packages/microsoft_defender_endpoint/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/microsoft_defender_endpoint/_dev/build/build.yml +++ b/packages/microsoft_defender_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 604c5df0f75..ae609d5fab9 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.4.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json index 7a43a81422c..232b71e1270 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json @@ -11,7 +11,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", @@ -90,7 +90,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DefenseEvasion", @@ -192,7 +192,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DefenseEvasion", @@ -276,7 +276,7 @@ "provider": "azure" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Malware", diff --git a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index be299f976f2..222cde7a8c3 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Microsoft Defender for Endpoint logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index e92e5667137..7286c5cdc9f 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -22,7 +22,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index 2a42367291a..02343be890b 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -70,7 +70,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index b887695b7c9..3a61a6b7d91 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "2.4.0" +version: "2.5.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/microsoft_dhcp/_dev/build/build.yml b/packages/microsoft_dhcp/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/microsoft_dhcp/_dev/build/build.yml +++ b/packages/microsoft_dhcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/microsoft_dhcp/changelog.yml b/packages/microsoft_dhcp/changelog.yml index ce5f777acea..974187fbb2b 100644 --- a/packages/microsoft_dhcp/changelog.yml +++ b/packages/microsoft_dhcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.8.0" changes: - description: Improve handling of client ID fields. diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 3462e903151..a30efd55104 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-04-19T13:11:13.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "log-end", @@ -32,7 +32,7 @@ { "@timestamp": "2020-04-19T12:43:06.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "log-start", @@ -61,7 +61,7 @@ { "@timestamp": "2021-09-20T09:16:15.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -102,7 +102,7 @@ { "@timestamp": "2021-09-20T09:16:09.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -143,7 +143,7 @@ { "@timestamp": "2021-09-20T09:16:03.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -184,7 +184,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -227,7 +227,7 @@ { "@timestamp": "2021-09-20T09:18:00.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -268,7 +268,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -309,7 +309,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -348,7 +348,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-new", @@ -393,7 +393,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-new", @@ -443,7 +443,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ip-cleanup-start", @@ -479,7 +479,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-dns-update", @@ -520,7 +520,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-expire", @@ -558,7 +558,7 @@ { "@timestamp": "2020-04-19T12:43:54.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-server-detection", @@ -593,7 +593,7 @@ { "@timestamp": "2020-04-19T12:43:21.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-server-detection", @@ -627,7 +627,7 @@ { "@timestamp": "2020-04-19T12:43:28.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rogue-server-detection", @@ -657,7 +657,7 @@ { "@timestamp": "2022-10-02T00:00:33.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcp-new", diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json index 5e26c6d2750..5345ef35eb9 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "log-start", @@ -32,7 +32,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1103", @@ -54,7 +54,7 @@ { "@timestamp": "2021-11-04T18:40:37.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "log-stop", @@ -83,7 +83,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "log-start", @@ -112,7 +112,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1103", @@ -138,7 +138,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-solicit", @@ -180,7 +180,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-request", @@ -222,7 +222,7 @@ { "@timestamp": "2021-12-06T12:45:48.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-solicit", @@ -264,7 +264,7 @@ { "@timestamp": "2021-12-06T12:45:49.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-request", @@ -306,7 +306,7 @@ { "@timestamp": "2021-12-06T12:45:59.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-solicit", @@ -348,7 +348,7 @@ { "@timestamp": "2021-12-06T12:46:00.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-request", @@ -390,7 +390,7 @@ { "@timestamp": "2021-12-06T12:46:25.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-solicit", @@ -432,7 +432,7 @@ { "@timestamp": "2021-12-06T12:46:26.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-request", @@ -474,7 +474,7 @@ { "@timestamp": "2021-12-06T13:25:21.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "dhcpv6-stateless-clients-pruged", diff --git a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 1a5a6a3eadb..347e0ada53f 100644 --- a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Microsoft DHCP Server logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/microsoft_dhcp/data_stream/log/sample_event.json b/packages/microsoft_dhcp/data_stream/log/sample_event.json index 30a729209d2..2a6273502e8 100644 --- a/packages/microsoft_dhcp/data_stream/log/sample_event.json +++ b/packages/microsoft_dhcp/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4a42006d-197a-4da4-9fa4-331718818b77", diff --git a/packages/microsoft_dhcp/docs/README.md b/packages/microsoft_dhcp/docs/README.md index 516431da07b..29c4ea3e272 100644 --- a/packages/microsoft_dhcp/docs/README.md +++ b/packages/microsoft_dhcp/docs/README.md @@ -34,7 +34,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4a42006d-197a-4da4-9fa4-331718818b77", diff --git a/packages/microsoft_dhcp/manifest.yml b/packages/microsoft_dhcp/manifest.yml index 7a258f62019..99bed80a62a 100644 --- a/packages/microsoft_dhcp/manifest.yml +++ b/packages/microsoft_dhcp/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_dhcp title: Microsoft DHCP -version: "1.8.0" +version: "1.9.0" license: basic description: Collect logs from Microsoft DHCP with Elastic Agent. type: integration diff --git a/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml b/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml +++ b/packages/microsoft_exchange_online_message_trace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/microsoft_exchange_online_message_trace/changelog.yml b/packages/microsoft_exchange_online_message_trace/changelog.yml index 9d78728dc3e..acd5ad4e5e0 100644 --- a/packages/microsoft_exchange_online_message_trace/changelog.yml +++ b/packages/microsoft_exchange_online_message_trace/changelog.yml @@ -1,5 +1,8 @@ -# newer versions go on top - +- version: "0.1.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.0.1" changes: - description: Initial draft of the package for Microsoft Exchange Online Message Trace logs diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 7e348bddce9..1c758951294 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -24,7 +24,7 @@ "top_level_domain": "com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 1db2b105b4d..6912d18a8e1 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # Parsing of payload json - json: field: event.original diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json index 94880e3609c..74c40fd4d69 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ "top_level_domain": "com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4d88038c-4b3b-4bb4-95f4-cc5789c88852", diff --git a/packages/microsoft_exchange_online_message_trace/docs/README.md b/packages/microsoft_exchange_online_message_trace/docs/README.md index 02152eb1576..2057a987ab5 100644 --- a/packages/microsoft_exchange_online_message_trace/docs/README.md +++ b/packages/microsoft_exchange_online_message_trace/docs/README.md @@ -105,7 +105,7 @@ An example event for `log` looks as following: "top_level_domain": "com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4d88038c-4b3b-4bb4-95f4-cc5789c88852", diff --git a/packages/microsoft_exchange_online_message_trace/manifest.yml b/packages/microsoft_exchange_online_message_trace/manifest.yml index 9274de70b9e..66ab8bd9bab 100644 --- a/packages/microsoft_exchange_online_message_trace/manifest.yml +++ b/packages/microsoft_exchange_online_message_trace/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_exchange_online_message_trace title: "Microsoft Exchange Online Message Trace" -version: 0.0.1 +version: "0.1.0" license: basic description: "Microsoft Exchange Online Message Trace Integration" type: integration diff --git a/packages/microsoft_sqlserver/_dev/build/build.yml b/packages/microsoft_sqlserver/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/microsoft_sqlserver/_dev/build/build.yml +++ b/packages/microsoft_sqlserver/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 0228d845cd9..faf1e4efa59 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Adding support for Named Instance connection using instance name or by port number. diff --git a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json index 425263cf485..e866608bbb9 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b53be7b1-9e86-49b0-ad0b-1464bceabc65", @@ -149,7 +149,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8b2d19ad-2ecf-40d9-ad3b-746991df9989", @@ -283,7 +283,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", @@ -414,7 +414,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", diff --git a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 484c46c7eea..87b4447bba0 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SQL Server audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - gsub: description: Strip final dot from param1. field: winlog.event_data.param1 diff --git a/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test-sqlserver.log-expected.json b/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test-sqlserver.log-expected.json index 9e0f455f57d..b58a8851408 100644 --- a/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test-sqlserver.log-expected.json +++ b/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test-sqlserver.log-expected.json @@ -3,13 +3,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672824987Z", + "ingested": "2022-11-04T08:05:24.524148833Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server Microsoft SQL Server 2019 (RTM-CU16-GDR) (KB5014353) - 15.0.4236.7 (X64) \n\tMay 29 2022 15:55:47 \n\tCopyright (C) 2019 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Linux (Ubuntu 20.04.4 LTS) \u003cX64\u003e", "type": [ @@ -26,13 +26,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672828583Z", + "ingested": "2022-11-04T08:05:24.524159370Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server UTC adjustment: 0:00", "type": [ @@ -49,13 +49,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672829775Z", + "ingested": "2022-11-04T08:05:24.524160674Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server (c) Microsoft Corporation.", "type": [ @@ -72,13 +72,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672830834Z", + "ingested": "2022-11-04T08:05:24.524161537Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server All rights reserved.", "type": [ @@ -95,13 +95,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672831884Z", + "ingested": "2022-11-04T08:05:24.524162402Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Server process ID is 396.", "type": [ @@ -118,13 +118,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672832966Z", + "ingested": "2022-11-04T08:05:24.524163222Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.", "type": [ @@ -141,13 +141,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672833987Z", + "ingested": "2022-11-04T08:05:24.524164053Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Registry startup parameters: \n\t -d /var/opt/mssql/data/master.mdf\n\t -l /var/opt/mssql/data/mastlog.ldf\n\t -e /var/opt/mssql/log/errorlog", "type": [ @@ -164,13 +164,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672835007Z", + "ingested": "2022-11-04T08:05:24.524164869Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server SQL Server detected 1 sockets with 8 cores per socket and 16 logical processors per socket, 16 total logical processors; using 16 logical processors based on SQL Server licensing. This is an informational message; no user action is required.", "type": [ @@ -187,13 +187,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672836019Z", + "ingested": "2022-11-04T08:05:24.524165670Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.", "type": [ @@ -210,13 +210,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672837036Z", + "ingested": "2022-11-04T08:05:24.524166458Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Detected 41132 MB of RAM. This is an informational message; no user action is required.", "type": [ @@ -233,13 +233,13 @@ { "@timestamp": "2022-07-08T05:42:10.370Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672838046Z", + "ingested": "2022-11-04T08:05:24.524167248Z", "kind": "event", "original": "2022-07-08 05:42:10.37 Server Using conventional memory in the memory manager.", "type": [ @@ -256,13 +256,13 @@ { "@timestamp": "2022-07-08T05:42:10.380Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672839218Z", + "ingested": "2022-11-04T08:05:24.524168208Z", "kind": "event", "original": "2022-07-08 05:42:10.38 Server Page exclusion bitmap is enabled.", "type": [ @@ -279,13 +279,13 @@ { "@timestamp": "2022-07-08T05:42:10.440Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672840268Z", + "ingested": "2022-11-04T08:05:24.524169013Z", "kind": "event", "original": "2022-07-08 05:42:10.44 Server Buffer pool extension is not supported on Linux platform.", "type": [ @@ -302,13 +302,13 @@ { "@timestamp": "2022-07-08T05:42:10.440Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672841291Z", + "ingested": "2022-11-04T08:05:24.524169879Z", "kind": "event", "original": "2022-07-08 05:42:10.44 Server Buffer Pool: Allocating 8388608 bytes for 6430720 hashPages.", "type": [ @@ -325,13 +325,13 @@ { "@timestamp": "2022-07-08T05:42:10.570Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672842308Z", + "ingested": "2022-11-04T08:05:24.524171359Z", "kind": "event", "original": "2022-07-08 05:42:10.57 Server Buffer pool extension is already disabled. No action is necessary.", "type": [ @@ -348,13 +348,13 @@ { "@timestamp": "2022-07-08T05:42:10.760Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672843326Z", + "ingested": "2022-11-04T08:05:24.524172217Z", "kind": "event", "original": "2022-07-08 05:42:10.76 Server Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.0 1.1 1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA'].", "type": [ @@ -371,13 +371,13 @@ { "@timestamp": "2022-07-08T05:42:10.770Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672844448Z", + "ingested": "2022-11-04T08:05:24.524173156Z", "kind": "event", "original": "2022-07-08 05:42:10.77 Server Query Store settings initialized with enabled = 1, ", "type": [ @@ -394,13 +394,13 @@ { "@timestamp": "2022-07-08T05:42:10.790Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672845456Z", + "ingested": "2022-11-04T08:05:24.524173950Z", "kind": "event", "original": "2022-07-08 05:42:10.79 Server The maximum number of dedicated administrator connections for this instance is '1'", "type": [ @@ -417,13 +417,13 @@ { "@timestamp": "2022-07-08T05:42:10.800Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672846466Z", + "ingested": "2022-11-04T08:05:24.524174738Z", "kind": "event", "original": "2022-07-08 05:42:10.80 Server Node configuration: node 0: CPU mask: 0x000000000000ffff:0 Active CPU mask: 0x000000000000ffff:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.", "type": [ @@ -440,13 +440,13 @@ { "@timestamp": "2022-07-08T05:42:10.850Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672847487Z", + "ingested": "2022-11-04T08:05:24.524175533Z", "kind": "event", "original": "2022-07-08 05:42:10.85 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.", "type": [ @@ -463,13 +463,13 @@ { "@timestamp": "2022-07-08T05:42:10.850Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672848515Z", + "ingested": "2022-11-04T08:05:24.524176342Z", "kind": "event", "original": "2022-07-08 05:42:10.85 Server Lock partitioning is enabled. This is an informational message only. No user action is required.", "type": [ @@ -486,13 +486,13 @@ { "@timestamp": "2022-07-08T05:42:10.860Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672849532Z", + "ingested": "2022-11-04T08:05:24.524177139Z", "kind": "event", "original": "2022-07-08 05:42:10.86 Server In-Memory OLTP initialized on standard machine.", "type": [ @@ -509,13 +509,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672850545Z", + "ingested": "2022-11-04T08:05:24.524177928Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server CLR version v4.0.30319 loaded.", "type": [ @@ -532,13 +532,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672851681Z", + "ingested": "2022-11-04T08:05:24.524178893Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server [INFO] Created Extended Events session 'hkenginexesession'", "type": [ @@ -555,13 +555,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672852688Z", + "ingested": "2022-11-04T08:05:24.524179694Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server Database Instant File Initialization: enabled. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.", "type": [ @@ -578,13 +578,13 @@ { "@timestamp": "2022-07-08T05:42:10.970Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672853785Z", + "ingested": "2022-11-04T08:05:24.524180492Z", "kind": "event", "original": "2022-07-08 05:42:10.97 Server Total Log Writer threads: 2. This is an informational message; no user action is required.", "type": [ @@ -601,13 +601,13 @@ { "@timestamp": "2022-07-08T05:42:10.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672854800Z", + "ingested": "2022-11-04T08:05:24.524181311Z", "kind": "event", "original": "2022-07-08 05:42:10.99 Server clwb is selected for pmem flush operation.", "type": [ @@ -624,13 +624,13 @@ { "@timestamp": "2022-07-08T05:42:10.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672855819Z", + "ingested": "2022-11-04T08:05:24.524182108Z", "kind": "event", "original": "2022-07-08 05:42:10.99 Server Software Usage Metrics is disabled.", "type": [ @@ -647,13 +647,13 @@ { "@timestamp": "2022-07-08T05:42:11.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672856927Z", + "ingested": "2022-11-04T08:05:24.524182926Z", "kind": "event", "original": "2022-07-08 05:42:11.00 spid9s [1]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -670,13 +670,13 @@ { "@timestamp": "2022-07-08T05:42:11.010Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672857951Z", + "ingested": "2022-11-04T08:05:24.524183718Z", "kind": "event", "original": "2022-07-08 05:42:11.01 spid9s Starting up database 'master'.", "type": [ @@ -693,13 +693,13 @@ { "@timestamp": "2022-07-08T05:42:11.180Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672858973Z", + "ingested": "2022-11-04T08:05:24.524184509Z", "kind": "event", "original": "2022-07-08 05:42:11.18 spid9s Converting database 'master' from version 897 to the current version 904.", "type": [ @@ -716,13 +716,13 @@ { "@timestamp": "2022-07-08T05:42:11.180Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672859997Z", + "ingested": "2022-11-04T08:05:24.524185311Z", "kind": "event", "original": "2022-07-08 05:42:11.18 spid9s Database 'master' running the upgrade step from version 897 to version 898.", "type": [ @@ -739,13 +739,13 @@ { "@timestamp": "2022-07-08T05:42:11.240Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672867586Z", + "ingested": "2022-11-04T08:05:24.524186189Z", "kind": "event", "original": "2022-07-08 05:42:11.24 spid9s Database 'master' running the upgrade step from version 898 to version 899.", "type": [ @@ -762,13 +762,13 @@ { "@timestamp": "2022-07-08T05:42:11.290Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672868707Z", + "ingested": "2022-11-04T08:05:24.524186995Z", "kind": "event", "original": "2022-07-08 05:42:11.29 spid9s Database 'master' running the upgrade step from version 899 to version 900.", "type": [ @@ -785,13 +785,13 @@ { "@timestamp": "2022-07-08T05:42:11.300Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672869881Z", + "ingested": "2022-11-04T08:05:24.524187899Z", "kind": "event", "original": "2022-07-08 05:42:11.30 Server Common language runtime (CLR) functionality initialized.", "type": [ @@ -808,13 +808,13 @@ { "@timestamp": "2022-07-08T05:42:11.340Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672870896Z", + "ingested": "2022-11-04T08:05:24.524188799Z", "kind": "event", "original": "2022-07-08 05:42:11.34 spid9s Database 'master' running the upgrade step from version 900 to version 901.", "type": [ @@ -831,13 +831,13 @@ { "@timestamp": "2022-07-08T05:42:11.360Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672900902Z", + "ingested": "2022-11-04T08:05:24.524189600Z", "kind": "event", "original": "2022-07-08 05:42:11.36 spid9s Database 'master' running the upgrade step from version 901 to version 902.", "type": [ @@ -854,13 +854,13 @@ { "@timestamp": "2022-07-08T05:42:11.380Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672902434Z", + "ingested": "2022-11-04T08:05:24.524190400Z", "kind": "event", "original": "2022-07-08 05:42:11.38 spid9s Database 'master' running the upgrade step from version 902 to version 903.", "type": [ @@ -877,13 +877,13 @@ { "@timestamp": "2022-07-08T05:42:11.390Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672903668Z", + "ingested": "2022-11-04T08:05:24.524191210Z", "kind": "event", "original": "2022-07-08 05:42:11.39 spid9s Database 'master' running the upgrade step from version 903 to version 904.", "type": [ @@ -900,13 +900,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672904841Z", + "ingested": "2022-11-04T08:05:24.524192023Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s Resource governor reconfiguration succeeded.", "type": [ @@ -923,13 +923,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672905853Z", + "ingested": "2022-11-04T08:05:24.524192832Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s SQL Server Audit is starting the audits. This is an informational message. No user action is required.", "type": [ @@ -946,13 +946,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672906863Z", + "ingested": "2022-11-04T08:05:24.524193635Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s SQL Server Audit has started the audits. This is an informational message. No user action is required.", "type": [ @@ -969,13 +969,13 @@ { "@timestamp": "2022-07-08T05:42:11.850Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672907861Z", + "ingested": "2022-11-04T08:05:24.524194526Z", "kind": "event", "original": "2022-07-08 05:42:11.85 spid9s SQL Trace ID 1 was started by login \"sa\".", "type": [ @@ -992,13 +992,13 @@ { "@timestamp": "2022-07-08T05:42:11.860Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672908877Z", + "ingested": "2022-11-04T08:05:24.524195338Z", "kind": "event", "original": "2022-07-08 05:42:11.86 spid26s Password policy update was successful.", "type": [ @@ -1015,13 +1015,13 @@ { "@timestamp": "2022-07-08T05:42:11.880Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672909897Z", + "ingested": "2022-11-04T08:05:24.524196132Z", "kind": "event", "original": "2022-07-08 05:42:11.88 spid9s Server name is 'd200462fe4a0'. This is an informational message only. No user action is required.", "type": [ @@ -1038,13 +1038,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672910913Z", + "ingested": "2022-11-04T08:05:24.524196930Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid29s Always On: The availability replica manager is starting. This is an informational message only. No user action is required.", "type": [ @@ -1061,13 +1061,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672911917Z", + "ingested": "2022-11-04T08:05:24.524197723Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid9s [4]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1084,13 +1084,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672912925Z", + "ingested": "2022-11-04T08:05:24.524198526Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid29s Always On: The availability replica manager is waiting for the instance of SQL Server to allow client connections. This is an informational message only. No user action is required.", "type": [ @@ -1107,13 +1107,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672913924Z", + "ingested": "2022-11-04T08:05:24.524199322Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid9s Starting up database 'msdb'.", "type": [ @@ -1130,13 +1130,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672914929Z", + "ingested": "2022-11-04T08:05:24.524200118Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid26s A self-generated certificate was successfully loaded for encryption.", "type": [ @@ -1153,13 +1153,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672916157Z", + "ingested": "2022-11-04T08:05:24.524201340Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s [32767]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1176,13 +1176,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672917242Z", + "ingested": "2022-11-04T08:05:24.524202268Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s Starting up database 'mssqlsystemresource'.", "type": [ @@ -1199,13 +1199,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672918236Z", + "ingested": "2022-11-04T08:05:24.524203089Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid26s Server is listening on [ 'any' \u003cipv6\u003e 1433].", "type": [ @@ -1222,13 +1222,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672919237Z", + "ingested": "2022-11-04T08:05:24.524203897Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid26s Server is listening on [ 'any' \u003cipv4\u003e 1433].", "type": [ @@ -1245,13 +1245,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672920236Z", + "ingested": "2022-11-04T08:05:24.524204687Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s The resource database build version is 15.00.4236. This is an informational message only. No user action is required.", "type": [ @@ -1268,13 +1268,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672921233Z", + "ingested": "2022-11-04T08:05:24.524205473Z", "kind": "event", "original": "2022-07-08 05:42:11.91 Server Server is listening on [ ::1 \u003cipv6\u003e 1434].", "type": [ @@ -1291,13 +1291,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672922230Z", + "ingested": "2022-11-04T08:05:24.524206280Z", "kind": "event", "original": "2022-07-08 05:42:11.92 Server Server is listening on [ 127.0.0.1 \u003cipv4\u003e 1434].", "type": [ @@ -1314,13 +1314,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672923245Z", + "ingested": "2022-11-04T08:05:24.524207085Z", "kind": "event", "original": "2022-07-08 05:42:11.92 Server Dedicated admin connection support was established for listening locally on port 1434.", "type": [ @@ -1337,13 +1337,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672924585Z", + "ingested": "2022-11-04T08:05:24.524207907Z", "kind": "event", "original": "2022-07-08 05:42:11.92 spid26s Server is listening on [ ::1 \u003cipv6\u003e 1431].", "type": [ @@ -1360,13 +1360,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672925990Z", + "ingested": "2022-11-04T08:05:24.524208702Z", "kind": "event", "original": "2022-07-08 05:42:11.92 spid26s Server is listening on [ 127.0.0.1 \u003cipv4\u003e 1431].", "type": [ @@ -1383,13 +1383,13 @@ { "@timestamp": "2022-07-08T05:42:11.930Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672927704Z", + "ingested": "2022-11-04T08:05:24.524209500Z", "kind": "event", "original": "2022-07-08 05:42:11.93 spid26s SQL Server is now ready for client connections. This is an informational message; no user action is required.", "type": [ @@ -1406,13 +1406,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672928715Z", + "ingested": "2022-11-04T08:05:24.524210352Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid12s [3]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1429,13 +1429,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672929729Z", + "ingested": "2022-11-04T08:05:24.524211151Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid12s Starting up database 'model'.", "type": [ @@ -1452,13 +1452,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672930733Z", + "ingested": "2022-11-04T08:05:24.524211945Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid9s The tail of the log for database msdb is being rewritten to match the new sector size of 4096 bytes. 3072 bytes at offset 50176 in file /var/opt/mssql/data/MSDBLog.ldf will be written.", "type": [ @@ -1475,13 +1475,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672931742Z", + "ingested": "2022-11-04T08:05:24.524212736Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid12s The tail of the log for database model is being rewritten to match the new sector size of 4096 bytes. 512 bytes at offset 73216 in file /var/opt/mssql/data/modellog.ldf will be written.", "type": [ @@ -1498,13 +1498,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672932772Z", + "ingested": "2022-11-04T08:05:24.524213525Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid9s Converting database 'msdb' from version 897 to the current version 904.", "type": [ @@ -1521,13 +1521,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672933782Z", + "ingested": "2022-11-04T08:05:24.524214746Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid9s Database 'msdb' running the upgrade step from version 897 to version 898.", "type": [ @@ -1544,13 +1544,13 @@ { "@timestamp": "2022-07-08T05:42:12.050Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672934787Z", + "ingested": "2022-11-04T08:05:24.524215559Z", "kind": "event", "original": "2022-07-08 05:42:12.05 spid12s Converting database 'model' from version 897 to the current version 904.", "type": [ @@ -1567,13 +1567,13 @@ { "@timestamp": "2022-07-08T05:42:12.050Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672935796Z", + "ingested": "2022-11-04T08:05:24.524216353Z", "kind": "event", "original": "2022-07-08 05:42:12.05 spid12s Database 'model' running the upgrade step from version 897 to version 898.", "type": [ @@ -1590,13 +1590,13 @@ { "@timestamp": "2022-07-08T05:42:12.110Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672936805Z", + "ingested": "2022-11-04T08:05:24.524217151Z", "kind": "event", "original": "2022-07-08 05:42:12.11 spid9s Database 'msdb' running the upgrade step from version 898 to version 899.", "type": [ @@ -1613,13 +1613,13 @@ { "@timestamp": "2022-07-08T05:42:12.130Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672937806Z", + "ingested": "2022-11-04T08:05:24.524217943Z", "kind": "event", "original": "2022-07-08 05:42:12.13 spid12s Database 'model' running the upgrade step from version 898 to version 899.", "type": [ @@ -1636,13 +1636,13 @@ { "@timestamp": "2022-07-08T05:42:12.150Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672938809Z", + "ingested": "2022-11-04T08:05:24.524218819Z", "kind": "event", "original": "2022-07-08 05:42:12.15 spid9s Database 'msdb' running the upgrade step from version 899 to version 900.", "type": [ @@ -1659,13 +1659,13 @@ { "@timestamp": "2022-07-08T05:42:12.170Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672939948Z", + "ingested": "2022-11-04T08:05:24.524219618Z", "kind": "event", "original": "2022-07-08 05:42:12.17 spid12s Database 'model' running the upgrade step from version 899 to version 900.", "type": [ @@ -1682,13 +1682,13 @@ { "@timestamp": "2022-07-08T05:42:12.180Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672940968Z", + "ingested": "2022-11-04T08:05:24.524220420Z", "kind": "event", "original": "2022-07-08 05:42:12.18 spid9s Database 'msdb' running the upgrade step from version 900 to version 901.", "type": [ @@ -1705,13 +1705,13 @@ { "@timestamp": "2022-07-08T05:42:12.200Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672942153Z", + "ingested": "2022-11-04T08:05:24.524221347Z", "kind": "event", "original": "2022-07-08 05:42:12.20 spid12s Database 'model' running the upgrade step from version 900 to version 901.", "type": [ @@ -1728,13 +1728,13 @@ { "@timestamp": "2022-07-08T05:42:12.220Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672943157Z", + "ingested": "2022-11-04T08:05:24.524222150Z", "kind": "event", "original": "2022-07-08 05:42:12.22 spid9s Database 'msdb' running the upgrade step from version 901 to version 902.", "type": [ @@ -1751,13 +1751,13 @@ { "@timestamp": "2022-07-08T05:42:12.230Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672944166Z", + "ingested": "2022-11-04T08:05:24.524222953Z", "kind": "event", "original": "2022-07-08 05:42:12.23 spid12s Database 'model' running the upgrade step from version 901 to version 902.", "type": [ @@ -1774,13 +1774,13 @@ { "@timestamp": "2022-07-08T05:42:12.240Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672996970Z", + "ingested": "2022-11-04T08:05:24.524223765Z", "kind": "event", "original": "2022-07-08 05:42:12.24 spid12s Database 'model' running the upgrade step from version 902 to version 903.", "type": [ @@ -1797,13 +1797,13 @@ { "@timestamp": "2022-07-08T05:42:12.260Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672998705Z", + "ingested": "2022-11-04T08:05:24.524224569Z", "kind": "event", "original": "2022-07-08 05:42:12.26 spid12s Database 'model' running the upgrade step from version 903 to version 904.", "type": [ @@ -1820,13 +1820,13 @@ { "@timestamp": "2022-07-08T05:42:12.390Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.672999903Z", + "ingested": "2022-11-04T08:05:24.524225372Z", "kind": "event", "original": "2022-07-08 05:42:12.39 spid12s Clearing tempdb database.", "type": [ @@ -1843,13 +1843,13 @@ { "@timestamp": "2022-07-08T05:42:12.550Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673000900Z", + "ingested": "2022-11-04T08:05:24.524226250Z", "kind": "event", "original": "2022-07-08 05:42:12.55 spid12s [2]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1866,13 +1866,13 @@ { "@timestamp": "2022-07-08T05:42:12.550Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673001991Z", + "ingested": "2022-11-04T08:05:24.524227057Z", "kind": "event", "original": "2022-07-08 05:42:12.55 spid12s Starting up database 'tempdb'.", "type": [ @@ -1889,13 +1889,13 @@ { "@timestamp": "2022-07-08T05:42:12.630Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673003013Z", + "ingested": "2022-11-04T08:05:24.524227877Z", "kind": "event", "original": "2022-07-08 05:42:12.63 spid12s The tempdb database has 1 data file(s).", "type": [ @@ -1912,13 +1912,13 @@ { "@timestamp": "2022-07-08T05:42:12.650Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673004023Z", + "ingested": "2022-11-04T08:05:24.524228704Z", "kind": "event", "original": "2022-07-08 05:42:12.65 spid29s The Service Broker endpoint is in disabled or stopped state.", "type": [ @@ -1935,13 +1935,13 @@ { "@timestamp": "2022-07-08T05:42:12.660Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673005023Z", + "ingested": "2022-11-04T08:05:24.524229501Z", "kind": "event", "original": "2022-07-08 05:42:12.66 spid29s The Database Mirroring endpoint is in disabled or stopped state.", "type": [ @@ -1958,13 +1958,13 @@ { "@timestamp": "2022-07-08T05:42:12.660Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673006031Z", + "ingested": "2022-11-04T08:05:24.524230826Z", "kind": "event", "original": "2022-07-08 05:42:12.66 spid29s Service Broker manager has started.", "type": [ @@ -1981,13 +1981,13 @@ { "@timestamp": "2022-07-08T05:42:12.690Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673007036Z", + "ingested": "2022-11-04T08:05:24.524231667Z", "kind": "event", "original": "2022-07-08 05:42:12.69 spid9s Database 'msdb' running the upgrade step from version 902 to version 903.", "type": [ @@ -2004,13 +2004,13 @@ { "@timestamp": "2022-07-08T05:42:12.710Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673008049Z", + "ingested": "2022-11-04T08:05:24.524232527Z", "kind": "event", "original": "2022-07-08 05:42:12.71 spid9s Database 'msdb' running the upgrade step from version 903 to version 904.", "type": [ @@ -2027,13 +2027,13 @@ { "@timestamp": "2022-07-08T05:42:12.850Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673009049Z", + "ingested": "2022-11-04T08:05:24.524233350Z", "kind": "event", "original": "2022-07-08 05:42:12.85 spid9s Recovery is complete. This is an informational message only. No user action is required.", "type": [ @@ -2050,13 +2050,13 @@ { "@timestamp": "2022-07-08T05:42:12.860Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673010051Z", + "ingested": "2022-11-04T08:05:24.524234148Z", "kind": "event", "original": "2022-07-08 05:42:12.86 spid18s The default language (LCID 0) has been set for engine and full-text services.", "type": [ @@ -2073,13 +2073,13 @@ { "@timestamp": "2022-07-08T05:42:13.280Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673011078Z", + "ingested": "2022-11-04T08:05:24.524234955Z", "kind": "event", "original": "2022-07-08 05:42:13.28 spid18s The tempdb database has 8 data file(s).", "type": [ @@ -2096,13 +2096,13 @@ { "@timestamp": "2022-07-08T05:42:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673012140Z", + "ingested": "2022-11-04T08:05:24.524235746Z", "kind": "event", "original": "2022-07-08 05:42:16.00 spid39s The activated proc '[dbo].[sp_syspolicy_events_reader]' running on queue 'msdb.dbo.syspolicy_event_queue' output the following: 'Transaction (Process ID 39) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.'", "type": [ @@ -2119,13 +2119,13 @@ { "@timestamp": "2022-07-08T05:43:37.950Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673013144Z", + "ingested": "2022-11-04T08:05:24.524236555Z", "kind": "event", "original": "2022-07-08 05:43:37.95 spid51 Attempting to load library 'xplog70.dll' into memory. This is an informational message only. No user action is required.", "type": [ @@ -2142,13 +2142,13 @@ { "@timestamp": "2022-07-08T05:43:37.970Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673014146Z", + "ingested": "2022-11-04T08:05:24.524237342Z", "kind": "event", "original": "2022-07-08 05:43:37.97 spid51 Using 'xplog70.dll' version '2019.150.4236' to execute extended stored procedure 'xp_msver'. This is an informational message only; no user action is required.", "type": [ @@ -2165,13 +2165,13 @@ { "@timestamp": "2022-07-08T05:43:38.290Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673015167Z", + "ingested": "2022-11-04T08:05:24.524238152Z", "kind": "event", "original": "2022-07-08 05:43:38.29 spid54 Attempting to load library 'xpsqlbot.dll' into memory. This is an informational message only. No user action is required.", "type": [ @@ -2188,13 +2188,13 @@ { "@timestamp": "2022-07-08T05:43:38.300Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673016174Z", + "ingested": "2022-11-04T08:05:24.524238938Z", "kind": "event", "original": "2022-07-08 05:43:38.30 spid54 Using 'xpsqlbot.dll' version '2019.150.4236' to execute extended stored procedure 'xp_qv'. This is an informational message only; no user action is required.", "type": [ @@ -2211,13 +2211,13 @@ { "@timestamp": "2022-07-08T05:51:34.070Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673017178Z", + "ingested": "2022-11-04T08:05:24.524239738Z", "kind": "event", "original": "2022-07-08 05:51:34.07 Logon Error: 18456, Severity: 14, State: 8.", "type": [ @@ -2234,13 +2234,13 @@ { "@timestamp": "2022-07-08T05:51:34.070Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673018188Z", + "ingested": "2022-11-04T08:05:24.524240607Z", "kind": "event", "original": "2022-07-08 05:51:34.07 Logon Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 172.20.0.1]", "type": [ @@ -2257,13 +2257,13 @@ { "@timestamp": "2022-07-08T06:00:54.130Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673019212Z", + "ingested": "2022-11-04T08:05:24.524241403Z", "kind": "event", "original": "2022-07-08 06:00:54.13 spid9s Always On: The availability replica manager is going offline because SQL Server is shutting down. This is an informational message only. No user action is required.", "type": [ @@ -2280,13 +2280,13 @@ { "@timestamp": "2022-07-08T06:00:54.140Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673020223Z", + "ingested": "2022-11-04T08:05:24.524242204Z", "kind": "event", "original": "2022-07-08 06:00:54.14 spid9s SQL Server is terminating in response to a 'stop' request from Service Control Manager. This is an informational message only. No user action is required.", "type": [ @@ -2303,13 +2303,13 @@ { "@timestamp": "2022-07-08T06:00:54.330Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673021235Z", + "ingested": "2022-11-04T08:05:24.524243021Z", "kind": "event", "original": "2022-07-08 06:00:54.33 spid29s Service Broker manager has shut down.", "type": [ @@ -2326,13 +2326,13 @@ { "@timestamp": "2022-07-08T06:00:54.340Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673022240Z", + "ingested": "2022-11-04T08:05:24.524243811Z", "kind": "event", "original": "2022-07-08 06:00:54.34 spid9s .NET Framework runtime has been stopped.", "type": [ @@ -2349,13 +2349,13 @@ { "@timestamp": "2022-07-08T06:00:54.540Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-27T20:26:20.673023249Z", + "ingested": "2022-11-04T08:05:24.524244599Z", "kind": "event", "original": "2022-07-08 06:00:54.54 spid9s SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.", "type": [ diff --git a/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bdd2d96a467..237c1d6afee 100644 --- a/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.ingested value: '{{_ingest.timestamp}}' diff --git a/packages/microsoft_sqlserver/data_stream/log/sample_event.json b/packages/microsoft_sqlserver/data_stream/log/sample_event.json index 1f67f9d2810..d7a4050efea 100644 --- a/packages/microsoft_sqlserver/data_stream/log/sample_event.json +++ b/packages/microsoft_sqlserver/data_stream/log/sample_event.json @@ -28,7 +28,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "42a4484f-4eb2-4802-bd76-1f1118713d64", diff --git a/packages/microsoft_sqlserver/docs/README.md b/packages/microsoft_sqlserver/docs/README.md index 69a993e7f17..895cecf9d9c 100644 --- a/packages/microsoft_sqlserver/docs/README.md +++ b/packages/microsoft_sqlserver/docs/README.md @@ -236,7 +236,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "42a4484f-4eb2-4802-bd76-1f1118713d64", diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index bd491c7e881..63a82805a87 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: "1.5.0" +version: "1.6.0" license: basic description: Collect events from Microsoft SQL Server with Elastic Agent type: integration diff --git a/packages/mimecast/_dev/build/build.yml b/packages/mimecast/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/mimecast/_dev/build/build.yml +++ b/packages/mimecast/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 868a05267ff..007dffe34ac 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json index 00767373ca6..ea057ceea91 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json @@ -18,7 +18,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "threat-intel-feed-download", @@ -71,7 +71,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "threat-intel-feed-download", @@ -124,7 +124,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logged-on", @@ -175,7 +175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-requires-challenge", @@ -226,7 +226,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logged-on", @@ -276,7 +276,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mimecast-support-login", @@ -325,7 +325,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mimecast-support-login", @@ -374,7 +374,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -437,7 +437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "search-action", @@ -486,7 +486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -523,7 +523,7 @@ { "@timestamp": "2021-10-11T13:21:06.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "completed-directory-sync", @@ -564,7 +564,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "case-action", @@ -613,7 +613,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -664,7 +664,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "existing-archive-task-changed", @@ -713,7 +713,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connectors-management", @@ -762,7 +762,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "page-data-exports", @@ -816,7 +816,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "custom-report-definition-created", @@ -865,7 +865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "folder-log-entry", @@ -896,7 +896,7 @@ { "@timestamp": "2021-10-12T19:56:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-password-changed", @@ -940,7 +940,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remediation-incident-adjustment", @@ -989,7 +989,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "archive-mailbox-restore", @@ -1038,7 +1038,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "archive-mailbox-restore", @@ -1087,7 +1087,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "archive-mailbox-export-download", @@ -1136,7 +1136,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "review-set-action", @@ -1185,7 +1185,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remediation-incident-adjustment", @@ -1234,7 +1234,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -1284,7 +1284,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -1335,7 +1335,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -1386,7 +1386,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user-logged-on", @@ -1435,7 +1435,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", @@ -1486,7 +1486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logon-authentication-failed", diff --git a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 825aa7638b6..9c7b34d24d2 100644 --- a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/audit_events/sample_event.json b/packages/mimecast/data_stream/audit_events/sample_event.json index 816893e1718..2925cd5c124 100644 --- a/packages/mimecast/data_stream/audit_events/sample_event.json +++ b/packages/mimecast/data_stream/audit_events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json index a6500d8b5eb..369a61e8b7c 100644 --- a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json +++ b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -35,7 +35,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -67,7 +67,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -99,7 +99,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -131,7 +131,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -163,7 +163,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -195,7 +195,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -227,7 +227,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -259,7 +259,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -291,7 +291,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml index c071a15507e..3790d8e0e31 100644 --- a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/dlp_logs/sample_event.json b/packages/mimecast/data_stream/dlp_logs/sample_event.json index 44315f9d724..234dad8548c 100644 --- a/packages/mimecast/data_stream/dlp_logs/sample_event.json +++ b/packages/mimecast/data_stream/dlp_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json index 0be2921c1ea..0cc63726a2f 100644 --- a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json +++ b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-18T08:02:43.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -40,7 +40,7 @@ { "@timestamp": "2021-10-19T06:06:40.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -200,7 +200,7 @@ { "@timestamp": "2021-11-08T12:09:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "internal", @@ -232,7 +232,7 @@ { "@timestamp": "2021-11-08T12:10:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "internal", @@ -280,7 +280,7 @@ { "@timestamp": "2021-11-29T15:13:58.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml index 7f10b119146..add384cb006 100644 --- a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/siem_logs/sample_event.json b/packages/mimecast/data_stream/siem_logs/sample_event.json index 62516ab4795..f182c582656 100644 --- a/packages/mimecast/data_stream/siem_logs/sample_event.json +++ b/packages/mimecast/data_stream/siem_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json index 0ee01750dc4..b2f02f87712 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml index 1691d42f5a9..cf8b1497af1 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json index 34c234158ad..28c5c78a8d0 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json index c9d9ea16220..6c8bf126fa4 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml index 7a9bcfc4807..ad7eb6ccd78 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json index e9efe8fd581..6c972e75c15 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json index b22e9ad6a70..cc0b5202123 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-14T18:54:32.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": { diff --git a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml index cc6b9691473..36042a5d347 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json index 64cb20cf8f3..8057cee8bd9 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json index fd8abb2e1b8..91f63b340a8 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T17:10:46.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -59,7 +59,7 @@ { "@timestamp": "2021-10-15T06:16:34.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -115,7 +115,7 @@ { "@timestamp": "2021-10-13T16:12:07.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { diff --git a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml index c3a8d114ee9..9e850ced368 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json index 4264ac9cb6b..ebd0ad13d58 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json index c48cb641e77..b95c2f3b48c 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-16T14:45:34.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -66,7 +66,7 @@ { "@timestamp": "2021-10-16T14:07:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", @@ -129,7 +129,7 @@ { "@timestamp": "2021-10-16T13:31:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml index 87dcc81fbe7..209fe58be21 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json index 531576ef785..45f43428beb 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/sample_event.json +++ b/packages/mimecast/data_stream/ttp_url_logs/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/docs/README.md b/packages/mimecast/docs/README.md index ee170537ec6..3414c37f261 100644 --- a/packages/mimecast/docs/README.md +++ b/packages/mimecast/docs/README.md @@ -40,7 +40,7 @@ An example event for `audit_events` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -192,7 +192,7 @@ An example event for `dlp` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -317,7 +317,7 @@ An example event for `siem` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -517,7 +517,7 @@ An example event for `threat_intel_malware_customer` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -669,7 +669,7 @@ An example event for `threat_intel_malware_grid` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -824,7 +824,7 @@ An example event for `ttp_ap` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -985,7 +985,7 @@ An example event for `ttp_ip` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", @@ -1159,7 +1159,7 @@ An example event for `ttp_url` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2f28c80b-ffde-4202-a4bd-938a8ce174ad", diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index dae49cb57ba..aadaa2f26b6 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 1.3.0 +version: "1.4.0" license: basic description: Collect logs from Mimecast with Elastic Agent. type: integration diff --git a/packages/modsecurity/_dev/build/build.yml b/packages/modsecurity/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/modsecurity/_dev/build/build.yml +++ b/packages/modsecurity/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 02cf0cd8541..0ee7346fd5c 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.0" changes: - description: Adding better extraction of http request headers diff --git a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json index aa7802c85a8..a4b06776f05 100644 --- a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json +++ b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-apache-audit.log-expected.json @@ -6,7 +6,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "ip": "172.21.50.216" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -186,7 +186,7 @@ "ip": "175.16.199.50" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json index e496b1f2616..103b1a4e246 100644 --- a/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/modsecurity/data_stream/auditlog/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-14T14:52:47.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -103,7 +103,7 @@ { "@timestamp": "2021-05-14T15:11:52.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -190,7 +190,7 @@ { "@timestamp": "2021-05-14T15:12:01.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -277,7 +277,7 @@ { "@timestamp": "2021-05-14T15:12:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -364,7 +364,7 @@ { "@timestamp": "2022-05-10T04:52:04.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -441,7 +441,7 @@ { "@timestamp": "2022-05-09T09:41:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml index 389f5e6809b..00d79c5b52a 100644 --- a/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for modsecurity audit log. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/modsecurity/data_stream/auditlog/sample_event.json b/packages/modsecurity/data_stream/auditlog/sample_event.json index f90326b086f..372ad390899 100644 --- a/packages/modsecurity/data_stream/auditlog/sample_event.json +++ b/packages/modsecurity/data_stream/auditlog/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4d88038c-4b3b-4bb4-95f4-cc5789c88852", diff --git a/packages/modsecurity/manifest.yml b/packages/modsecurity/manifest.yml index c7c0a405905..e40af05c130 100644 --- a/packages/modsecurity/manifest.yml +++ b/packages/modsecurity/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: modsecurity title: "ModSecurity Audit" -version: 1.3.0 +version: "1.4.0" license: basic description: Collect logs from ModSecurity with Elastic Agent type: integration diff --git a/packages/mysql_enterprise/_dev/build/build.yml b/packages/mysql_enterprise/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/mysql_enterprise/_dev/build/build.yml +++ b/packages/mysql_enterprise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/mysql_enterprise/changelog.yml b/packages/mysql_enterprise/changelog.yml index e4ea3ca8486..63b64d76a81 100644 --- a/packages/mysql_enterprise/changelog.yml +++ b/packages/mysql_enterprise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json index 05ef0fd6988..1354d471973 100644 --- a/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json +++ b/packages/mysql_enterprise/data_stream/audit/_dev/test/pipeline/test-mysql-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-19T19:21:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-startup", @@ -66,7 +66,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-connect", @@ -132,7 +132,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -190,7 +190,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-disconnect", @@ -246,7 +246,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-connect", @@ -312,7 +312,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -370,7 +370,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -429,7 +429,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -488,7 +488,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -547,7 +547,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -606,7 +606,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -675,7 +675,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -744,7 +744,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -803,7 +803,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -862,7 +862,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -921,7 +921,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -981,7 +981,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-connect", @@ -1050,7 +1050,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1112,7 +1112,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1174,7 +1174,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1236,7 +1236,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1297,7 +1297,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1359,7 +1359,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1421,7 +1421,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1483,7 +1483,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-insert", @@ -1545,7 +1545,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1607,7 +1607,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-read", @@ -1669,7 +1669,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1731,7 +1731,7 @@ "ip": "192.168.2.5" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-disconnect", @@ -1790,7 +1790,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-disconnect", @@ -1843,7 +1843,7 @@ { "@timestamp": "2020-10-19T19:32:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-shutdown", @@ -1878,7 +1878,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -1949,7 +1949,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", @@ -2007,7 +2007,7 @@ "ip": "192.168.7.76" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mysql-status", diff --git a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 1882d8fbdd2..95cd82dbc1b 100644 --- a/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mysql_enterprise/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing MySQL Enterprise Audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/mysql_enterprise/data_stream/audit/sample_event.json b/packages/mysql_enterprise/data_stream/audit/sample_event.json index a96f32471cd..282131cdb1c 100644 --- a/packages/mysql_enterprise/data_stream/audit/sample_event.json +++ b/packages/mysql_enterprise/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/docs/README.md b/packages/mysql_enterprise/docs/README.md index bc69b68a23a..2e5aad96fdc 100644 --- a/packages/mysql_enterprise/docs/README.md +++ b/packages/mysql_enterprise/docs/README.md @@ -136,7 +136,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "1202ee7c-96a3-47b6-8ddf-4fd17e23f288", diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index d9d64c7fdc3..0f0a452a70e 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql_enterprise title: "MySQL Enterprise" -version: 1.2.0 +version: "1.3.0" license: basic description: Collect audit logs from MySQL Enterprise with Elastic Agent. type: integration diff --git a/packages/netflow/_dev/build/build.yml b/packages/netflow/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/netflow/_dev/build/build.yml +++ b/packages/netflow/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index 12ac745acf5..249bddf43ce 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.2.5" changes: - description: Fix invalid Kibana search indexRefName reference. diff --git a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json index 20d9b59a238..389d873098a 100644 --- a/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json +++ b/packages/netflow/data_stream/log/_dev/test/pipeline/test-netflow-log-events.json-expected.json @@ -18,7 +18,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -125,7 +125,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -232,7 +232,7 @@ "packets": 1 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -339,7 +339,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -446,7 +446,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -553,7 +553,7 @@ "packets": 18 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -660,7 +660,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -767,7 +767,7 @@ "packets": 47 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -874,7 +874,7 @@ "packets": 20 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -981,7 +981,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1088,7 +1088,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1195,7 +1195,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1302,7 +1302,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1409,7 +1409,7 @@ "packets": 13 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1516,7 +1516,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1623,7 +1623,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1730,7 +1730,7 @@ "packets": 7 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1837,7 +1837,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -1944,7 +1944,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2051,7 +2051,7 @@ "packets": 15 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2158,7 +2158,7 @@ "packets": 10 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2265,7 +2265,7 @@ "packets": 4 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2372,7 +2372,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2479,7 +2479,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2586,7 +2586,7 @@ "packets": 3 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2693,7 +2693,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2800,7 +2800,7 @@ "packets": 1 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -2907,7 +2907,7 @@ "packets": 19 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", @@ -3014,7 +3014,7 @@ "packets": 236 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "netflow_flow", diff --git a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 22e867908d7..08bb93379b2 100644 --- a/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netflow/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for NetFlow processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - convert: field: network.iana_number type: string diff --git a/packages/netflow/data_stream/log/sample_event.json b/packages/netflow/data_stream/log/sample_event.json index 3e6f6550519..8fe813a8aa9 100644 --- a/packages/netflow/data_stream/log/sample_event.json +++ b/packages/netflow/data_stream/log/sample_event.json @@ -21,7 +21,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f98d63fc-e620-4d4d-b16e-814a105b1bc9", diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index a466849f985..ea2bb98d213 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: "2.2.5" +version: "2.3.0" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration diff --git a/packages/netscout/_dev/build/build.yml b/packages/netscout/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/netscout/_dev/build/build.yml +++ b/packages/netscout/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index 5a224c9465d..9eb52c8574b 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.10.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json index bc0613eca6c..db715460672 100644 --- a/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/netscout/data_stream/sightline/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 29 06:09:59 pfsp: The configuration was changed on leader olab to version 1.6078 by rci", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 12 13:12:33 pfsp: Alert Autoclassification was restarted on 2016-02-12 13:12:33 uredolor by tatemac", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 26 20:15:08 ntsunti: Change Log: Username:nseq, Subsystem:itinvol, Setting Type:psa, Message:umq", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 12 03:17:42 pfsp: Test syslog message", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 26 10:20:16 pfsp: Alert Device ritquiin unreachable by controller umqui since 2016-03-26 10:20:16", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 9 17:22:51 pfsp: Alert Host Detection alert riosam, start 2016-04-9 17:22:51 anonnu, duration 116.480000, direction external, host 10.51.132.10, signatures (utper), impact squame, importance medium, managed_objects (omm), (parent managed object iin)", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 24 00:25:25 pfsp: Autoclassification was restarted on 2016-04-24 00:25:25 nim by incidi", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 8 07:27:59 pfsp: Alert Peakflow device oloremqu unreachable by temvel since 2016-05-08 07:27:59", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 22 14:30:33 pfsp: Autoclassification was restarted on 2016-05-22 14:30:33 serror by anti", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 5 21:33:08 pfsp: script ufugiatn ran at 2016-06-05 21:33:08 tionulam, leader uameius", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 20 04:35:42 pfsp: Alert Test syslog message", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 4 11:38:16 pfsp: configuration was changed on leader uipexea to version 1.5162 by nci", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 18 18:40:50 pfsp: The SNMP restored for router mvolu, leader radip at 2016-07-18 18:40:50 tNequ", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 2 01:43:25 tatno: Protection Mode: Changed protection mode to active for protection groupdquiac,URL:https://mail.example.net/uam/untutl.jpg?llu=uptassi#tamremap", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 16 08:45:59 pfsp: Alert script estqui ran at 2016-08-16 08:45:59 uasiarch, leader emaper", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 30 15:48:33 eum: Blocked Host: Blocked host10.66.171.247atsitby Blocked Countries usingudpdestination10.155.162.162,URL:https://www5.example.org/seq/olorema.jpg?quid=fug#uatDuis", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 13 22:51:07 pfsp: Alert TMS 'eip' fault for resource 'lupta' on TMS iusmodt", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 28 05:53:42 pfsp: Alert Autoclassification was restarted on 2016-09-28 05:53:42 atatnonp by uiano", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 12 12:56:16 temq: Blocked Host: Blocked host10.38.77.13ataquaeabby Blocked Countries usingipv6-icmpdestination10.179.26.34,URL:https://example.org/isiu/nimadmi.gif?ari=equun#suntinc", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 26 19:58:50 pfsp: Hardware failure on tatevel since 2016-10-26 19:58:50 GMT: abilloi", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 10 03:01:24 pfsp: The anomaly ore id 2933 status tsed severity very-high classification enimad router incididu router_name eci interface aali interface_name \"lo5882\" porainc", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 24 10:03:59 moll: anomaly: anomaly Bandwidth id 2902 status inim severity high classification deomni router tquovol router_name ntsuntin interface aecatcup interface_name \"lo4987\" oluptate", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 8 17:06:33 pfsp: Alert Autoclassification was restarted on 2016-12-08 17:06:33 iam by qua", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 23 00:09:07 pfsp: Test syslog message", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 6 07:11:41 pfsp: Autoclassification was restarted on 2017-01-06 07:11:41 olupta by turveli", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 20 14:14:16 pfsp: Alert Autoclassification was restarted on 2017-01-20 14:14:16 ntutl by caecatc", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 3 21:16:50 pfsp: Alert GRE tunnel restored for destination 10.224.68.213, leader taed at 2017-02-03 21:16:50 lup", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 18 04:19:24 pfsp: Alert Hardware failure on aperi since 2017-02-18 04:19:24 GMT: lor", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 4 11:21:59 pfsp: The BGP Instability for router oin ended", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 18 18:24:33 pfsp: Hardware failure on ritatis done at 2017-03-18 18:24:33 oloremi GMT: pitla", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2 01:27:07 eomnisis: Change Log: Username:mqui, Subsystem:civeli, Setting Type:errorsi, Message:des", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 16 08:29:41 pfsp: Device tdolorem unreachable by controller ono since 2017-04-16 08:29:41", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 30 15:32:16 pfsp: The GRE tunnel down for destination 10.60.185.151, leader uidolo since 2017-04-30 15:32:16 lumquido", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 14 22:34:50 Lor: Test: Test syslog message", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 29 05:37:24 pfsp: Alert script modoco ran at 2017-05-29 05:37:24 , leader estqu", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 12 12:39:58 intoccae: Protection Mode: Changed protection mode to active for protection groupents,URL:https://www.example.net/nse/sinto.gif?CSed=lupt#psaquae", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 26 19:42:33 pfsp: The BGP Trap reetd: Prefix lumqui itinvo mdolore", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 11 02:45:07 pfsp: Device mque reachable again by controller uovolup at 2017-07-11 02:45:07 samvolu", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 25 09:47:41 pfsp: The Host Detection alert eirure, start 2017-07-25 09:47:41 conseq, duration 38.117000, stop 2017-07-25 09:47:41 mpori, , importance very-high, managed_objects (atu), is now unknown, (parent managed object lpaqui)", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 8 16:50:15 pfsp: BGP Trap doloremi: Prefix luptasn hitect dol", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 22 23:52:50 nsecte: BGP: ipv6 instability router tincu threshold ari (exercit) observed sci (quamnih)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 6 06:55:24 emoe: Protection Mode: Changed protection mode to active for protection groupeaq,URL:https://mail.example.net/corp/modtemp.jpg?oluptas=tNequepo#lup", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 20 13:57:58 evita: Change Log: Username:suntexp, Subsystem:duntut, Setting Type:magni, Message:pisciv", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 4 21:00:32 radipisc: Blocked Host: Blocked host10.136.232.108atabiby Blocked Countries usingrdpdestination10.168.131.247,URL:https://example.net/temqu/edol.jpg?ipi=reseos#pariatu", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 19 04:03:07 pfsp: GRE tunnel restored for destination 10.209.182.237, leader tper at 2017-10-19 04:03:07 olor", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 2 11:05:41 pfsp: Alert Device xerc reachable again by controller iutali at 2017-11-02 11:05:41 fdeFi", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 16 18:08:15 pfsp: BGP down for router ati, leader tlabo since 2017-11-16 18:08:15 uames", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 1 01:10:49 pfsp: script offi ran at 2017-12-01 01:10:49 , leader giatnu", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 15 08:13:24 untex: Blocked Host: Blocked host10.83.23.104attisetqby Blocked Countries usingrdpdestination10.163.161.165,URL:https://www5.example.org/atem/gnido.txt?tmollita=fde#nsecte", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 29 15:15:58 pfsp: GRE tunnel restored for destination 10.53.248.4, leader derit at 2017-12-29 15:15:58 dexea", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 12 22:18:32 pfsp: Test syslog message", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 27 05:21:06 pfsp: Alert Flow down for router tessec, leader olupta since 2018-01-27 05:21:06 litse", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 10 12:23:41 pfsp: Alert Host Detection alert sperna, start 2018-02-10 12:23:41 sintocc, duration 24.633000, stop 2018-02-10 12:23:41 scivelit, , importance medium, managed_objects (ehen), is now success, (parent managed object quameius)", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 24 19:26:15 ate: Change Log: Username:uiac, Subsystem:epte, Setting Type:idolo, Message:quinesc", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 11 02:28:49 pfsp: BGP Instability for router iatisu ended", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 25 09:31:24 evolu: Change Log: Username:ersp, Subsystem:tquov, Setting Type:diconseq, Message:inven", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 8 16:33:58 pfsp: Test syslog message", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 22 23:36:32 Sedutp: Test: Test syslog message", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 7 06:39:06 ema: Change Log: Username:rsitv, Subsystem:iciade, Setting Type:ntiumt, Message:iquipe", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 21 13:41:41 quin: Protection Mode: Changed protection mode to active for protection groupupida,URL:https://api.example.com/eufugi/pici.html?ccaecat=tquiin#tse", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 4 20:44:15 minimav: Change Log: Username:udexerci, Subsystem:naal, Setting Type:lore, Message:tnonpro", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 19 03:46:49 pfsp: The Device illoin unreachable by controller tanimid since 2018-06-19 03:46:49", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 3 10:49:23 pfsp: configuration was changed on leader natuse to version 1.4425 by ati", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 17 17:51:58 boree: anomaly: anomaly Bandwidth id 2366 status queips severity low classification itess router iscinge router_name ofdeFini interface irat interface_name \"enp0s4306\" aturauto", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 1 00:54:32 pfsp: SNMP restored for router entsunt, leader ihilm at 2018-08-01 00:54:32 dmin", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 15 07:57:06 pfsp: The Host Detection alert uscipitl, start 2018-08-15 07:57:06 uia, duration 29.657000, direction internal, host 10.54.49.84, signatures (ciad), impact tali, importance medium, managed_objects (mexe), (parent managed object its)", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 29 14:59:40 pfsp: Alert Test syslog message", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 12 22:02:15 pfsp: anomaly Bandwidth id 5089 status commodo severity medium classification tutlab router sau router_name atevelit interface meius interface_name \"lo4293\" labo", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 27 05:04:49 pfsp: Alert script nre ran at 2018-09-27 05:04:49 veli, leader volupta", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 11 12:07:23 pfsp: The BGP instability router uptate threshold mac (iumdol) observed tpersp (stla)", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 25 19:09:57 pfsp: Alert TMS 'tem' fault for resource 'dol' on TMS proiden", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 9 02:12:32 pfsp: Device isis reachable again by controller uasiar at 2018-11-09 02:12:32 utlab", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 23 09:15:06 pfsp: Alert script dantium ran at 2018-11-23 09:15:06 lor, leader velillu", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 7 16:17:40 pfsp: The script tvolu ran at 2018-12-07 16:17:40 nreprehe, leader tetu", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 21 23:20:14 temporin: Blocked Host: Blocked host10.122.76.148atmiuby Blocked Countries usingipv6-icmpdestination10.28.226.128,URL:https://mail.example.org/idunt/luptat.txt?ica=lillum#remips", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 5 06:22:49 cola: Protection Mode: Changed protection mode to active for protection groupamcor,URL:https://internal.example.com/ineavol/iosa.html?usc=rem#amvolupt", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 19 13:25:23 mnis: Protection Mode: Changed protection mode to active for protection groupequepor,URL:https://internal.example.org/quaUten/nisiut.txt?teturad=perspici#itation", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2 20:27:57 nimave: Protection Mode: Changed protection mode to active for protection groupisciv,URL:https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 17 03:30:32 iosamnis: Blocked Host: Blocked host10.31.177.226atdeserunby Blocked Countries usingggpdestination10.98.209.10,URL:https://www.example.org/ptateve/enderi.html?toccaec=fugi#labo", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 3 10:33:06 estl: Blocked Host: Blocked host10.44.47.27atmmodocby Blocked Countries usingigmpdestination10.179.210.218,URL:https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 17 17:35:40 pfsp: Alert configuration was changed on leader emvele to version 1.2883 by lor", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 1 00:38:14 pfsp: Alert BGP instability router iquamqua threshold sit (rumSect) observed ita (vitaed)", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 15 07:40:49 pfsp: Alert Test syslog message", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 29 14:43:23 numquam: Change Log: Username:tMal, Subsystem:ommodo, Setting Type:uptat, Message:idex", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 13 21:45:57 pfsp: Alert configuration was changed on leader maveni to version 1.2552 by onu", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 28 04:48:31 pfsp: Alert BGP Hijack for prefix tlaboree router norumet done", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 11 11:51:06 pfsp: Host Detection alert col, start 2019-06-11 11:51:06 mve, duration 177.586000, stop 2019-06-11 11:51:06 tinvolup, , importance very-high, managed_objects (Sedutpe), is now failure, (parent managed object rroq)", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 25 18:53:40 pfsp: script remipsum ran at 2019-06-25 18:53:40 , leader tempor", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 10 01:56:14 ccae: Change Log: Username:orroqu, Subsystem:elitsed, Setting Type:labore, Message:uela", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 24 08:58:48 uto: Test: Test syslog message", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 7 16:01:23 remq: Change Log: Username:veniamq, Subsystem:occ, Setting Type:oloreseo, Message:iruredol", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 21 23:03:57 cupi: Blocked Host: Blocked host10.151.129.181atduntby Blocked Countries usingggpdestination10.55.156.64,URL:https://www.example.net/itanim/nesciun.txt?mollita=tatem#iae", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 5 06:06:31 eumi: Protection Mode: Changed protection mode to active for protection groupquasiarc,URL:https://www.example.net/rever/ore.jpg?oluptat=metco#acom", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 19 13:09:05 pfsp: The Host Detection alert inBCSedu, start 2019-09-19 13:09:05 erspi, duration 77.637000, direction internal, host 10.46.77.76, signatures (iacons), impact occaec, importance medium, managed_objects (uov), (parent managed object quaeab)", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 3 20:11:40 pfsp: Hardware failure on ntiu since 2019-10-03 20:11:40 GMT: radipisc", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 18 03:14:14 pfsp: script vitaed ran at 2019-10-18 03:14:14 ser, leader etconsec", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 1 10:16:48 upt: Blocked Host: Blocked host10.73.89.189atidoloby Blocked Countries usingicmpdestination10.166.90.130,URL:https://api.example.org/eosquira/pta.htm?econs=lmolesti#apariatu", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 15 17:19:22 pfsp: Alert script msequ ran at 2019-11-15 17:19:22 uat, leader lupta", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 30 00:21:57 tlabori: Protection Mode: Changed protection mode to active for protection grouplaudan,URL:https://www5.example.com/atcupida/tessequa.htm?dolores=equamnih#taliqui", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 14 07:24:31 destlabo: Change Log: Username:rcitat, Subsystem:dolorema, Setting Type:emagn, Message:radipis", "tags": [ diff --git a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml index 3fb9d7cef5f..860a0155b78 100644 --- a/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Arbor Peakflow SP processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/netscout/data_stream/sightline/sample_event.json b/packages/netscout/data_stream/sightline/sample_event.json index b3f354051d3..3f7388d9fe4 100644 --- a/packages/netscout/data_stream/sightline/sample_event.json +++ b/packages/netscout/data_stream/sightline/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index d5613af89ed..46d3ec49acb 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netscout title: Arbor Peakflow SP Logs -version: "0.10.2" +version: "0.11.0" description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/netskope/_dev/build/build.yml b/packages/netskope/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/netskope/_dev/build/build.yml +++ b/packages/netskope/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index 165e4c2b842..c7010cfee9c 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 2ba2100ff1d..11610f8c898 100644 --- a/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/netskope/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "f621f259f5fbde850ad5593a", @@ -172,7 +172,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -342,7 +342,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "d370a4733b213214d7efd44b", @@ -515,7 +515,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -634,7 +634,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -832,7 +832,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1024,7 +1024,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -1189,7 +1189,7 @@ { "@timestamp": "2022-01-19T21:39:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "47eccb9569fe50460ad1200f", @@ -1243,7 +1243,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "f34166329a41b4ed7842ce18", @@ -1362,7 +1362,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -1560,7 +1560,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -1752,7 +1752,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -1933,7 +1933,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -2114,7 +2114,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -2312,7 +2312,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -2505,7 +2505,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -2687,7 +2687,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -2872,7 +2872,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -3039,7 +3039,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -3209,7 +3209,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "5b052d559134cbd545cc1bdb", @@ -3364,7 +3364,7 @@ { "@timestamp": "2022-01-19T21:39:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "47eccb9569fe50460ad1200f", @@ -3437,7 +3437,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "9c4f8947f6326ff0ad79f4a3", @@ -3631,7 +3631,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "045b4a05e63667d3b25279e1", @@ -3833,7 +3833,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "b999bebb17c193b3350f16b3", @@ -4003,7 +4003,7 @@ { "@timestamp": "2022-05-15T15:34:26.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "abc123a1a53aad", @@ -4072,7 +4072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "123abb3426a0ffa82a", @@ -4185,7 +4185,7 @@ "ip": "81.2.69.142" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "abcd19518cee24e", diff --git a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index cf3ffa46e48..a935a9155da 100644 --- a/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope alerts processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/alerts/sample_event.json b/packages/netskope/data_stream/alerts/sample_event.json index f6ea149c18d..1bcbe09068e 100644 --- a/packages/netskope/data_stream/alerts/sample_event.json +++ b/packages/netskope/data_stream/alerts/sample_event.json @@ -29,7 +29,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "900d4a66-139e-4b27-bb30-f978d742a95f", diff --git a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json index 703ab1b7496..ce8f550a105 100644 --- a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json @@ -24,7 +24,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -201,7 +201,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allow", @@ -318,7 +318,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -376,7 +376,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "fd54bdb5916df42dc55712a4", @@ -522,7 +522,7 @@ { "@timestamp": "2021-12-24T00:29:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"@timestamp\":\"2021-12-24T00:29:56.000Z\",\"event.id\":\"613ee55ec9d868fc47654a73\",\"netskope\":{\"events\":{\"event_type\":\"infrastructure\",\"severity\":{\"level\":\"high\"},\"alarm\":{\"name\":\"No_events_from_device\",\"description\":\"Events from device not received in the last 24 hours\"},\"device\":{\"name\":\"device-1\"},\"metric_value\":43831789,\"serial\":\"FFFFFFFFFFFFFFFF\",\"supporting_data\":\"abc\"}}}" @@ -570,7 +570,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -695,7 +695,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -873,7 +873,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allow", @@ -991,7 +991,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -1050,7 +1050,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "fd54bdb5916df42dc55712a4", @@ -1197,7 +1197,7 @@ { "@timestamp": "2021-12-24T00:29:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"@timestamp\":\"2021-12-24T00:29:56.000Z\",\"event.id\":\"613ee55ec9d868fc47654a73\",\"netskope\":{\"events\":{\"event_type\":\"infrastructure\",\"severity\":{\"level\":\"high\"},\"alarm\":{\"name\":\"No_events_from_device\",\"description\":\"Events from device not received in the last 24 hours\"},\"device\":{\"name\":\"device-1\"},\"metric_value\":43831789,\"serial\":\"FFFFFFFFFFFFFFFF\",\"supporting_data\":\"abc\"}}}" @@ -1245,7 +1245,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -1371,7 +1371,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -1534,7 +1534,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "004bad0deade8dd33fafb916", @@ -1658,7 +1658,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allow", @@ -1779,7 +1779,7 @@ { "@timestamp": "2022-01-30T05:44:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "c198aee5561d930a120e4fb4", @@ -1818,7 +1818,7 @@ { "@timestamp": "2021-09-12T11:31:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "123f357a5241c6f", @@ -1918,7 +1918,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -2034,7 +2034,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "123asd25fe48c2b3d", diff --git a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml index 4f4543ddbf4..5f6b180511f 100644 --- a/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Netskope events processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - json: field: message add_to_root: true diff --git a/packages/netskope/data_stream/events/sample_event.json b/packages/netskope/data_stream/events/sample_event.json index 99599a268d5..19ac84144d4 100644 --- a/packages/netskope/data_stream/events/sample_event.json +++ b/packages/netskope/data_stream/events/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "900d4a66-139e-4b27-bb30-f978d742a95f", diff --git a/packages/netskope/docs/README.md b/packages/netskope/docs/README.md index d53bd1acd5d..b04f768b593 100644 --- a/packages/netskope/docs/README.md +++ b/packages/netskope/docs/README.md @@ -611,7 +611,7 @@ An example event for `alerts` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "900d4a66-139e-4b27-bb30-f978d742a95f", @@ -1194,7 +1194,7 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "900d4a66-139e-4b27-bb30-f978d742a95f", diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index ce3a82b3e65..a751290d033 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: "1.3.1" +version: "1.4.0" license: basic description: Collect logs from Netskope with Elastic Agent. type: integration diff --git a/packages/network_traffic/_dev/build/build.yml b/packages/network_traffic/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100755 --- a/packages/network_traffic/_dev/build/build.yml +++ b/packages/network_traffic/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index ae6ba897ca0..63154aa4de5 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.6.1" changes: - description: Add security category to package metadata. diff --git a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml index 8d6dd54faa7..5b3e5f8afa1 100644 --- a/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing amqp traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/amqp/sample_event.json b/packages/network_traffic/data_stream/amqp/sample_event.json index a0119840192..42e97bb4ab8 100644 --- a/packages/network_traffic/data_stream/amqp/sample_event.json +++ b/packages/network_traffic/data_stream/amqp/sample_event.json @@ -33,7 +33,7 @@ "port": 5672 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml index c5e00f4f6b5..22ad32229fa 100644 --- a/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing cassandra traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/cassandra/sample_event.json b/packages/network_traffic/data_stream/cassandra/sample_event.json index c173ec524f1..1192341516b 100644 --- a/packages/network_traffic/data_stream/cassandra/sample_event.json +++ b/packages/network_traffic/data_stream/cassandra/sample_event.json @@ -53,7 +53,7 @@ "port": 9042 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml index f6c77dca1f2..5b50e256727 100644 --- a/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dhcpv4/sample_event.json b/packages/network_traffic/data_stream/dhcpv4/sample_event.json index 42cfe624c31..b0ee6bb27ec 100644 --- a/packages/network_traffic/data_stream/dhcpv4/sample_event.json +++ b/packages/network_traffic/data_stream/dhcpv4/sample_event.json @@ -41,7 +41,7 @@ "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 4674446bd34..42391a4e910 100644 --- a/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing dhcpv4 traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/dns/sample_event.json b/packages/network_traffic/data_stream/dns/sample_event.json index e0cb9684048..589743182a5 100644 --- a/packages/network_traffic/data_stream/dns/sample_event.json +++ b/packages/network_traffic/data_stream/dns/sample_event.json @@ -82,7 +82,7 @@ "type": "answer" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml index 72b84828226..a36e3eef2ed 100644 --- a/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/flow/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing traffic flows processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml index ba04414b17f..efe1f0544af 100644 --- a/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing http traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/http/sample_event.json b/packages/network_traffic/data_stream/http/sample_event.json index 408170bb4d3..f6fc146543d 100644 --- a/packages/network_traffic/data_stream/http/sample_event.json +++ b/packages/network_traffic/data_stream/http/sample_event.json @@ -24,7 +24,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml index e99d7e7b47c..0fbf8d57d9e 100644 --- a/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing icmp traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/icmp/sample_event.json b/packages/network_traffic/data_stream/icmp/sample_event.json index 9408ad19b26..a94972b1d79 100644 --- a/packages/network_traffic/data_stream/icmp/sample_event.json +++ b/packages/network_traffic/data_stream/icmp/sample_event.json @@ -21,7 +21,7 @@ "ip": "::2" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml index f8f841c4854..47e65cf6c2d 100644 --- a/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing memcached traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/memcached/sample_event.json b/packages/network_traffic/data_stream/memcached/sample_event.json index ebc51643b5c..5429161361e 100644 --- a/packages/network_traffic/data_stream/memcached/sample_event.json +++ b/packages/network_traffic/data_stream/memcached/sample_event.json @@ -22,7 +22,7 @@ "port": 11211 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml index 7abe32f984b..3f8d31899aa 100644 --- a/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mongodb traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mongodb/sample_event.json b/packages/network_traffic/data_stream/mongodb/sample_event.json index 94411f7fa1d..5732e6f2a1c 100644 --- a/packages/network_traffic/data_stream/mongodb/sample_event.json +++ b/packages/network_traffic/data_stream/mongodb/sample_event.json @@ -23,7 +23,7 @@ "port": 27017 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index 96a6d5eb5db..902cb824616 100644 --- a/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing mysql traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/mysql/sample_event.json b/packages/network_traffic/data_stream/mysql/sample_event.json index d53434006b6..12759177911 100644 --- a/packages/network_traffic/data_stream/mysql/sample_event.json +++ b/packages/network_traffic/data_stream/mysql/sample_event.json @@ -23,7 +23,7 @@ "port": 3306 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml index d9935484e53..527b28599f5 100644 --- a/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing nfs traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/nfs/sample_event.json b/packages/network_traffic/data_stream/nfs/sample_event.json index 1573dd28122..cca11367fdf 100644 --- a/packages/network_traffic/data_stream/nfs/sample_event.json +++ b/packages/network_traffic/data_stream/nfs/sample_event.json @@ -24,7 +24,7 @@ "port": 2049 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml index a4e6d351307..fe153cbb2aa 100644 --- a/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing pgsql traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/pgsql/sample_event.json b/packages/network_traffic/data_stream/pgsql/sample_event.json index 3619041c1d5..2209811050a 100644 --- a/packages/network_traffic/data_stream/pgsql/sample_event.json +++ b/packages/network_traffic/data_stream/pgsql/sample_event.json @@ -23,7 +23,7 @@ "port": 5432 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml index ededa03eb0e..772cc090117 100644 --- a/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/redis/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing redis traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/redis/sample_event.json b/packages/network_traffic/data_stream/redis/sample_event.json index 2d6b21d978d..c4a8ef5befc 100644 --- a/packages/network_traffic/data_stream/redis/sample_event.json +++ b/packages/network_traffic/data_stream/redis/sample_event.json @@ -23,7 +23,7 @@ "port": 6380 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index a81deff4b2d..23297010842 100644 --- a/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing sip traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/sip/sample_event.json b/packages/network_traffic/data_stream/sip/sample_event.json index e14e923b76d..beb7ff83575 100644 --- a/packages/network_traffic/data_stream/sip/sample_event.json +++ b/packages/network_traffic/data_stream/sip/sample_event.json @@ -21,7 +21,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml index b53f37c9b56..134af2d0709 100644 --- a/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing thrift traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/thrift/sample_event.json b/packages/network_traffic/data_stream/thrift/sample_event.json index 4fd93325660..7428539eb1e 100644 --- a/packages/network_traffic/data_stream/thrift/sample_event.json +++ b/packages/network_traffic/data_stream/thrift/sample_event.json @@ -23,7 +23,7 @@ "port": 9090 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml index bd598c57aff..66db0f6377b 100644 --- a/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml +++ b/packages/network_traffic/data_stream/tls/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing tls traffic processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## # Set host.mac to dash separated upper case value # as per ECS recommendation diff --git a/packages/network_traffic/data_stream/tls/sample_event.json b/packages/network_traffic/data_stream/tls/sample_event.json index 67f5ed4e977..59b2c6e7279 100644 --- a/packages/network_traffic/data_stream/tls/sample_event.json +++ b/packages/network_traffic/data_stream/tls/sample_event.json @@ -22,7 +22,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/docs/README.md b/packages/network_traffic/docs/README.md index 69053c35f7e..e6cb3ddc765 100644 --- a/packages/network_traffic/docs/README.md +++ b/packages/network_traffic/docs/README.md @@ -451,7 +451,7 @@ An example event for `amqp` looks as following: "port": 5672 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -788,7 +788,7 @@ An example event for `cassandra` looks as following: "port": 9042 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1045,7 +1045,7 @@ An example event for `dhcpv4` looks as following: "transaction_id": "0x00003d1d" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1362,7 +1362,7 @@ An example event for `dns` looks as following: "type": "answer" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1722,7 +1722,7 @@ An example event for `http` looks as following: "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -1983,7 +1983,7 @@ An example event for `icmp` looks as following: "ip": "::2" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2279,7 +2279,7 @@ An example event for `memcached` looks as following: "port": 11211 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2538,7 +2538,7 @@ An example event for `mongodb` looks as following: "port": 27017 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -2778,7 +2778,7 @@ An example event for `mysql` looks as following: "port": 3306 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3012,7 +3012,7 @@ An example event for `nfs` looks as following: "port": 2049 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3260,7 +3260,7 @@ An example event for `pgsql` looks as following: "port": 5432 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3485,7 +3485,7 @@ An example event for `redis` looks as following: "port": 6380 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -3791,7 +3791,7 @@ An example event for `sip` looks as following: "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -4182,7 +4182,7 @@ An example event for `thrift` looks as following: "port": 9090 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", @@ -4569,7 +4569,7 @@ An example event for `tls` looks as following: "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "827ce6a9-85bd-4e07-9a7a-4896c17144cd", diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index 58e316c8d5f..7a29bc117d3 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: "1.6.1" +version: "1.7.0" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration diff --git a/packages/o365/_dev/build/build.yml b/packages/o365/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/o365/_dev/build/build.yml +++ b/packages/o365/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 9726c3d0347..ff03cc93173 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.8.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json index a24479c6fee..0847d333a86 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -189,7 +189,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -371,7 +371,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -744,7 +744,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -935,7 +935,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1139,7 +1139,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1343,7 +1343,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1547,7 +1547,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -1751,7 +1751,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -1955,7 +1955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2159,7 +2159,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2363,7 +2363,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2567,7 +2567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -2771,7 +2771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -2975,7 +2975,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3179,7 +3179,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -3383,7 +3383,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -3587,7 +3587,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -3769,7 +3769,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -3951,7 +3951,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -4142,7 +4142,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -4324,7 +4324,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -4506,7 +4506,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -4688,7 +4688,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -4879,7 +4879,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5083,7 +5083,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5491,7 +5491,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5695,7 +5695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -5899,7 +5899,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6103,7 +6103,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6307,7 +6307,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -6511,7 +6511,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -6718,7 +6718,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -6922,7 +6922,7 @@ "@timestamp": "2020-02-10T15:15:04.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "modified-user-account", @@ -7094,7 +7094,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7298,7 +7298,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7502,7 +7502,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove OAuth2PermissionGrant.", @@ -7706,7 +7706,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -7910,7 +7910,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8114,7 +8114,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8318,7 +8318,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8522,7 +8522,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -8726,7 +8726,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -8930,7 +8930,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9134,7 +9134,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9338,7 +9338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9542,7 +9542,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Remove app role assignment from service principal.", @@ -9746,7 +9746,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -9950,7 +9950,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", @@ -10154,7 +10154,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -10361,7 +10361,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -10568,7 +10568,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10772,7 +10772,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -10976,7 +10976,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11180,7 +11180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -11384,7 +11384,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11588,7 +11588,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11792,7 +11792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -11996,7 +11996,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12200,7 +12200,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -12404,7 +12404,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add application.", @@ -12598,7 +12598,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add application.", @@ -12792,7 +12792,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add application.", @@ -12986,7 +12986,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add application.", @@ -13180,7 +13180,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add owner to application.", @@ -13375,7 +13375,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add service principal.", @@ -13586,7 +13586,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add service principal.", @@ -13797,7 +13797,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add service principal.", @@ -14008,7 +14008,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add service principal.", @@ -14219,7 +14219,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -14391,7 +14391,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14573,7 +14573,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application – Certificates and secrets management ", @@ -14755,7 +14755,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -14946,7 +14946,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -15137,7 +15137,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -15328,7 +15328,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -15510,7 +15510,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -15692,7 +15692,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update application.", @@ -15874,7 +15874,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -16065,7 +16065,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -16256,7 +16256,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update service principal.", @@ -16447,7 +16447,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16651,7 +16651,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -16855,7 +16855,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17059,7 +17059,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17263,7 +17263,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17467,7 +17467,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17671,7 +17671,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -17875,7 +17875,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment to service principal.", @@ -18079,7 +18079,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18283,7 +18283,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18487,7 +18487,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add OAuth2PermissionGrant.", @@ -18691,7 +18691,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -18898,7 +18898,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -19105,7 +19105,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Consent to application.", @@ -19312,7 +19312,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19512,7 +19512,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment grant to user.", @@ -19712,7 +19712,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add app role assignment grant to user.", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json index 622e9ff3e84..de88e989a5b 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-azuread-sts-logon-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -137,7 +137,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -267,7 +267,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -397,7 +397,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -527,7 +527,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -787,7 +787,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -917,7 +917,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1047,7 +1047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1177,7 +1177,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1307,7 +1307,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1437,7 +1437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1567,7 +1567,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1827,7 +1827,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -1957,7 +1957,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2087,7 +2087,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2217,7 +2217,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2347,7 +2347,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2477,7 +2477,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2607,7 +2607,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2737,7 +2737,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2867,7 +2867,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -2997,7 +2997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3127,7 +3127,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3257,7 +3257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3387,7 +3387,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3517,7 +3517,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3647,7 +3647,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3777,7 +3777,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -3906,7 +3906,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoginFailed", @@ -4037,7 +4037,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -4152,7 +4152,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -4282,7 +4282,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -4397,7 +4397,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoginFailed", @@ -4528,7 +4528,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -4643,7 +4643,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoginFailed", @@ -4774,7 +4774,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -4904,7 +4904,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5034,7 +5034,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5149,7 +5149,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoginFailed", @@ -5280,7 +5280,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5410,7 +5410,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5540,7 +5540,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5670,7 +5670,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5785,7 +5785,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -5915,7 +5915,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6045,7 +6045,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6175,7 +6175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6305,7 +6305,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6435,7 +6435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6565,7 +6565,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6695,7 +6695,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6825,7 +6825,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -6955,7 +6955,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7085,7 +7085,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7215,7 +7215,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7345,7 +7345,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7475,7 +7475,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7605,7 +7605,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7735,7 +7735,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7865,7 +7865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -7995,7 +7995,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8125,7 +8125,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8255,7 +8255,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8385,7 +8385,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8515,7 +8515,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8645,7 +8645,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -8775,7 +8775,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json index cb8d891ee23..5b0f75f1724 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-bad-ips.json-expected.json @@ -7,7 +7,7 @@ "domain": "NOTANIPV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupCreation", @@ -74,7 +74,7 @@ "ip": "10.90.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupCreation", @@ -149,7 +149,7 @@ "domain": "INCORRECTIPV4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupCreation", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-28T09:42:45.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json index f9e4b723963..8d9b35b4e49 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-data-insights-api-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -49,7 +49,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -95,7 +95,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -141,7 +141,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -187,7 +187,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -233,7 +233,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -279,7 +279,7 @@ { "@timestamp": "2020-02-10T15:13:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -325,7 +325,7 @@ { "@timestamp": "2020-02-12T10:53:26.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", @@ -371,7 +371,7 @@ { "@timestamp": "2020-02-12T21:38:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SearchDataInsightsSubscription", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json index 0fe008c6741..f9386279160 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-exchange-events.json-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleMatch", @@ -182,7 +182,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleUndo", @@ -353,7 +353,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleMatch", @@ -527,7 +527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleMatch", @@ -701,7 +701,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleMatch", @@ -819,7 +819,7 @@ { "@timestamp": "2020-02-24T20:11:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DlpRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json index bfbb47e4977..f0fd7be999a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-dlp-sharepoint-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-25T16:20:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -107,7 +107,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -220,7 +220,7 @@ { "@timestamp": "2020-02-25T16:23:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -329,7 +329,7 @@ { "@timestamp": "2020-02-25T16:22:22.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -442,7 +442,7 @@ { "@timestamp": "2020-02-26T10:13:48.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -555,7 +555,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", @@ -668,7 +668,7 @@ { "@timestamp": "2020-02-26T12:39:40.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DLPRuleMatch", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json index f761e708c4c..a51671cdd08 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-admin-events.json-expected.json @@ -6,7 +6,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -73,7 +73,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -153,7 +153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -233,7 +233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Install-DefaultSharingPolicy", @@ -300,7 +300,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Install-AdminAuditLogConfig", @@ -367,7 +367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -435,7 +435,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -504,7 +504,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -571,7 +571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -651,7 +651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -731,7 +731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Enable-AddressListPaging", @@ -799,7 +799,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -879,7 +879,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -959,7 +959,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1039,7 +1039,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1119,7 +1119,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1199,7 +1199,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1279,7 +1279,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1346,7 +1346,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -1414,7 +1414,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -1482,7 +1482,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -1549,7 +1549,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -1617,7 +1617,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1697,7 +1697,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1777,7 +1777,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1857,7 +1857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -1937,7 +1937,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2017,7 +2017,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2097,7 +2097,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2177,7 +2177,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2257,7 +2257,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2339,7 +2339,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2419,7 +2419,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2499,7 +2499,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2579,7 +2579,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2659,7 +2659,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2739,7 +2739,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2819,7 +2819,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2899,7 +2899,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -2979,7 +2979,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3059,7 +3059,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3136,7 +3136,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -3205,7 +3205,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -3273,7 +3273,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TransportConfig", @@ -3341,7 +3341,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "New-ExchangeAssistanceConfig", @@ -3409,7 +3409,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3491,7 +3491,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3571,7 +3571,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3651,7 +3651,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3731,7 +3731,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3811,7 +3811,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3891,7 +3891,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -3971,7 +3971,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4051,7 +4051,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4131,7 +4131,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4211,7 +4211,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4291,7 +4291,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4371,7 +4371,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -4440,7 +4440,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4509,7 +4509,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4589,7 +4589,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4669,7 +4669,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -4738,7 +4738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-OwaMailboxPolicy", @@ -4805,7 +4805,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4887,7 +4887,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -4967,7 +4967,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5047,7 +5047,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5127,7 +5127,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5207,7 +5207,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5287,7 +5287,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5367,7 +5367,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5447,7 +5447,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Enable-AddressListPaging", @@ -5515,7 +5515,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5584,7 +5584,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-ExchangeAssistanceConfig", @@ -5652,7 +5652,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -5721,7 +5721,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-TenantObjectVersion", @@ -5788,7 +5788,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add-MailboxPermission", @@ -5857,7 +5857,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -5924,7 +5924,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-AdminAuditLogConfig", @@ -5993,7 +5993,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6073,7 +6073,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6153,7 +6153,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6233,7 +6233,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6313,7 +6313,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6393,7 +6393,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6473,7 +6473,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6553,7 +6553,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6633,7 +6633,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Add-MailboxPermission", @@ -6702,7 +6702,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6782,7 +6782,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -6862,7 +6862,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Enable-AddressListPaging", @@ -6930,7 +6930,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -7010,7 +7010,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Install-ResourceConfig", @@ -7077,7 +7077,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7146,7 +7146,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -7223,7 +7223,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -7303,7 +7303,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-RecipientEnforcementProvisioningPolicy", @@ -7372,7 +7372,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -7452,7 +7452,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", @@ -7534,7 +7534,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json index 42e334b3cdc..b747a221886 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-exchange-item-events.json-expected.json @@ -10,7 +10,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Create", @@ -101,7 +101,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Create", @@ -192,7 +192,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Create", @@ -283,7 +283,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", @@ -374,7 +374,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", @@ -465,7 +465,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", @@ -556,7 +556,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", @@ -647,7 +647,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", @@ -738,7 +738,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "ModifyFolderPermissions", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json index 33a6abbaa91..d0f88bf5181 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ip-formats-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -52,7 +52,7 @@ "port": 12345 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -95,7 +95,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -180,7 +180,7 @@ "port": 12345 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -224,7 +224,7 @@ "port": 12345 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -276,7 +276,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -378,7 +378,7 @@ "ip": "10.11.12.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -419,7 +419,7 @@ "domain": "localhost" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -449,7 +449,7 @@ "domain": "[localhost]:12345" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "domain": "localhost:12345" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -509,7 +509,7 @@ "domain": "[cool.client.local]:12345" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -539,7 +539,7 @@ "domain": "cool.client.local" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -569,7 +569,7 @@ "domain": "cool.client.local:12345" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json index 9fbf9127a97..b18b6b8d63a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-modified-properites.json-expected.json @@ -10,7 +10,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Update", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json index 47b99541f6c..5c1be8929b7 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-ms-teams-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-group-account-to", @@ -55,7 +55,7 @@ { "@timestamp": "2020-02-17T16:59:47.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-users-to-group", @@ -142,7 +142,7 @@ { "@timestamp": "2020-02-17T16:59:44.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added-users-to-group", @@ -211,7 +211,7 @@ { "@timestamp": "2020-02-17T16:59:34.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TeamsSessionStarted", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json index 41471d5e794..18b2d9afa94 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-parameter-string.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "UserLoggedIn", @@ -116,7 +116,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Set-Mailbox", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json index 2bb18ab874d..9243330b1cc 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sec-comp-alerts-events.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AlertEntityGenerated", @@ -68,7 +68,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AlertTriggered", @@ -130,7 +130,7 @@ { "@timestamp": "2020-02-14T19:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AlertTriggered", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json index 2e69d8af929..2c60a49b988 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepoint-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PageViewed", @@ -106,7 +106,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PageViewed", @@ -205,7 +205,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PageViewed", @@ -304,7 +304,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "PageViewed", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json index 958e62711f3..9fa6916b852 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sharepointfileop-events.json-expected.json @@ -7,7 +7,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileDeleted", @@ -116,7 +116,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileDeleted", @@ -225,7 +225,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileAccessed", @@ -334,7 +334,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileAccessed", @@ -443,7 +443,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileUploaded", @@ -553,7 +553,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileModified", @@ -662,7 +662,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileDeleted", @@ -771,7 +771,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileUploaded", @@ -881,7 +881,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileModified", @@ -990,7 +990,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileModified", @@ -1099,7 +1099,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "FileModified", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json index 92ef512cde5..c4ba884127a 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-sp-sharing-op-events.json-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AddedToGroup", @@ -75,7 +75,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AddedToGroup", @@ -146,7 +146,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AddedToGroup", @@ -217,7 +217,7 @@ "@timestamp": "2020-02-17T16:59:50.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AddedToGroup", @@ -288,7 +288,7 @@ "@timestamp": "2020-02-17T16:59:49.000Z", "client": {}, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AddedToGroup", @@ -362,7 +362,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SharingInheritanceBroken", @@ -463,7 +463,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "AnonymousLinkCreated", @@ -568,7 +568,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SharingSet", @@ -674,7 +674,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SharingSet", @@ -780,7 +780,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SharingSet", diff --git a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json index 499d9443a0a..de86cfbe794 100644 --- a/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json +++ b/packages/o365/data_stream/audit/_dev/test/pipeline/test-yammer-events.json-expected.json @@ -8,7 +8,7 @@ "port": 12345 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupCreation", @@ -97,7 +97,7 @@ "port": 12346 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GroupCreation", diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index df3523dd2d0..264a3c203c3 100644 --- a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Office 365 Audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/o365/data_stream/audit/sample_event.json b/packages/o365/data_stream/audit/sample_event.json index 2d51ddfb7a3..15d4498a337 100644 --- a/packages/o365/data_stream/audit/sample_event.json +++ b/packages/o365/data_stream/audit/sample_event.json @@ -17,7 +17,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md index 21b8d2a4624..1354e3431d3 100644 --- a/packages/o365/docs/README.md +++ b/packages/o365/docs/README.md @@ -49,7 +49,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index b2ca2c4cf21..e62b487f65c 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Microsoft 365 -version: 1.8.2 +version: "1.9.0" release: ga description: Collect logs from Microsoft 365 with Elastic Agent. type: integration diff --git a/packages/okta/_dev/build/build.yml b/packages/okta/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/okta/_dev/build/build.yml +++ b/packages/okta/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 206b61e9078..60a9ab3deb4 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.10.3" changes: - description: Mark url config option as a required field diff --git a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json index 730a055f756..72cbdf343d5 100644 --- a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json +++ b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json @@ -19,7 +19,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.session.end", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.session.end", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.session.end", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.session.end", @@ -599,7 +599,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.session.start", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.authentication.verify", diff --git a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml index 0d7fa155cd5..d3e8279a2bd 100644 --- a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml +++ b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Okta system logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/okta/data_stream/system/sample_event.json b/packages/okta/data_stream/system/sample_event.json index e048970ffba..32189360c38 100644 --- a/packages/okta/data_stream/system/sample_event.json +++ b/packages/okta/data_stream/system/sample_event.json @@ -29,7 +29,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md index a791d0c7b3d..31ab567ef75 100644 --- a/packages/okta/docs/README.md +++ b/packages/okta/docs/README.md @@ -42,7 +42,7 @@ An example event for `system` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 31fa7decc64..316f8a4196a 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta -version: 1.10.3 +version: "1.11.0" release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration diff --git a/packages/oracle/_dev/build/build.yml b/packages/oracle/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/oracle/_dev/build/build.yml +++ b/packages/oracle/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/oracle/changelog.yml b/packages/oracle/changelog.yml index 38a22c90783..bc7aa10ac42 100644 --- a/packages/oracle/changelog.yml +++ b/packages/oracle/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Added support for additional database audit events that only include actions. diff --git a/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json b/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json index 0db97808f3c..61ce9599b6c 100644 --- a/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json +++ b/packages/oracle/data_stream/database_audit/_dev/test/pipeline/test-oracle-database-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-21T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -58,7 +58,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -116,7 +116,7 @@ "domain": "test.local" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -168,7 +168,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -219,7 +219,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -270,7 +270,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -321,7 +321,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -372,7 +372,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -423,7 +423,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -474,7 +474,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -525,7 +525,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -576,7 +576,7 @@ { "@timestamp": "2020-10-07T15:58:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -627,7 +627,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -678,7 +678,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -729,7 +729,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -780,7 +780,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -831,7 +831,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -882,7 +882,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -933,7 +933,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -984,7 +984,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1035,7 +1035,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1086,7 +1086,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1137,7 +1137,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1188,7 +1188,7 @@ { "@timestamp": "2020-10-07T16:03:14.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1244,7 +1244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1302,7 +1302,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1403,7 +1403,7 @@ { "@timestamp": "2021-07-01T05:49:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", @@ -1437,7 +1437,7 @@ { "@timestamp": "2021-09-08T03:00:31.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "database_audit", diff --git a/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml b/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml index 3586aba4404..37c57100eee 100644 --- a/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle/data_stream/database_audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Oracle Audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.action value: database_audit diff --git a/packages/oracle/data_stream/database_audit/sample_event.json b/packages/oracle/data_stream/database_audit/sample_event.json index 9ac640bec35..2895e3edb3b 100644 --- a/packages/oracle/data_stream/database_audit/sample_event.json +++ b/packages/oracle/data_stream/database_audit/sample_event.json @@ -38,7 +38,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e9035b3c-b485-47ea-a7a7-f092698110a8", diff --git a/packages/oracle/docs/README.md b/packages/oracle/docs/README.md index 7bcae2c4d9b..7ca3f1bcbc2 100644 --- a/packages/oracle/docs/README.md +++ b/packages/oracle/docs/README.md @@ -204,7 +204,7 @@ An example event for `database_audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "e9035b3c-b485-47ea-a7a7-f092698110a8", diff --git a/packages/oracle/manifest.yml b/packages/oracle/manifest.yml index 09aa324dd87..f29bceb7c4d 100644 --- a/packages/oracle/manifest.yml +++ b/packages/oracle/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: oracle title: "Oracle" -version: 1.7.0 +version: "1.8.0" license: basic description: Collect Oracle Audit Log, Performance metrics, Tablespace metrics, Sysmetrics metrics, System statistics metrics, memory metrics from Oracle database. type: integration diff --git a/packages/osquery/_dev/build/build.yml b/packages/osquery/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/osquery/_dev/build/build.yml +++ b/packages/osquery/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index 1b9410de60c..c3572f33fa1 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json index 8b720108274..1255274863b 100644 --- a/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json +++ b/packages/osquery/data_stream/result/_dev/test/pipeline/test-osquery.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removed", @@ -69,7 +69,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129,7 +129,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -189,7 +189,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -249,7 +249,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -309,7 +309,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -369,7 +369,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -429,7 +429,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -489,7 +489,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -549,7 +549,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -609,7 +609,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -669,7 +669,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -729,7 +729,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -789,7 +789,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -849,7 +849,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -909,7 +909,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -969,7 +969,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1029,7 +1029,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1089,7 +1089,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1149,7 +1149,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1209,7 +1209,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1269,7 +1269,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1329,7 +1329,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1389,7 +1389,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1449,7 +1449,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1509,7 +1509,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1569,7 +1569,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1629,7 +1629,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1689,7 +1689,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1749,7 +1749,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1809,7 +1809,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1869,7 +1869,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1929,7 +1929,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -1989,7 +1989,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2049,7 +2049,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2109,7 +2109,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2169,7 +2169,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2229,7 +2229,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2289,7 +2289,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2349,7 +2349,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2409,7 +2409,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2469,7 +2469,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2529,7 +2529,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2589,7 +2589,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2649,7 +2649,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2709,7 +2709,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2769,7 +2769,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2829,7 +2829,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2889,7 +2889,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -2949,7 +2949,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3009,7 +3009,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3069,7 +3069,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3129,7 +3129,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3189,7 +3189,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3249,7 +3249,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3309,7 +3309,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3369,7 +3369,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3429,7 +3429,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3489,7 +3489,7 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3549,7 +3549,7 @@ { "@timestamp": "2018-01-08T17:06:29.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3631,7 +3631,7 @@ { "@timestamp": "2018-01-08T17:19:48.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3713,7 +3713,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3768,7 +3768,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3823,7 +3823,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3878,7 +3878,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3933,7 +3933,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -3988,7 +3988,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4043,7 +4043,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4098,7 +4098,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4155,7 +4155,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4212,7 +4212,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4269,7 +4269,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4326,7 +4326,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4383,7 +4383,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4440,7 +4440,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4497,7 +4497,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4554,7 +4554,7 @@ { "@timestamp": "2017-12-28T14:39:50.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4611,7 +4611,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4692,7 +4692,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4770,7 +4770,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4848,7 +4848,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -4926,7 +4926,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5004,7 +5004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5082,7 +5082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5160,7 +5160,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5238,7 +5238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5316,7 +5316,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5394,7 +5394,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5472,7 +5472,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5550,7 +5550,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5631,7 +5631,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5688,7 +5688,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5745,7 +5745,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5802,7 +5802,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5859,7 +5859,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5916,7 +5916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -5973,7 +5973,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6030,7 +6030,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6087,7 +6087,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6144,7 +6144,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6201,7 +6201,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6258,7 +6258,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6315,7 +6315,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6372,7 +6372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6429,7 +6429,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6486,7 +6486,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6543,7 +6543,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6600,7 +6600,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6657,7 +6657,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6714,7 +6714,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6771,7 +6771,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6828,7 +6828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6885,7 +6885,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6942,7 +6942,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -6999,7 +6999,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7056,7 +7056,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7113,7 +7113,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7170,7 +7170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7227,7 +7227,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7284,7 +7284,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7341,7 +7341,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7398,7 +7398,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7455,7 +7455,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7512,7 +7512,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7569,7 +7569,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7626,7 +7626,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7683,7 +7683,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7740,7 +7740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7797,7 +7797,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7854,7 +7854,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7911,7 +7911,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -7968,7 +7968,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8025,7 +8025,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8082,7 +8082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8139,7 +8139,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8196,7 +8196,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8253,7 +8253,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8310,7 +8310,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8367,7 +8367,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8424,7 +8424,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8481,7 +8481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8538,7 +8538,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8595,7 +8595,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8652,7 +8652,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8709,7 +8709,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8766,7 +8766,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8823,7 +8823,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8880,7 +8880,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8937,7 +8937,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -8994,7 +8994,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9051,7 +9051,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9108,7 +9108,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9165,7 +9165,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9222,7 +9222,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9279,7 +9279,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9336,7 +9336,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9393,7 +9393,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9450,7 +9450,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9507,7 +9507,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9564,7 +9564,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9621,7 +9621,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9678,7 +9678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9737,7 +9737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9796,7 +9796,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9856,7 +9856,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9916,7 +9916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -9976,7 +9976,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10035,7 +10035,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10094,7 +10094,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10152,7 +10152,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10210,7 +10210,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10269,7 +10269,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10328,7 +10328,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10386,7 +10386,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10447,7 +10447,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10505,7 +10505,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10564,7 +10564,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10623,7 +10623,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10681,7 +10681,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10739,7 +10739,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10797,7 +10797,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10856,7 +10856,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10915,7 +10915,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -10974,7 +10974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11032,7 +11032,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11091,7 +11091,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11150,7 +11150,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11209,7 +11209,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11267,7 +11267,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11325,7 +11325,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11383,7 +11383,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11441,7 +11441,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11499,7 +11499,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11559,7 +11559,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11619,7 +11619,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11678,7 +11678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11736,7 +11736,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11795,7 +11795,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11855,7 +11855,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11914,7 +11914,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -11972,7 +11972,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12032,7 +12032,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12092,7 +12092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12151,7 +12151,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12211,7 +12211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12270,7 +12270,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12329,7 +12329,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12388,7 +12388,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12447,7 +12447,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12506,7 +12506,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12565,7 +12565,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12623,7 +12623,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12681,7 +12681,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12740,7 +12740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12801,7 +12801,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12860,7 +12860,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12918,7 +12918,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -12976,7 +12976,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13034,7 +13034,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13092,7 +13092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13153,7 +13153,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13211,7 +13211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13269,7 +13269,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13327,7 +13327,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13385,7 +13385,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13443,7 +13443,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13503,7 +13503,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13562,7 +13562,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13620,7 +13620,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13678,7 +13678,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13737,7 +13737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13796,7 +13796,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13855,7 +13855,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13915,7 +13915,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -13974,7 +13974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14034,7 +14034,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14092,7 +14092,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14151,7 +14151,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14211,7 +14211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14270,7 +14270,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14329,7 +14329,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14387,7 +14387,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14445,7 +14445,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14506,7 +14506,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14565,7 +14565,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14624,7 +14624,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14682,7 +14682,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14740,7 +14740,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14799,7 +14799,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14858,7 +14858,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14916,7 +14916,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -14974,7 +14974,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15033,7 +15033,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15093,7 +15093,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15153,7 +15153,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15211,7 +15211,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15271,7 +15271,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15332,7 +15332,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15392,7 +15392,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15452,7 +15452,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15510,7 +15510,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15570,7 +15570,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15630,7 +15630,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15688,7 +15688,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15747,7 +15747,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15806,7 +15806,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15864,7 +15864,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15924,7 +15924,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -15983,7 +15983,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16044,7 +16044,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16104,7 +16104,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16164,7 +16164,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16223,7 +16223,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16282,7 +16282,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16340,7 +16340,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16398,7 +16398,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16457,7 +16457,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16515,7 +16515,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16573,7 +16573,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16633,7 +16633,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16691,7 +16691,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16752,7 +16752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16811,7 +16811,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16869,7 +16869,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16928,7 +16928,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -16987,7 +16987,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17046,7 +17046,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17105,7 +17105,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17164,7 +17164,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17223,7 +17223,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17281,7 +17281,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17340,7 +17340,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17401,7 +17401,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17461,7 +17461,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17520,7 +17520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17579,7 +17579,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17638,7 +17638,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17696,7 +17696,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17756,7 +17756,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17815,7 +17815,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17874,7 +17874,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17932,7 +17932,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -17991,7 +17991,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18049,7 +18049,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18107,7 +18107,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18166,7 +18166,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18226,7 +18226,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18285,7 +18285,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18346,7 +18346,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18404,7 +18404,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18464,7 +18464,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18523,7 +18523,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18581,7 +18581,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18639,7 +18639,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18699,7 +18699,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18759,7 +18759,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18817,7 +18817,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18878,7 +18878,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18937,7 +18937,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -18998,7 +18998,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19058,7 +19058,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19116,7 +19116,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19174,7 +19174,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19233,7 +19233,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19293,7 +19293,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19351,7 +19351,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19410,7 +19410,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19470,7 +19470,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19528,7 +19528,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19587,7 +19587,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19645,7 +19645,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19705,7 +19705,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19761,7 +19761,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19819,7 +19819,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19879,7 +19879,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19938,7 +19938,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -19996,7 +19996,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20055,7 +20055,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20117,7 +20117,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20175,7 +20175,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20235,7 +20235,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20295,7 +20295,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20354,7 +20354,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20412,7 +20412,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20470,7 +20470,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20530,7 +20530,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20588,7 +20588,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20647,7 +20647,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20706,7 +20706,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20764,7 +20764,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20824,7 +20824,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20882,7 +20882,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20940,7 +20940,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -20999,7 +20999,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21057,7 +21057,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21115,7 +21115,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21175,7 +21175,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21233,7 +21233,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21292,7 +21292,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21350,7 +21350,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21408,7 +21408,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21466,7 +21466,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21524,7 +21524,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21583,7 +21583,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21641,7 +21641,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21700,7 +21700,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21759,7 +21759,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21817,7 +21817,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21875,7 +21875,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21935,7 +21935,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -21993,7 +21993,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22053,7 +22053,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22113,7 +22113,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22173,7 +22173,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22231,7 +22231,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22289,7 +22289,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22349,7 +22349,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22407,7 +22407,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22468,7 +22468,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22529,7 +22529,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22587,7 +22587,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22647,7 +22647,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22706,7 +22706,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22765,7 +22765,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22823,7 +22823,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22881,7 +22881,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -22939,7 +22939,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23001,7 +23001,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23059,7 +23059,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23117,7 +23117,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23177,7 +23177,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23236,7 +23236,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23295,7 +23295,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23353,7 +23353,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23412,7 +23412,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23471,7 +23471,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23531,7 +23531,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23591,7 +23591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23651,7 +23651,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23709,7 +23709,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23768,7 +23768,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23828,7 +23828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23887,7 +23887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -23945,7 +23945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24004,7 +24004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24062,7 +24062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24122,7 +24122,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24181,7 +24181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24239,7 +24239,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24299,7 +24299,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24358,7 +24358,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24416,7 +24416,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24475,7 +24475,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24534,7 +24534,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24592,7 +24592,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24652,7 +24652,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24710,7 +24710,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24769,7 +24769,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24828,7 +24828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24887,7 +24887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -24946,7 +24946,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25005,7 +25005,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25064,7 +25064,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25123,7 +25123,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25181,7 +25181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25241,7 +25241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25300,7 +25300,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25359,7 +25359,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25417,7 +25417,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25475,7 +25475,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25533,7 +25533,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25591,7 +25591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25649,7 +25649,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25708,7 +25708,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25767,7 +25767,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25826,7 +25826,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25888,7 +25888,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -25947,7 +25947,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26005,7 +26005,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26064,7 +26064,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26122,7 +26122,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26180,7 +26180,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26238,7 +26238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26298,7 +26298,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26356,7 +26356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26415,7 +26415,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26473,7 +26473,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26531,7 +26531,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26589,7 +26589,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26648,7 +26648,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26707,7 +26707,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26769,7 +26769,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26828,7 +26828,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26887,7 +26887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -26945,7 +26945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27003,7 +27003,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27062,7 +27062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27121,7 +27121,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27179,7 +27179,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27238,7 +27238,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27297,7 +27297,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27356,7 +27356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27418,7 +27418,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27477,7 +27477,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27536,7 +27536,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27594,7 +27594,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27653,7 +27653,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27711,7 +27711,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27770,7 +27770,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27829,7 +27829,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27887,7 +27887,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -27945,7 +27945,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28003,7 +28003,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28062,7 +28062,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28120,7 +28120,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28179,7 +28179,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28241,7 +28241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28302,7 +28302,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28362,7 +28362,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28422,7 +28422,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28481,7 +28481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28542,7 +28542,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28601,7 +28601,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28660,7 +28660,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28720,7 +28720,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28781,7 +28781,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28840,7 +28840,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28902,7 +28902,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -28961,7 +28961,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29021,7 +29021,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29082,7 +29082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29141,7 +29141,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29200,7 +29200,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29260,7 +29260,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29319,7 +29319,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29378,7 +29378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29438,7 +29438,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29498,7 +29498,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29559,7 +29559,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29617,7 +29617,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29675,7 +29675,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29734,7 +29734,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29792,7 +29792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29850,7 +29850,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29908,7 +29908,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -29966,7 +29966,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30026,7 +30026,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30084,7 +30084,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30142,7 +30142,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30200,7 +30200,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30259,7 +30259,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30318,7 +30318,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30378,7 +30378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30438,7 +30438,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30496,7 +30496,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30554,7 +30554,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30612,7 +30612,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30670,7 +30670,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30728,7 +30728,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30786,7 +30786,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30844,7 +30844,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30902,7 +30902,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -30960,7 +30960,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31019,7 +31019,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31078,7 +31078,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31137,7 +31137,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31195,7 +31195,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31254,7 +31254,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31314,7 +31314,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31373,7 +31373,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31432,7 +31432,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31490,7 +31490,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31548,7 +31548,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31607,7 +31607,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31668,7 +31668,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31726,7 +31726,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31784,7 +31784,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31842,7 +31842,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31900,7 +31900,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -31958,7 +31958,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32016,7 +32016,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32075,7 +32075,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32135,7 +32135,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32193,7 +32193,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32253,7 +32253,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32313,7 +32313,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32372,7 +32372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32431,7 +32431,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32490,7 +32490,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32549,7 +32549,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32608,7 +32608,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32667,7 +32667,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32726,7 +32726,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32787,7 +32787,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32845,7 +32845,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32904,7 +32904,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -32963,7 +32963,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33022,7 +33022,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33082,7 +33082,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33142,7 +33142,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33201,7 +33201,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33260,7 +33260,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33319,7 +33319,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33377,7 +33377,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33435,7 +33435,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33494,7 +33494,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33553,7 +33553,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33611,7 +33611,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33671,7 +33671,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33731,7 +33731,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33792,7 +33792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33851,7 +33851,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33910,7 +33910,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -33969,7 +33969,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34029,7 +34029,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34090,7 +34090,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34149,7 +34149,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34208,7 +34208,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34267,7 +34267,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34326,7 +34326,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34384,7 +34384,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34442,7 +34442,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34502,7 +34502,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34561,7 +34561,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34619,7 +34619,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34679,7 +34679,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34737,7 +34737,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34795,7 +34795,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34853,7 +34853,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34912,7 +34912,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -34970,7 +34970,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35030,7 +35030,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35089,7 +35089,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35147,7 +35147,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35205,7 +35205,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35263,7 +35263,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35321,7 +35321,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35381,7 +35381,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35440,7 +35440,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35499,7 +35499,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35558,7 +35558,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35617,7 +35617,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35676,7 +35676,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35734,7 +35734,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35792,7 +35792,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35851,7 +35851,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35909,7 +35909,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -35967,7 +35967,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36025,7 +36025,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36083,7 +36083,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36141,7 +36141,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36199,7 +36199,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36258,7 +36258,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36316,7 +36316,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36378,7 +36378,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36436,7 +36436,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36494,7 +36494,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36553,7 +36553,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36612,7 +36612,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36671,7 +36671,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36730,7 +36730,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36789,7 +36789,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36848,7 +36848,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36906,7 +36906,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -36964,7 +36964,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37022,7 +37022,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37081,7 +37081,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37140,7 +37140,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37198,7 +37198,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37256,7 +37256,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37314,7 +37314,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37372,7 +37372,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37430,7 +37430,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37488,7 +37488,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37546,7 +37546,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37604,7 +37604,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37662,7 +37662,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37720,7 +37720,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37778,7 +37778,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37836,7 +37836,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37894,7 +37894,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -37952,7 +37952,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38010,7 +38010,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38068,7 +38068,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38129,7 +38129,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38187,7 +38187,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38245,7 +38245,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38304,7 +38304,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38363,7 +38363,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38423,7 +38423,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38481,7 +38481,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38539,7 +38539,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38597,7 +38597,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38655,7 +38655,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38713,7 +38713,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38771,7 +38771,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38829,7 +38829,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38888,7 +38888,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -38946,7 +38946,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39008,7 +39008,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39066,7 +39066,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39124,7 +39124,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39183,7 +39183,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39241,7 +39241,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39299,7 +39299,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39357,7 +39357,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39415,7 +39415,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39473,7 +39473,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39533,7 +39533,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39591,7 +39591,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39649,7 +39649,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39707,7 +39707,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39766,7 +39766,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39825,7 +39825,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39884,7 +39884,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -39943,7 +39943,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40004,7 +40004,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40063,7 +40063,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40121,7 +40121,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40181,7 +40181,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40239,7 +40239,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40297,7 +40297,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40355,7 +40355,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40413,7 +40413,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40471,7 +40471,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40530,7 +40530,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40588,7 +40588,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40646,7 +40646,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40704,7 +40704,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40762,7 +40762,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40820,7 +40820,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40878,7 +40878,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40936,7 +40936,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -40994,7 +40994,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41054,7 +41054,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41112,7 +41112,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41170,7 +41170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41228,7 +41228,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41286,7 +41286,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41345,7 +41345,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41403,7 +41403,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41462,7 +41462,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41520,7 +41520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41578,7 +41578,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41637,7 +41637,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41696,7 +41696,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41755,7 +41755,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41814,7 +41814,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41872,7 +41872,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41931,7 +41931,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -41989,7 +41989,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42047,7 +42047,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42105,7 +42105,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42163,7 +42163,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42221,7 +42221,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42280,7 +42280,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42339,7 +42339,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42397,7 +42397,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42455,7 +42455,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42513,7 +42513,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42572,7 +42572,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42631,7 +42631,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42691,7 +42691,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42751,7 +42751,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42810,7 +42810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42869,7 +42869,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42927,7 +42927,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -42986,7 +42986,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43045,7 +43045,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43104,7 +43104,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43162,7 +43162,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43220,7 +43220,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43280,7 +43280,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43339,7 +43339,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43397,7 +43397,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43456,7 +43456,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43516,7 +43516,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43577,7 +43577,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43636,7 +43636,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43694,7 +43694,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43752,7 +43752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43810,7 +43810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43868,7 +43868,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43930,7 +43930,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -43988,7 +43988,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44048,7 +44048,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44108,7 +44108,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44169,7 +44169,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44228,7 +44228,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44286,7 +44286,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44344,7 +44344,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44403,7 +44403,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44462,7 +44462,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44520,7 +44520,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44578,7 +44578,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44636,7 +44636,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44694,7 +44694,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44752,7 +44752,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44810,7 +44810,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44868,7 +44868,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44926,7 +44926,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -44984,7 +44984,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45042,7 +45042,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45100,7 +45100,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45159,7 +45159,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45217,7 +45217,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45276,7 +45276,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45334,7 +45334,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45392,7 +45392,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45451,7 +45451,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45510,7 +45510,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45569,7 +45569,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45627,7 +45627,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45685,7 +45685,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45744,7 +45744,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45803,7 +45803,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45863,7 +45863,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45922,7 +45922,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -45980,7 +45980,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46040,7 +46040,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46098,7 +46098,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46156,7 +46156,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46215,7 +46215,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46274,7 +46274,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46332,7 +46332,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46390,7 +46390,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46448,7 +46448,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46508,7 +46508,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46567,7 +46567,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46627,7 +46627,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46687,7 +46687,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46747,7 +46747,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46806,7 +46806,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46867,7 +46867,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46927,7 +46927,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -46988,7 +46988,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47049,7 +47049,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47111,7 +47111,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47170,7 +47170,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47232,7 +47232,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47294,7 +47294,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47356,7 +47356,7 @@ { "@timestamp": "2017-12-28T14:39:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47416,7 +47416,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47472,7 +47472,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47528,7 +47528,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47584,7 +47584,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47640,7 +47640,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47696,7 +47696,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47752,7 +47752,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47808,7 +47808,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47864,7 +47864,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47920,7 +47920,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -47973,7 +47973,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48027,7 +48027,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48081,7 +48081,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48135,7 +48135,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48196,7 +48196,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48250,7 +48250,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48304,7 +48304,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48358,7 +48358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48426,7 +48426,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48494,7 +48494,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48563,7 +48563,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48631,7 +48631,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48700,7 +48700,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48769,7 +48769,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48839,7 +48839,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48908,7 +48908,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -48977,7 +48977,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49045,7 +49045,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49115,7 +49115,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49183,7 +49183,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49253,7 +49253,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49320,7 +49320,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49387,7 +49387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49455,7 +49455,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49525,7 +49525,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49594,7 +49594,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49664,7 +49664,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49732,7 +49732,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49801,7 +49801,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49869,7 +49869,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -49938,7 +49938,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50007,7 +50007,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50075,7 +50075,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50144,7 +50144,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50210,7 +50210,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50278,7 +50278,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50348,7 +50348,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50417,7 +50417,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50484,7 +50484,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50553,7 +50553,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50622,7 +50622,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50691,7 +50691,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50761,7 +50761,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50829,7 +50829,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50899,7 +50899,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -50969,7 +50969,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51038,7 +51038,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51106,7 +51106,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51175,7 +51175,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51244,7 +51244,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51313,7 +51313,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51379,7 +51379,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51446,7 +51446,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51513,7 +51513,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51574,7 +51574,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51640,7 +51640,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51708,7 +51708,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51778,7 +51778,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51847,7 +51847,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51914,7 +51914,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -51984,7 +51984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52052,7 +52052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52122,7 +52122,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52191,7 +52191,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52259,7 +52259,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52328,7 +52328,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52397,7 +52397,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52465,7 +52465,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52534,7 +52534,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52601,7 +52601,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52671,7 +52671,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52740,7 +52740,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52808,7 +52808,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52878,7 +52878,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -52948,7 +52948,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53017,7 +53017,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53084,7 +53084,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53149,7 +53149,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53218,7 +53218,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53287,7 +53287,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53356,7 +53356,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53426,7 +53426,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53494,7 +53494,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53563,7 +53563,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53629,7 +53629,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53695,7 +53695,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53762,7 +53762,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53829,7 +53829,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53896,7 +53896,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -53962,7 +53962,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54027,7 +54027,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54095,7 +54095,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54161,7 +54161,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54227,7 +54227,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54293,7 +54293,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54358,7 +54358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54425,7 +54425,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54492,7 +54492,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54553,7 +54553,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54614,7 +54614,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54675,7 +54675,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54736,7 +54736,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54797,7 +54797,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54858,7 +54858,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54919,7 +54919,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -54980,7 +54980,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55046,7 +55046,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55112,7 +55112,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55179,7 +55179,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55246,7 +55246,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55312,7 +55312,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55380,7 +55380,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55448,7 +55448,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55513,7 +55513,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55581,7 +55581,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55647,7 +55647,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55716,7 +55716,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55783,7 +55783,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55848,7 +55848,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55916,7 +55916,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -55984,7 +55984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56052,7 +56052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56121,7 +56121,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56190,7 +56190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56259,7 +56259,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56326,7 +56326,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56394,7 +56394,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56463,7 +56463,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56530,7 +56530,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56599,7 +56599,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56668,7 +56668,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56735,7 +56735,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56801,7 +56801,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56869,7 +56869,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -56938,7 +56938,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57005,7 +57005,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57071,7 +57071,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57139,7 +57139,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57208,7 +57208,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57276,7 +57276,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57343,7 +57343,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57411,7 +57411,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57478,7 +57478,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57545,7 +57545,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57612,7 +57612,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57679,7 +57679,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57746,7 +57746,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57813,7 +57813,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57880,7 +57880,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -57948,7 +57948,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58015,7 +58015,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58085,7 +58085,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58155,7 +58155,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58221,7 +58221,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58290,7 +58290,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58358,7 +58358,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58425,7 +58425,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58491,7 +58491,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58558,7 +58558,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58626,7 +58626,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58691,7 +58691,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58757,7 +58757,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58824,7 +58824,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58891,7 +58891,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -58959,7 +58959,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59026,7 +59026,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59093,7 +59093,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59159,7 +59159,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59228,7 +59228,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59296,7 +59296,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59363,7 +59363,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59432,7 +59432,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59500,7 +59500,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59568,7 +59568,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59636,7 +59636,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59704,7 +59704,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59772,7 +59772,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59842,7 +59842,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59909,7 +59909,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -59975,7 +59975,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60042,7 +60042,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60109,7 +60109,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60175,7 +60175,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60242,7 +60242,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60307,7 +60307,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60374,7 +60374,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60442,7 +60442,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60510,7 +60510,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60577,7 +60577,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60645,7 +60645,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60712,7 +60712,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60780,7 +60780,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60850,7 +60850,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60917,7 +60917,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -60984,7 +60984,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61052,7 +61052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61118,7 +61118,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61186,7 +61186,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61252,7 +61252,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61316,7 +61316,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61384,7 +61384,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61454,7 +61454,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61522,7 +61522,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61590,7 +61590,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61657,7 +61657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61724,7 +61724,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61791,7 +61791,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61857,7 +61857,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61923,7 +61923,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -61990,7 +61990,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62057,7 +62057,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62124,7 +62124,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62190,7 +62190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62258,7 +62258,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62325,7 +62325,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62392,7 +62392,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62460,7 +62460,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62527,7 +62527,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62594,7 +62594,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62660,7 +62660,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62726,7 +62726,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62792,7 +62792,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62858,7 +62858,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62925,7 +62925,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -62991,7 +62991,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63057,7 +63057,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63123,7 +63123,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63189,7 +63189,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63255,7 +63255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63321,7 +63321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63387,7 +63387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63453,7 +63453,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63519,7 +63519,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63585,7 +63585,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63651,7 +63651,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63717,7 +63717,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63786,7 +63786,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63853,7 +63853,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63920,7 +63920,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -63986,7 +63986,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64052,7 +64052,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64119,7 +64119,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64186,7 +64186,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64253,7 +64253,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64321,7 +64321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64387,7 +64387,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64453,7 +64453,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64519,7 +64519,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64586,7 +64586,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64653,7 +64653,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64720,7 +64720,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64786,7 +64786,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64852,7 +64852,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64919,7 +64919,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -64985,7 +64985,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65053,7 +65053,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65120,7 +65120,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65187,7 +65187,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65255,7 +65255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65322,7 +65322,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65390,7 +65390,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65458,7 +65458,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65526,7 +65526,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65592,7 +65592,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65657,7 +65657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65722,7 +65722,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65790,7 +65790,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65857,7 +65857,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65922,7 +65922,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -65990,7 +65990,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66058,7 +66058,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66125,7 +66125,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66190,7 +66190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66255,7 +66255,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66320,7 +66320,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66386,7 +66386,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66451,7 +66451,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66516,7 +66516,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66583,7 +66583,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66648,7 +66648,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66713,7 +66713,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66781,7 +66781,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66847,7 +66847,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66914,7 +66914,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -66980,7 +66980,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67047,7 +67047,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67116,7 +67116,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67184,7 +67184,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67252,7 +67252,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67321,7 +67321,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67389,7 +67389,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67457,7 +67457,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67525,7 +67525,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67592,7 +67592,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67657,7 +67657,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67724,7 +67724,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67791,7 +67791,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67856,7 +67856,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67922,7 +67922,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -67987,7 +67987,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68055,7 +68055,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68122,7 +68122,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68190,7 +68190,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68258,7 +68258,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68324,7 +68324,7 @@ { "@timestamp": "2017-12-28T14:39:54.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68390,7 +68390,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68451,7 +68451,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68511,7 +68511,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68572,7 +68572,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68633,7 +68633,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68694,7 +68694,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68755,7 +68755,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68815,7 +68815,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68875,7 +68875,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68935,7 +68935,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -68995,7 +68995,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69055,7 +69055,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69115,7 +69115,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69175,7 +69175,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69235,7 +69235,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69295,7 +69295,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69355,7 +69355,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69415,7 +69415,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69475,7 +69475,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69535,7 +69535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69595,7 +69595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69655,7 +69655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69715,7 +69715,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69775,7 +69775,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69835,7 +69835,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69895,7 +69895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -69955,7 +69955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70015,7 +70015,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70075,7 +70075,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70135,7 +70135,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70195,7 +70195,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70255,7 +70255,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70315,7 +70315,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70375,7 +70375,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70435,7 +70435,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70495,7 +70495,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70555,7 +70555,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70615,7 +70615,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70675,7 +70675,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70735,7 +70735,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70795,7 +70795,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70855,7 +70855,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70915,7 +70915,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -70975,7 +70975,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71035,7 +71035,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71096,7 +71096,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71156,7 +71156,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71216,7 +71216,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71276,7 +71276,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71336,7 +71336,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71396,7 +71396,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71456,7 +71456,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71516,7 +71516,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71576,7 +71576,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71636,7 +71636,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71696,7 +71696,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71756,7 +71756,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71816,7 +71816,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71876,7 +71876,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71936,7 +71936,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -71996,7 +71996,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72056,7 +72056,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72116,7 +72116,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72176,7 +72176,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72236,7 +72236,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72296,7 +72296,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72356,7 +72356,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72416,7 +72416,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72476,7 +72476,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72536,7 +72536,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72596,7 +72596,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72656,7 +72656,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72716,7 +72716,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72776,7 +72776,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72836,7 +72836,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72896,7 +72896,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -72956,7 +72956,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73016,7 +73016,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73077,7 +73077,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73137,7 +73137,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73197,7 +73197,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73257,7 +73257,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73317,7 +73317,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73377,7 +73377,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73437,7 +73437,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73497,7 +73497,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73557,7 +73557,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73617,7 +73617,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73678,7 +73678,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73739,7 +73739,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73799,7 +73799,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73859,7 +73859,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73919,7 +73919,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -73979,7 +73979,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74039,7 +74039,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74099,7 +74099,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74159,7 +74159,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74219,7 +74219,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74279,7 +74279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74340,7 +74340,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74401,7 +74401,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74459,7 +74459,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74517,7 +74517,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74575,7 +74575,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74633,7 +74633,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74691,7 +74691,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74749,7 +74749,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74807,7 +74807,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74865,7 +74865,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74923,7 +74923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -74981,7 +74981,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75039,7 +75039,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75097,7 +75097,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75155,7 +75155,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75213,7 +75213,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75271,7 +75271,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75329,7 +75329,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75387,7 +75387,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75445,7 +75445,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75503,7 +75503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75561,7 +75561,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75619,7 +75619,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75677,7 +75677,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75735,7 +75735,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75793,7 +75793,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75851,7 +75851,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75909,7 +75909,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -75967,7 +75967,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76025,7 +76025,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76083,7 +76083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76141,7 +76141,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76199,7 +76199,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76257,7 +76257,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76315,7 +76315,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76373,7 +76373,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76431,7 +76431,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76489,7 +76489,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76547,7 +76547,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76605,7 +76605,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76663,7 +76663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76721,7 +76721,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76779,7 +76779,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76837,7 +76837,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76895,7 +76895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -76953,7 +76953,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77011,7 +77011,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77069,7 +77069,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77127,7 +77127,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77185,7 +77185,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77243,7 +77243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77301,7 +77301,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77359,7 +77359,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77417,7 +77417,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77475,7 +77475,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77533,7 +77533,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77591,7 +77591,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77649,7 +77649,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77707,7 +77707,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77765,7 +77765,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77823,7 +77823,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77881,7 +77881,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77939,7 +77939,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -77997,7 +77997,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78055,7 +78055,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78113,7 +78113,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78171,7 +78171,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78229,7 +78229,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78287,7 +78287,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78345,7 +78345,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78403,7 +78403,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78461,7 +78461,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78519,7 +78519,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78577,7 +78577,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78635,7 +78635,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78693,7 +78693,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78751,7 +78751,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78809,7 +78809,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78867,7 +78867,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78925,7 +78925,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -78983,7 +78983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79041,7 +79041,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79099,7 +79099,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79157,7 +79157,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79215,7 +79215,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79273,7 +79273,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79331,7 +79331,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79389,7 +79389,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79447,7 +79447,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79505,7 +79505,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79563,7 +79563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79621,7 +79621,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79679,7 +79679,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79737,7 +79737,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79795,7 +79795,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79853,7 +79853,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79911,7 +79911,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -79969,7 +79969,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80027,7 +80027,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80085,7 +80085,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80143,7 +80143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80201,7 +80201,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80259,7 +80259,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80317,7 +80317,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80375,7 +80375,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80433,7 +80433,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80491,7 +80491,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80549,7 +80549,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80607,7 +80607,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80665,7 +80665,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80723,7 +80723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80781,7 +80781,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80839,7 +80839,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80897,7 +80897,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -80955,7 +80955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81013,7 +81013,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81071,7 +81071,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81129,7 +81129,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81187,7 +81187,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81245,7 +81245,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81303,7 +81303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81361,7 +81361,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81419,7 +81419,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81477,7 +81477,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81535,7 +81535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81593,7 +81593,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81651,7 +81651,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81709,7 +81709,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81767,7 +81767,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81825,7 +81825,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81883,7 +81883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81941,7 +81941,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -81999,7 +81999,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82057,7 +82057,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82115,7 +82115,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82173,7 +82173,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82231,7 +82231,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82289,7 +82289,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82347,7 +82347,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82405,7 +82405,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82463,7 +82463,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82521,7 +82521,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82579,7 +82579,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82637,7 +82637,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82695,7 +82695,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82753,7 +82753,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82811,7 +82811,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82869,7 +82869,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82927,7 +82927,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -82985,7 +82985,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83043,7 +83043,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83101,7 +83101,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83159,7 +83159,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83217,7 +83217,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83275,7 +83275,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83333,7 +83333,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83391,7 +83391,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83449,7 +83449,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83507,7 +83507,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83565,7 +83565,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83623,7 +83623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83681,7 +83681,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83739,7 +83739,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83797,7 +83797,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83855,7 +83855,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83913,7 +83913,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -83971,7 +83971,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84029,7 +84029,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84087,7 +84087,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84145,7 +84145,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84203,7 +84203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84261,7 +84261,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84319,7 +84319,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84377,7 +84377,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84435,7 +84435,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84493,7 +84493,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84551,7 +84551,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84609,7 +84609,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84667,7 +84667,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84725,7 +84725,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84783,7 +84783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84841,7 +84841,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84899,7 +84899,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -84957,7 +84957,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85015,7 +85015,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85073,7 +85073,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85131,7 +85131,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85189,7 +85189,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85247,7 +85247,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85305,7 +85305,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85363,7 +85363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85421,7 +85421,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85479,7 +85479,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85537,7 +85537,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85595,7 +85595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85653,7 +85653,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85711,7 +85711,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85769,7 +85769,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85827,7 +85827,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85885,7 +85885,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -85943,7 +85943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86001,7 +86001,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86059,7 +86059,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86117,7 +86117,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86175,7 +86175,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86233,7 +86233,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86291,7 +86291,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86349,7 +86349,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86407,7 +86407,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86465,7 +86465,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86523,7 +86523,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86581,7 +86581,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86639,7 +86639,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86697,7 +86697,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86755,7 +86755,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86813,7 +86813,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86871,7 +86871,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86929,7 +86929,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -86987,7 +86987,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87045,7 +87045,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87103,7 +87103,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87161,7 +87161,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87219,7 +87219,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87277,7 +87277,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87335,7 +87335,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87393,7 +87393,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87451,7 +87451,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87509,7 +87509,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87567,7 +87567,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87625,7 +87625,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87683,7 +87683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87741,7 +87741,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87799,7 +87799,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87857,7 +87857,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87915,7 +87915,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -87973,7 +87973,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88031,7 +88031,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88089,7 +88089,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88147,7 +88147,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88205,7 +88205,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88263,7 +88263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88321,7 +88321,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88379,7 +88379,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88437,7 +88437,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88495,7 +88495,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88553,7 +88553,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88611,7 +88611,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88669,7 +88669,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88727,7 +88727,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88785,7 +88785,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88843,7 +88843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88901,7 +88901,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -88959,7 +88959,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89017,7 +89017,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89075,7 +89075,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89133,7 +89133,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89191,7 +89191,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89249,7 +89249,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89307,7 +89307,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89365,7 +89365,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89423,7 +89423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89481,7 +89481,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89539,7 +89539,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89597,7 +89597,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89655,7 +89655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89713,7 +89713,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89771,7 +89771,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89829,7 +89829,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89887,7 +89887,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -89945,7 +89945,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90003,7 +90003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90061,7 +90061,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90119,7 +90119,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90177,7 +90177,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90235,7 +90235,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90293,7 +90293,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90351,7 +90351,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90409,7 +90409,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90467,7 +90467,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90525,7 +90525,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90583,7 +90583,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90641,7 +90641,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90699,7 +90699,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90757,7 +90757,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90815,7 +90815,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90873,7 +90873,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90931,7 +90931,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -90989,7 +90989,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91047,7 +91047,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91105,7 +91105,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91163,7 +91163,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91221,7 +91221,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91279,7 +91279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91337,7 +91337,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91395,7 +91395,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91453,7 +91453,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91511,7 +91511,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91569,7 +91569,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91627,7 +91627,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91685,7 +91685,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91743,7 +91743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91800,7 +91800,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91857,7 +91857,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91914,7 +91914,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -91971,7 +91971,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92028,7 +92028,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92085,7 +92085,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92142,7 +92142,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92199,7 +92199,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92256,7 +92256,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92313,7 +92313,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92370,7 +92370,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92427,7 +92427,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92484,7 +92484,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92541,7 +92541,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92598,7 +92598,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92655,7 +92655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92712,7 +92712,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92769,7 +92769,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92824,7 +92824,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92883,7 +92883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -92943,7 +92943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93003,7 +93003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93063,7 +93063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93123,7 +93123,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93183,7 +93183,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93243,7 +93243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93303,7 +93303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93363,7 +93363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93423,7 +93423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93483,7 +93483,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93543,7 +93543,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93603,7 +93603,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93663,7 +93663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93723,7 +93723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93783,7 +93783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93843,7 +93843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93903,7 +93903,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -93963,7 +93963,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94023,7 +94023,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94083,7 +94083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94143,7 +94143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94203,7 +94203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94263,7 +94263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94323,7 +94323,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94383,7 +94383,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94443,7 +94443,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94503,7 +94503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94563,7 +94563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94623,7 +94623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94683,7 +94683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94743,7 +94743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94803,7 +94803,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94863,7 +94863,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94923,7 +94923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -94983,7 +94983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95043,7 +95043,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95103,7 +95103,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95163,7 +95163,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95223,7 +95223,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95283,7 +95283,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95343,7 +95343,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95403,7 +95403,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95463,7 +95463,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95523,7 +95523,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95583,7 +95583,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95643,7 +95643,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95703,7 +95703,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95763,7 +95763,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95823,7 +95823,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95883,7 +95883,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -95943,7 +95943,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96003,7 +96003,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96063,7 +96063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96123,7 +96123,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96183,7 +96183,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96243,7 +96243,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96303,7 +96303,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96363,7 +96363,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96423,7 +96423,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96483,7 +96483,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96543,7 +96543,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96603,7 +96603,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96663,7 +96663,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96723,7 +96723,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96783,7 +96783,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96843,7 +96843,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96903,7 +96903,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -96963,7 +96963,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97023,7 +97023,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97083,7 +97083,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97143,7 +97143,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97203,7 +97203,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97263,7 +97263,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97323,7 +97323,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97383,7 +97383,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97443,7 +97443,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97503,7 +97503,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97563,7 +97563,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97623,7 +97623,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97683,7 +97683,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97743,7 +97743,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97803,7 +97803,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97863,7 +97863,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97923,7 +97923,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -97983,7 +97983,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98042,7 +98042,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98102,7 +98102,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98162,7 +98162,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98221,7 +98221,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98281,7 +98281,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98341,7 +98341,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98401,7 +98401,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98461,7 +98461,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98521,7 +98521,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98580,7 +98580,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98640,7 +98640,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98700,7 +98700,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98760,7 +98760,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98820,7 +98820,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98879,7 +98879,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98939,7 +98939,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -98999,7 +98999,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99059,7 +99059,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99119,7 +99119,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99179,7 +99179,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99238,7 +99238,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99297,7 +99297,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99357,7 +99357,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99417,7 +99417,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99476,7 +99476,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99535,7 +99535,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99595,7 +99595,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99655,7 +99655,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99715,7 +99715,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99775,7 +99775,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99835,7 +99835,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99895,7 +99895,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -99955,7 +99955,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100009,7 +100009,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100063,7 +100063,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100117,7 +100117,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100171,7 +100171,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100225,7 +100225,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100279,7 +100279,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100333,7 +100333,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100387,7 +100387,7 @@ { "@timestamp": "2017-12-28T14:39:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100441,7 +100441,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100499,7 +100499,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100572,7 +100572,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100646,7 +100646,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100719,7 +100719,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100793,7 +100793,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100866,7 +100866,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -100939,7 +100939,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101012,7 +101012,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101085,7 +101085,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101158,7 +101158,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101230,7 +101230,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101302,7 +101302,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101375,7 +101375,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101448,7 +101448,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101521,7 +101521,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101594,7 +101594,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101668,7 +101668,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101740,7 +101740,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101814,7 +101814,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101886,7 +101886,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -101959,7 +101959,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102031,7 +102031,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102103,7 +102103,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102175,7 +102175,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102247,7 +102247,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102320,7 +102320,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102392,7 +102392,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102464,7 +102464,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102536,7 +102536,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102609,7 +102609,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102682,7 +102682,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102755,7 +102755,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102827,7 +102827,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102900,7 +102900,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -102973,7 +102973,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103031,7 +103031,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103097,7 +103097,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103163,7 +103163,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103229,7 +103229,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103295,7 +103295,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103361,7 +103361,7 @@ { "@timestamp": "2017-12-28T14:39:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103437,7 +103437,7 @@ { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103495,7 +103495,7 @@ { "@timestamp": "2017-12-28T14:39:58.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103555,7 +103555,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removed", @@ -103621,7 +103621,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removed", @@ -103687,7 +103687,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103753,7 +103753,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103819,7 +103819,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "removed", @@ -103895,7 +103895,7 @@ { "@timestamp": "2017-12-28T14:40:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -103971,7 +103971,7 @@ { "@timestamp": "2017-12-07T12:21:20.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104028,7 +104028,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104087,7 +104087,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104146,7 +104146,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104205,7 +104205,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104264,7 +104264,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104323,7 +104323,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104382,7 +104382,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104441,7 +104441,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104500,7 +104500,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104559,7 +104559,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104618,7 +104618,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104677,7 +104677,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104736,7 +104736,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104795,7 +104795,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104854,7 +104854,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104913,7 +104913,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -104972,7 +104972,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105031,7 +105031,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105090,7 +105090,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105149,7 +105149,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105208,7 +105208,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105267,7 +105267,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105326,7 +105326,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105385,7 +105385,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105444,7 +105444,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105503,7 +105503,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105562,7 +105562,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105621,7 +105621,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105680,7 +105680,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105739,7 +105739,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105798,7 +105798,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105857,7 +105857,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105916,7 +105916,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -105975,7 +105975,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106034,7 +106034,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106093,7 +106093,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106152,7 +106152,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106211,7 +106211,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106270,7 +106270,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106329,7 +106329,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106388,7 +106388,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106447,7 +106447,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106506,7 +106506,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106565,7 +106565,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106624,7 +106624,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106683,7 +106683,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106742,7 +106742,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106801,7 +106801,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106860,7 +106860,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106919,7 +106919,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -106978,7 +106978,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107037,7 +107037,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107096,7 +107096,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107155,7 +107155,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107214,7 +107214,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107273,7 +107273,7 @@ { "@timestamp": "2017-12-07T17:57:15.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107332,7 +107332,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107385,7 +107385,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107439,7 +107439,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107493,7 +107493,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107546,7 +107546,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107599,7 +107599,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107652,7 +107652,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107705,7 +107705,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107758,7 +107758,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107811,7 +107811,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107864,7 +107864,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107917,7 +107917,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -107976,7 +107976,7 @@ { "@timestamp": "2017-12-07T17:57:18.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108052,7 +108052,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108105,7 +108105,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108159,7 +108159,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108213,7 +108213,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108266,7 +108266,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108319,7 +108319,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108372,7 +108372,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108425,7 +108425,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108478,7 +108478,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108531,7 +108531,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108584,7 +108584,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108637,7 +108637,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108696,7 +108696,7 @@ { "@timestamp": "2017-12-07T17:57:19.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108772,7 +108772,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108838,7 +108838,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108904,7 +108904,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -108970,7 +108970,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109036,7 +109036,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109102,7 +109102,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109168,7 +109168,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109234,7 +109234,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109300,7 +109300,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109366,7 +109366,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109432,7 +109432,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109498,7 +109498,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109564,7 +109564,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109630,7 +109630,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109696,7 +109696,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109762,7 +109762,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109828,7 +109828,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109894,7 +109894,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -109960,7 +109960,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110026,7 +110026,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110092,7 +110092,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110158,7 +110158,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110224,7 +110224,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110290,7 +110290,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110356,7 +110356,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110422,7 +110422,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110488,7 +110488,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110554,7 +110554,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110620,7 +110620,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110686,7 +110686,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110752,7 +110752,7 @@ { "@timestamp": "2017-12-07T17:57:21.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110818,7 +110818,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110877,7 +110877,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110936,7 +110936,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -110995,7 +110995,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111053,7 +111053,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111112,7 +111112,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111171,7 +111171,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111229,7 +111229,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111287,7 +111287,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111346,7 +111346,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111405,7 +111405,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111464,7 +111464,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111522,7 +111522,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111580,7 +111580,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111639,7 +111639,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111698,7 +111698,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111757,7 +111757,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111817,7 +111817,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111875,7 +111875,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111935,7 +111935,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -111994,7 +111994,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112054,7 +112054,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112114,7 +112114,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112173,7 +112173,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112232,7 +112232,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112290,7 +112290,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112348,7 +112348,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112408,7 +112408,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112467,7 +112467,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112526,7 +112526,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112585,7 +112585,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112643,7 +112643,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112702,7 +112702,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112760,7 +112760,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112819,7 +112819,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112878,7 +112878,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112937,7 +112937,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -112996,7 +112996,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113055,7 +113055,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113115,7 +113115,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113174,7 +113174,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113233,7 +113233,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113292,7 +113292,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113350,7 +113350,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113409,7 +113409,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113467,7 +113467,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113527,7 +113527,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113587,7 +113587,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113645,7 +113645,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113704,7 +113704,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113762,7 +113762,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113822,7 +113822,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113881,7 +113881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113941,7 +113941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -113999,7 +113999,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114059,7 +114059,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114119,7 +114119,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114178,7 +114178,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114236,7 +114236,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114296,7 +114296,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114355,7 +114355,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114415,7 +114415,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114474,7 +114474,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114533,7 +114533,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114592,7 +114592,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114651,7 +114651,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114710,7 +114710,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114769,7 +114769,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114828,7 +114828,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114887,7 +114887,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -114947,7 +114947,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115007,7 +115007,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115067,7 +115067,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115127,7 +115127,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115185,7 +115185,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115245,7 +115245,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115304,7 +115304,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115363,7 +115363,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115423,7 +115423,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115483,7 +115483,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115542,7 +115542,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115601,7 +115601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115661,7 +115661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115721,7 +115721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115780,7 +115780,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115840,7 +115840,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115899,7 +115899,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -115959,7 +115959,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116018,7 +116018,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116078,7 +116078,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116138,7 +116138,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116196,7 +116196,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116256,7 +116256,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116316,7 +116316,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116376,7 +116376,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116436,7 +116436,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116495,7 +116495,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116554,7 +116554,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116613,7 +116613,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116671,7 +116671,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116729,7 +116729,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116787,7 +116787,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116847,7 +116847,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116906,7 +116906,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -116964,7 +116964,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117022,7 +117022,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117081,7 +117081,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117140,7 +117140,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117200,7 +117200,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117259,7 +117259,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117319,7 +117319,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117378,7 +117378,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117437,7 +117437,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117497,7 +117497,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117557,7 +117557,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117616,7 +117616,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117676,7 +117676,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117736,7 +117736,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117795,7 +117795,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117853,7 +117853,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117912,7 +117912,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -117971,7 +117971,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118031,7 +118031,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118090,7 +118090,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118150,7 +118150,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118209,7 +118209,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118268,7 +118268,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118328,7 +118328,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118388,7 +118388,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118448,7 +118448,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118508,7 +118508,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118567,7 +118567,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118626,7 +118626,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118686,7 +118686,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118746,7 +118746,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118806,7 +118806,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118866,7 +118866,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118926,7 +118926,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -118986,7 +118986,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119046,7 +119046,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119106,7 +119106,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119166,7 +119166,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119226,7 +119226,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119286,7 +119286,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119346,7 +119346,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119406,7 +119406,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119466,7 +119466,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119526,7 +119526,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119586,7 +119586,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119646,7 +119646,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119706,7 +119706,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119766,7 +119766,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119826,7 +119826,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119886,7 +119886,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -119946,7 +119946,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120005,7 +120005,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120065,7 +120065,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120125,7 +120125,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120185,7 +120185,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120245,7 +120245,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120305,7 +120305,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120365,7 +120365,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120425,7 +120425,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120485,7 +120485,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120545,7 +120545,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120604,7 +120604,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120664,7 +120664,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120724,7 +120724,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120784,7 +120784,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120844,7 +120844,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120904,7 +120904,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -120964,7 +120964,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121024,7 +121024,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121084,7 +121084,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121144,7 +121144,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121204,7 +121204,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121264,7 +121264,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121324,7 +121324,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121384,7 +121384,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121443,7 +121443,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121503,7 +121503,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121563,7 +121563,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121623,7 +121623,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121683,7 +121683,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121743,7 +121743,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121803,7 +121803,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121863,7 +121863,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121923,7 +121923,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -121983,7 +121983,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122043,7 +122043,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122103,7 +122103,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122162,7 +122162,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122222,7 +122222,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122282,7 +122282,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122342,7 +122342,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122402,7 +122402,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122462,7 +122462,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122522,7 +122522,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122582,7 +122582,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122642,7 +122642,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122702,7 +122702,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122762,7 +122762,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122822,7 +122822,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122882,7 +122882,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -122942,7 +122942,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123002,7 +123002,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123062,7 +123062,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123122,7 +123122,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123182,7 +123182,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123242,7 +123242,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123302,7 +123302,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123362,7 +123362,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123422,7 +123422,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123482,7 +123482,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123542,7 +123542,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123602,7 +123602,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123662,7 +123662,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123722,7 +123722,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123782,7 +123782,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123842,7 +123842,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123902,7 +123902,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -123962,7 +123962,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124022,7 +124022,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124082,7 +124082,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124142,7 +124142,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124202,7 +124202,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124262,7 +124262,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124322,7 +124322,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124382,7 +124382,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124442,7 +124442,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124502,7 +124502,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124562,7 +124562,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124622,7 +124622,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124682,7 +124682,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124742,7 +124742,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124802,7 +124802,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124862,7 +124862,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124922,7 +124922,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -124982,7 +124982,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125042,7 +125042,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125101,7 +125101,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125161,7 +125161,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125221,7 +125221,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125281,7 +125281,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125341,7 +125341,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125401,7 +125401,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125461,7 +125461,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125521,7 +125521,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125581,7 +125581,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125641,7 +125641,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125701,7 +125701,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125761,7 +125761,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125821,7 +125821,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125881,7 +125881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -125941,7 +125941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126001,7 +126001,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126061,7 +126061,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126121,7 +126121,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126181,7 +126181,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126241,7 +126241,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126301,7 +126301,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126361,7 +126361,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126421,7 +126421,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126481,7 +126481,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126541,7 +126541,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126601,7 +126601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126661,7 +126661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126721,7 +126721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126781,7 +126781,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126841,7 +126841,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126901,7 +126901,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -126961,7 +126961,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127021,7 +127021,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127081,7 +127081,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127141,7 +127141,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127201,7 +127201,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127261,7 +127261,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127321,7 +127321,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127381,7 +127381,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127441,7 +127441,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127501,7 +127501,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127561,7 +127561,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127621,7 +127621,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127681,7 +127681,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127741,7 +127741,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127801,7 +127801,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127861,7 +127861,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127921,7 +127921,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -127981,7 +127981,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128041,7 +128041,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128101,7 +128101,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128161,7 +128161,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128221,7 +128221,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128281,7 +128281,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128341,7 +128341,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128401,7 +128401,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128461,7 +128461,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128521,7 +128521,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128581,7 +128581,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128641,7 +128641,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128701,7 +128701,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128761,7 +128761,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128821,7 +128821,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128881,7 +128881,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -128941,7 +128941,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129001,7 +129001,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129061,7 +129061,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129121,7 +129121,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129181,7 +129181,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129241,7 +129241,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129301,7 +129301,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129361,7 +129361,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129421,7 +129421,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129481,7 +129481,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129541,7 +129541,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129601,7 +129601,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129661,7 +129661,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129721,7 +129721,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129781,7 +129781,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129841,7 +129841,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129901,7 +129901,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -129960,7 +129960,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130019,7 +130019,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130078,7 +130078,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130137,7 +130137,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130197,7 +130197,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130257,7 +130257,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130317,7 +130317,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130377,7 +130377,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130437,7 +130437,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130497,7 +130497,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130557,7 +130557,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130617,7 +130617,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130677,7 +130677,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130737,7 +130737,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130797,7 +130797,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130857,7 +130857,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130917,7 +130917,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -130977,7 +130977,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131037,7 +131037,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131097,7 +131097,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131157,7 +131157,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131217,7 +131217,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131277,7 +131277,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131337,7 +131337,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131397,7 +131397,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131457,7 +131457,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131517,7 +131517,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131577,7 +131577,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131637,7 +131637,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131697,7 +131697,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131757,7 +131757,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131817,7 +131817,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131877,7 +131877,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131937,7 +131937,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -131997,7 +131997,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132057,7 +132057,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132117,7 +132117,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132177,7 +132177,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132237,7 +132237,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132296,7 +132296,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132356,7 +132356,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132416,7 +132416,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132476,7 +132476,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132536,7 +132536,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132596,7 +132596,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132656,7 +132656,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132716,7 +132716,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132776,7 +132776,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132834,7 +132834,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132894,7 +132894,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -132954,7 +132954,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133014,7 +133014,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133074,7 +133074,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133134,7 +133134,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133194,7 +133194,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133253,7 +133253,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133312,7 +133312,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133372,7 +133372,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133432,7 +133432,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133492,7 +133492,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133551,7 +133551,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133610,7 +133610,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133670,7 +133670,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133730,7 +133730,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", @@ -133789,7 +133789,7 @@ { "@timestamp": "2017-12-07T17:57:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "added", diff --git a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml index 502d33bb043..2cd6a791335 100644 --- a/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml +++ b/packages/osquery/data_stream/result/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: target_field: "json" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index b6b104cf2c6..17537b08178 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index 47c2766911e..da4ba9f9583 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -38,7 +38,7 @@ An example event for `result` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index ac98421c4b6..267474bb9ab 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: 1.5.0 +version: "1.6.0" release: ga description: Collect logs from Osquery with Elastic Agent. type: integration diff --git a/packages/panw/_dev/build/build.yml b/packages/panw/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/panw/_dev/build/build.yml +++ b/packages/panw/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 9b33070335e..6115ffe03c9 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "3.1.2" changes: - description: Fix handling of event.outcome. diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json index ea30cff17e4..c34545fa1fc 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000-04:30", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json index 8161f4f1879..6eb8c78e5a8 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-25T20:25:39.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-set", @@ -60,7 +60,7 @@ { "@timestamp": "2021-10-25T20:25:19.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-set", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json index 9debb9cb102..60a09886599 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-02:30", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json index 27fb10d1f9c..67ac54b9264 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json index 44dd00871e8..c81e26b5700 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-24T11:30:00.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -84,7 +84,7 @@ { "@timestamp": "2021-03-24T11:29:49.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -180,7 +180,7 @@ { "@timestamp": "2021-04-07T17:41:30.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -266,7 +266,7 @@ { "@timestamp": "2021-04-07T17:41:29.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -363,7 +363,7 @@ { "@timestamp": "2021-04-07T17:41:28.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -443,7 +443,7 @@ { "@timestamp": "2021-03-02T09:55:39.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -527,7 +527,7 @@ { "@timestamp": "2021-03-02T11:01:02.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -621,7 +621,7 @@ { "@timestamp": "2021-03-02T09:39:26.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ { "@timestamp": "2021-03-02T09:47:13.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -784,7 +784,7 @@ { "@timestamp": "2021-10-22T11:10:05.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -930,7 +930,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json index bed4b6a3ca4..05a9f537505 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json index d52f579469f..bf6d28c9430 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-02T10:06:25.000-06:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-06:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 5386ffad791..97d0f6e74e7 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2012-02-25T00:51:50.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-set", @@ -51,7 +51,7 @@ { "@timestamp": "2012-02-25T00:53:22.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-set", @@ -99,7 +99,7 @@ { "@timestamp": "2012-02-25T00:53:40.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-commit", @@ -146,7 +146,7 @@ { "@timestamp": "2012-02-25T00:53:53.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -186,7 +186,7 @@ { "@timestamp": "2012-02-25T00:53:56.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -226,7 +226,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -266,7 +266,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -306,7 +306,7 @@ { "@timestamp": "2012-02-25T00:57:17.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-edit", @@ -354,7 +354,7 @@ { "@timestamp": "2012-02-25T00:57:36.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-commit", @@ -401,7 +401,7 @@ { "@timestamp": "2012-02-25T00:57:49.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -441,7 +441,7 @@ { "@timestamp": "2012-02-25T00:57:52.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -481,7 +481,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -521,7 +521,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -561,7 +561,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -601,7 +601,7 @@ { "@timestamp": "2012-02-25T00:58:14.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -641,7 +641,7 @@ { "@timestamp": "2012-02-25T00:59:36.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -681,7 +681,7 @@ { "@timestamp": "2012-04-10T03:11:57.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -721,7 +721,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -761,7 +761,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -801,7 +801,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -841,7 +841,7 @@ { "@timestamp": "2012-04-10T03:06:11.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -881,7 +881,7 @@ { "@timestamp": "2012-04-10T03:06:00.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -921,7 +921,7 @@ { "@timestamp": "2012-04-09T09:02:53.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -961,7 +961,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1001,7 +1001,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1041,7 +1041,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1081,7 +1081,7 @@ { "@timestamp": "2012-04-09T09:00:55.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1121,7 +1121,7 @@ { "@timestamp": "2012-04-09T09:00:52.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1161,7 +1161,7 @@ { "@timestamp": "2012-04-09T09:00:35.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-commit", @@ -1208,7 +1208,7 @@ { "@timestamp": "2012-04-09T09:00:20.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "cmd-edit", @@ -1256,7 +1256,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1296,7 +1296,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1336,7 +1336,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1395,7 +1395,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index 7c9e204b848..8bec2a18f3e 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -181,7 +181,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -342,7 +342,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -503,7 +503,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -664,7 +664,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -825,7 +825,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -986,7 +986,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1147,7 +1147,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1308,7 +1308,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1469,7 +1469,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1630,7 +1630,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1791,7 +1791,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1952,7 +1952,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2113,7 +2113,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2272,7 +2272,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2433,7 +2433,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2594,7 +2594,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2753,7 +2753,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2914,7 +2914,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3075,7 +3075,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3236,7 +3236,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3397,7 +3397,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3558,7 +3558,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3719,7 +3719,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3880,7 +3880,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4041,7 +4041,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4202,7 +4202,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4363,7 +4363,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4524,7 +4524,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4685,7 +4685,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4846,7 +4846,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5007,7 +5007,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5168,7 +5168,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5329,7 +5329,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5488,7 +5488,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5647,7 +5647,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5806,7 +5806,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5965,7 +5965,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6124,7 +6124,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6283,7 +6283,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6442,7 +6442,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6601,7 +6601,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6760,7 +6760,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6912,7 +6912,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -7075,7 +7075,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7234,7 +7234,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7393,7 +7393,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7552,7 +7552,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7711,7 +7711,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7870,7 +7870,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8029,7 +8029,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8188,7 +8188,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8347,7 +8347,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8499,7 +8499,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -8665,7 +8665,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8817,7 +8817,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -8976,7 +8976,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -9142,7 +9142,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9294,7 +9294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -9453,7 +9453,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -9619,7 +9619,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9778,7 +9778,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9937,7 +9937,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10089,7 +10089,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -10255,7 +10255,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10414,7 +10414,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -10566,7 +10566,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -10725,7 +10725,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -10891,7 +10891,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11043,7 +11043,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11209,7 +11209,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11361,7 +11361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11520,7 +11520,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "file_match", @@ -11679,7 +11679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11838,7 +11838,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -11997,7 +11997,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12156,7 +12156,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12322,7 +12322,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12474,7 +12474,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12633,7 +12633,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12792,7 +12792,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -12951,7 +12951,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13110,7 +13110,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13269,7 +13269,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13428,7 +13428,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13587,7 +13587,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13746,7 +13746,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -13905,7 +13905,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14064,7 +14064,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14223,7 +14223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14389,7 +14389,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14541,7 +14541,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14700,7 +14700,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -14866,7 +14866,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15018,7 +15018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15177,7 +15177,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15336,7 +15336,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15495,7 +15495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15654,7 +15654,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", @@ -15813,7 +15813,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "data_match", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index 97390d36bbc..d779483cd4d 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -140,7 +140,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -258,7 +258,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -376,7 +376,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -494,7 +494,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -612,7 +612,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -730,7 +730,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -848,7 +848,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -966,7 +966,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1084,7 +1084,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1320,7 +1320,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1438,7 +1438,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1556,7 +1556,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -1674,7 +1674,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1792,7 +1792,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1910,7 +1910,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2028,7 +2028,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2146,7 +2146,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2264,7 +2264,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2382,7 +2382,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2500,7 +2500,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -2618,7 +2618,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2736,7 +2736,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2854,7 +2854,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2972,7 +2972,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3090,7 +3090,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3208,7 +3208,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3326,7 +3326,7 @@ "port": 13069 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3444,7 +3444,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3562,7 +3562,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3680,7 +3680,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3798,7 +3798,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -3916,7 +3916,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4034,7 +4034,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4152,7 +4152,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4270,7 +4270,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4388,7 +4388,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4506,7 +4506,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4624,7 +4624,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -4733,7 +4733,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -4851,7 +4851,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -4960,7 +4960,7 @@ "port": 40026 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5078,7 +5078,7 @@ "port": 40029 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5196,7 +5196,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5305,7 +5305,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -5423,7 +5423,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -5541,7 +5541,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -5659,7 +5659,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -5777,7 +5777,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5895,7 +5895,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6013,7 +6013,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6131,7 +6131,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6249,7 +6249,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6367,7 +6367,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6485,7 +6485,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -6603,7 +6603,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -6721,7 +6721,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -6839,7 +6839,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -6957,7 +6957,7 @@ "port": 40043 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7075,7 +7075,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7193,7 +7193,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7311,7 +7311,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7429,7 +7429,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7547,7 +7547,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7665,7 +7665,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7783,7 +7783,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -7901,7 +7901,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8019,7 +8019,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8137,7 +8137,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8255,7 +8255,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8373,7 +8373,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8491,7 +8491,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8609,7 +8609,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8727,7 +8727,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8845,7 +8845,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -8963,7 +8963,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -9071,7 +9071,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9189,7 +9189,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9307,7 +9307,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9415,7 +9415,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9523,7 +9523,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9641,7 +9641,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -9759,7 +9759,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -9877,7 +9877,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -9995,7 +9995,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10113,7 +10113,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10221,7 +10221,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10339,7 +10339,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10457,7 +10457,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10575,7 +10575,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10693,7 +10693,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -10811,7 +10811,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10929,7 +10929,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -11047,7 +11047,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -11165,7 +11165,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -11273,7 +11273,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11391,7 +11391,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -11509,7 +11509,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -11627,7 +11627,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index 526d5552d1f..a2bb34a9edf 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json index d174ec43c76..04360f13c75 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000+01:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json index deeba5a2115..c3b38870f54 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json index 84c54001ef5..b8a61480196 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-26T15:05:03.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -53,7 +53,7 @@ { "@timestamp": "2021-10-26T14:49:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json index c9320750efd..55d631867dd 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json @@ -24,7 +24,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -181,7 +181,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -338,7 +338,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -495,7 +495,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -652,7 +652,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -809,7 +809,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -966,7 +966,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1123,7 +1123,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1280,7 +1280,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1437,7 +1437,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1594,7 +1594,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1751,7 +1751,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -1908,7 +1908,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2065,7 +2065,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2222,7 +2222,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2379,7 +2379,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2536,7 +2536,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2693,7 +2693,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -2850,7 +2850,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3007,7 +3007,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3164,7 +3164,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3321,7 +3321,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3478,7 +3478,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3635,7 +3635,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3792,7 +3792,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -3949,7 +3949,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4106,7 +4106,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4263,7 +4263,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4420,7 +4420,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4577,7 +4577,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4734,7 +4734,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -4891,7 +4891,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5048,7 +5048,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5205,7 +5205,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5362,7 +5362,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5519,7 +5519,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5676,7 +5676,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5833,7 +5833,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -5990,7 +5990,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6147,7 +6147,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6304,7 +6304,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6461,7 +6461,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6618,7 +6618,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6775,7 +6775,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -6932,7 +6932,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7089,7 +7089,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7246,7 +7246,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7403,7 +7403,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7560,7 +7560,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7717,7 +7717,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -7874,7 +7874,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8031,7 +8031,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8188,7 +8188,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8345,7 +8345,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8502,7 +8502,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8659,7 +8659,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8816,7 +8816,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -8973,7 +8973,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9130,7 +9130,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9287,7 +9287,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9444,7 +9444,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9601,7 +9601,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9758,7 +9758,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -9915,7 +9915,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10072,7 +10072,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10229,7 +10229,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10386,7 +10386,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10543,7 +10543,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10700,7 +10700,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -10857,7 +10857,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11014,7 +11014,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11171,7 +11171,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11328,7 +11328,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11485,7 +11485,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11642,7 +11642,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11799,7 +11799,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "url_filtering", @@ -11956,7 +11956,7 @@ "port": 36524 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "virus_detected", @@ -12144,7 +12144,7 @@ "port": 36524 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "virus_detected", @@ -12332,7 +12332,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -12519,7 +12519,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -12703,7 +12703,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -12890,7 +12890,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -13077,7 +13077,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -13264,7 +13264,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -13451,7 +13451,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -13635,7 +13635,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -13819,7 +13819,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14003,7 +14003,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14190,7 +14190,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14377,7 +14377,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14564,7 +14564,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14753,7 +14753,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -14929,7 +14929,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -15121,7 +15121,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -15297,7 +15297,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -15486,7 +15486,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -15662,7 +15662,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -15854,7 +15854,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16030,7 +16030,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16222,7 +16222,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16398,7 +16398,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16590,7 +16590,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16766,7 +16766,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -16958,7 +16958,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -17134,7 +17134,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -17326,7 +17326,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -17507,7 +17507,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -17683,7 +17683,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -17875,7 +17875,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18051,7 +18051,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18243,7 +18243,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18419,7 +18419,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18611,7 +18611,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18787,7 +18787,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -18976,7 +18976,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -19152,7 +19152,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -19344,7 +19344,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -19520,7 +19520,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -19712,7 +19712,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -19888,7 +19888,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20080,7 +20080,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20256,7 +20256,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20443,7 +20443,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20635,7 +20635,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20816,7 +20816,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -20992,7 +20992,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -21184,7 +21184,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -21360,7 +21360,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -21552,7 +21552,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -21728,7 +21728,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -21920,7 +21920,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -22096,7 +22096,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -22285,7 +22285,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -22461,7 +22461,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -22648,7 +22648,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -22840,7 +22840,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23021,7 +23021,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23197,7 +23197,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23389,7 +23389,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23565,7 +23565,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23752,7 +23752,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -23944,7 +23944,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -24125,7 +24125,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -24301,7 +24301,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -24493,7 +24493,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -24674,7 +24674,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -24850,7 +24850,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25037,7 +25037,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25229,7 +25229,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25410,7 +25410,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25586,7 +25586,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25770,7 +25770,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -25959,7 +25959,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -26135,7 +26135,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -26327,7 +26327,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -26503,7 +26503,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -26687,7 +26687,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -26879,7 +26879,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27060,7 +27060,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27236,7 +27236,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27428,7 +27428,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27604,7 +27604,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27796,7 +27796,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -27972,7 +27972,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -28164,7 +28164,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -28340,7 +28340,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -28532,7 +28532,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -28708,7 +28708,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -28900,7 +28900,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29076,7 +29076,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29263,7 +29263,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29455,7 +29455,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29631,7 +29631,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29820,7 +29820,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -29996,7 +29996,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -30183,7 +30183,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -30375,7 +30375,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -30551,7 +30551,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -30743,7 +30743,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -30919,7 +30919,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -31111,7 +31111,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -31292,7 +31292,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -31468,7 +31468,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -31660,7 +31660,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -31836,7 +31836,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -32028,7 +32028,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", @@ -32204,7 +32204,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "spyware_detected", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json index 5e626dce363..25063d97bb7 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -215,7 +215,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -398,7 +398,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -587,7 +587,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -770,7 +770,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -959,7 +959,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1148,7 +1148,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1331,7 +1331,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1520,7 +1520,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1709,7 +1709,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -1898,7 +1898,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2087,7 +2087,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2276,7 +2276,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2465,7 +2465,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2654,7 +2654,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -2843,7 +2843,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3026,7 +3026,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3215,7 +3215,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3404,7 +3404,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3593,7 +3593,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3776,7 +3776,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -3965,7 +3965,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -4154,7 +4154,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -4343,7 +4343,7 @@ "port": 4282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_dropped", @@ -4532,7 +4532,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_denied", @@ -4715,7 +4715,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -4900,7 +4900,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -5086,7 +5086,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5275,7 +5275,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5464,7 +5464,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5647,7 +5647,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -5830,7 +5830,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6019,7 +6019,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6208,7 +6208,7 @@ "port": 4282 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6397,7 +6397,7 @@ "port": 17472 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6586,7 +6586,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6775,7 +6775,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -6964,7 +6964,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7153,7 +7153,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7342,7 +7342,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7531,7 +7531,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7720,7 +7720,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -7909,7 +7909,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8098,7 +8098,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8287,7 +8287,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8476,7 +8476,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8665,7 +8665,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -8854,7 +8854,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9043,7 +9043,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9232,7 +9232,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9411,7 +9411,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9600,7 +9600,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9789,7 +9789,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -9978,7 +9978,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10167,7 +10167,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10356,7 +10356,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10545,7 +10545,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10734,7 +10734,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -10923,7 +10923,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11112,7 +11112,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11301,7 +11301,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11490,7 +11490,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11679,7 +11679,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -11868,7 +11868,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -12057,7 +12057,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -12246,7 +12246,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -12435,7 +12435,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -12624,7 +12624,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -12813,7 +12813,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13002,7 +13002,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13191,7 +13191,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13380,7 +13380,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13569,7 +13569,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13758,7 +13758,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -13947,7 +13947,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -14136,7 +14136,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -14325,7 +14325,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -14514,7 +14514,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -14702,7 +14702,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -14890,7 +14890,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -15078,7 +15078,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -15266,7 +15266,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -15455,7 +15455,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -15644,7 +15644,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -15833,7 +15833,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16022,7 +16022,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16211,7 +16211,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16400,7 +16400,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16589,7 +16589,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16778,7 +16778,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -16967,7 +16967,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -17156,7 +17156,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -17345,7 +17345,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -17534,7 +17534,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -17723,7 +17723,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -17906,7 +17906,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -18095,7 +18095,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -18284,7 +18284,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -18473,7 +18473,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -18662,7 +18662,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -18850,7 +18850,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19027,7 +19027,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19200,7 +19200,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19377,7 +19377,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19554,7 +19554,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19722,7 +19722,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -19909,7 +19909,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -20087,7 +20087,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -20274,7 +20274,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -20461,7 +20461,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -20648,7 +20648,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -20834,7 +20834,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -21011,7 +21011,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -21189,7 +21189,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -21376,7 +21376,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -21554,7 +21554,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -21741,7 +21741,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -21914,7 +21914,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -22092,7 +22092,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -22279,7 +22279,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -22456,7 +22456,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -22633,7 +22633,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -22811,7 +22811,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -22999,7 +22999,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -23185,7 +23185,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -23363,7 +23363,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -23551,7 +23551,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -23737,7 +23737,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -23915,7 +23915,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -24093,7 +24093,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -24280,7 +24280,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -24457,7 +24457,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -24625,7 +24625,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -24812,7 +24812,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -24980,7 +24980,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -25167,7 +25167,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -25340,7 +25340,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -25518,7 +25518,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -25705,7 +25705,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -25882,7 +25882,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -26060,7 +26060,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -26248,7 +26248,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -26435,7 +26435,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -26613,7 +26613,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -26800,7 +26800,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -26968,7 +26968,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -27155,7 +27155,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -27332,7 +27332,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -27509,7 +27509,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -27682,7 +27682,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -27859,7 +27859,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -28037,7 +28037,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -28224,7 +28224,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -28410,7 +28410,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -28588,7 +28588,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -28775,7 +28775,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -28961,7 +28961,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -29139,7 +29139,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -29326,7 +29326,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -29513,7 +29513,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -29700,7 +29700,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -29887,7 +29887,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -30074,7 +30074,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -30260,7 +30260,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -30437,7 +30437,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -30615,7 +30615,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -30802,7 +30802,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -30980,7 +30980,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -31158,7 +31158,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -31345,7 +31345,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -31523,7 +31523,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -31710,7 +31710,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -31888,7 +31888,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -32075,7 +32075,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -32252,7 +32252,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -32425,7 +32425,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -32603,7 +32603,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -32790,7 +32790,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -32968,7 +32968,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -33155,7 +33155,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -33332,7 +33332,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -33509,7 +33509,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -33687,7 +33687,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -33874,7 +33874,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -34061,7 +34061,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -34247,7 +34247,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -34421,7 +34421,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -34608,7 +34608,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -34795,7 +34795,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -34981,7 +34981,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -35158,7 +35158,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -35335,7 +35335,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -35513,7 +35513,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -35700,7 +35700,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -35886,7 +35886,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -36063,7 +36063,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -36240,7 +36240,7 @@ "port": 30514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_terminated", @@ -36418,7 +36418,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", @@ -36605,7 +36605,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json index 3db4c171fff..78dbed21a59 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json @@ -29,7 +29,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json index db2be95daff..f3b66c7ff79 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json @@ -6,7 +6,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -110,7 +110,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -202,7 +202,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -281,7 +281,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -360,7 +360,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -439,7 +439,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -518,7 +518,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -610,7 +610,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -702,7 +702,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -794,7 +794,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -885,7 +885,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -976,7 +976,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1067,7 +1067,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index 2c7ce4bd1a7..fad1fe576e2 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: "Pipeline for Palo Alto Networks PAN-OS Logs" processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor value: Palo Alto Networks diff --git a/packages/panw/data_stream/panos/sample_event.json b/packages/panw/data_stream/panos/sample_event.json index 2add5955253..e273625c242 100644 --- a/packages/panw/data_stream/panos/sample_event.json +++ b/packages/panw/data_stream/panos/sample_event.json @@ -30,7 +30,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "19fc4a39-4777-4ea9-8980-3fd25ad3216f", diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index 5e2bc8affdd..dadd646b355 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -61,7 +61,7 @@ An example event for `panos` looks as following: "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "19fc4a39-4777-4ea9-8980-3fd25ad3216f", diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index e1bed8eb621..49e94fb404e 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: 3.1.2 +version: "3.2.0" release: ga description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration diff --git a/packages/panw_cortex_xdr/_dev/build/build.yml b/packages/panw_cortex_xdr/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/panw_cortex_xdr/_dev/build/build.yml +++ b/packages/panw_cortex_xdr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 32dcb7a9f2d..97bbdb795ea 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json index 45a6432de32..13af0747356 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-05-06T19:15:14.182Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json index 0237a610d52..7ab80371ba5 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BLOCKED_9", @@ -124,7 +124,7 @@ { "@timestamp": "2020-02-21T08:36:19.588Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BLOCKED", @@ -217,7 +217,7 @@ { "@timestamp": "2022-07-23T04:07:14.982Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 3b01c834235..1c4c94e5e62 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Palo Alto XDR API. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: alert diff --git a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json index a34d4523adf..400797dfcb3 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9b07c8ea-8c8f-49b4-8b57-ac69cd4071f0", diff --git a/packages/panw_cortex_xdr/docs/README.md b/packages/panw_cortex_xdr/docs/README.md index 3e23bdbc2f9..548c34ed1f0 100644 --- a/packages/panw_cortex_xdr/docs/README.md +++ b/packages/panw_cortex_xdr/docs/README.md @@ -28,7 +28,7 @@ An example event for `alerts` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9b07c8ea-8c8f-49b4-8b57-ac69cd4071f0", diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index 99bb1925988..d2f5c8892a2 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR -version: 1.4.2 +version: "1.5.0" release: ga description: Collect logs from Palo Alto Cortex XDR with Elastic Agent. type: integration diff --git a/packages/pfsense/_dev/build/build.yml b/packages/pfsense/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/pfsense/_dev/build/build.yml +++ b/packages/pfsense/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index 346c44b9aee..846fb196e59 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json index ceae1ac5bb8..dff3ecf7d5a 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-opensense.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -118,7 +118,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -203,7 +203,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DHCPDISCOVER", @@ -275,7 +275,7 @@ "type": "question" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -330,7 +330,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json index 9fa3166825f..5c25b24c875 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-bsd.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -129,7 +129,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -238,7 +238,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -338,7 +338,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -447,7 +447,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -556,7 +556,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -653,7 +653,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -751,7 +751,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -860,7 +860,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -969,7 +969,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1078,7 +1078,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1187,7 +1187,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1296,7 +1296,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1405,7 +1405,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1502,7 +1502,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -1602,7 +1602,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1710,7 +1710,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -1806,7 +1806,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -1894,7 +1894,7 @@ "ip": "10.100.15.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json index 2c842c7dbf8..7c7b7bb82e8 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-dhcp.log-expected.json @@ -6,7 +6,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DHCPDISCOVER", @@ -67,7 +67,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DHCPOFFER", @@ -145,7 +145,7 @@ "ip": "10.150.60.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DHCPREQUEST", @@ -224,7 +224,7 @@ "mac": "4C-55-41-A0-FA-99" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "DHCPACK", @@ -293,7 +293,7 @@ { "@timestamp": "2022-07-04T09:40:40.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -334,7 +334,7 @@ { "@timestamp": "2022-07-04T09:40:40.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -378,7 +378,7 @@ "mac": "5F-A5-54-63-CC-1F" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "listening-on-bpf", @@ -442,7 +442,7 @@ "mac": "5F-A5-54-63-CC-1F" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sending-on-bpf", @@ -503,7 +503,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -544,7 +544,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -585,7 +585,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -630,7 +630,7 @@ "ip": "2a02:cf40:72dc:dd12:7378:913c:b42e:099c" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "remove-an-address", @@ -696,7 +696,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -737,7 +737,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -778,7 +778,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ { "@timestamp": "2022-07-23T18:07:11.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -864,7 +864,7 @@ "ip": "2a02:cf40:72dc:dd12:7378:913c:b42e:099c" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add-an-address", @@ -930,7 +930,7 @@ { "@timestamp": "2022-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -971,7 +971,7 @@ { "@timestamp": "2022-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1012,7 +1012,7 @@ { "@timestamp": "2022-07-23T18:11:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1058,7 +1058,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "solicit-message", @@ -1120,7 +1120,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "picking-pool-address", @@ -1185,7 +1185,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "advertise-na", @@ -1258,7 +1258,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sending-advertise", @@ -1316,7 +1316,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "request-message", @@ -1378,7 +1378,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reply-na", @@ -1451,7 +1451,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "sending-reply", @@ -1509,7 +1509,7 @@ "port": 546 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "information-request-message", @@ -1571,7 +1571,7 @@ "ip": "2a02:cf40:38d6:c4db:cafb:917b:44ec:c873" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "reusing-lease", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json index 9dcea52a625..cec1332ef6f 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-haproxy.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-08-15T16:15:18.502-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ { "@timestamp": "2021-08-15T16:15:18.407-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -178,7 +178,7 @@ { "@timestamp": "2021-08-15T16:15:10.549-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -257,7 +257,7 @@ { "@timestamp": "2022-06-13T20:53:10.208-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -346,7 +346,7 @@ { "@timestamp": "2022-06-13T20:56:55.187-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "duration": 204000000, @@ -413,7 +413,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -484,7 +484,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json index 1d79dfdd5ab..29cebfafef7 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -39,7 +39,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -147,7 +147,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -219,7 +219,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -255,7 +255,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -291,7 +291,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -363,7 +363,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -399,7 +399,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -435,7 +435,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -471,7 +471,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -507,7 +507,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -543,7 +543,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -579,7 +579,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -615,7 +615,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -651,7 +651,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -687,7 +687,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -723,7 +723,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -759,7 +759,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -795,7 +795,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -831,7 +831,7 @@ { "@timestamp": "2021-07-04T04:01:56.547Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -884,7 +884,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json index ca87c7a5c4f..9f1a8c4d56d 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-openvpn.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -219,7 +219,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -273,7 +273,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -327,7 +327,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -381,7 +381,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -437,7 +437,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -481,7 +481,7 @@ { "@timestamp": "2022-07-03T21:42:57.000-04:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -540,7 +540,7 @@ { "@timestamp": "2021-07-04T03:17:01.074Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -603,7 +603,7 @@ { "@timestamp": "2021-07-04T03:40:38.477Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json index b1a2703dc7d..21c3058e0d0 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-squid.log-expected.json @@ -19,7 +19,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json index e3d344ca1d8..777e442ef8a 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-syslog.log-expected.json @@ -20,7 +20,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -130,7 +130,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -329,7 +329,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -439,7 +439,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -537,7 +537,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -651,7 +651,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -761,7 +761,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -859,7 +859,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -948,7 +948,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -1049,7 +1049,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1159,7 +1159,7 @@ "port": 853 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "block", @@ -1269,7 +1269,7 @@ "port": 1900 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", @@ -1357,7 +1357,7 @@ "ip": "224.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "pass", diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json index 504a163358c..5a6dfacdc2b 100644 --- a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json +++ b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-unbound.log-expected.json @@ -18,7 +18,7 @@ "type": "question" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -82,7 +82,7 @@ "type": "question" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 297430504e4..a60ec2167c5 100644 --- a/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for PFsense processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor value: netgate diff --git a/packages/pfsense/data_stream/log/sample_event.json b/packages/pfsense/data_stream/log/sample_event.json index 118d8fa6732..77e06063864 100644 --- a/packages/pfsense/data_stream/log/sample_event.json +++ b/packages/pfsense/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 853 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c5c06c39-0b86-45ec-9ae3-c773f4562eaa", diff --git a/packages/pfsense/docs/README.md b/packages/pfsense/docs/README.md index e54d342ce99..f4e01b35719 100644 --- a/packages/pfsense/docs/README.md +++ b/packages/pfsense/docs/README.md @@ -77,7 +77,7 @@ An example event for `log` looks as following: "port": 853 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "c5c06c39-0b86-45ec-9ae3-c773f4562eaa", diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 6e15fda7e65..4c5273f5c77 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense -version: "1.3.2" +version: "1.4.0" release: ga description: Collect logs from pfSense and OPNsense with Elastic Agent. type: integration diff --git a/packages/ping_one/_dev/build/build.yml b/packages/ping_one/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/ping_one/_dev/build/build.yml +++ b/packages/ping_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/ping_one/changelog.yml b/packages/ping_one/changelog.yml index 11f927bf2ea..4eeb2066dee 100644 --- a/packages/ping_one/changelog.yml +++ b/packages/ping_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '0.1.0' changes: - description: Initial Release. diff --git a/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index b87d7d9b30f..af02f1d81a4 100644 --- a/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/ping_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-07-06T06:12:00.400Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "action.created", @@ -62,7 +62,7 @@ { "@timestamp": "2022-07-18T13:25:08.750Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "action.updated", @@ -121,7 +121,7 @@ { "@timestamp": "2022-07-06T06:12:00.405Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application.created", @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application.updated", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "application.deleted", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_attribute.created", @@ -471,7 +471,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_attribute.deleted", @@ -566,7 +566,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_attribute.updated", @@ -661,7 +661,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_condition.created", @@ -756,7 +756,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_condition.deleted", @@ -851,7 +851,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_condition.updated", @@ -946,7 +946,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_policy.updated", @@ -1041,7 +1041,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_processor.created", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_processor.deleted", @@ -1231,7 +1231,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_processor.updated", @@ -1326,7 +1326,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_service.created", @@ -1421,7 +1421,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_service.deleted", @@ -1516,7 +1516,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_service.updated", @@ -1611,7 +1611,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_advice.created", @@ -1706,7 +1706,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_advice.deleted", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_advice.updated", @@ -1896,7 +1896,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_rule.created", @@ -1991,7 +1991,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_rule.deleted", @@ -2086,7 +2086,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "authorize_shared_rule.updated", @@ -2181,7 +2181,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "decision_endpoint.created", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "decision_endpoint.deleted", @@ -2371,7 +2371,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "decision_endpoint.updated", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "environment.created", @@ -2561,7 +2561,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "environment.updated", @@ -2656,7 +2656,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "fido_policy.created", @@ -2751,7 +2751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "fido_policy.deleted", @@ -2846,7 +2846,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "fido_policy.updated", @@ -2941,7 +2941,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow.deleted", @@ -3040,7 +3040,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow.created", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "flow.updated", @@ -3238,7 +3238,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "grant.created", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "grant.deleted", @@ -3428,7 +3428,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "grant.updated", @@ -3523,7 +3523,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "group.created", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "group.deleted", @@ -3709,7 +3709,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "group.updated", @@ -3802,7 +3802,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "identity_provider.created", @@ -3894,7 +3894,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "identity_provider.deleted", @@ -3986,7 +3986,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "identity_provider.updated", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "idp_attribute.created", @@ -4170,7 +4170,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "idp_attribute.deleted", @@ -4262,7 +4262,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "idp_attribute.updated", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "image.created", @@ -4446,7 +4446,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "key.created", @@ -4538,7 +4538,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "mfa_settings.updated", @@ -4633,7 +4633,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "notification_policy.created", @@ -4728,7 +4728,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "notification_policy.deleted", @@ -4823,7 +4823,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "notification_policy.updated", @@ -4912,7 +4912,7 @@ { "@timestamp": "2022-07-07T13:12:36.168Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password.check_failed", @@ -4973,7 +4973,7 @@ { "@timestamp": "2022-07-07T13:12:48.320Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password.check_succeeded", @@ -5041,7 +5041,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy.created", @@ -5133,7 +5133,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "policy.deleted", @@ -5225,7 +5225,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password.reset", @@ -5313,7 +5313,7 @@ { "@timestamp": "2022-07-06T06:12:00.573Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "password.set", @@ -5380,7 +5380,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "population.created", @@ -5472,7 +5472,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "population.deleted", @@ -5564,7 +5564,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "population.updated", @@ -5656,7 +5656,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_connection.created", @@ -5748,7 +5748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_rule.deleted", @@ -5840,7 +5840,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_rule.deleted", @@ -5932,7 +5932,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_connection.updated", @@ -6024,7 +6024,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_rule.created", @@ -6116,7 +6116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "provisioning_rule.updated", @@ -6208,7 +6208,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "resource_attribute.created", @@ -6300,7 +6300,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "resource_attribute.deleted", @@ -6392,7 +6392,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "resource.created", @@ -6484,7 +6484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "resource.deleted", @@ -6576,7 +6576,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "resource.updated", @@ -6668,7 +6668,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_policy_set.created", @@ -6760,7 +6760,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_policy_set.deleted", @@ -6852,7 +6852,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_policy_set.updated", @@ -6944,7 +6944,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_predictor.created", @@ -7036,7 +7036,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_predictor.deleted", @@ -7128,7 +7128,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "risk_predictor.updated", @@ -7214,7 +7214,7 @@ { "@timestamp": "2022-07-06T06:12:00.615Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "role_assignment.created", @@ -7286,7 +7286,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "role_assignment.deleted", @@ -7378,7 +7378,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "saml_attribute.created", @@ -7473,7 +7473,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "saml_attribute.deleted", @@ -7568,7 +7568,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "saml_attribute.updated", @@ -7663,7 +7663,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "schema_attribute.created", @@ -7755,7 +7755,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "schema_attribute.deleted", @@ -7847,7 +7847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "schema_attribute.updated", @@ -7939,7 +7939,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "scope.created", @@ -8031,7 +8031,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "scope.deleted", @@ -8123,7 +8123,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "scope.updated", @@ -8215,7 +8215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "secret.read", @@ -8309,7 +8309,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.access_allowed", @@ -8413,7 +8413,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.created", @@ -8509,7 +8509,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.deleted", @@ -8609,7 +8609,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.updated", @@ -8705,7 +8705,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "member_of_group.created", @@ -8798,7 +8798,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "member_of_group.deleted", @@ -8891,7 +8891,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.access_allowed", diff --git a/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 02c18fbfb8a..080929d6277 100644 --- a/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing audit logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/ping_one/data_stream/audit/sample_event.json b/packages/ping_one/data_stream/audit/sample_event.json index d7748f57e47..35f650339ab 100644 --- a/packages/ping_one/data_stream/audit/sample_event.json +++ b/packages/ping_one/data_stream/audit/sample_event.json @@ -20,7 +20,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8e2910ec-3bb9-439a-90a1-acedb9847388", diff --git a/packages/ping_one/docs/README.md b/packages/ping_one/docs/README.md index c8d8475889d..5633ebc60e2 100644 --- a/packages/ping_one/docs/README.md +++ b/packages/ping_one/docs/README.md @@ -81,7 +81,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "8e2910ec-3bb9-439a-90a1-acedb9847388", diff --git a/packages/ping_one/manifest.yml b/packages/ping_one/manifest.yml index a2b96748dc9..8d2f2aa727f 100644 --- a/packages/ping_one/manifest.yml +++ b/packages/ping_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: ping_one title: PingOne -version: 0.1.0 +version: "0.2.0" license: basic description: Collect logs from PingOne with Elastic-Agent. type: integration diff --git a/packages/proofpoint_tap/_dev/build/build.yml b/packages/proofpoint_tap/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/proofpoint_tap/_dev/build/build.yml +++ b/packages/proofpoint_tap/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index c1ac0f849f1..9556b5e7bdc 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.1" changes: - description: Remove unused visualizations diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json index b85ed204089..b0c588a837c 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -116,7 +116,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -299,7 +299,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -391,7 +391,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml index 71cc6d1bb92..9ae420f6a5f 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked clicks logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json index bfae8aae912..b5c2b84be67 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/sample_event.json @@ -34,7 +34,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json index f99b0341726..73fd424eab3 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -115,7 +115,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -298,7 +298,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml index f6d5b2f1a4f..749a1daa661 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP permitted clicks logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json index 063f122a0e2..4ca8991d377 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/sample_event.json @@ -34,7 +34,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", diff --git a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json index fbfa56036b8..5d372275bec 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-01T00:45:55.050Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -125,7 +125,7 @@ { "@timestamp": "2022-01-01T01:25:59.059Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -246,7 +246,7 @@ { "@timestamp": "2022-01-01T04:51:56.269Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -374,7 +374,7 @@ { "@timestamp": "2022-01-01T00:25:20.010Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -571,7 +571,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -698,7 +698,7 @@ { "@timestamp": "2022-01-01T05:00:02.010Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml index fb327ce15ab..d6e5999d168 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked message logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json index 54d1cf6874d..2975881687b 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", diff --git a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json index f23cea5b27d..c35c3dd6a79 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-05T10:05:56.020Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "delivery_timestamp": "2022-01-05T10:05:56.020Z", @@ -90,7 +90,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -160,7 +160,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -236,7 +236,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -312,7 +312,7 @@ { "@timestamp": "2022-03-15T15:00:20.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -460,7 +460,7 @@ { "@timestamp": "2021-09-28T16:28:59.490Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -615,7 +615,7 @@ { "@timestamp": "2022-08-17T18:00:22.060Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ @@ -764,7 +764,7 @@ { "@timestamp": "2022-03-24T13:24:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml index 94528657358..8e2776de410 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP delivered message logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json index 137495693b0..bca85449d3e 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", diff --git a/packages/proofpoint_tap/docs/README.md b/packages/proofpoint_tap/docs/README.md index fda0165306f..46ba11650fa 100644 --- a/packages/proofpoint_tap/docs/README.md +++ b/packages/proofpoint_tap/docs/README.md @@ -64,7 +64,7 @@ An example event for `clicks_blocked` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", @@ -292,7 +292,7 @@ An example event for `clicks_permitted` looks as following: "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", @@ -497,7 +497,7 @@ An example event for `message_blocked` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", @@ -805,7 +805,7 @@ An example event for `message_delivered` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "00ac4a9e-eb98-4ec1-8051-a38c806fa3f2", diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index 6391f230c28..a28f8e210a4 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: "1.1.1" +version: "1.2.0" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration diff --git a/packages/pulse_connect_secure/_dev/build/build.yml b/packages/pulse_connect_secure/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/pulse_connect_secure/_dev/build/build.yml +++ b/packages/pulse_connect_secure/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index 8b7b52941f6..cb0a816501a 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json index 4b72f092b5e..c870a5f9442 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -85,7 +85,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -145,7 +145,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -223,7 +223,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -301,7 +301,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -381,7 +381,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -539,7 +539,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -617,7 +617,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -695,7 +695,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index 25e270413a6..fb14e944239 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -185,7 +185,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -247,7 +247,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -291,7 +291,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json index 4066293ad4a..5549413f54e 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json @@ -7,7 +7,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -67,7 +67,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -127,7 +127,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -211,7 +211,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -271,7 +271,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -430,7 +430,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json index e12fe84b30b..79ce0670e39 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -103,7 +103,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -200,7 +200,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -293,7 +293,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -371,7 +371,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -449,7 +449,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -529,7 +529,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -687,7 +687,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -863,7 +863,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -944,7 +944,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 7db65a919d5..1be3914bdba 100644 --- a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Pulse Connect Secure logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/pulse_connect_secure/data_stream/log/sample_event.json b/packages/pulse_connect_secure/data_stream/log/sample_event.json index ec0c798e21b..406053c83c8 100644 --- a/packages/pulse_connect_secure/data_stream/log/sample_event.json +++ b/packages/pulse_connect_secure/data_stream/log/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/docs/README.md b/packages/pulse_connect_secure/docs/README.md index 0a71f7427e7..15af200fcfb 100644 --- a/packages/pulse_connect_secure/docs/README.md +++ b/packages/pulse_connect_secure/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index 560315359ac..697a9b3a8e6 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: "1.2.2" +version: "1.3.0" release: ga description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration diff --git a/packages/qnap_nas/_dev/build/build.yml b/packages/qnap_nas/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/qnap_nas/_dev/build/build.yml +++ b/packages/qnap_nas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 6bd4b57d923..71f81423228 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json index cd371235c93..17b3210424e 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-30T20:24:24.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "create-directory", @@ -73,7 +73,7 @@ { "@timestamp": "2022-10-30T20:24:25.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-fail", @@ -138,7 +138,7 @@ { "@timestamp": "2022-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-success", @@ -203,7 +203,7 @@ { "@timestamp": "2022-11-21T14:42:18.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-success", @@ -265,7 +265,7 @@ { "@timestamp": "2022-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logout", @@ -329,7 +329,7 @@ { "@timestamp": "2022-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -396,7 +396,7 @@ { "@timestamp": "2022-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rename", @@ -461,7 +461,7 @@ { "@timestamp": "2022-10-30T20:24:33.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete", @@ -531,7 +531,7 @@ { "@timestamp": "2022-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -602,7 +602,7 @@ { "@timestamp": "2022-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "add", diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json index 7d6d24e0288..9b6f1a0ff3e 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-30T20:28:41.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -55,7 +55,7 @@ { "@timestamp": "2022-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -107,7 +107,7 @@ { "@timestamp": "2022-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -159,7 +159,7 @@ { "@timestamp": "2022-10-30T20:32:25.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -218,7 +218,7 @@ { "@timestamp": "2022-10-30T20:34:22.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -277,7 +277,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created-shared-folder", @@ -345,7 +345,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted-shared-folder", @@ -413,7 +413,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted-user-group", @@ -479,7 +479,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created-user-group", @@ -545,7 +545,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "changed-password", @@ -612,7 +612,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "edited-account-profile", @@ -679,7 +679,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "created-user", @@ -745,7 +745,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "deleted-user", diff --git a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 22f26fdc384..4c32e564455 100644 --- a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing QNAP NAS logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index 0dee7e02aa8..08213648efc 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index 7ad02668a5f..ed08cb6be2e 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -26,7 +26,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index 7d02ba2d5f7..8000697db1e 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: "1.4.1" +version: "1.5.0" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration diff --git a/packages/radware/_dev/build/build.yml b/packages/radware/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/radware/_dev/build/build.yml +++ b/packages/radware/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index 1f22b67e215..817b4bc70fe 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.9.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml index 1e334e76d4c..643b2f25006 100644 --- a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml +++ b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Radware DefensePro processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index ad16884a7ba..d37dfb13ca7 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: "0.9.1" +version: "0.10.0" description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/santa/_dev/build/build.yml b/packages/santa/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/santa/_dev/build/build.yml +++ b/packages/santa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index e0ea7a02f0b..c4c670f7980 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "3.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json index d29f8e1e249..feb6039705b 100644 --- a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json +++ b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-05-12T11:38:03.923Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "exec", @@ -80,7 +80,7 @@ { "@timestamp": "2022-05-12T11:38:42.781Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "exec", @@ -155,7 +155,7 @@ { "@timestamp": "2022-05-12T11:33:56.696Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "delete", @@ -205,7 +205,7 @@ { "@timestamp": "2022-05-12T11:30:05.248Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "link", @@ -256,7 +256,7 @@ { "@timestamp": "2022-05-12T11:30:16.125Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "rename", @@ -307,7 +307,7 @@ { "@timestamp": "2022-05-12T11:38:05.278Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "write", @@ -357,7 +357,7 @@ { "@timestamp": "2022-05-12T11:32:33.718Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "diskdisappear", @@ -382,7 +382,7 @@ { "@timestamp": "2022-05-12T11:32:44.184Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "diskappear", @@ -409,7 +409,7 @@ { "@timestamp": "2022-05-12T11:33:57.166Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "diskappear", @@ -437,7 +437,7 @@ { "@timestamp": "2022-05-12T11:33:57.235Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "diskappear", @@ -466,7 +466,7 @@ { "@timestamp": "2022-05-12T11:35:31.436Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "diskdisappear", diff --git a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b75c002e91d..575c055946a 100644 --- a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Google Santa logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/santa/data_stream/log/sample_event.json b/packages/santa/data_stream/log/sample_event.json index fda47fc7204..06f13acc1f0 100644 --- a/packages/santa/data_stream/log/sample_event.json +++ b/packages/santa/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/docs/README.md b/packages/santa/docs/README.md index 649a6b0464c..4295437e429 100644 --- a/packages/santa/docs/README.md +++ b/packages/santa/docs/README.md @@ -35,7 +35,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "2c596a05-d358-406e-924c-bf221088f43c", diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index a20db0dd9cb..45e3ddaa045 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa -version: 3.3.0 +version: "3.4.0" release: ga description: Collect logs from Google Santa with Elastic Agent. type: integration diff --git a/packages/sentinel_one/_dev/build/build.yml b/packages/sentinel_one/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/sentinel_one/_dev/build/build.yml +++ b/packages/sentinel_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index d493f571144..c5ed833aa1c 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.2" changes: - description: Ensure stability of related.hash array ordering. diff --git a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json index 9e9d8aa8aba..a2d615c063b 100644 --- a/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json +++ b/packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-18T05:14:08.925Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ { "@timestamp": "2022-04-18T05:14:09.240Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -149,7 +149,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -209,7 +209,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -297,7 +297,7 @@ { "@timestamp": "2022-04-06T08:26:45.582Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -362,7 +362,7 @@ { "@timestamp": "2022-04-06T08:26:52.843Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -435,7 +435,7 @@ { "@timestamp": "2022-04-06T08:45:43.122Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -519,7 +519,7 @@ { "@timestamp": "2022-04-06T08:45:54.532Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -609,7 +609,7 @@ { "@timestamp": "2022-04-06T08:45:55.309Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -703,7 +703,7 @@ { "@timestamp": "2022-04-06T08:45:56.634Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -796,7 +796,7 @@ { "@timestamp": "2022-04-06T08:45:56.641Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -890,7 +890,7 @@ { "@timestamp": "2022-04-06T08:46:08.135Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -974,7 +974,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1030,7 +1030,7 @@ { "@timestamp": "2022-04-06T08:51:09.416Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1098,7 +1098,7 @@ { "@timestamp": "2022-04-06T08:57:37.680Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1199,7 +1199,7 @@ { "@timestamp": "2022-04-06T08:59:41.758Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1259,7 +1259,7 @@ { "@timestamp": "2022-04-06T08:26:45.579Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1347,7 +1347,7 @@ { "@timestamp": "2022-04-05T16:01:56.995Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1403,7 +1403,7 @@ { "@timestamp": "2022-04-06T09:00:33.115Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1487,7 +1487,7 @@ { "@timestamp": "2022-04-13T03:34:10.933Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1568,7 +1568,7 @@ { "@timestamp": "2022-04-18T05:09:27.532Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1629,7 +1629,7 @@ { "@timestamp": "2022-04-18T05:09:27.534Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1693,7 +1693,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1753,7 +1753,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1814,7 +1814,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1865,7 +1865,7 @@ { "@timestamp": "2022-04-05T16:11:05.469Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -1916,7 +1916,7 @@ { "@timestamp": "2022-04-06T08:45:54.532Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml index c3cb48caa8d..fed13e9926c 100644 --- a/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing activity logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/sentinel_one/data_stream/activity/sample_event.json b/packages/sentinel_one/data_stream/activity/sample_event.json index 0e863eddc3f..86d24efe2ce 100644 --- a/packages/sentinel_one/data_stream/activity/sample_event.json +++ b/packages/sentinel_one/data_stream/activity/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json index 20476e7fde2..a0e48f55e43 100644 --- a/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json +++ b/packages/sentinel_one/data_stream/agent/_dev/test/pipeline/test-pipeline-agent.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-07T08:31:47.481Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml index 02b96c51522..5f6d28f12e1 100644 --- a/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/agent/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing agent logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/agent/sample_event.json b/packages/sentinel_one/data_stream/agent/sample_event.json index b6a6d3843eb..4df24d18f79 100644 --- a/packages/sentinel_one/data_stream/agent/sample_event.json +++ b/packages/sentinel_one/data_stream/agent/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json index 2a770a3ad0a..b0a05fd84ae 100644 --- a/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json +++ b/packages/sentinel_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 4439b0c12c4..2d87d050427 100644 --- a/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/alert/sample_event.json b/packages/sentinel_one/data_stream/alert/sample_event.json index 4f0cea14efd..5e855c72df5 100644 --- a/packages/sentinel_one/data_stream/alert/sample_event.json +++ b/packages/sentinel_one/data_stream/alert/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json index 2f3d32acb27..90cacdcfb28 100644 --- a/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json +++ b/packages/sentinel_one/data_stream/group/_dev/test/pipeline/test-pipeline-group.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-05T16:01:57.564Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml index 969198b5659..521010e0421 100644 --- a/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing group logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/sentinel_one/data_stream/group/sample_event.json b/packages/sentinel_one/data_stream/group/sample_event.json index 14ed9e62394..1671c6d6af6 100644 --- a/packages/sentinel_one/data_stream/group/sample_event.json +++ b/packages/sentinel_one/data_stream/group/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json index cc171dc8166..28d8a1495af 100644 --- a/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json +++ b/packages/sentinel_one/data_stream/threat/_dev/test/pipeline/test-pipeline-threat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-04-06T08:54:17.194Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SentinelOne Cloud", @@ -246,7 +246,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -534,7 +534,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -822,7 +822,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", @@ -1110,7 +1110,7 @@ { "@timestamp": "2022-04-06T08:57:37.672Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Documents, Scripts,On-Write ABC", diff --git a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 65cffa3c5a9..89ee2beb1f5 100644 --- a/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing threat logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: alert diff --git a/packages/sentinel_one/data_stream/threat/sample_event.json b/packages/sentinel_one/data_stream/threat/sample_event.json index 82338b48792..14fee8054cb 100644 --- a/packages/sentinel_one/data_stream/threat/sample_event.json +++ b/packages/sentinel_one/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/docs/README.md b/packages/sentinel_one/docs/README.md index f3423383fa1..9cc1292270c 100644 --- a/packages/sentinel_one/docs/README.md +++ b/packages/sentinel_one/docs/README.md @@ -43,7 +43,7 @@ An example event for `activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -261,7 +261,7 @@ An example event for `agent` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -629,7 +629,7 @@ An example event for `alert` looks as following: } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -1054,7 +1054,7 @@ An example event for `group` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", @@ -1207,7 +1207,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "15b19080-249c-49a5-801a-edf25c28dcfe", diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index 31352dfc1a0..ad14b6283d5 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sentinel_one title: SentinelOne -version: "1.2.2" +version: "1.3.0" license: basic description: Collect logs from SentinelOne with Elastic Agent. type: integration diff --git a/packages/slack/_dev/build/build.yml b/packages/slack/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/slack/_dev/build/build.yml +++ b/packages/slack/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/slack/changelog.yml b/packages/slack/changelog.yml index 512c0cecbd0..f8a7926205d 100644 --- a/packages/slack/changelog.yml +++ b/packages/slack/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.1.2" changes: - description: Remove duplicate field. diff --git a/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 33cc1ef135d..a09007c4c79 100644 --- a/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/slack/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-03-16T15:32:23.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_login", @@ -86,7 +86,7 @@ { "@timestamp": "2019-08-19T11:46:32.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user_created", diff --git a/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 9ea4dc73e6b..9aa24444cef 100644 --- a/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Slack Audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/slack/data_stream/audit/sample_event.json b/packages/slack/data_stream/audit/sample_event.json index eaaa704739b..41dd53a5550 100644 --- a/packages/slack/data_stream/audit/sample_event.json +++ b/packages/slack/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "592bbba2-ceea-4a3a-8ccb-0c8c92d1eed3", diff --git a/packages/slack/docs/README.md b/packages/slack/docs/README.md index 9ff2fb1047c..f73bdb99719 100644 --- a/packages/slack/docs/README.md +++ b/packages/slack/docs/README.md @@ -163,7 +163,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "592bbba2-ceea-4a3a-8ccb-0c8c92d1eed3", diff --git a/packages/slack/manifest.yml b/packages/slack/manifest.yml index 7b922bd2116..fc66f9ddfd8 100644 --- a/packages/slack/manifest.yml +++ b/packages/slack/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: slack title: "Slack Logs" -version: 0.1.2 +version: "0.2.0" license: basic description: "Slack Logs Integration" type: integration diff --git a/packages/snort/_dev/build/build.yml b/packages/snort/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/snort/_dev/build/build.yml +++ b/packages/snort/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/snort/changelog.yml b/packages/snort/changelog.yml index 56533c9db33..48f7626bd3d 100644 --- a/packages/snort/changelog.yml +++ b/packages/snort/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.1.0" changes: - description: Add Snort 3 JSON support. diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json index 6f7ad646f36..1f5328ac61c 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-csv.log-expected.json @@ -9,7 +9,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -157,7 +157,7 @@ "port": 55475 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -228,7 +228,7 @@ "port": 55333 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ "port": 32414 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -381,7 +381,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -456,7 +456,7 @@ "mac": "00-50-56-9D-A5-BE" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -555,7 +555,7 @@ "mac": "00-25-90-3A-05-13" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json index 62fdf9decbb..b0e25312ba0 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-fast.log-expected.json @@ -8,7 +8,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -220,7 +220,7 @@ "port": 1900 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -276,7 +276,7 @@ "port": 1051 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -343,7 +343,7 @@ "ip": "192.168.115.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -410,7 +410,7 @@ "port": 54757 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -478,7 +478,7 @@ "port": 36312 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -557,7 +557,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -611,7 +611,7 @@ "ip": "10.100.10.190" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json index d06aa6e0155..d6ea69b7bef 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-full.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -152,7 +152,7 @@ "port": 36635 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -231,7 +231,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -302,7 +302,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.100.10.190" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -456,7 +456,7 @@ "port": 56012 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json index 40e2f71287c..05136fff4a3 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-json.log-expected.json @@ -8,7 +8,7 @@ "mac": "52-54-00-1F-8A-1C" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -88,7 +88,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -156,7 +156,7 @@ "port": 1047 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -258,7 +258,7 @@ "port": 68 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -336,7 +336,7 @@ "mac": "00-16-47-9D-F2-C2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json index 464513b18d4..211d288514d 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json @@ -20,7 +20,7 @@ "port": 91 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -105,7 +105,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -189,7 +189,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index 2c9504fffc3..619de8a78a2 100644 --- a/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/snort/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -8,7 +8,7 @@ "port": 32414 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -138,7 +138,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 024c7016f89..9929c6e47a2 100644 --- a/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snort/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Snort logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/snort/data_stream/log/sample_event.json b/packages/snort/data_stream/log/sample_event.json index e2add115dab..39c71b13cfb 100644 --- a/packages/snort/data_stream/log/sample_event.json +++ b/packages/snort/data_stream/log/sample_event.json @@ -29,7 +29,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/snort/docs/README.md b/packages/snort/docs/README.md index d39736c888f..e134eab5807 100644 --- a/packages/snort/docs/README.md +++ b/packages/snort/docs/README.md @@ -44,7 +44,7 @@ An example event for `log` looks as following: "ip": "175.16.199.1" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "ca0beb8d-9522-4450-8af7-3cb7f3d8c478", diff --git a/packages/snort/manifest.yml b/packages/snort/manifest.yml index 7e22f3a79ea..359b1644126 100644 --- a/packages/snort/manifest.yml +++ b/packages/snort/manifest.yml @@ -1,6 +1,6 @@ name: snort title: Snort -version: "1.1.0" +version: "1.2.0" release: ga description: Collect logs from Snort with Elastic Agent. type: integration diff --git a/packages/snyk/_dev/build/build.yml b/packages/snyk/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/snyk/_dev/build/build.yml +++ b/packages/snyk/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/snyk/changelog.yml b/packages/snyk/changelog.yml index 41be59486d6..81441cbeb4b 100644 --- a/packages/snyk/changelog.yml +++ b/packages/snyk/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json index 692f12f291a..60413ebeb02 100644 --- a/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json +++ b/packages/snyk/data_stream/audit/_dev/test/pipeline/test-snyk-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-17T14:30:13.800Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.logged_in", @@ -30,7 +30,7 @@ { "@timestamp": "2020-11-12T13:24:40.317Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "api.access", @@ -57,7 +57,7 @@ { "@timestamp": "2020-11-11T21:00:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.user.invite", @@ -85,7 +85,7 @@ { "@timestamp": "2020-11-15T06:02:45.497Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "org.user.role.edit", diff --git a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 98d51ecad97..64dd51f54df 100644 --- a/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk Audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/audit/sample_event.json b/packages/snyk/data_stream/audit/sample_event.json index 754b460e377..7673105657c 100644 --- a/packages/snyk/data_stream/audit/sample_event.json +++ b/packages/snyk/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json index ec977c45667..f22743db475 100644 --- a/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json +++ b/packages/snyk/data_stream/vulnerabilities/_dev/test/pipeline/test-snyk-vulnerabilities.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161128\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":4.05,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-07\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -113,7 +113,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/npm:ejs:20161128\",\"id\":\"npm:ejs:20161121\",\"title\":\"Arbitrary Code Execution\",\"type\":\"vuln\",\"package\":\"ejs\",\"version\":\"0.8.8\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"js\",\"packageManager\":\"npm\",\"semver\":{\"vulnerable\":[\"\u003c2.5.3\"]},\"isIgnored\":false,\"publicationTime\":\"2016-11-28T18:44:12.000Z\",\"disclosureTime\":\"2016-11-27T22:00:00.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2017-1000228\"],\"CWE\":[\"CWE-94\"],\"ALTERNATIVE\":[\"SNYK-JS-EJS-10218\"]},\"credit\":[\"Snyk Security Research Team\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[{\"id\":\"patch:npm:ejs:20161128:0\",\"urls\":[\"https://snyk-patches.s3.amazonaws.com/npm/ejs/20161128/ejs_20161128_0_0_3d447c5a335844b25faec04b1132dbc721f9c8f6.patch\"],\"version\":\"\u003c2.5.3 \u003e=2.2.4\",\"comments\":[],\"modificationTime\":\"2019-12-03T11:40:45.851976Z\"}],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":619,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-13\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"id\":\"SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488\",\"title\":\"Insecure Randomness\",\"type\":\"vuln\",\"package\":\"github.com/satori/go.uuid\",\"version\":\"#000000000000\",\"severity\":\"high\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"high\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"=1.2.0\"],\"hashesRange\":[\"\u003e=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c \u003cd91630c8510268e75203009fe7daf2b8e1d60c45\"],\"vulnerableHashes\":[\"c596ec57260fd2ad47b2ae6809d6890a2f99c3b2\",\"36e9d2ebbde5e3f13ab2e25625fd453271d6522e\",\"f6920249aa08fc2a2c2e8274ea9648d0bb1e9364\",\"0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c\"]},\"isIgnored\":false,\"publicationTime\":\"2018-10-24T08:56:41.000Z\",\"disclosureTime\":\"2018-03-23T08:57:24.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[],\"CWE\":[\"CWE-338\"]},\"credit\":[\"josselin-c\"],\"CVSSv3\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"cvssScore\":\"8.1\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":405,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-11-17\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" @@ -334,7 +334,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "{\"issue\":{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"id\":\"SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236\",\"title\":\"Denial of Service (DoS)\",\"type\":\"vuln\",\"package\":\"github.com/go-yaml/yaml\",\"version\":\"2.1.0\",\"severity\":\"medium\",\"originalSeverity\":null,\"uniqueSeveritiesList\":[\"medium\"],\"language\":\"golang\",\"packageManager\":\"golang\",\"semver\":{\"vulnerable\":[\"\u003c2.2.8\"],\"hashesRange\":[\"53403b58ad1b561927d19068c655246f2db79d48\"],\"vulnerableHashes\":[\"dd8f49ae7840d1fc6810d53ee7b05356da92f81f\",\"d4766d1dff71f8a135a57e1fcff946c8c1a140ab\",\"2aba0a492be00f1eb4d95483b08930ebe4968b64\",\"3b0eedc5a476efc2b2e025eff55b2fd08fa32abd\",\"2f2fd02e5a54a7d4f5e5d3494b170b0cb9275c92\",\"7ad95dd0798a40da1ccdff6dff35fd177b5edf40\",\"f7716cbe52baa25d2e9b0d0da546fcf909fc16b4\",\"1ff37a7d30b085dc643dee7adb18759e3511661a\",\"eca94c41d994ae2215d455ce578ae6e2dc6ee516\",\"b0c168ac0cf9493da1f9bb76c34b26ffef940b4a\",\"77373ee937410eceadc4dc64b1100d897ed593d0\",\"025607cd2e381e6e08a56ffec46ac79e23ca2d88\",\"7d17c9173a3d25ebba15cedb25b5205bdfb1eac8\",\"ca3d523f32f3b33fb3265bfeb8e11003a8670e3d\",\"85db785e81ed62ffae7a145404fc0f022335378c\",\"a72a87d92dad7563e31c2c007e8d67f93d67f221\",\"1be3d31502d6eabc0dd7ce5b0daab022e14a5538\",\"90376f16b6d74c4e2fff21dd24397bec3dc62dd5\",\"bb263360b83253468e534d974aabeddd6c22f887\",\"d466437aa4adc35830964cffc5b5f262c63ddcb4\",\"d6c23fbaf16f72995b58492627e65801cfb9a8dd\",\"e4d366fc3c7938e2958e662b4258c7a89e1f0e3e\",\"60a2abf4e00318875a661c29b36df7a68e484bf4\",\"f4d271a8a289b41fa88b802c430fefde4e018bba\",\"10c59a7d91867c206737dcd482fe68906a1484ca\",\"d0b6f3facf302fb1bf969a12bad68ce720b3c025\",\"4d6bb54d8acc91e147763cea066cff0b89437e90\",\"1244d3ce02e3e1c16820ada0bae506b6c479f106\",\"49fdd64ad429d146bacf7106dd73078e889be2e8\",\"8e626dec39b5836cef636d885e33479debcf0cb1\",\"4914593b9558e85597f08346c798aea8f6fb899f\",\"031c922227a592b2b562a1833438308381f9a8bf\",\"b51f82a2e3cbedab685908bd64d61d0a1b781754\",\"c75e52ecee48db6de9aa73d00a360d43abf3e7ac\",\"857a0b2759f87f47aaebad6dd319cf4f887eb6dc\",\"5887bc194be84805c8283e9d9a66102bf9571fca\",\"a528d0ef484d32e416d7b9c4a249d1fa7111be6e\",\"5b18502a28c65dfd209ea5aebb405fb6fc07f7e1\",\"5d6f7e02b7cdad63b06ab3877915532cd30073b4\",\"9c272e25743608d6d3287141522eb4506b2dac45\",\"125a562d7bf105e062ed2adfb2d37e6f11c209bd\",\"87e4a22b684220ccca96de3f2e651b2380a55f9e\",\"d56ec34a3ded0bb58c82198664664ccb81eec91b\",\"b754a4fe6ad8db932e083a2d85ae2199b3516bef\",\"04092268b2c5e87e6373229049c827b833af4edb\",\"f59f5e67022f3c186e20af01b1993b86ac74f0dc\",\"52d5976e4791cf8c96a9de7569098e3752677412\",\"770b8dae4cf00919e5eafffbd8d58186294b61b5\",\"71e7ede9d48a2e096f6d5d0516c763513a471bd1\",\"b01920c75e30179201b01633db246038b0226ce9\",\"ef0aede23c8c624e127a9a59183ee8915e48a3c9\",\"1632dd8118ce1efece66b7f53bb167956d5d8b4e\",\"05299e459464264cd87a230b62d1aca93725c51b\",\"d00346f943c9d2c43424c8a3840f5ca58817750d\",\"49c95bdc21843256fb6c4e0d370a05f24a0bf213\",\"088598405c86d37e951287d094d691e221654a00\",\"c11897f0ba79d8a35d8a124ff0d76e13d9dccb9b\",\"711419034010345c604724ef87ec3db91ffe0936\",\"3e6d767784b037b90a14701b6c9f0643f05db963\",\"a83829b6f1293c91addabc89d0571c246397bbf4\",\"ee2f4956ea46791a74a31142105f03c0d5f9492b\",\"7b079234548be56f14c6e342d4660aa8d54865b7\",\"b7fbda9990042cd5456fdf187480c25fdd776f92\",\"a6dc653f939ab0e6a554873806c41add1140d90c\",\"687eda924018599a7c4518013c369f0bfb7eb0e1\",\"fa9662d290d59b79f2ef7e1f72c885560efe512d\",\"e47eca576e8f3a433de0ba77f1923e7c7f959667\",\"e90bcf783f7abddaa0ee0994a09e536498744e49\",\"fdc1ab46101a842d9e914408bd481f6647d5f9c1\",\"f0766b44ca7999dc9af38a050ddf6db79d05bf3b\",\"cdd36ee8d333aa740c1c0bceae0da74969b2c60b\",\"7701d177ce02b7bd38c4ebd2ba4a7783080505ae\",\"2c1be0d7f7ff8305cf666e89152e9753c8b39004\",\"97203c6e4fc7347bfef3bd6d4913e90bd46c7ecb\",\"7c97801ccf41d5273de9e22c8b2af6860c7703a2\",\"7002636de42c9ef59a2921bb4f78744cabe8bfe3\",\"0725b7707fdeeb6894c403d0f5a2a20e1dc7454d\",\"1dd72ac3928693b9db2533639dfc2a5f831697eb\",\"73a1567027eea2fab2b057a193036f844736f7da\",\"7539b1dee2c790ab2d1aa5e254ef877f5552ff97\",\"920b7d819b42f26f4796e4a43f518090a7a6331f\",\"1f64d6156d11335c3f22d9330b0ad14fc1e789ce\",\"1b9791953ba4027efaeb728c7355e542a203be5e\",\"1ed59511881fdb008c1e618e9f219ce0704e658e\",\"c325d146e464fb9567e780ddfa2dad3a99323075\",\"0ee36981cbf495d5eb6aeb540a3afc25c61d1a96\",\"c4a9fb418357aceb801272d73efd518f183700fa\",\"a347d2466e459933f4fb25f8026d995977436ccf\",\"f221b8435cfb71e54062f6c6e99e9ade30b124d5\",\"5206f6dd03423b3a5462a2a4286a4efae8abe347\",\"a1c4bcb6c278a41992e2f4f0f29a44b4146daa5c\",\"4ca689e686c2caf4dda3a62936c097d6dfb56877\",\"119a11e4378a0410c69c42d82f51331a6da7a97c\",\"c7da9dcff86f24fcfdc15e1f9fa39dfc19784616\",\"f29dde21846f6357ee4421013b59eefd65c069b0\",\"5515099aacaeb9ff3ab7492f0803327bb19fc512\",\"1c9241b56a03383c77e1c33d86ea6ca4a927153e\",\"86f5ed62f8a0ee96bd888d2efdfd6d4fb100a4eb\",\"1f2a25ba9402c70a7806e84531ef763943739072\",\"1418a9bc452f9cf4efa70307cafcb10743e64a56\",\"65b1927d8262617ca3d25f296fdde1e8c48f813d\",\"2bf60357b89cbc6044dde700cf63bab94a615bf7\",\"c6314f5b627e2a1c1846d89cd775de6b2808d37e\",\"50e1b1b1332ea40fff2a9b13bfbccbbecd526f00\",\"50f7813e6b19e58334360ab011dfbaece5b1501f\",\"a311394a2a9276454d3f92d26838c3ae3d99cdf3\",\"79f5ef7c40ae7a4ee6bcd26d324bf50491b431e5\",\"731788bc8b082f8c81c63ca0abd5950c7a68a2f1\",\"6491ec31f7b0d27492e3046c86de94838dcb523c\",\"41168bb7ed2fc849bc36727a2b902bd8f447bfc2\",\"bc27649cd5454055cf20fdb9ef556c214d3f9aa0\",\"d6b53382672776035ad8ef0404681f8a4a16bb95\",\"8eba062837dc10754db7cbafcbedbfbc985ca172\",\"837b0877fcd6b2c8ba83d126917267695ff16ad8\",\"72c33f6840f49f9ed7d1faef7562b3266640fdf4\",\"26b882523374125854702734c30b0ce6a1a18d7b\",\"e90048704a8adb0b81b2e15ebafd1a35fa110903\",\"4fc5987536ef307a24ca299aee7ae301cde3d221\",\"4341420a144323d3f148ece677a20da6e077cfd2\",\"5c8bfe59213b6e9a5eb50debebc396e99a9fa174\",\"200c098a06472243b50aeda4510220a90c4e7dbe\",\"de3643d77b438c6f0f69f350c437639a300b5e73\",\"9a4310b1caff4cca3780580195a916ca060d08f7\",\"91eb945ac02153399ac9f69e34751f1a176254c3\",\"4cdd993908b57c3b87bef0695e5ca989151ad55f\",\"7ddc4634ce2d8ca5c03846918ae1df6aa40ee464\",\"ec232d2920a84930b077414b60b5985e076ae228\",\"2c8612dfee1362e7e482c66c5feb892a94d53255\",\"d670f9405373e636a5a2765eea47fac0c9bc91a4\",\"e9bfed595636e952566e5cb857c22b918f2530a2\",\"c1cd2254a6dd314c9d73c338c12688c9325d85c6\",\"df747160af0ebfcc572951e4168d4b1bc91a47f5\",\"a65e08b08285cef29253c50ffd92469bf6e26a29\",\"e6da37e746419537560c1e95e429f42b33f6d0e3\",\"eea198a9c5cc6e02bfcd130a932051088a9f0950\",\"6675ed2a9028caf87bb5915503c08a595e57b77d\",\"562080bfe963d41a6870a4c500918f6361a0b61f\",\"8171f560dedcb162dd3d2c925015679e84bac269\",\"c78cd3ebd83777ac093137fbb55c33a9d3f65819\",\"e4ac4c457c23b390e7fd75ddf746c5a69aa8cfd5\",\"93d787c44dc828e1c67fa275cb66eb86bb2929f8\",\"7cdd87a79f79db641dae55776224443026d28928\",\"406cad6bb47dd7d9a123d005fb8ff766f6463051\",\"523c7d9470684b02d902e8d986cd9eea66884755\",\"9ca8abd6882a6e741166e6ec946a73f3a64df65a\",\"885e19c0dda1f4e4e22837474879f8f3d36fb449\",\"e8976af76e3d35c48f8b2c9540cca3e92995fbc6\",\"addb3a024ff5763c8facbe4767fe530d602cfedc\",\"c7f6f9c6e6c14027a46eb91241427dba67604f39\",\"0a6d1b02c16e372ceea8f17f3b1833b918954bf1\",\"835086a6b6aa65939515e30b5d6c2eba43d7c075\",\"7b8fd2dbef04521fdd8d670ef4c77be691845aa2\",\"3eb2270747cdd89e3f095cb24e8dd4ccf2a098f6\",\"1d653a737648051ca638423377052c2f5c10c050\",\"14d1c4659ec7b9ee26f5d705f3c2bb56cb6cbee4\",\"c544d0342172409bd9c8f7c45d9fb21971c8aee9\",\"6941443daa441371720e9ef8f3554c3958cfb071\",\"f8db564a0a4a5f6d04f66522493597f18e5ab4ae\",\"7c634f6a68c1076d3cfdc56930db26e86f7876d7\",\"f7e23311052d3dda728ce15788fb3727898afa17\",\"8691640bc70f3d96128a809341d850b550a3abb9\",\"b9b22c434500d7639936fbed673fc0ef23ce88f6\",\"d6385b38675d8d03521c9290f4f3d7bff08664c0\",\"4c78c975fe7c825c6d1466c42be594d1d6f3aba6\",\"54c736c86c9bcc793fb4bd6f203604cd738dc0e9\",\"722ff6b958a31d4ca3405db35a72648a6077a6bb\",\"2afc2e57e051513a3f5f67e74857696a8558d67b\",\"283fbcdd1e64975730a38609f8802ef983a43cb9\",\"ab5d55c35f3919fe06e9daedce5a32f4aab23777\",\"e2fbf5b72a6a12abd15be9b37656a0a136fc32f8\",\"399c3345e0f76f583d830cd7da27518bbb00c91a\",\"b6679148d27038e59d7818facc4d100e677a64ae\",\"43a0256bb22b0c2e1803ac6e28f55e5989a60523\",\"f5f5cc19d1f681884684426c96adadef47a3b55c\",\"787afde64d7b36591050440c4a14c2288b373de6\",\"7b8349ac747c6a24702b762d2c4fd9266cf4f1d6\",\"0e4404da71227dcc02fb1deee803d93e86d08f72\",\"a95acef3719e5e9f7614cc90a119dee4699291eb\",\"3ba0e99ffa727bd7eb782b7a5d1aafcb989b0899\",\"5edc3ded41385ca1b9a80339d2a070e4d0a17cb6\",\"2c9db3558be789ef3896b03ed3f354b822c304b9\",\"a833012353d046b1f12c82db87d01c86570b24d7\",\"77b516425597da3c093a666c11608112e91604de\",\"1ade51a028efa6990b524e0b01237dbd9123957d\",\"9e27074feeaed4b0ae4e5e71187eff80c0f0bf35\",\"cd515839285fe1a31b92193360172d59f818c9b8\",\"9f33a69b86c3c76c52e41d12d83e233065bfcca9\",\"36babc3691687601732d9e2571b698be4116469a\",\"51d6538a90f86fe93ac480b35f37b2be17fef232\",\"31c299268d302dd0aa9a0dcf765a3d58971ac83f\",\"3e92d6a11b92fa4612d66712704844bdc0c48aed\",\"9211cbc02789a32acf5e90c23a42f040ac3ec3f8\",\"0cb32393ebcfc65467398e5daadfb63b2184caea\",\"0f9a5c380d77a8b2888a78c3d3a14db15949b1fa\",\"82377a97b299347cd15cc1be13e1c8d04e33efbb\",\"fe9486c37432968838e1798b2317dc1aa10b586b\",\"77b384eced7745af978888311ea3c67e57c7ed96\",\"fc7f19eff1782a0beae3065097c776183e7d01d0\",\"dbd6d0229d1f1e1c3055cd82efb81f60a27d1103\",\"25c4ec802a7d637f88d584ab26798e94ad14c13b\",\"5e76f7cf8cb1fc353b84b96c72a36c4984cbd005\",\"a5844a8f8f489bad96ab6da62cfa21ee1f5d9e6b\",\"41c132e8ac051886e4eb06e7c3d58ced63d58057\",\"4f03e946c120a8f146f43bee6f392f9bb5d0a677\",\"287cf08546ab5e7e37d55a84f7ed3fd1db036de5\",\"1092c5d94f266e0f94e485a24f7010da877eeba0\",\"910de082618d0d8ccac6443a6e7a72cc8bcd5227\",\"feb4ca79644e8e7e39c06095246ee54b1282c118\",\"3c68098bffba683534584be69216dac3a2b2305a\",\"3323b7713e656f16fbd0eec27c60370b6237f4e3\",\"f3293401ceedf2a32a1c22cb062b274dba6be798\",\"43607cc2a1772b23faf366c24b8e33541187b64d\",\"add015b1c64e144664b73d5eacfeb6aeace2e45c\",\"3e69410288aeb97d31353af8e063b798d40feb3f\",\"39e59aa7e15898a87148f0f4891a085c83b9b0fc\",\"a3f3340b5840cee44f372bddb5880fcbc419b46a\",\"05d405925260878bd750ea7d96c746c2d726b349\",\"65622dcbf4c25328cd440d1b322c6530abe83337\",\"8ca81d591dc2242f9c4b7a907533f0b7f93802b5\",\"3d8cfc3754fba03b8f1a0d44ea4e6e870cf86c57\",\"eb3733d160e74a9c7e442f435eb3bea458e1d19f\",\"d0fefed9b627fbe0c1597ac29ed5f48ff2eb9064\",\"dcd83b31fd165d8cc8677fce58f889dca3e06f35\",\"7f97868eec74b32b0982dd158a51a446d1da7eb5\",\"925f818e2c358746b3a14bf3e5614db14208037f\",\"c95af922eae69f190717a0b7148960af8c55a072\",\"0516c53462e633a479f3826e1d3557033413eeb8\",\"53087c11c10b453af4f2eb47471434eae75526f9\",\"5420a8b6744d3b0345ab293f6fcba19c978f1183\",\"fb03f24d58ac0c7a3d85edc1b91dfcfea4329883\",\"08434a82b8376f585898a97654ce18065d14cb97\",\"a5b47d31c556af34a302ce5d659e6fea44d90de0\",\"838f4ea96166350b9185bf3d2cbf786d34127ca2\",\"f2d2788ce5b1741745c0d1a853e856b5b77376b2\",\"284796d39ddb313ec0ae04898de280d41fe32479\",\"970885f01c8bc1fecb7ab1c8ce8e7609bda45530\",\"4f3d34e492b8930c50204a216d960e7da0dc5f63\",\"9f389a1f0b1d442eba00213e7aa09ccd878d18b0\",\"1b2e8c1531abbfe7dcd3de8ff4483326af275bc8\",\"14227de293ca979cf205cd88769fe71ed96a97e2\",\"e72f93569ef83aca933836c2fb9185faeeced236\",\"3b4ad1db5b2a649883ff3782f5f9f6fb52be71af\",\"a0ae8d516398f3724bb3db614ab47f0e4f643f2e\",\"f7a330473f18ddc052fce1f71a2b2d1231860f71\",\"81205292aba40f8868069e2f18d90043d3e724a6\",\"059398de19c863a04c55315526d6c226de540aa1\",\"e6ec13e5a80029d7ebcbc2c90d16ce5ff1fa6c84\",\"8173ecbc8953a159ae0fa2fad94adf3553b0bf8e\",\"b7dfe2d918fda477aa5b42519294b5ada3c991fa\",\"b6b591a3c0ec0452719f4d4555a3e084fd9f12fb\",\"ba29208cca8f239f2cea685183f79df8e4defc29\",\"422f540d2e1f1b41b6184903cd1eb69c777df1bb\",\"914e67f109a574665d15c0d179cdc796abefb176\",\"1bf6a7ce154075e61134f8a68dd50902c3027a10\",\"2628b30e544c309ac3d0c8cd7e78a785400cd41f\",\"0846a25da24891a7b3c725bc190493b5f7525db8\",\"4cadac2bc790baeffa0a7fa19689223966a64c24\",\"b3031338ac8e006cbd668f67c36c24d2c5e64b6d\",\"cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b\",\"205b70273c7999d96b32db43ab54337690817184\",\"62e345dcf33dd13810ceba10407c30a7db6a0958\",\"53feefa2559fb8dfa8d81baad31be332c97d6c77\",\"e720624475f3807e3dc6477e7af6feb09da0b848\",\"bd61a856f807e525beaee41959452c88c83d46cf\",\"f90ceb4f409096b60e2e9076b38b304b8246e5fa\",\"3c0d4d4f56c36fcfd2da00ff26c40046512b4208\",\"1f1f61830e4c9f1eff03047c9d1d11e576853bc4\",\"f96735bc0fa70a12e9f41277b2d909e0c477ee30\",\"e334f8522ac9fe2b381c329b3159a328eeb14f76\",\"18e5f12b39cb93b31a249fb7115b9bbf6162aeeb\",\"b3472531944cd769419f297322dc285a0fc0d6cc\",\"3e542fbf7c84c0bf22f51ad07899cf80f8658caa\",\"00efe9c47819ca58089c4bd5d1d8463248e23228\",\"670d4cfef0544295bc27a114dbac37980d83185a\",\"8ed39f36d6f36299d2ce5f9b35a05d048500f777\",\"bb4e33bf68bf89cad44d386192cbed201f35b241\",\"bef53efd0c76e49e6de55ead051f886bea7e9420\",\"9eade332f0ceebc6b7c9e24893574cad4c51722b\"]},\"isIgnored\":false,\"publicationTime\":\"2020-04-02T11:29:49.000Z\",\"disclosureTime\":\"2020-03-26T11:30:05.000Z\",\"isUpgradable\":false,\"isPatchable\":false,\"isPinnable\":false,\"identifiers\":{\"CVE\":[\"CVE-2019-11254\"],\"CWE\":[\"CWE-1050\"]},\"credit\":[\"Unknown\"],\"CVSSv3\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"cvssScore\":\"6.5\",\"patches\":[],\"isPatched\":false,\"exploitMaturity\":\"no-known-exploit\",\"reachability\":\"No Info\",\"priorityScore\":325,\"jiraIssueUrl\":null},\"isFixed\":false,\"introducedDate\":\"2020-04-29\",\"projects\":[{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"username/reponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"someotheruser/someotherreponame\",\"source\":\"github\",\"packageManager\":\"npm\",\"targetFile\":\"folder1/package.json\"},{\"url\":\"https://snyk.io/org/orgname/project/projectid\",\"id\":\"projectid\",\"name\":\"projectname\",\"source\":\"cli\",\"packageManager\":\"npm\",\"targetFile\":\"package.json\"}]}" diff --git a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml index 927300492a6..12c31f1e55a 100644 --- a/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml +++ b/packages/snyk/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Snyk vulnerability logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/snyk/data_stream/vulnerabilities/sample_event.json b/packages/snyk/data_stream/vulnerabilities/sample_event.json index 311a3bcaca3..632ba0b08af 100644 --- a/packages/snyk/data_stream/vulnerabilities/sample_event.json +++ b/packages/snyk/data_stream/vulnerabilities/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/docs/README.md b/packages/snyk/docs/README.md index cfe34e1d71f..6589d8f99c7 100644 --- a/packages/snyk/docs/README.md +++ b/packages/snyk/docs/README.md @@ -28,7 +28,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", @@ -137,7 +137,7 @@ An example event for `vulnerabilities` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/snyk/manifest.yml b/packages/snyk/manifest.yml index 66782f1bdec..fb0d906d512 100644 --- a/packages/snyk/manifest.yml +++ b/packages/snyk/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: snyk title: "Snyk" -version: 1.4.0 +version: "1.5.0" license: basic description: Collect logs from Snyk with Elastic Agent. type: integration diff --git a/packages/sonicwall_firewall/_dev/build/build.yml b/packages/sonicwall_firewall/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/sonicwall_firewall/_dev/build/build.yml +++ b/packages/sonicwall_firewall/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 7dd59fce894..a330af6eda2 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json index 993e6fe14c9..c9bebccd3ac 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-drizzthacker.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -91,7 +91,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -183,7 +183,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -260,7 +260,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1220", @@ -303,7 +303,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "session-start", @@ -379,7 +379,7 @@ "port": 45071 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -457,7 +457,7 @@ "port": 35878 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -544,7 +544,7 @@ "port": 10617 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "866", @@ -620,7 +620,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "867", @@ -694,7 +694,7 @@ "port": 56432 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "internal-log-failure", @@ -770,7 +770,7 @@ "port": 22402 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -840,7 +840,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1231", @@ -904,7 +904,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "326", @@ -965,7 +965,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1232", @@ -1013,7 +1013,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "586", @@ -1055,7 +1055,7 @@ { "@timestamp": "2022-04-27T10:24:35.000+02:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "307", @@ -1099,7 +1099,7 @@ "ip": "172.16.1.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "584", @@ -1146,7 +1146,7 @@ { "@timestamp": "2022-04-28T06:38:51.000+02:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1371", @@ -1184,7 +1184,7 @@ "port": 37462 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1370", @@ -1253,7 +1253,7 @@ "port": 12137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -1331,7 +1331,7 @@ "port": 61017 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -1420,7 +1420,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "436", @@ -1467,7 +1467,7 @@ { "@timestamp": "2022-04-27T23:04:26.000+02:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "585", @@ -1513,7 +1513,7 @@ "port": 81 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-blocked", @@ -1585,7 +1585,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "session-end", @@ -1661,7 +1661,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "session-end", @@ -1725,7 +1725,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-success", @@ -1801,7 +1801,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "logout", @@ -1874,7 +1874,7 @@ "ip": "172.16.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "435", @@ -1921,7 +1921,7 @@ { "@timestamp": "2022-04-29T03:46:56.000+02:00", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "internal-log-failure", @@ -1976,7 +1976,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1230", @@ -2028,7 +2028,7 @@ "port": 4444 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-failure", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json index d1fe6f2cc81..a0804d7f704 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json @@ -7,7 +7,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -84,7 +84,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-failure", @@ -158,7 +158,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -236,7 +236,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -306,7 +306,7 @@ "port": 1026 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -380,7 +380,7 @@ "port": 41850 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -466,7 +466,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -533,7 +533,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -610,7 +610,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "login-failure", @@ -684,7 +684,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -761,7 +761,7 @@ "port": 6822 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-dropped", @@ -840,7 +840,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -917,7 +917,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "346", @@ -983,7 +983,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1048,7 +1048,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "483", @@ -1102,7 +1102,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1169,7 +1169,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1236,7 +1236,7 @@ "port": 50000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -1317,7 +1317,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -1393,7 +1393,7 @@ "port": 3582 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1458,7 +1458,7 @@ "ip": "192.168.5.10" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1515,7 +1515,7 @@ "ip": "::1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1592,7 +1592,7 @@ "mac": "00-53-00-00-00-0C" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "id=firewall sn=XXXXXXX time=\"2015-11-21 14:30:38\" fw=10.0.0.1 pri=5 msg=\"Unhandled link-local or multicast IPv6 packet dropped\" srcV6=fe80::d4db:99b9:6f20:f6bd dstV6=ff02::c srcMac=00:53:ff:ff:55:55 dstMac=00:53:00:00:00:0c proto=udp/65535", @@ -1647,7 +1647,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "1388", @@ -1709,7 +1709,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-info", @@ -1791,7 +1791,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -1890,7 +1890,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1996,7 +1996,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -2102,7 +2102,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -2210,7 +2210,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -2313,7 +2313,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -2422,7 +2422,7 @@ "port": 8800 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -2505,7 +2505,7 @@ "port": 1850 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-detected", @@ -2603,7 +2603,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "97", @@ -2707,7 +2707,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "attack-blocked", @@ -2797,7 +2797,7 @@ "port": 4433 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -2895,7 +2895,7 @@ "port": 4433 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -2984,7 +2984,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json index 278f51f787d..c92053d213e 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json @@ -11,7 +11,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", @@ -87,7 +87,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", @@ -166,7 +166,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", @@ -242,7 +242,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json index 8e93116ccaa..2186f50a17f 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json @@ -9,7 +9,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -111,7 +111,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -213,7 +213,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -313,7 +313,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -407,7 +407,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -506,7 +506,7 @@ "port": 64889 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -607,7 +607,7 @@ "port": 64889 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -695,7 +695,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "config-change", @@ -780,7 +780,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "config-change", @@ -867,7 +867,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -973,7 +973,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -1079,7 +1079,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -1175,7 +1175,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -1363,7 +1363,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1460,7 +1460,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -1551,7 +1551,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -1648,7 +1648,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -1752,7 +1752,7 @@ "port": 64891 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -1853,7 +1853,7 @@ "port": 64891 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -1954,7 +1954,7 @@ "port": 64890 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2055,7 +2055,7 @@ "port": 64890 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2156,7 +2156,7 @@ "port": 64892 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2257,7 +2257,7 @@ "port": 64892 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2345,7 +2345,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -2442,7 +2442,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -2535,7 +2535,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -2641,7 +2641,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -2758,7 +2758,7 @@ "port": 64893 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2859,7 +2859,7 @@ "port": 64893 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -2949,7 +2949,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -3055,7 +3055,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -3159,7 +3159,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -3256,7 +3256,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -3360,7 +3360,7 @@ "port": 64894 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -3461,7 +3461,7 @@ "port": 64894 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -3549,7 +3549,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -3646,7 +3646,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -3750,7 +3750,7 @@ "port": 64895 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -3851,7 +3851,7 @@ "port": 64895 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -3941,7 +3941,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -4047,7 +4047,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -4153,7 +4153,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -4249,7 +4249,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -4346,7 +4346,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -4437,7 +4437,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -4534,7 +4534,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -4638,7 +4638,7 @@ "port": 64896 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -4739,7 +4739,7 @@ "port": 64896 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -4840,7 +4840,7 @@ "port": 64897 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -4941,7 +4941,7 @@ "port": 64897 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -5029,7 +5029,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -5126,7 +5126,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -5230,7 +5230,7 @@ "port": 64898 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -5331,7 +5331,7 @@ "port": 64898 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -5419,7 +5419,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -5516,7 +5516,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -5609,7 +5609,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -5715,7 +5715,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -5832,7 +5832,7 @@ "port": 64899 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -5933,7 +5933,7 @@ "port": 64899 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -6023,7 +6023,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -6129,7 +6129,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -6233,7 +6233,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -6330,7 +6330,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -6434,7 +6434,7 @@ "port": 64901 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -6535,7 +6535,7 @@ "port": 64901 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -6623,7 +6623,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -6720,7 +6720,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -6811,7 +6811,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -6908,7 +6908,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -7012,7 +7012,7 @@ "port": 64903 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7113,7 +7113,7 @@ "port": 64903 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7214,7 +7214,7 @@ "port": 64902 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7315,7 +7315,7 @@ "port": 64902 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7403,7 +7403,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -7500,7 +7500,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -7604,7 +7604,7 @@ "port": 64904 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7705,7 +7705,7 @@ "port": 64904 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -7793,7 +7793,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -7890,7 +7890,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -7983,7 +7983,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -8089,7 +8089,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -8195,7 +8195,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -8312,7 +8312,7 @@ "port": 64905 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -8413,7 +8413,7 @@ "port": 64905 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -8503,7 +8503,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -8607,7 +8607,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -8697,7 +8697,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -8783,7 +8783,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -8889,7 +8889,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -8983,7 +8983,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -9077,7 +9077,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -9171,7 +9171,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -9268,7 +9268,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -9365,7 +9365,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -9456,7 +9456,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -9553,7 +9553,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -9657,7 +9657,7 @@ "port": 64906 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -9758,7 +9758,7 @@ "port": 64906 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -9859,7 +9859,7 @@ "port": 64907 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -9960,7 +9960,7 @@ "port": 64907 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -10048,7 +10048,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -10145,7 +10145,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -10249,7 +10249,7 @@ "port": 64908 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -10350,7 +10350,7 @@ "port": 64908 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -10438,7 +10438,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -10535,7 +10535,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -10628,7 +10628,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -10734,7 +10734,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -10851,7 +10851,7 @@ "port": 64909 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -10952,7 +10952,7 @@ "port": 64909 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -11042,7 +11042,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -11148,7 +11148,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -11246,7 +11246,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -11350,7 +11350,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -11447,7 +11447,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -11551,7 +11551,7 @@ "port": 64910 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -11652,7 +11652,7 @@ "port": 64910 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -11742,7 +11742,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -11850,7 +11850,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -11935,7 +11935,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", @@ -12012,7 +12012,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -12097,7 +12097,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-forwarded", @@ -12172,7 +12172,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -12268,7 +12268,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -12365,7 +12365,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -12456,7 +12456,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -12553,7 +12553,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -12657,7 +12657,7 @@ "port": 64913 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -12758,7 +12758,7 @@ "port": 64913 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -12859,7 +12859,7 @@ "port": 64912 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -12960,7 +12960,7 @@ "port": 64912 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -13055,7 +13055,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -13145,7 +13145,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -13228,7 +13228,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -13325,7 +13325,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -13416,7 +13416,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-start", @@ -13513,7 +13513,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "packet-management", @@ -13617,7 +13617,7 @@ "port": 64914 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -13718,7 +13718,7 @@ "port": 64914 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -13808,7 +13808,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -13914,7 +13914,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", @@ -14031,7 +14031,7 @@ "port": 64915 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -14132,7 +14132,7 @@ "port": 64915 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-denied", @@ -14222,7 +14222,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "connection-end", diff --git a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 1b59b12c278..faf1084f906 100644 --- a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SonicWall firewall logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: observer.vendor diff --git a/packages/sonicwall_firewall/data_stream/log/sample_event.json b/packages/sonicwall_firewall/data_stream/log/sample_event.json index f6dd2c97f7f..e072891c782 100644 --- a/packages/sonicwall_firewall/data_stream/log/sample_event.json +++ b/packages/sonicwall_firewall/data_stream/log/sample_event.json @@ -30,7 +30,7 @@ "port": 64889 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/docs/README.md b/packages/sonicwall_firewall/docs/README.md index 7bd2bbf63fa..c56cb96b494 100644 --- a/packages/sonicwall_firewall/docs/README.md +++ b/packages/sonicwall_firewall/docs/README.md @@ -109,7 +109,7 @@ An example event for `log` looks as following: "port": 64889 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "08a5caf6-a717-4f5f-90e2-0f4eb7c59b00", diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index c4ad0353396..dc1c839c53c 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.0.0" +version: "1.1.0" license: basic release: ga description: "Integration for SonicWall firewall logs" diff --git a/packages/sophos/_dev/build/build.yml b/packages/sophos/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/sophos/_dev/build/build.yml +++ b/packages/sophos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 53cc5fa5f9f..673556ee21e 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.4.2" changes: - description: Remove duplicate field. diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json index edb126539ee..9eac68eee1c 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:1:29-06:09:59 localhost.localdomain smtpd[905]: MASTER[nnumqua]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:2:12-13:12:33 astarosg_TVM[5716]: id=ommod severity=medium sys=inima sub=tlabo name=web request blocked, forbidden application detectedaction=accept method=ugiatnu client=stiae facility=nofdeF user=sunt srcip=10.57.170.140 dstip=10.213.231.72 version=1.5102 storage=emips ad_domain=imadmi object=ostrume class=molest type=upt attributes=uiineavocount=tisetq node=irati account=icistatuscode=giatquov cached=eritquii profile=dexeac filteraction=iscinge size=6992 request=oreseos url=https://mail.example.net/tati/utaliqu.html?iquaUten=santium#iciatisu referer=https://www5.example.org/eporroqu/uat.txt?atquovo=suntinc#xeac error=nidolo authtime=tatn dnstime=eli cattime=nnu avscantime=dolo fullreqtime=Loremip device=idolor auth=emeumfu ua=CSed exceptions=lupt group=psaquae category=oinBCSe categoryname=mnisist content-type=sedd reputation=uatD application=iunt app-id=temveleu reason=colabo filename=eme file=numqu extension=qui time=civeli function=block line=agnaali message=gnam fwrule=tat seq=ipitla initf=enp0s7281 outitf=enp0s7084 dstmac=01:00:5e:de:94:f6 srcmac=01:00:5e:1d:c1:c0 proto=den length=tutla tos=olorema prec=;iades ttl=siarchi srcport=2289 dstport=3920 tcpflags=mqu info=apariat prec=tlabore caller=untmolli engine=remi localip=saute host=ercit2385.internal.home extra=run server=10.47.202.102 cookie=quirat set-cookie=llu", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:2:26-20:15:08 eirure7587.internal.localhost reverseproxy: [mpori] [aaliquaU:medium] [pid 3905:lpaqui] (22)No form context found: [client sitame] No form context found when parsing iadese tag, referer: https://api.example.com/utla/utei.htm?oei=tlabori#oin", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:3:12-03:17:42 data4478.api.lan confd: id=iquipex severity=very-high sys=uradip sub=wri name=bor client=occa facility=stquidol user=itquiin srcip=10.106.239.55 version=1.3129 storage=atevel object=nsecte class=itame type=eumfug attributes=litcount=asun node=estia account=eaq", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:3:26-10:20:16 ctetura3009.www5.corp reverseproxy: [lita] [adeseru:medium] [pid 7692:eaq] amest configured -- corp normal operations", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:4:9-17:22:51 localhost smtpd[1411]: MASTER[inculpa]: QR globally disabled, status one set to 'disabled'", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:4:24-00:25:25 httpproxy[176]: [nse] disk_cache_zap (non) paquioff", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:5:8-07:27:59 ptasnu6684.mail.lan reverseproxy: [orumSe] [boree:low] [pid 945:rQuisau] AH01915: Init: (10.18.13.211:205) You configured ofdeFini(irat) on the onev(aturauto) port!", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:5:22-14:30:33 ssecillu7166.internal.lan barnyard: Initializing daemon mode", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:6:5-21:33:08 ore5643.api.lan reverseproxy: [metco] [acom:high] [pid 2164:nim] ModSecurity: utaliqu compiled version=\"rsi\"; loaded version=\"taliqui\"", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:6:20-04:35:42 ciun39.localdomain reverseproxy: [iatqu] [inBCSedu:high] [pid 4006:rorsit] AH00098: pid file tionemu overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:7:4-11:38:16 atatnon6064.www.invalid reverseproxy: [magnid] [adol:low] [pid 1263:roide] AH00291: long lost child came home! (pid tem)", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:7:18-18:40:50 gitse2463.www5.invalid aua: id=tvolup severity=low sys=sci sub=col name=web request blocked srcip=10.42.252.243 user=agnaaliq caller=est engine=mquisno", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:8:2-01:43:25 httpproxy[2078]: [mol] sc_server_cmd (umdolors) decrypt failed", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:8:16-08:45:59 oriosam6277.mail.localdomain frox: Listening on 10.169.5.162:6676", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:8:30-15:48:33 ptate3830.internal.localhost reverseproxy: [quamqua] [ntut:high] [pid 5996:meum] AH02572: Failed to configure at least one certificate and key for mini:Loremip", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:9:13-22:51:07 nvo6105.invalid reverseproxy: [amquaer] [aqui:medium] [pid 3340:lpa] AH00020: Configuration Failed, isn", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:9:28-05:53:42 afcd[2492]: Classifier configuration reloaded successfully", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:10:12-12:56:16 edic2758.api.domain confd: id=olabori severity=medium sys=atatnon sub=lica name=secil client=uisnos facility=olores user=scipit srcip=10.54.169.175 version=1.5889 storage=onorumet object=ptatema class=eavolup type=ipsumq attributes=evitcount=tno node=iss account=taspe", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:10:26-19:58:50 aua[32]: id=mmo severity=high sys=tlaboru sub=aeabillo name=checking if admin is enabled srcip=10.26.228.145 user=eruntmo caller=nimve engine=usanti", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:11:10-03:01:24 sshd[2051]: Server listening on 10.59.215.207 port 6195.", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:11:24-10:03:59 ectobeat3157.mail.local reverseproxy: [uasiarch] [Malor:low] [pid 170:cillumdo] AH02312: Fatal error initialising mod_ssl, ditau.", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:12:8-17:06:33 ident2323.internal.corp reverseproxy: [hend] [remagna:high] [pid 873:aparia] AH01909: 10.144.21.112:90:epteurs server certificate does NOT include an ID which matches the server name", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2016:12:23-00:09:07 ttenb4581.www.host httpproxy: [rem] main (exer) shutdown finished, exiting", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:1:6-07:11:41 lapari5763.api.invalid frox: Listening on 10.103.2.48:4713", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:1:20-14:14:16 elites4713.www.localhost ulogd: id=serr severity=very-high sys=olore sub=onemul name=portscan detected action=deny fwrule=remeum seq=etur initf=lo6086 outitf=lo272 dstmac=01:00:5e:51:b9:4d srcmac=01:00:5e:15:3a:74 srcip=10.161.51.135 dstip=10.52.190.18 proto=isni length=quid tos=aUten prec=Duis ttl=uisq srcport=7807 dstport=165 tcpflags=accus info=CSed code=tiu type=wri", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:2:3-21:16:50 sam1795.invalid reverseproxy: [lorese] [olupta:low] [pid 3338:iqui] AH02312: Fatal error initialising mod_ssl, animide.", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:2:18-04:19:24 confd[10]: id=arch severity=high sys=data sub=ugits name=ittenb client=tobeatae facility=ntut user=llum srcip=10.232.108.32 version=1.5240 storage=idolo object=mqu class=mquido type=ende attributes=ntmollitcount=tisu node=ionofdeF account=rsp", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:3:4-11:21:59 nostrum6305.internal.localhost astarosg_TVM: id=llitani severity=high sys=itametco sub=etcons name=web request blocked, forbidden url detectedaction=allow method=iuntN client=utfugi facility=ursintoc user=tio srcip=10.89.41.97 dstip=10.231.116.175 version=1.5146 storage=lup ad_domain=mipsamv object=exeacomm class=sequines type=cto attributes=cusacount=nderi node=tem account=tcustatuscode=eumiu cached=nim profile=pteurs filteraction=ercitati size=835 request=ptat url=https://mail.example.net/velillu/ecatcupi.txt?rsitamet=leumiur#ssequamn referer=https://example.com/taliqui/idi.txt?undeomn=ape#itaspe error=ari authtime=umtot dnstime=onemulla cattime=atquo avscantime=borio fullreqtime=equatD device=uidol auth=inculpa ua=ruredol exceptions=iadeseru group=loremagn category=acons categoryname=nimadmi content-type=lapa reputation=emoenimi application=iquipex app-id=mqu reason=onorume filename=abill file=ametcon extension=ofdeFini time=tasnu function=deny line=tionev message=uasiarch fwrule=velites seq=uredolor initf=lo1543 outitf=lo6683 dstmac=01:00:5e:8c:f2:06 srcmac=01:00:5e:6f:71:02 proto=plica length=asiarc tos=lor prec=;nvolupt ttl=dquia srcport=5334 dstport=1525 tcpflags=umfugiat info=quisnos prec=utf caller=dolor engine=dexe localip=nemul host=Duis583.api.local extra=eavolupt server=10.17.51.153 cookie=aperiame set-cookie=stenat", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:3:18-18:24:33 xeaco7887.www.localdomain aua: id=hite severity=very-high sys=ugitsed sub=dminimve name=Packet accepted srcip=10.137.165.144 user=uptate caller=tot engine=reme", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:4:2-01:27:07 reverseproxy[5430]: ARGS:userPermissions: [\\\\x22dashletAccessAlertingRecentAlertsPanel\\\\x22,\\\\x22dashletAccessAlerterTopAlertsDashlet\\\\x22,\\\\x22accessViewRules\\\\x22,\\\\x22deployLiveResources\\\\x22,\\\\x22vi...\"] [severity [hostname \"iscivel3512.invalid\"] [uri \"atcupi\"] [unique_id \"eriti\"]", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:4:16-08:29:41 sockd[6181]: dante/server 1.202 running", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:4:30-15:32:16 dolor5799.home afcd: Classifier configuration reloaded successfully", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:5:14-22:34:50 oreseosq1859.api.lan reverseproxy: [mmodic] [essequam:low] [pid 6691:ficiade] [client uiinea] [uianonn] virus daemon connection problem found in request https://www5.example.com/dantium/ors.htm?sinto=edi#eumiure, referer: https://example.com/adeser/mSe.gif?aute=rchite#rcit", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:5:29-05:37:24 confd-sync[6908]: id=smoditem severity=very-high sys=tev sub=oNemoeni name=luptatem", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:6:12-12:39:58 autodit272.www.localhost reverseproxy: [oriss] [imadmin:very-high] [pid 1121:urve] ModSecurity: sBonoru compiled version=\"everi\"; loaded version=\"squ\"", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:6:26-19:42:33 rporis6787.www5.localdomain reverseproxy: [quasiarc] [pta:low] [pid 3705:liqu] [client ipsu] AH01114: siarch: failed to make connection to backend: 10.148.21.7", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:7:11-02:45:07 reprehe5661.www.lan reverseproxy: rManage\\\\x22,\\\\x22manageLiveSystemSettings\\\\x22,\\\\x22accessViewJobs\\\\x22,\\\\x22exportList\\\\...\"] [ver \"olor\"] [maturity \"corpo\"] [accuracy \"commod\"] iumd [hostname \"ntore4333.api.invalid\"] [uri \"sitv\"] [unique_id \"equam\"]", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:7:25-09:47:41 exim[2384]: aeca-ugitse-ameiu utei:caecat:lumquid oluptat sequatD163.internal.example [10.151.206.38]:5794 lits", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:8:8-16:50:15 elillu5777.www5.lan pluto: \"elaudant\"[olup] 10.230.4.70 #ncu: starting keying attempt quaturve of an unlimited number", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:8:22-23:52:50 ecatcup3022.mail.invalid xl2tpd: Inherited by nproide", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:9:6-06:55:24 qui7797.www.host ipsec_starter: Starting strongSwan umet IPsec [starter]...", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:9:20-13:57:58 nofdeFin2037.mail.example reverseproxy: [quatD] [nevol:high] [pid 3994:Sectio] [client tiumdol] [laud] cannot read reply: Operation now in progress (115), referer: https://example.org/tquov/natu.jpg?uianonnu=por#nve", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:10:4-21:00:32 sockd[7264]: dante/server 1.3714 running", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:10:19-04:03:07 eFinib2403.api.example reverseproxy: [utaliq] [sun:high] [pid 4074:uredol] [client quatD] [enimad] ecatcu while reading reply from cssd, referer: https://mail.example.org/urautod/eveli.html?rese=nonproi#doconse", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:11:2-11:05:41 confd[4939]: id=acons severity=high sys=adipisc sub=omnisist name=orroqui client=sci facility=psamvolu user=itsedqui srcip=10.244.96.61 version=1.2707 storage=onevol object=ese class=reprehen type=Exce attributes=toccacount=tinvolu node=ecatc account=iumt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:11:16-18:08:15 named[1900]: reloading eddoei iono", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:12:1-01:10:49 obeatae2042.www.domain reverseproxy: [dquian] [isaute:low] [pid 1853:utfugit] (70007)The ula specified has expired: [client quaUteni] AH01110: error reading response", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:12:15-08:13:24 aerat1267.www5.example pop3proxy: Master started", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2017:12:29-15:15:58 writt2238.internal.localdomain reverseproxy: [uaer] [aed:low] [pid 478:ain] [client scingeli] [uatDuis] mod_avscan_check_file_single_part() called with parameter filename=imip", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:1:12-22:18:32 siutaliq4937.api.lan reverseproxy: [siutaliq] [urvel:very-high] [pid 7721:ntium] [imadmi] Hostname in dquiac request (liquide) does not match the server name (uatD)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:1:27-05:21:06 URID[7596]: T=BCSedut ------ 1 - [exit] accept: ametco", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:2:10-12:23:41 astarosg_TVM[1090]: id=udex severity=low sys=iam sub=animi name=UDP flood detectedaction=allow method=nsectetu client=spici facility=untutl user=hen srcip=10.214.167.164 dstip=10.76.98.53 version=1.3726 storage=uovolup ad_domain=expl object=animi class=mdoloree type=mullamco attributes=tnulcount=ons node=radip account=amremapstatuscode=dolorsit cached=atisund profile=isnostru filteraction=quepo size=5693 request=nisi url=https://api.example.org/iono/secillum.txt?apariat=tse#enbyCi referer=https://example.com/eetdol/aut.jpg?pitlab=tutlabor#imadmi error=nculp authtime=quamnihi dnstime=nimadmi cattime=mquiado avscantime=agn fullreqtime=dip device=urmag auth=nim ua=laboreet exceptions=tutlabo group=incid category=der categoryname=totamrem content-type=eaqu reputation=itani application=mni app-id=runtmol reason=uaer filename=nor file=saut extension=olest time=volu function=block line=osam message=ncid fwrule=loremagn seq=uisau initf=lo1255 outitf=eth965 dstmac=01:00:5e:2f:c3:3e srcmac=01:00:5e:65:2d:fe proto=ictasun length=iumto tos=ciun prec=;prehe ttl=essec srcport=4562 dstport=2390 tcpflags=uaera info=nsequa prec=yCicero caller=orporis engine=oluptate localip=tesseq host=tenbyCi4371.www5.localdomain extra=spernatu server=10.98.126.206 cookie=tion set-cookie=tNeque", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:2:24-19:26:15 ulogd[6722]: id=persp severity=medium sys=orev sub=lapa name=Packet logged action=allow fwrule=adminim seq=isiutali initf=lo7088 outitf=eth6357 dstmac=01:00:5e:9a:fe:91 srcmac=01:00:5e:78:1a:5a srcip=10.203.157.250 dstip=10.32.236.117 proto=turm length=quamei tos=nvento prec=nama ttl=ema srcport=6585 dstport=5550 tcpflags=xeacomm info=oriosa code=erspici type=oreeu", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:3:11-02:28:49 ectob5542.www5.corp reverseproxy: [agni] [ivelit:high] [pid 7755:uovol] AH00959: ap_proxy_connect_backend disabling worker for (10.231.77.26) for volups", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:3:25-09:31:24 iusmo901.www.home httpd: id=scivelit severity=high sys=untut sub=siu name=Authentication successfulaction=allow method=icons client=hende facility=umdol user=Sedutper srcip=10.2.24.156 dstip=10.113.78.101 version=1.2707 storage=amqua ad_domain=nsequatu object=aboNemoe class=mqu type=tse attributes=ntiumdcount=ueip node=amvo account=dolorsistatuscode=acc cached=quinesc profile=ulpaq filteraction=usa size=5474 request=tob url=https://www.example.org/imipsamv/doeiu.jpg?nderit=ficia#tru referer=https://mail.example.org/natuser/olupt.txt?ipsumqu=nsec#smo error=avolup authtime=litse dnstime=archit cattime=nde avscantime=tNequepo fullreqtime=byCicer device=imvenia auth=ipit ua=tdolorem exceptions=nderitin group=mquiado category=ssequa categoryname=nisist content-type=temvele reputation=ofd application=quam app-id=umdol reason=porincid filename=tisetqu file=pici extension=erit time=ehenderi function=block line=fugiatqu message=Duisaute fwrule=uptat seq=hende initf=lo3680 outitf=lo4358 dstmac=01:00:5e:0a:8f:6c srcmac=01:00:5e:34:8c:d2 proto=mnis length=ainci tos=aturve prec=;tiumdol ttl=mporain srcport=6938 dstport=6939 tcpflags=dut info=aecons prec=tionemu caller=edictasu engine=quipexea localip=orsit host=tenima5715.api.example extra=snisiut server=10.92.93.236 cookie=amr set-cookie=mfug port=7174 query=exerc uid=ntoccae", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:4:8-16:33:58 astarosg_TVM[6463]: id=user severity=low sys=sequamn sub=adeseru name=File extension warned and proceededaction=accept method=mquisn client=ulamcol facility=nulamcol user=atatno srcip=10.180.169.49 dstip=10.206.69.71 version=1.3155 storage=risni ad_domain=ccaecat object=dtemp class=onproid type=ica attributes=mnisiscount=edolor node=nonnumqu account=iscivelistatuscode=urve cached=sundeomn profile=tasu filteraction=equunt size=3144 request=ilmo url=https://mail.example.net/isqua/deF.html?iameaq=orainci#adm referer=https://api.example.org/mremap/ate.htm?tlabor=cidunt#ria error=tessec authtime=cupida dnstime=ciade cattime=busBonor avscantime=enima fullreqtime=emseq device=osamni auth=umetMa ua=equatDui exceptions=its group=setquas category=nti categoryname=osamnis content-type=atisetqu reputation=ciduntut application=atisu app-id=edutpe reason=architec filename=incul file=tevelit extension=emse time=eipsaqua function=cancel line=suntincu message=lore fwrule=equatu seq=enbyCi initf=enp0s566 outitf=lo2179 dstmac=01:00:5e:2c:9d:65 srcmac=01:00:5e:1a:03:f5 proto=orema length=iusmo tos=uunturm prec=;mSect ttl=avolupta srcport=3308 dstport=1402 tcpflags=dolo info=tsed prec=corpori caller=cillumd engine=umdol localip=turmagn host=mni4032.lan extra=amrem server=10.202.65.2 cookie=queporr set-cookie=oide", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:4:22-23:36:32 iscing6960.api.invalid reverseproxy: [emipsu] [incidu:very-high] [pid 5350:itation] SSL Library Error: error:itasper:failure", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:5:7-06:39:06 httpd[793]: [ruredo:success] [pid nculpaq:mides] [client iconseq] ModSecurity: Warning. nidolo [file \"runtmoll\"] [line \"tuserror\"] [id \"utlabo\"] [rev \"scip\"] [msg \"imvenia\"] [severity \"low\"] [ver \"1.6420\"] [maturity \"nisi\"] [accuracy \"seq\"] [tag \"ors\"] [hostname \"olupta3647.host\"] [uri \"uaUteni\"] [unique_id \"gitsedqu\"]amqu", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:5:21-13:41:41 named[6633]: FORMERR resolving 'iavolu7814.www5.localhost': 10.194.12.83#elit", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:6:4-20:44:15 astarosg_TVM[5792]: id=elitess severity=low sys=amqua sub=mavenia name=checking if admin is enabledaction=cancel method=doc client=teurs facility=eturadi user=eturadip srcip=10.33.138.154 dstip=10.254.28.41 version=1.4256 storage=volupta ad_domain=dolor object=dolorsit class=tfugits type=lor attributes=oremcount=utper node=ueips account=umqustatuscode=ntexpli cached=siuta profile=porincid filteraction=itame size=1026 request=fugiat url=https://www5.example.org/etcons/aecatc.jpg?ditem=tut#oditautf referer=https://internal.example.org/eddoei/iatqu.htm?itessec=dat#tdol error=emul authtime=ariatu dnstime=luptate cattime=umdolore avscantime=iutaliq fullreqtime=oriosamn device=oluptate auth=tcu ua=mmodo exceptions=rauto group=lup category=orem categoryname=tutl content-type=iusmo reputation=uiavolu application=eri app-id=pis reason=riosam filename=isa file=nonnum extension=Nemoenim time=itati function=cancel line=nes message=atvolupt fwrule=umwritt seq=uae initf=enp0s3792 outitf=lo2114 dstmac=01:00:5e:24:b8:9f srcmac=01:00:5e:a1:a3:9f proto=bil length=itten tos=icer prec=;dolo ttl=siutaliq srcport=1455 dstport=6937 tcpflags=pexeaco info=ercitati prec=dexea caller=tasnul engine=onu localip=orisnisi host=obea2960.mail.corp extra=dolor server=10.45.12.53 cookie=etdo set-cookie=edictas", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:6:19-03:46:49 frox[7744]: Listening on 10.99.134.49:2274", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:7:3-10:49:23 olli5982.www.test reverseproxy: [asp] [uatDui:medium] [pid 212:unde] [client raut] [suscip] virus daemon error found in request ectetu, referer: https://example.com/ariat/ptatemU.txt?cusan=ueipsaq#upid", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:7:17-17:51:58 nsecte3644.internal.test reverseproxy: [tutla] [isund:high] [pid 3136:uidex] [client uptate] Invalid signature, cookie: JSESSIONID", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:8:1-00:54:32 confd[4157]: id=onseq severity=very-high sys=siutaliq sub=aliqu name=serro client=ctet facility=umiurere user=antium srcip=10.32.85.21 version=1.7852 storage=eaco object=onp class=ectetur type=ione attributes=utlaborecount=nci node=acommodi account=etconsec", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:8:15-07:57:06 econseq7119.www.home sshd: error: Could not get shadow information for NOUSER", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:8:29-14:59:40 ant2543.www5.lan reverseproxy: [uaturve] [lapa:high] [pid 3669:idu] [client sed] [utem] cannot read reply: Operation now in progress (115), referer: https://example.com/oremagn/ehenderi.htm?mdolo=ionul#oeiusmo", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:9:12-22:02:15 pluto[7138]: | sent accept notification olore with seqno = urEx", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:9:27-05:04:49 httpd[6562]: id=iurere severity=medium sys=erc sub=atu name=http accessaction=accept method=odte client=uis facility=sedquia user=reetd srcip=10.210.175.52 dstip=10.87.14.186 version=1.7641 storage=tasu ad_domain=mquae object=CSedu class=atae type=aeconseq attributes=boNemocount=duntutla node=mqu account=inimastatuscode=emipsum cached=venia profile=Loremi filteraction=uisnostr size=849 request=vol url=https://internal.example.com/ritat/dipi.jpg?aliquide=aliqui#agnaaliq referer=https://api.example.org/Bonorume/emeumfu.txt?iuntNequ=ender#quid error=mipsa authtime=teturad dnstime=nimide cattime=spernat avscantime=nevolu fullreqtime=itectobe device=rroq auth=itessequ ua=uunt exceptions=pic group=unt category=emUt categoryname=eiru content-type=sauteir reputation=pic application=caecatc app-id=iarc reason=emquia filename=duntutl file=idi extension=reetdo time=pidatatn function=cancel line=ncul message=mcorpor fwrule=ofd seq=lapariat initf=eth65 outitf=lo3615 dstmac=01:00:5e:b3:e3:90 srcmac=01:00:5e:0e:b3:8e proto=consequ length=min tos=riame prec=;gnaal ttl=nti srcport=1125 dstport=605 tcpflags=utlab info=colabo prec=ditem caller=did engine=BCS localip=idex host=nisiuta4810.api.test extra=apa server=10.85.200.58 cookie=esse set-cookie=idexeac port=2294 query=iatquovo uid=rExce", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:10:11-12:07:23 itametc1599.api.test ulogd: id=itaedi severity=low sys=ore sub=ips name=Authentication successful action=block fwrule=iamqu seq=aboN initf=eth2679 outitf=enp0s1164 dstmac=01:00:5e:c3:8a:24 srcmac=01:00:5e:5a:9d:a9 srcip=10.133.45.45 dstip=10.115.166.48 proto=utaliq length=icer tos=essequ prec=oeiu ttl=nsequa srcport=4180 dstport=4884 tcpflags=squa info=etM code=eve type=iru", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:10:25-19:09:57 tiumt5462.mail.localhost sshd: Invalid user admin from runt", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:11:9-02:12:32 vol1450.internal.host sshd: Server listening on 10.71.184.162 port 3506.", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:11:23-09:15:06 ipsec_starter[178]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:12:7-16:17:40 rporissu573.api.test reverseproxy: [exercita] [emaperi:very-high] [pid 5943:ddoei] AH02312: Fatal error initialising mod_ssl, nihi.", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2018:12:21-23:20:14 nostru774.corp URID: T=tatnonp ------ 1 - [exit] allow: natuserr", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:1:5-06:22:49 ipsec_starter[6226]: IP address or index of physical interface changed -\u003e reinit of ipsec interface", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:1:19-13:25:23 httpd[5037]: [iadese:unknown] [pid isundeo:emq] [client rehender] ModSecurity: Warning. uat [file \"apa\"] [line \"tani\"] [id \"per\"] [rev \"ngelitse\"] [msg \"olorsita\"] [severity \"medium\"] [ver \"1.7102\"] [maturity \"apariat\"] [accuracy \"iuntNequ\"] [tag \"rExc\"] [hostname \"lorsita2216.www5.example\"] [uri \"turvelil\"] [unique_id \"velitsed\"]rau", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:2:2-20:27:57 sum2208.host reverseproxy: [eir] [nia:medium] [pid 4346:mco] [client ritinvol] [quioffi] mod_avscan_check_file_single_part() called with parameter filename=quamquae", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:2:17-03:30:32 ore6843.local reverseproxy: [usmodite] [aveniam:medium] [pid 5126:xplicab] [client taev] No signature found, cookie: dictasu", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:3:3-10:33:06 Sedu1610.mail.corp reverseproxy: [audant] [porr:medium] [pid 7442:tation] [client uunturma] AH01114: cons: failed to make connection to backend: 10.177.35.133", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:3:17-17:35:40 corpo6737.example reverseproxy: [officiad] [aliquide:very-high] [pid 6600:errorsi] [client raincidu] [orincidi] cannot connect: failure (111)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:4:1-00:38:14 pop3proxy[6854]: Master started", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:4:15-07:40:49 eratvol314.www.home pop3proxy: Master started", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:4:29-14:43:23 utemvele1838.mail.test reverseproxy: [xplicabo] [aco:high] [pid 2389:ratione] [client nrepr] ModSecurity: Warning. uipex [file \"alorumw\"] [line \"nibus\"] [id \"eiusmo\"] [msg \"rci\"] [hostname \"seosquir715.local\"] [uri \"ercitati\"] [unique_id \"uiration\"]", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:5:13-21:45:57 ulapari2656.local reverseproxy: [itessec] [non:very-high] [pid 2237:licaboN] [client nvol] [moenimip] cannot connect: failure (111)", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:5:28-04:48:31 reverseproxy[4278]: [ritat] [iscinge:very-high] [pid 4264:rroquisq] [client tnonpro] [nimv] erunt while reading reply from cssd, referer: https://example.org/etcon/ipitlab.gif?utlabore=suscipi#tlabor", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:6:11-11:51:06 URID[7418]: T=xer ------ 1 - [exit] cancel: onemul", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:6:25-18:53:40 pluto[7201]: | handling event ips for 10.165.217.56 \"econse\" #otamr", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:7:10-01:56:14 stla2856.host reverseproxy: [onpro] [adolo:very-high] [pid 7766:siste] ModSecurity for Apache/nisiut (ostr) configured.", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:7:24-08:58:48 peri6748.www5.domain reverseproxy: [cingeli] [esseq:high] [pid 2404:aquae] AH00098: pid file otamrema overwritten -- Unclean shutdown of previous Apache run?", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:8:7-16:01:23 tnon5442.internal.test reverseproxy: [ive] [tquido:very-high] [pid 6108:taliquip] AH00295: caught accept, ectetu", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:8:21-23:03:57 ariatu2606.www.host reverseproxy: [quamestq] [umquid:very-high] [pid 7690:rem] [client its] [inv] not all the file sent to the client: rin, referer: https://example.org/tation/tutlabo.jpg?amvo=ullamco#tati", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:9:5-06:06:31 imv1805.api.host ulogd: id=oenim severity=very-high sys=iaturExc sub=orsit name=ICMP flood detected action=cancel fwrule=eos seq=quameius initf=lo4665 outitf=lo3422 dstmac=01:00:5e:d6:f3:bc srcmac=01:00:5e:87:02:08 srcip=10.96.243.231 dstip=10.248.62.55 proto=ugiat length=quiin tos=apar prec=eleumiur ttl=chite srcport=5632 dstport=4206 tcpflags=tevelit info=etc code=lorem type=temvele", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:9:19-13:09:05 rita600.www5.localdomain reverseproxy: [ini] [elite:high] [pid 7650:mnisiut] AH00959: ap_proxy_connect_backend disabling worker for (10.132.101.158) for cipitlabs", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:10:3-20:11:40 sshd[2014]: Did not receive identification string from rroq", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:10:18-03:14:14 admini1122.www.local reverseproxy: [ritte] [umwritte:very-high] [pid 1817:atu] (13)failure: [client vol] AH01095: prefetch request body failed to 10.96.193.132:5342 (orumwr) from bori ()", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:11:1-10:16:48 confd[2475]: id=utaliqu severity=low sys=xplicabo sub=quamni name=dol client=sisten facility=remeumf user=acommod srcip=10.96.200.83 version=1.7416 storage=sper object=asia class=roident type=olorem attributes=teursintcount=evelites node=nostr account=lapariat", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:11:15-17:19:22 emvel4391.localhost sshd: Did not receive identification string from quelaud", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:11:30-00:21:57 confd-sync[5454]: id=smodite severity=high sys=utpersp sub=rnatu name=ico", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "2019:12:14-07:24:31 untinc5531.www5.test sshd: error: Could not get shadow information for NOUSER", "tags": [ diff --git a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json index 5734a9c2d50..74053dc8a83 100644 --- a/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json +++ b/packages/sophos/data_stream/utm/_dev/test/pipeline/test-packet-filter.json-expected.json @@ -20,7 +20,7 @@ "port": 51130 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "de9c1b8e-5967-4715-bc22-6f9dd52f6cc2", diff --git a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml index 29f81ca838e..6ef8978de46 100644 --- a/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Sophos UTM (formerly Astaro Security Gateway). processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - gsub: field: destination.mac ignore_missing: true diff --git a/packages/sophos/data_stream/utm/sample_event.json b/packages/sophos/data_stream/utm/sample_event.json index 5dbfab0f643..631926a15bd 100644 --- a/packages/sophos/data_stream/utm/sample_event.json +++ b/packages/sophos/data_stream/utm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json index c66570ca003..e3afc10cb3e 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-spam.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -221,7 +221,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -429,7 +429,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -534,7 +534,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -639,7 +639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -943,7 +943,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Dos", @@ -1028,7 +1028,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1132,7 +1132,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1342,7 +1342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1445,7 +1445,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1752,7 +1752,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1853,7 +1853,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json index 1e0453eb74b..55e6f2d4e73 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", @@ -97,7 +97,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json index e7daf30636c..4f6f42b1aa8 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-smtp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json index 0fe6da359cc..a7d1979d6e0 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-anti-virus-web.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", @@ -119,7 +119,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json index ba45c6c2e91..d49fee8f348 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-atp-firewall.log-expected.json @@ -19,7 +19,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -105,7 +105,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json index dcd6da5cca0..558f121aaca 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-authentication.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-01-31T18:13:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ { "@timestamp": "2017-03-15T14:33:37.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ { "@timestamp": "2017-03-15T17:23:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json index c634182549c..771f02e378d 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-http.log-expected.json @@ -20,7 +20,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -115,7 +115,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -218,7 +218,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -326,7 +326,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -434,7 +434,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -543,7 +543,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -651,7 +651,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "warned", @@ -757,7 +757,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json index aa8a24a42de..b52643e6a7d 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-content-filtering-web-content-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json index 9c7e72878a7..af9dc6f8cda 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-firewall.log-expected.json @@ -24,7 +24,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -169,7 +169,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -286,7 +286,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -388,7 +388,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -505,7 +505,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -608,7 +608,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -716,7 +716,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -810,7 +810,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -902,7 +902,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1002,7 +1002,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1102,7 +1102,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1203,7 +1203,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1298,7 +1298,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1412,7 +1412,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1507,7 +1507,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1595,7 +1595,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json index 42e6a24e4af..d96a3e90693 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-idp.log-expected.json @@ -7,7 +7,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "detect", @@ -89,7 +89,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -171,7 +171,7 @@ "port": 111 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "detect", @@ -253,7 +253,7 @@ "port": 40575 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json index 0ba6a835e43..56d92193bf3 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-sandstorm.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-12-02T18:27:55.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", @@ -63,7 +63,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", @@ -145,7 +145,7 @@ "domain": "ta-web-static.qa.astaro.de" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Denied", @@ -229,7 +229,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Pending", @@ -312,7 +312,7 @@ "domain": "floater.baldrys.ca" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Pending", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json index 71c38ab6aa4..8c343cb1da4 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-systemhealth.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18031", @@ -49,7 +49,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18031", @@ -96,7 +96,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18031", @@ -147,7 +147,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18031", @@ -194,7 +194,7 @@ { "@timestamp": "2018-06-05T15:10:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18031", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json index d13c536248d..ac0a74a55f6 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18-5-wireless.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18011", @@ -50,7 +50,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18011", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json index 5165e016a4f..d2366263664 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json @@ -10,7 +10,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -117,7 +117,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -243,7 +243,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -592,7 +592,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -902,7 +902,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Dos", @@ -987,7 +987,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1091,7 +1091,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1206,7 +1206,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", @@ -1327,7 +1327,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1803,7 +1803,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "email": { "from": { @@ -1906,7 +1906,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Virus", @@ -1994,7 +1994,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", @@ -2088,7 +2088,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -2181,7 +2181,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -2285,7 +2285,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -2389,7 +2389,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -2477,7 +2477,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2582,7 +2582,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -2691,7 +2691,7 @@ "port": 5228 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -2797,7 +2797,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2912,7 +2912,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -3029,7 +3029,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3139,7 +3139,7 @@ { "@timestamp": "2016-12-02T18:50:20.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "alert", @@ -3220,7 +3220,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "warned", @@ -3326,7 +3326,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3418,7 +3418,7 @@ { "@timestamp": "2020-05-18T14:38:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -3518,7 +3518,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18055", @@ -3591,7 +3591,7 @@ { "@timestamp": "2020-05-18T14:38:59.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18057", @@ -3637,7 +3637,7 @@ { "@timestamp": "2020-05-18T14:39:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -3718,7 +3718,7 @@ { "@timestamp": "2020-05-18T14:39:01.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -3772,7 +3772,7 @@ { "@timestamp": "2020-05-18T14:39:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "60022", @@ -3819,7 +3819,7 @@ { "@timestamp": "2020-05-18T14:39:03.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -3903,7 +3903,7 @@ "bytes": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17824", @@ -3961,7 +3961,7 @@ { "@timestamp": "2020-05-18T14:39:05.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -4039,7 +4039,7 @@ { "@timestamp": "2020-05-18T14:39:06.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18017", @@ -4086,7 +4086,7 @@ { "@timestamp": "2020-05-18T14:39:07.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17502", @@ -4144,7 +4144,7 @@ { "@timestamp": "2020-05-18T14:39:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17507", @@ -4214,7 +4214,7 @@ { "@timestamp": "2020-05-18T14:39:09.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17818", @@ -4261,7 +4261,7 @@ { "@timestamp": "2020-05-18T14:39:10.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17923", @@ -4309,7 +4309,7 @@ "bytes": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -4388,7 +4388,7 @@ "bytes": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18014", @@ -4445,7 +4445,7 @@ "bytes": 31488 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18015", @@ -4502,7 +4502,7 @@ "bytes": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18016", @@ -4556,7 +4556,7 @@ { "@timestamp": "2018-06-06T11:12:10.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "17815", @@ -4624,7 +4624,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4767,7 +4767,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4910,7 +4910,7 @@ "port": 4980 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5027,7 +5027,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5153,7 +5153,7 @@ "port": 18 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5265,7 +5265,7 @@ "port": 1109 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5392,7 +5392,7 @@ "port": 64465 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5506,7 +5506,7 @@ "port": 56267 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -5618,7 +5618,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5754,7 +5754,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5868,7 +5868,7 @@ "port": 88 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -6006,7 +6006,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6100,7 +6100,7 @@ "port": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6192,7 +6192,7 @@ "port": 137 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6292,7 +6292,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6392,7 +6392,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6499,7 +6499,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6594,7 +6594,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6693,7 +6693,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6806,7 +6806,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -6916,7 +6916,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -7021,7 +7021,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -7126,7 +7126,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -7219,7 +7219,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "detect", @@ -7301,7 +7301,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", @@ -7379,7 +7379,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", @@ -7436,7 +7436,7 @@ { "@timestamp": "2017-01-31T14:52:11.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Denied", @@ -7514,7 +7514,7 @@ { "@timestamp": "2017-01-31T15:28:25.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Allowed", @@ -7574,7 +7574,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Pending", @@ -7658,7 +7658,7 @@ "ip": "10.198.241.50" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Denied", @@ -7743,7 +7743,7 @@ "domain": "sophostest.com" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Denied", @@ -7846,7 +7846,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -7950,7 +7950,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -8043,7 +8043,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -8132,7 +8132,7 @@ "ip": "10.198.233.48" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -8236,7 +8236,7 @@ "ip": "175.16.199.1" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -8324,7 +8324,7 @@ { "@timestamp": "2017-02-01T14:17:35.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18011", @@ -8371,7 +8371,7 @@ { "@timestamp": "2017-02-01T14:19:47.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "18011", @@ -8444,7 +8444,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -8582,7 +8582,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json index a7920fa33d8..e9bef82b616 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json @@ -7,7 +7,7 @@ "port": 22083 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -106,7 +106,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -220,7 +220,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -334,7 +334,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -448,7 +448,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -568,7 +568,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -683,7 +683,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -797,7 +797,7 @@ "port": 8089 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1033,7 +1033,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1154,7 +1154,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1276,7 +1276,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1390,7 +1390,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1489,7 +1489,7 @@ "port": 8089 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1603,7 +1603,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1717,7 +1717,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1831,7 +1831,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1944,7 +1944,7 @@ "port": 4000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -2043,7 +2043,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2277,7 +2277,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2396,7 +2396,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2515,7 +2515,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2629,7 +2629,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2749,7 +2749,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2863,7 +2863,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2980,7 +2980,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3095,7 +3095,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3191,7 +3191,7 @@ "port": 8089 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3305,7 +3305,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3419,7 +3419,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3533,7 +3533,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3647,7 +3647,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3762,7 +3762,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3876,7 +3876,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3991,7 +3991,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4111,7 +4111,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4225,7 +4225,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4339,7 +4339,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4453,7 +4453,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4567,7 +4567,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4681,7 +4681,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4795,7 +4795,7 @@ "port": 8089 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4917,7 +4917,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5031,7 +5031,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5145,7 +5145,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5259,7 +5259,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5374,7 +5374,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5494,7 +5494,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5608,7 +5608,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json index 650a3fdfe71..f12cd69a401 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-16T02:52:23.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "60020", @@ -55,7 +55,7 @@ { "@timestamp": "2021-11-16T02:57:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "60020", @@ -107,7 +107,7 @@ { "@timestamp": "2021-11-16T03:04:08.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "code": "60020", diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json index 22691d6d646..826e54599c2 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -144,7 +144,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -262,7 +262,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -381,7 +381,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -505,7 +505,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -606,7 +606,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -707,7 +707,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -826,7 +826,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -950,7 +950,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1051,7 +1051,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1151,7 +1151,7 @@ "port": 22083 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1251,7 +1251,7 @@ "port": 22083 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1368,7 +1368,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -1471,7 +1471,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1595,7 +1595,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1714,7 +1714,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1838,7 +1838,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -1958,7 +1958,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2082,7 +2082,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "denied", @@ -2185,7 +2185,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2292,7 +2292,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2414,7 +2414,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2531,7 +2531,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2651,7 +2651,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2758,7 +2758,7 @@ "port": 9988 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2871,7 +2871,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -2988,7 +2988,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3107,7 +3107,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3234,7 +3234,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3364,7 +3364,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3488,7 +3488,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3607,7 +3607,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3714,7 +3714,7 @@ "port": 8089 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3834,7 +3834,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -3962,7 +3962,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4081,7 +4081,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4207,7 +4207,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4331,7 +4331,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4450,7 +4450,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4575,7 +4575,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4694,7 +4694,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4818,7 +4818,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -4935,7 +4935,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5053,7 +5053,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5173,7 +5173,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5302,7 +5302,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5419,7 +5419,7 @@ "mac": "00-50-56-9F-39-33" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5538,7 +5538,7 @@ "packets": 2 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5663,7 +5663,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", @@ -5785,7 +5785,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml index a6937937832..f21dd97726e 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Sophos XG firewall logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.original diff --git a/packages/sophos/data_stream/xg/sample_event.json b/packages/sophos/data_stream/xg/sample_event.json index ddf5f486457..59ff6205dbc 100644 --- a/packages/sophos/data_stream/xg/sample_event.json +++ b/packages/sophos/data_stream/xg/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/docs/README.md b/packages/sophos/docs/README.md index 3305fc3e714..9074dfc20b0 100644 --- a/packages/sophos/docs/README.md +++ b/packages/sophos/docs/README.md @@ -862,7 +862,7 @@ An example event for `xg` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index 8842b95a922..ae320da679e 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sophos title: Sophos -version: "2.4.2" +version: "2.5.0" description: Collect logs from Sophos with Elastic Agent. categories: ["security"] release: ga diff --git a/packages/squid/_dev/build/build.yml b/packages/squid/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/squid/_dev/build/build.yml +++ b/packages/squid/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index 1b311f2dcda..30dc1493948 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.11.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.10.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json index 62f0b78915a..3ddf5d642eb 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-access1.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689312.049 5006 10.105.21.199 TCP_MISS/200 19763 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689320.327 2864 10.105.21.199 TCP_MISS/200 10182 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689320.343 1357 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/styles.css badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689321.315 1 10.105.21.199 TCP_HIT/200 1464 GET http://www.goonernews.com/styles.css badeyek NONE/- text/css", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689322.780 1464 10.105.21.199 TCP_HIT/200 5626 GET http://www.google-analytics.com/urchin.js badeyek NONE/- text/javascript", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689323.718 3856 10.105.21.199 TCP_MISS/200 30169 GET http://www.goonernews.com/ badeyek DIRECT/207.58.145.61 text/html", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689324.156 1372 10.105.21.199 TCP_MISS/200 399 GET http://www.google-analytics.com/__utm.gif? badeyek DIRECT/66.102.9.147 image/gif", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689324.266 1457 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/graphics/newslogo.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689324.281 1465 10.105.21.199 TCP_REFRESH_HIT/304 215 GET http://www.goonernews.com/shop/arsenal_shop_ad.jpg badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689325.734 1452 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FUS.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689325.736 2 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FGB.gif badeyek NONE/- image/gif", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689325.953 2603 10.105.21.199 TCP_MISS/200 1013 GET http://as.casalemedia.com/s? badeyek DIRECT/209.85.16.38 text/html", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689326.703 4459 10.105.21.199 TCP_MISS/200 1845 CONNECT us.bc.yahoo.com:443 badeyek DIRECT/68.142.213.132 -", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689327.312 1356 10.105.21.199 TCP_MISS/302 729 GET http://impgb.tradedoubler.com/imp/img/16349696/992098 badeyek DIRECT/217.212.240.172 text/html", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689327.751 3484 10.105.21.199 TCP_MISS/200 1577 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/206.169.136.22 text/html", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689327.803 9 10.105.21.199 TCP_HIT/200 1353 GET http://www.goonernews.com/flags/FFR.gif badeyek NONE/- image/gif", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689329.234 1431 10.105.21.199 TCP_REFRESH_HIT/304 214 GET http://www.goonernews.com/flags/FAU.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689329.280 1414 10.105.21.199 TCP_REFRESH_HIT/304 213 GET http://www.goonernews.com/graphics/spacer.gif badeyek DIRECT/207.58.145.61 -", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689330.920 1686 10.105.21.199 TCP_MISS/200 1784 GET http://4.adbrite.com/mb/text_group.php? badeyek DIRECT/64.127.126.178 text/html", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689331.313 3997 10.105.21.199 TCP_MISS/302 851 GET http://ff.connextra.com/Ladbrokes/selector/image? badeyek DIRECT/213.160.98.161 -", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689335.275 3962 10.105.21.199 TCP_MISS/200 30904 GET http://dd.connextra.com/servlet/controller? badeyek DIRECT/213.160.98.160 image/gif", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689337.481 4 10.105.47.218 TCP_DENIED/407 1661 GET http://hi5.com/ - NONE/- text/html", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689342.757 3657 10.105.21.199 TCP_MISS/200 12569 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689343.106 1 10.105.33.214 TCP_DENIED/407 1752 GET http://update.messenger.yahoo.com/msgrcli7.html - NONE/- text/html", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689343.782 1371 10.105.33.214 TCP_MISS/200 484 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689344.736 4969 10.105.47.218 TCP_MISS/200 29359 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689344.798 1631 10.105.47.218 TCP_MISS/200 5930 GET http://hi5.com/friend/styles/homepage.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689345.641 1810 10.105.33.214 TCP_MISS/200 1645 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689346.267 880 10.105.37.58 TCP_DENIED/407 1812 GET http://rms.adobe.com/read/0600/win_/ENU/read0600win_ENUadbe0000.xml - NONE/- text/html", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689347.190 10 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/styles/style.css nazsoau NONE/- text/css", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689347.307 116 10.105.47.218 TCP_IMS_HIT/304 217 GET http://images.hi5.com/friend/styles/buttons_en_us.css nazsoau NONE/- text/css", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689347.751 6160 10.105.47.218 TCP_MISS/200 27799 GET http://hi5.com/ nazsoau DIRECT/204.13.51.238 text/html", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689349.064 1758 10.105.47.218 TCP_MISS/200 4470 GET http://hi5.com/friend/styles/headernav.css nazsoau DIRECT/204.13.51.238 text/css", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689350.829 1393 10.105.33.214 TCP_MISS/200 382 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689353.439 3667 10.105.33.214 TCP_MISS/200 24095 GET http://insider.msg.yahoo.com/? adeolaegbedokun DIRECT/68.142.194.14 text/html", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689353.939 4899 10.105.33.214 TCP_MISS/200 22964 GET http://radio.launch.yahoo.com/radio/play/playmessenger.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689354.877 1349 10.105.33.214 TCP_MISS/200 646 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689355.517 1578 10.105.33.214 TCP_MISS/200 699 GET http://address.yahoo.com/yab/us? adeolaegbedokun DIRECT/209.191.93.51 text/xml", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689356.907 6741 10.105.21.199 TCP_MISS/302 734 GET http://fxfeeds.mozilla.org/rss20.xml badeyek DIRECT/63.245.209.21 text/html", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689357.267 6424 10.105.33.214 TCP_MISS/200 31400 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.231.252 text/xml", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689357.720 2831 10.105.33.214 TCP_MISS/200 21152 GET http://insider.msg.yahoo.com/ycontent/? adeolaegbedokun DIRECT/68.142.194.14 text/xml", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.173 1 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.174 0 10.105.37.17 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.226 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.486 711 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689358.683 0 10.105.37.17 TCP_DENIED/407 1667 CONNECT us.mcafee.com:443 - NONE/- text/html", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689359.199 713 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_stations_over.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689359.269 1982 10.105.33.214 TCP_MISS/200 362 POST http://shttp.msg.yahoo.com/notify/ adeolaegbedokun DIRECT/216.155.194.239 text/plain", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689359.924 725 10.105.33.214 TCP_REFRESH_HIT/304 511 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689360.611 687 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/launchcast_radio.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689360.980 1 10.105.47.191 TCP_DENIED/407 1767 POST http://us.mcafee.com/apps/agent/submgr/appinstru.asp - NONE/- text/html", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689361.188 1 10.105.47.191 TCP_DENIED/407 1761 POST http://us.mcafee.com/apps/agent/submgr/appsync.asp - NONE/- text/html", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689361.393 783 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689361.564 2242 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689362.220 827 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689362.315 751 10.105.33.214 TCP_REFRESH_HIT/304 512 GET http://radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun DIRECT/68.142.219.132 -", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689362.318 3 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/images/btn_off_state_station.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689362.332 13 10.105.33.214 TCP_IMS_HIT/304 218 GET http://radio.launch.yahoo.com/radio/clientdata/538/skins/1/images/bg_controls_fill.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689362.341 8 10.105.33.214 TCP_HIT/200 2263 GET http://us.i1.yimg.com/us.yimg.com/i/us/toolbar50x50.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689363.423 6517 10.105.21.199 TCP_REFRESH_MISS/200 17396 GET http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml badeyek DIRECT/212.58.226.33 application/xml", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689364.361 2140 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php adeolaegbedokun DIRECT/68.142.231.252 image/gif", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689364.402 7 10.105.33.214 TCP_IMS_HIT/304 219 GET http://us.ent1.yimg.com/images.launch.yahoo.com/000/032/457/32457654.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689364.411 8 10.105.33.214 TCP_HIT/200 10593 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060906/thumb.71d29ded334347c48ac88433d033c9a9.pakistan_bin_laden_nyol440.jpg adeolaegbedokun NONE/- image/jpeg", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689365.312 2420 10.105.33.214 TCP_MISS/302 1270 POST http://radio.launch.yahoo.com/radio/play/authplay.asp adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689366.377 1966 10.105.33.214 TCP_MISS/200 10519 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060908/thumb.443f57762d7349669f609fbf0c97a5f1.academy_awards_host_cacp101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689368.080 1703 10.105.33.214 TCP_MISS/200 515 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689368.370 3057 10.105.33.214 TCP_MISS/200 14411 GET http://radio.music.yahoo.com/radio/player/ymsgr/initstationfeed.asp? adeolaegbedokun DIRECT/68.142.219.132 text/xml", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689368.889 808 10.105.33.214 TCP_MISS/200 1627 GET http://radio.launch.yahoo.com/radio/play/authplay.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689369.097 1226 10.105.37.65 TCP_DENIED/407 1728 GET http://natrocket.kmip.net:5288/iesocks? - NONE/- text/html", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689369.702 0 10.105.37.65 TCP_DENIED/407 1725 GET http://natrocket.kmip.net:5288/return? - NONE/- text/html", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689370.125 1202 10.105.33.214 TCP_MISS/200 13124 GET http://us.news1.yimg.com/us.yimg.com/p/ap/20060907/thumb.1caf18e56db54eafb16da58356eb3382.amazon_com_online_video_watw101.jpg adeolaegbedokun DIRECT/213.160.98.159 image/jpeg", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689370.862 736 10.105.33.214 TCP_MISS/302 912 GET http://radio.launch.yahoo.com/radio/clientdata/515/starter.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689371.690 828 10.105.33.214 TCP_MISS/200 1450 GET http://radio.launch.yahoo.com/radio/player/default.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689371.987 3617 10.105.33.214 TCP_MISS/200 30432 GET http://us.a2.yimg.com/us.yimg.com/a/ya/yahoo_messenger/081106_lrec_msgr_interophitchhiker.swf? adeolaegbedokun DIRECT/213.160.98.152 application/x-shockwave-flash", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689373.315 1626 10.105.33.214 TCP_MISS/200 14643 GET http://radio.launch.yahoo.com/radio/player/stickwall.asp? adeolaegbedokun DIRECT/68.142.219.132 text/html", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689374.065 2078 10.105.33.214 TCP_MISS/200 425 GET http://us.bc.yahoo.com/b? adeolaegbedokun DIRECT/68.142.213.132 image/gif", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689376.221 2130 10.105.33.214 TCP_MISS/200 407 GET http://insider.msg.yahoo.com/ycontent/beacon.php;_ylc=X1MDNTcwMzAyODMEX3IDMgRldnQDdDAEaW50bAN1cwR2ZXIDNywwLDIsMTIw? adeolaegbedokun DIRECT/68.142.194.14 image/gif", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689377.171 3412 10.105.33.214 TCP_MISS/200 1476 CONNECT pclick.internal.yahoo.com:443 adeolaegbedokun DIRECT/216.109.124.55 -", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689377.191 11 10.105.33.214 TCP_IMS_HIT/304 233 GET http://a1568.g.akamai.net/7/1568/1600/20051025184124/radio.launch.yahoo.com/radioapi/includes/js/compVersionedJS/rapiBridge_1_4.js adeolaegbedokun NONE/- application/x-javascript", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689377.424 1159 10.105.33.214 TCP_MISS/304 236 GET http://a1568.g.akamai.net/7/1568/1600/20040405222754/radio.launch.yahoo.com/radio/clientdata/515/other.css adeolaegbedokun DIRECT/213.160.98.159 text/css", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689378.221 797 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_left.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689378.473 3288 10.105.21.199 TCP_MISS/200 2681 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689378.909 1405 10.105.33.214 TCP_MISS/304 136 GET http://a1568.g.akamai.net/7/1568/1600/20050829181418/radio.launch.yahoo.com/radio/common_radio/resources/images/noaccess_msgr_uk.gif adeolaegbedokun DIRECT/213.160.98.167 -", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689378.924 702 10.105.33.214 TCP_MISS/304 237 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_right.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689378.929 4 10.105.33.214 TCP_IMS_HIT/304 218 GET http://a1568.g.akamai.net/7/1568/1600/20040405222807/radio.launch.yahoo.com/radio/common_radio/resources/images/t.gif adeolaegbedokun NONE/- image/gif", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689379.472 563 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_off.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689379.488 560 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222756/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_center.gif adeolaegbedokun DIRECT/213.160.98.159 image/gif", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689380.159 685 10.105.33.214 TCP_MISS/304 238 GET http://a1568.g.akamai.net/7/1568/1600/20040405222757/radio.launch.yahoo.com/radio/clientdata/515/skins/1/images/bg_controls_fill.gif adeolaegbedokun DIRECT/213.160.98.167 image/gif", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689381.267 1 10.105.37.180 TCP_DENIED/407 1728 GET http://www.google.com/supported_domains - NONE/- text/html", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689381.659 0 10.105.47.191 TCP_DENIED/407 1782 GET http://us.mcafee.com/apps/agent/en-us/agent5/chknews.asp? - NONE/- text/html", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689381.660 2171 10.105.33.214 TCP_MISS/200 449 GET http://launch.adserver.yahoo.com/l? adeolaegbedokun DIRECT/216.109.125.112 image/gif", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689382.173 3700 10.105.21.199 TCP_MISS/200 11746 GET http://uk.f250.mail.yahoo.com/dc/launch? badeyek DIRECT/217.12.10.96 text/html", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689382.622 1 10.105.37.180 TCP_DENIED/407 1670 CONNECT login.live.com:443 - NONE/- text/html", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689384.316 2828 10.105.21.199 TCP_SWAPFAIL_MISS/200 633 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/77cf3e56414f974dfd8616f56f0f632c_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689385.714 1397 10.105.21.199 TCP_HIT/200 1742 GET http://us.js1.yimg.com/us.yimg.com/lib/hdr/ygma5.css badeyek NONE/- text/css", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689387.690 1977 10.105.21.199 TCP_MISS/200 14561 GET http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/dclient/d/js/uk/f7fc76100697c9c2d25dd0ec35e563b0_1.js badeyek DIRECT/213.160.98.169 application/x-javascript", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689387.771 80 10.105.21.199 TCP_HIT/200 68733 GET http://us.js1.yimg.com/us.yimg.com/lib/pim/r/medici/13_15/mail/ac.js badeyek NONE/- application/x-javascript", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689387.830 1 10.105.21.199 TCP_HIT/200 898 GET http://us.js2.yimg.com/us.js.yimg.com/lib/common/utils/2/yahoo_2.0.0-b4.js badeyek NONE/- application/x-javascript", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "1157689387.832 60 10.105.21.199 TCP_HIT/200 26803 GET http://us.i1.yimg.com/us.yimg.com/i/us/pim/dclient/d/img/liam_ball_1.gif badeyek NONE/- image/gif", "tags": [ diff --git a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 2f76399888f..189d5da1bdb 100644 --- a/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/squid/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.251.224.219 7337 [29/Jan/2016:6:09:59 nto] \"PROPFIND https://example.org/exercita/der.htm?odoco=ria#min ite\" 10.234.224.44 etdo tation \"quasiarc\" liqua ciade 5699 \"https://example.net/umq/ntium.gif?nes=eab#aliqu\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.102.123.34 7178 [12/Feb/2016:1:12:33 nostrud] \"PURGE https://www.example.org/enderitq/sperna.txt?billoi=oreetdol#nidolor tatemU\" 10.70.36.222 estlabo doeiu \"nia\" olupt volup 208 \"https://example.com/eosquir/orsi.txt?itessequ=vol#luptat\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.15.135.248 7269 [26/Feb/2016:8:15:08 mquia] \"OPTIONS https://internal.example.com/aqu/utper.jpg?eFinib=omm#iin proident\" 10.142.172.64 lupt tia \"oloremqu\" temvel iatu 5493 \"https://example.net/dolo/meumfug.gif?roinBCS=ufugiatn#tionulam\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.44.134.153 5162 [12/Mar/2016:3:17:42 nci] \"GET https://api.example.org/ceroinBC/ratvolup.gif?iatu=ionofde#con uia\" quiavo 1156 \"https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" allow 10.81.122.126 taev 160.145000", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.160.95.56 1980 [26/Mar/2016:10:20:16 aqui] \"PUT https://api.example.org/isetq/estqui.gif?magn=equuntu#eos enimad\" 10.171.175.51 boreet onev \"tenima\" laboreet aquaeabi 5738 \"https://api.example.net/veleumi/tia.gif?ude=maveniam#uian\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.175.107.139 4243 [09/Apr/2016:5:22:51 antium] \"HEAD https://www.example.org/inesci/rsitvolu.txt?pori=occ#ect reetdolo\" 10.12.195.60 uiano mrema \"autfu\" natura aboris 2946 \"https://api.example.com/ssitaspe/gitsedqu.jpg?iutal=dexe#urerep\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.198.136.50 6875 [24/Apr/2016:12:25:25 llam] \"DELETE https://www5.example.com/ari/eataevit.txt?iam=mqua#atat quunt\" 10.207.249.121 iciade tsed \"orai\" mUt usmodte 1296 \"https://www.example.org/ametcons/porainc.jpg?temsequ=emquiavo#nonnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" allow", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.34.9.93 124 [08/May/2016:7:27:59 onse] \"PROPFIND https://example.org/tatno/imav.htm?ofdeF=tion#orsitame quiratio\" 10.116.120.216 qua umdo \"sed\" apariat mol 1510 \"https://internal.example.net/turveli/toccae.htm?erc=taliqu#temUten\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" accept", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.90.131.186 6343 [22/May/2016:2:30:33 nimadmin] \"HEAD https://example.org/uaera/sitas.txt?aedic=atquovo#iumto aboreetd\" 10.30.216.41 enim saute \"vel\" quu undeo 5794 \"https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" accept", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.8.88.110 7618 [05/Jun/2016:9:33:08 ionul] \"CONNECT https://mail.example.org/edquiano/loru.htm?end=enia#nsequu cup\" 10.203.172.203 idestla Nemoeni \"uradi\" aborumSe luptat 6884 \"https://www5.example.org/strude/ctetura.htm?ittenbyC=aperi#lor\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.71.34.9 267 [20/Jun/2016:4:35:42 dolore] \"UNLOCK https://www.example.org/iqui/etc.txt?tatiset=eprehen#xercitat lpa\" 10.158.185.163 rudexerc aliq \"rsitam\" quam adm 987 \"https://www.example.org/ritatis/oloremi.txt?icab=mwr#fugi\" \"Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g\" allow", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.210.74.24 6423 [04/Jul/2016:11:38:16 untut] \"OPTIONS https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu stiae\" 10.201.76.240 amqu uines \"nsec\" onse emips 2655 \"https://example.net/tion/eataev.htm?uiineavo=tisetq#irati\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" accept", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.114.138.121 1939 [18/Jul/2016:6:40:50 tati] \"COPY https://api.example.org/oriosamn/deFinibu.gif?iciatisu=rehender#eporroqu uat\" 10.206.136.206 suntinc xeac \"nidolo\" tatn eli 6462 \"https://www.example.net/pida/nse.html?emeumfu=CSed#lupt\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.200.199.166 3727 [02/Aug/2016:1:43:25 amvolup] \"COPY https://mail.example.org/rehend/tio.html?numqu=qui#civeli lum\" 10.134.161.118 tat ipitla \"quae\" maccusa uptat 3458 \"https://www.example.com/xerci/aqu.htm?olorema=iades#siarchi\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" block", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.122.46.71 2807 [16/Aug/2016:8:45:59 ihilm] \"NONE https://www.example.org/eav/ionevo.txt?siar=orev#iamquis quirat\" 10.76.3.41 isc aturve \"emulla\" mpori aaliquaU 2989 \"https://www5.example.com/ern/psaquae.html?nsectet=utla#utei\" \"Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.164.250.63 2530 [30/Aug/2016:3:48:33 eritqu] \"PROPFIND https://internal.example.net/wri/bor.jpg?hitect=dol#leumiu namali\" 10.249.213.83 nsecte itame \"eumfug\" lit asun 1250 \"https://api.example.com/oluptate/onseq.html?labore=texp#tMalor\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.61.242.75 2591 [13/Sep/2016:10:51:07 dantiumt] \"HEAD https://api.example.net/equat/doloreme.htm?ione=ihilmole#eriamea amre\" 10.236.248.65 pisciv iquidex \"radipisc\" tmo fficiade 3280 \"https://www5.example.net/uioffi/oru.jpg?one=etMalor#ipi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.13.59.31 5685 [28/Sep/2016:5:53:42 sperna] \"PUT https://www5.example.com/estia/tper.gif?volupt=osqui#xerc iutali\" 10.214.7.83 liquide etdol \"uela\" boN eprehend 2462 \"https://internal.example.net/lamcolab/ati.jpg?gel=lorsitam#mpo\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.89.201.140 2447 [12/Oct/2016:12:56:16 uamei] \"GET https://internal.example.net/sin/rvel.htm?nimid=itatione#isnis uptasn\" 10.49.92.179 osamn isnisiu \"bore\" tsu tcons 3128 \"https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.235.7.92 5787 [26/Oct/2016:7:58:50 nsecte] \"PURGE https://api.example.org/abo/veniamqu.gif?aliquide=ofde#equat derit\" 10.90.86.89 piscin lapar \"laboree\" tfu udan 5516 \"https://mail.example.net/xeacomm/mveleu.htm?utlabor=rau#idex\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.14.211.43 4762 [10/Nov/2016:3:01:24 eiu] \"PROPFIND https://api.example.org/autfu/gnaaliq.jpg?olupta=litse#icabo itatio\" 10.14.48.16 sintoc volupt \"siste\" uiinea Utenima 1612 \"https://www5.example.net/ptatem/Nequepor.html?ugiatnu=ciati#nto\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.47.25.230 5491 [24/Nov/2016:10:03:59 ese] \"CONNECT https://internal.example.net/ptatemq/luptatev.html?Nequepo=ipsumd#ntocc uteirure\" 10.93.123.174 evelit reetdolo \"smo\" etcons iusmodi 1563 \"https://example.com/uiac/epte.gif?itam=aper#santiumd\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.7.46.36 837 [08/Dec/2016:5:06:33 nonn] \"MKOL https://www5.example.net/quiavol/rrorsi.gif?iatisu=sec#cons sBon\" 10.233.48.103 leumiur tlab \"aperiame\" isc ullamcor 584 \"https://www5.example.com/tateve/itinvol.txt?tenatus=cipitlab#ipsumd\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.93.220.10 2805 [23/Dec/2016:12:09:07 com] \"PROPATCH https://api.example.net/orain/tiumt.jpg?litessec=itas#edquia sequatu\" 10.27.58.92 amvo qui \"tasn\" Nemoenim squirati 63 \"https://mail.example.com/nbyCic/utlabor.html?iciade=ntiumt#iquipe\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.213.144.249 4427 [06/Jan/2017:7:11:41 taedicta] \"PURGE https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut uamni\" 10.135.217.12 metMalo ntexplic \"archite\" loreme untu 5676 \"https://example.net/con/nisist.gif?ium=esciuntN#idunt\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.13.226.57 3275 [20/Jan/2017:2:14:16 runtm] \"PURGE https://mail.example.net/velitse/oditem.html?torever=oremi#mestq temUt\" 10.233.239.112 npr mquelau \"iadolor\" amcol adeser 3780 \"https://internal.example.com/tqu/reprehen.gif?quam=quid#fugiat\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" cancel", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.161.203.252 301 [03/Feb/2017:9:16:50 emquia] \"CONNECT https://internal.example.org/isnisi/ritatise.gif?tamet=quatur#uisa eFi\" 10.21.169.127 rpori ice \"oles\" edic seq 2835 \"https://example.com/tatn/dolorsit.jpg?billo=labo#oNemoeni\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.17.215.111 148 [18/Feb/2017:4:19:24 ratv] \"LOCK https://www.example.net/ianon/tsed.htm?ameiusm=proide#ano piscinge\" 10.69.139.26 ditemp edqui \"nre\" veli volupta 7124 \"https://api.example.com/ersp/enderi.jpg?adi=umwrit#uptate\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.10.213.83 7206 [04/Mar/2017:11:21:59 nisi] \"COPY https://www5.example.org/ncididun/umSe.jpg?ise=itau#apariat vitaedi\" 10.104.80.189 dolore onsecte \"nBCSedut\" ugiat onulam 1542 \"https://mail.example.org/oditautf/quatu.jpg?lumdolor=nonp#labo\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.125.131.91 3480 [18/Mar/2017:6:24:33 urv] \"UNLOCK https://example.org/uatur/adminimv.gif?exeacom=roidents#tem dol\" 10.116.230.217 mvele isis \"uasiar\" utlab emUteni 7122 \"https://api.example.org/lor/velillu.html?dolorem=tvolu#nreprehe\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.26.96.202 2751 [02/Apr/2017:1:27:07 rautodi] \"ICP_QUERY https://api.example.com/ven/rQu.html?doloreme=dun#reprehe tincu\" 10.119.90.128 lor oraincid \"intocc\" amcorp ntsunt 4826 \"https://mail.example.com/olo/psumqu.txt?fdeF=iquidexe#diconse\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.0.98.205 126 [16/Apr/2017:8:29:41 edquiac] \"HEAD https://api.example.net/eseru/quamest.html?qua=rsita#ate ipsamvo\" 10.76.110.144 tdol upt \"mex\" tatem untutlab 3386 \"https://mail.example.com/plicab/oremq.html?uisaute=imide#poriss\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" deny", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.224.11.165 1646 [30/Apr/2017:3:32:16 nof] \"MOVE https://internal.example.org/mvolu/conse.txt?aincidu=nimadmin#isiu licabo\" 10.135.46.242 lupta xeaco \"nvolupt\" oremi elites 1940 \"https://www.example.org/boNemoe/onsequ.html?amvolupt=onevolu#mnis\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.27.44.4 4686 [14/May/2017:10:34:50 sequatD] \"TRACE https://internal.example.org/isciv/rroqu.html?uisa=tametco#ilmol eri\" 10.154.53.249 tae autodit \"elit\" cidunt plica 7398 \"https://internal.example.org/emqu/nderi.html?accusant=onse#admin\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" accept", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.93.39.140 4275 [29/May/2017:5:37:24 ute] \"COPY https://www5.example.net/uaeratv/isa.txt?periam=dqu#pid rExc\" 10.150.245.88 orisn reetd \"prehen\" ntutlabo iusmodte 1738 \"https://example.org/isc/Nequepor.txt?rem=idid#tesse\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" cancel", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.61.92.2 6595 [12/Jun/2017:12:39:58 maliquam] \"UNLOCK https://www5.example.com/orroq/vitaedic.txt?orisni=ons#remagn ecillu\" 10.73.207.70 llamco atu \"untincul\" ssecil commodi 3023 \"https://mail.example.net/tate/onevo.htm?emvele=isnost#olorem\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.84.32.178 5271 [26/Jun/2017:7:42:33 aliq] \"GET https://example.net/mven/olorsit.gif?oremag=illu#ruredo mac\" temUt 2741 \"https://internal.example.com/uamnihi/risnis.html?scingeli=isn#sBono\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow 10.50.124.116 numquam 104.719000", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.173.222.131 918 [11/Jul/2017:2:45:07 ori] \"TRACE https://www5.example.net/rum/eataevi.html?ulla=iqu#oin hil\" 10.211.234.224 uiadol Duisa \"lupta\" aUt boNem 5564 \"https://api.example.org/maveni/onevo.htm?liquaUte=alorum#obeataev\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.11.83.126 6581 [25/Jul/2017:9:47:41 naaliq] \"PROPFIND https://mail.example.net/osquir/mod.txt?fugitse=imad#tinvolup tsed\" 10.0.157.225 itam atu \"lloin\" remipsum tempor 1282 \"https://www5.example.net/incidid/rure.htm?edquian=loremeu#aturve\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.228.77.21 6889 [08/Aug/2017:4:50:15 lamc] \"PUT https://api.example.com/asper/umq.txt?itasper=uae#mve uia\" 10.92.237.93 mad onse \"redol\" gnaa mod 5107 \"https://www5.example.com/toditaut/voluptat.htm?strumex=eprehend#asnu\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.102.215.23 3665 [22/Aug/2017:11:52:50 esseq] \"POST https://www5.example.net/quatD/isqua.jpg?oloreseo=iruredol#veniamqu licaboN\" 10.20.28.92 econs ntexpl \"dunt\" litsedq nderiti 409 \"https://api.example.com/Cic/olorema.txt?iscive=quasiar#aeab\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" allow", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.45.28.159 5627 [06/Sep/2017:6:55:24 ree] \"NONE https://api.example.net/ation/luptas.html?iatqu=lorsi#repreh plic\" 10.17.87.79 tetur tionula \"ritqu\" ecatcupi uamei 4595 \"https://www5.example.com/onse/olorem.gif?duntutla=ntium#iration\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.177.238.45 5137 [20/Sep/2017:1:57:58 ssusci] \"DELETE https://internal.example.com/mpo/unte.jpg?ueipsa=scipitl#eumi quasiarc\" 10.189.94.51 tetura rsp \"oluptat\" metco acom 5704 \"https://api.example.com/tem/exeacomm.txt?taliqui=mides#ciun\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" allow", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.46.77.76 5169 [04/Oct/2017:9:00:32 anim] \"GET https://www.example.org/uov/quaeab.jpg?moles=dipiscin#olup aco\" 10.101.85.169 natu liquid \"enim\" Finibus radi 5697 \"https://example.com/taed/umdolo.html?rroqu=dquiaco#nibus\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36\" accept", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.24.54.129 77 [19/Oct/2017:4:03:07 eprehend] \"HEAD https://example.net/edolo/ugiatquo.jpg?eosquira=pta#snos orsi\" 10.231.7.209 lorsita eavol \"osamnis\" temaccu scipitl 1247 \"https://www5.example.org/caboNem/urExcept.txt?litesseq=atcupida#tessequa\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.121.163.5 7803 [02/Nov/2017:11:05:41 redol] \"CONNECT https://api.example.org/isci/dolor.htm?orinrep=quiavol#nrepreh ratv\" 10.77.129.175 tali BCS \"qui\" ugiatquo incidid 2617 \"https://www.example.com/sBonor/fugits.jpg?amc=vol#admi\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.51.236.148 329 [16/Nov/2017:6:08:15 adol] \"PROPFIND https://mail.example.com/roide/tem.gif?rerepre=nculpaq#culpaqui tvolup\" 10.116.146.114 col obea \"emp\" agnaaliq est 1444 \"https://www.example.com/inculp/onofd.gif?umdolors=dolori#asperna\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.244.108.135 6997 [01/Dec/2017:1:10:49 ume] \"NONE https://internal.example.net/rautod/olest.jpg?lapar=ritati#edquia itesse\" 10.217.222.99 ame amvolu \"mip\" tion tobeatae 2512 \"https://api.example.com/iqua/luptat.txt?oremqu=uradi#velitsed\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" block", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.4.69.152 3833 [15/Dec/2017:8:13:24 scivel] \"PUT https://api.example.org/iusmodt/enim.txt?aquio=ersp#iame orroquis\" 10.150.198.112 ntmoll mexer \"estla\" uipexe abor 1370 \"https://www.example.net/remips/illoi.jpg?abori=uisnostr#reetdol\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.45.114.111 357 [29/Dec/2017:3:15:58 olup] \"POST https://example.org/abillo/undeom.html?oraincid=quaer#eetdo tlab\" 10.45.54.107 seddoeiu nse \"aali\" edictasu mdolors 7490 \"https://www5.example.org/atis/atDuis.txt?nisiut=rumwri#velill\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" accept", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.49.242.174 4078 [12/Jan/2018:10:18:32 tat] \"TRACE https://mail.example.net/uam/orumSec.jpg?isnisiu=suntincu#sse venia\" 10.205.28.24 oeni untutlab \"tvolup\" consecte pteurs 742 \"https://www5.example.net/ons/tiaecon.html?unt=tass#tiumdol\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" allow", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.17.202.219 487 [27/Jan/2018:5:21:06 iame] \"HEAD https://www5.example.org/umiurer/rere.txt?mnisi=usmo#iamea imaveni\" 10.183.223.149 cor odoco \"oin\" itseddoe elites 6366 \"https://mail.example.com/eursinto/litesse.html?licaboNe=tautfug#giatquov\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.81.140.173 7623 [10/Feb/2018:12:23:41 itae] \"MOVE https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu tan\" 10.88.172.222 doconse etdol \"dolorsi\" nturmag tura 6695 \"https://internal.example.org/totam/ntoccae.htm?idunt=atqu#naturau\" \"mobmail android 2.1.3.3150\" cancel", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.162.129.196 4247 [24/Feb/2018:7:26:15 snisi] \"OPTIONS https://api.example.net/uscip/umS.txt?quiacons=uisa#xeacommo Cicero\" 10.247.53.179 issu identsu \"piscivel\" hend eacommo 6835 \"https://example.com/osquira/umd.gif?scipi=tur#acon\" \"mobmail android 2.1.3.3150\" accept", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.110.86.230 536 [11/Mar/2018:2:28:49 eFini] \"UNLOCK https://mail.example.com/mrema/ullamc.txt?eufug=roquisq#temporai uido\" 10.172.148.223 snulap enimadm \"stenatu\" upta atc 3066 \"https://www5.example.net/asnulap/ipi.htm?orissu=fic#sBon\" \"Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80\" accept", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.93.159.170 3481 [25/Mar/2018:9:31:24 emullam] \"GET https://www5.example.com/isau/itinvol.txt?saquaea=ons#orsitam modico\" 10.232.19.43 porinc riame \"riat\" sseq eriam 729 \"https://internal.example.net/imve/essequam.gif?urQuis=etcon#onsequu\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" deny", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.207.97.192 973 [08/Apr/2018:4:33:58 emp] \"ICP_QUERY https://api.example.net/veli/venia.htm?etdolor=uat#onemulla riaturEx\" 10.55.55.72 nculp asp \"eacom\" mag gelitse 2007 \"https://example.net/lab/llumq.htm?tetura=rumet#uptasnul\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.41.156.88 203 [22/Apr/2018:11:36:32 oco] \"MOVE https://internal.example.net/ainci/osqu.jpg?sus=imavenia#expli ugiat\" 10.89.73.240 orem ntorever \"pisciv\" fugiatqu seos 5561 \"https://www5.example.net/elillum/veleumi.gif?tvol=oluptate#lit\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" deny", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.54.44.231 5292 [07/May/2018:6:39:06 aco] \"CONNECT https://www.example.org/runtm/eturadip.htm?psumd=oloree#seos rios\" 10.101.183.86 mvenia mcorpo \"ntexpl\" abor oreverit 6451 \"https://internal.example.net/tat/eufugia.htm?tau=fficia#est\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" allow", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.181.177.74 3378 [21/May/2018:1:41:41 itsedd] \"LOCK https://internal.example.org/liquipex/uisnos.html?ventor=lupt#umwri odoc\" 10.130.150.189 oreeu nvo \"iamqui\" tassita colabori 1223 \"https://www.example.net/lpa/isn.htm?iat=ffic#siuta\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.76.220.3 2492 [04/Jun/2018:8:44:15 serrorsi] \"GET https://api.example.org/mquisnos/lore.txt?siar=isn#veniamq lup\" 10.83.130.95 ipitlabo userror \"eacommo\" nderi liqua 7030 \"https://api.example.net/henderit/remq.jpg?voluptas=velill#rspic\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" deny", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.219.245.58 7073 [19/Jun/2018:3:46:49 snisiut] \"COPY https://www.example.com/quas/occaeca.htm?ender=dico#uptatem upt\" 10.166.160.217 olor radip \"rchitect\" Dui iameaqu 2429 \"https://api.example.com/asnulap/yCiceroi.jpg?ender=inc#tect\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.121.121.153 723 [03/Jul/2018:10:49:23 smoditem] \"UNLOCK https://www5.example.org/uidolo/umdolore.jpg?oquisq=abori#sit catcu\" 10.183.243.246 amni tatio \"amquisno\" modoc magnam 3267 \"https://example.com/idatat/onev.html?lesti=oreseo#reprehen\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" cancel", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.54.5.47 1585 [17/Jul/2018:5:51:58 mmodi] \"OPTIONS https://internal.example.net/eniamqu/inimav.htm?imadm=uta#tisu remagnam\" 10.202.224.209 iusmodit aturv \"ectetura\" obeataev umf 3141 \"https://www.example.com/quaeabil/emip.htm?urExc=tDuis#iqu\" \"Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36\" cancel", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.72.99.69 3172 [01/Aug/2018:12:54:32 oremeumf] \"PROPFIND https://mail.example.net/sintocca/mipsumqu.htm?tnulapar=ico#giatquo lors\" 10.170.234.233 accus uatu \"mquis\" lab uido 2046 \"https://mail.example.com/tena/aal.jpg?CSedu=mcol#lup\" \"Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.245.240.47 4017 [15/Aug/2018:7:57:06 itaedict] \"DELETE https://api.example.org/rep/remap.html?siarc=fdeFin#eleumi edic\" 10.142.130.227 olabori odic \"iuta\" liquaUte scivelit 7795 \"https://internal.example.net/scipit/lloinve.htm?evolup=rvelil#isiutali\" \"Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" allow", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.62.188.193 4104 [29/Aug/2018:2:59:40 atu] \"DELETE https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa mini\" 10.61.110.7 oremque quaU \"ufugi\" cin tmo 508 \"https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex\" \"Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10\" deny", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.172.139.78 6533 [12/Sep/2018:10:02:15 lamco] \"COPY https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi tlabore\" 10.68.198.188 doeiu onsectet \"dentsunt\" inea animid 2119 \"https://mail.example.net/onnumqua/quioff.html?upt=atatnonp#nvol\" \"Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61\" block", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.172.47.7 2805 [27/Sep/2018:5:04:49 midest] \"CONNECT https://www.example.org/iduntutl/rsitam.htm?ntor=oinBCSed#oid rchit\" 10.169.63.169 ariat midestl \"quatu\" avolu teturad 3465 \"https://api.example.net/iquaUten/prehende.gif?rpo=velites#nonpro\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" block", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.32.98.109 5012 [11/Oct/2018:12:07:23 dexercit] \"PURGE https://example.org/itessequ/porissu.html?uip=ectobea#dat aUtenima\" 10.62.10.137 eeufugi deomnisi \"olupta\" oll laboree 3880 \"https://api.example.org/cupidata/stiaecon.htm?rsint=itl#ttenb\" \"Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" cancel", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.176.62.146 5945 [25/Oct/2018:7:09:57 lors] \"COPY https://api.example.net/enimad/tis.txt?mipsumq=ident#nimide quelaud\" 10.255.40.12 rro oeiusmo \"nimv\" emeu tatemac 5192 \"https://www5.example.com/teursint/etMa.gif?lamcolab=ceroinB#umqui\" \"Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90\" deny", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.194.198.46 3387 [09/Nov/2018:2:12:32 cta] \"GET https://api.example.org/taspe/yCiceroi.htm?cti=ommodoc#nse mveniam\" tuser 2694 \"https://internal.example.com/tlaboru/aeabillo.txt?equuntu=quamni#turveli\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" deny 10.88.98.31 rured 105.243000", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.5.49.20 7503 [23/Nov/2018:9:15:06 macc] \"OPTIONS https://example.com/beat/rro.jpg?uisau=qua#iarchite emsequi\" 10.1.27.133 edqu tationu \"gnaaliq\" olore ntutlab 6881 \"https://www5.example.com/gnama/esciun.html?ratvo=ntutl#volupt\" \"Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" block", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.11.73.145 6972 [07/Dec/2018:4:17:40 uisautem] \"POST https://www5.example.org/loremq/turmagni.txt?emUtenim=ende#dexea aco\" 10.70.244.155 olorsi caboNemo \"uptas\" temaccus ons 2160 \"https://internal.example.com/ctetur/mvolupta.html?oreeu=mea#ssec\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" accept", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.204.214.98 985 [21/Dec/2018:11:20:14 equ] \"PURGE https://www5.example.net/deomnisi/ddoe.txt?oremi=ectobeat#ecte abo\" 10.121.80.158 boriosa cillumdo \"ditau\" moenimip uames 7663 \"https://internal.example.com/lor/oreeu.html?eturadip=nost#atus\" \"Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" accept", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.74.115.33 4006 [05/Jan/2019:6:22:49 nsequat] \"PURGE https://api.example.net/tiset/sci.jpg?rauto=doloreeu#lors eumfu\" 10.139.151.19 eumf roquisq \"uasi\" maveniam uis 5533 \"https://www.example.com/imi/animi.htm?ama=tatnonp#ntiumt\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" block", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.191.220.1 6454 [19/Jan/2019:1:25:23 ctetura] \"DELETE https://api.example.net/tDuisau/aturve.htm?tper=pisciv#tconsect pariat\" 10.242.48.203 ctobeat isi \"idexeac\" ntu tdolo 3872 \"https://mail.example.com/olupt/ola.jpg?etquasia=qua#adm\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" deny", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.109.88.27 5568 [02/Feb/2019:8:27:57 cidu] \"PROPATCH https://internal.example.com/oluptate/todi.jpg?tdolo=ident#scip eacommod\" 10.254.10.98 adipisc aparia \"maliq\" ccusant epteurs 6661 \"https://www5.example.org/oditau/onsec.gif?temqui=lup#aeca\" \"Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36\" accept", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.5.148.114 4749 [17/Feb/2019:3:30:32 ntin] \"LOCK https://mail.example.com/radipis/lore.html?civeli=eufugia#utlabore tamr\" 10.175.138.42 olore onemul \"trudexe\" remeum etur 890 \"https://mail.example.org/quiav/ctionofd.gif?Finibus=uisautei#nevolu\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" deny", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.0.0.240 1795 [03/Mar/2019:10:33:06 psa] \"PROPFIND https://internal.example.org/olupta/tio.jpg?idestl=litani#emp arch\" 10.18.199.203 ugits ittenb \"tobeatae\" ntut llum 366 \"https://example.com/equat/estiaec.htm?mquido=ende#ntmollit\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.1.220.47 6685 [17/Mar/2019:5:35:40 mipsamv] \"NONE https://www5.example.com/sequines/cto.gif?temaccu=uamqua#Neq runt\" 10.73.80.251 pteurs ercitati \"atem\" serro lumquid 5939 \"https://www5.example.org/imaveni/equ.htm?ssequamn=ave#taliqui\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" allow", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.153.109.61 7499 [01/Apr/2019:12:38:14 numq] \"PURGE https://www.example.net/periam/ain.gif?iquipex=mqu#onorume abill\" 10.22.34.206 mini mve \"tionev\" uasiarch velites 1745 \"https://api.example.org/equa/edquiaco.gif?olorsit=naaliq#plica\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" block", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.62.168.226 5334 [15/Apr/2019:7:40:49 bori] \"CONNECT https://www.example.net/ecatc/quovolu.jpg?dexe=nemul#Duis lupt\" 10.199.103.185 uipe ipsa \"con\" eirured sequamn 5243 \"https://mail.example.com/ciatisun/duntutl.htm?didun=riaturEx#nde\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" allow", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.97.33.56 3541 [29/Apr/2019:2:43:23 rad] \"COPY https://example.com/tqui/ssequ.gif?emse=emqui#cipitla tlab\" 10.128.84.27 nula ptate \"volupta\" umfu utla 2478 \"https://www5.example.com/dolo/velites.gif?equa=apari#tsunt\" \"Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36\" block", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.49.169.175 2103 [13/May/2019:9:45:57 sistena] \"HEAD https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost sequines\" 10.115.154.104 illum ore \"spici\" Sedut tatis 7767 \"https://www5.example.com/sequines/minimve.gif?toditau=uiad#nvolupta\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" allow", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.213.100.153 2571 [28/May/2019:4:48:31 iatquo] \"PROPFIND https://www.example.org/oinvento/ali.htm?utaliqui=isciv#osqu ptatemse\" 10.33.112.100 catcup enimad \"magnaali\" velillum ionev 1594 \"https://internal.example.com/ameaq/Quis.html?lestiae=iav#umiure\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" block", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.216.143.226 2632 [11/Jun/2019:11:51:06 deomn] \"CONNECT https://api.example.net/quido/llo.htm?tpersp=assi#rch psa\" 10.25.53.93 tvolup oremeu \"lab\" lla urau 6127 \"https://example.net/equamni/atcupi.htm?onemull=mdo#labore\" \"Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30\" cancel", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.139.195.188 893 [25/Jun/2019:6:53:40 aliquaU] \"HEAD https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti edictasu\" 10.246.115.57 edquiano mSecti \"henderi\" taevitae tevel 5926 \"https://example.com/ita/iquipexe.jpg?quamqua=quuntur#nihi\" \"Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" allow", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.60.56.205 4345 [10/Jul/2019:1:56:14 writtenb] \"NONE https://www5.example.com/ugitsed/dminimve.htm?onse=uiac#tquii tesse\" 10.82.148.126 inBCSedu ita \"ade\" nihilmol nder 2214 \"https://api.example.net/uunturm/iatn.gif?tseddo=diduntut#rroq\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]\" block", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.245.251.98 261 [24/Jul/2019:8:58:48 mremaper] \"DELETE https://api.example.com/ntium/ide.htm?tamrema=isautem#usan gnamali\" 10.6.11.124 edqui tvolu \"psu\" strud onsequ 5930 \"https://www5.example.net/iumto/sequatu.jpg?runtm=mdoloree#que\" \"Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36\" accept", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.99.55.115 1537 [07/Aug/2019:4:01:23 exerci] \"CONNECT https://www5.example.org/iad/ngelits.jpg?mporin=orissusc#utaliqui uov\" 10.145.25.55 litsed lumd \"tiaec\" lorem iamquisn 2079 \"https://mail.example.org/aper/entor.txt?lumdol=edutper#utemve\" \"Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.187.86.64 3325 [21/Aug/2019:11:03:57 atatn] \"TRACE https://mail.example.com/iatnulap/roi.htm?uine=loreeu#eprehe ddoeiusm\" 10.6.88.105 uptatemU rem \"onorumet\" iscivel rinci 249 \"https://internal.example.com/eriti/uptateve.htm?rema=mcol#tion\" \"Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36\" allow", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.252.146.132 503 [05/Sep/2019:6:06:31 tat] \"CONNECT https://mail.example.org/turv/use.jpg?mtot=macc#illoin eursi\" 10.163.9.35 uatDu umq \"ipsu\" oremip ota 4562 \"https://example.com/epteurs/itse.jpg?modi=cip#tla\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" accept", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.249.101.177 4465 [19/Sep/2019:1:09:05 quam] \"DELETE https://mail.example.com/umdol/rerepr.txt?emipsumq=orinr#ineavol umdo\" 10.235.160.245 squamest upta \"umquiad\" porinc uameiu 4857 \"https://api.example.org/mipsa/uas.gif?reeufu=umexe#xce\" \"Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36\" deny", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.140.170.171 773 [03/Oct/2019:8:11:40 deom] \"TRACE https://internal.example.com/rautod/onorumet.htm?mvo=agnidol#nevolup erspici\" 10.73.218.58 quidol tinv \"Utenima\" nse umq 1831 \"https://mail.example.org/meaquei/snisiu.htm?atev=vento#litsed\" \"Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36\" block", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.248.156.138 2125 [18/Oct/2019:3:14:14 smodit] \"OPTIONS https://example.net/dun/xce.jpg?nsequat=mvol#asiar eiu\" 10.67.148.40 tcons squamest \"ction\" emveleum siuta 2155 \"https://example.com/epteur/onproi.txt?imveniam=sunte#exerc\" \"Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16\" deny", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.83.154.75 4260 [01/Nov/2019:10:16:48 explicab] \"UNLOCK https://api.example.com/teiru/mquamei.jpg?pta=uradi#sequu orumetMa\" 10.37.33.179 taed eatae \"siutali\" oloremq sum 6106 \"https://www.example.org/ulamc/doe.txt?remquela=toreve#squirat\" \"Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30\" accept", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.14.29.202 7842 [15/Nov/2019:5:19:22 modoco] \"MKOL https://www5.example.net/dtempor/rroquisq.gif?liquid=uidex#umdolo nimv\" 10.84.107.38 tutla usmod \"ine\" qui itse 2097 \"https://www5.example.org/tasn/exeaco.html?metc=aincidu#reprehe\" \"Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10\" deny", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.221.86.133 6682 [30/Nov/2019:12:21:57 edi] \"POST https://api.example.com/ore/adeser.htm?pre=aute#rchite rcit\" 10.204.223.184 oinve ptasnul \"utaliqui\" mcorpor rerepr 6861 \"https://example.com/tuserror/agnama.jpg?deritq=boreetdo#teni\" \"Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]\" deny", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "10.195.4.70 3844 [14/Dec/2019:7:24:31 mfugiat] \"PUT https://api.example.com/liqu/dolor.htm?ess=umdo#aer quela\" 10.229.39.190 Nequepo edictas \"emac\" rmagnido exeaco 2574 \"https://api.example.org/loremi/nven.htm?usan=ugiatn#squa\" \"Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91\" deny", "tags": [ diff --git a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 2f14a0c890c..ddec50a699b 100644 --- a/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Squid processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/squid/data_stream/log/sample_event.json b/packages/squid/data_stream/log/sample_event.json index 4dd3e8355c6..8a28e739ea7 100644 --- a/packages/squid/data_stream/log/sample_event.json +++ b/packages/squid/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ ] }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index c92406441f5..11af169780f 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: squid title: Squid Logs -version: "0.10.1" +version: "0.11.0" description: Collect and parse logs from Squid devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/suricata/_dev/build/build.yml b/packages/suricata/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/suricata/_dev/build/build.yml +++ b/packages/suricata/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 7aa6583b550..561dea39ecc 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.4.2" changes: - description: Use ECS geo.location definition. diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json index 52df51d7a59..e593efaa179 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-6-0.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json index 87310fdf480..c3ad7d2581f 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-alerts.log-expected.json @@ -29,7 +29,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -151,7 +151,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -273,7 +273,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -639,7 +639,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -761,7 +761,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -885,7 +885,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1009,7 +1009,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1133,7 +1133,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1257,7 +1257,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1381,7 +1381,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1505,7 +1505,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1629,7 +1629,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1753,7 +1753,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1877,7 +1877,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2001,7 +2001,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2125,7 +2125,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2249,7 +2249,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2372,7 +2372,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2475,7 +2475,7 @@ "port": 9080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -2587,7 +2587,7 @@ "port": 8443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json index 5f0cdf9c984..a1c95a5429b 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-dns-4-1-4.log-expected.json @@ -18,7 +18,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -164,7 +164,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -313,7 +313,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -379,7 +379,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -488,7 +488,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -733,7 +733,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -810,7 +810,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -892,7 +892,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -975,7 +975,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1058,7 +1058,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1141,7 +1141,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1221,7 +1221,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1303,7 +1303,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1386,7 +1386,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1469,7 +1469,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1552,7 +1552,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1621,7 +1621,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1687,7 +1687,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1796,7 +1796,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1906,7 +1906,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json index 1d340f89fe0..f87bf902c86 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-metadata.log-expected.json @@ -12,7 +12,7 @@ "port": 47592 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json index 98bb10c814d..97bb7e10eab 100644 --- a/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json +++ b/packages/suricata/data_stream/eve/_dev/test/pipeline/test-eve-small.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -69,7 +69,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -156,7 +156,7 @@ "port": 63963 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ "port": 56118 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -360,7 +360,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -413,7 +413,7 @@ { "@timestamp": "2018-07-05T19:51:23.009Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -613,7 +613,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -713,7 +713,7 @@ "port": 547 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -774,7 +774,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -854,7 +854,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -952,7 +952,7 @@ "port": 8081 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1038,7 +1038,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml index 685bfa3c9eb..49e1485ad6b 100644 --- a/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for parsing Suricata EVE logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.original copy_from: message diff --git a/packages/suricata/data_stream/eve/sample_event.json b/packages/suricata/data_stream/eve/sample_event.json index b09518d82fe..c933c39c0df 100644 --- a/packages/suricata/data_stream/eve/sample_event.json +++ b/packages/suricata/data_stream/eve/sample_event.json @@ -18,7 +18,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "543eeec2-6585-484f-9f7b-34db47abcd9c", diff --git a/packages/suricata/docs/README.md b/packages/suricata/docs/README.md index 649ebd4d238..33dcc44f457 100644 --- a/packages/suricata/docs/README.md +++ b/packages/suricata/docs/README.md @@ -34,7 +34,7 @@ An example event for `eve` looks as following: "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "543eeec2-6585-484f-9f7b-34db47abcd9c", diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index cb8c329d816..2bd8e52d443 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata -version: 2.4.2 +version: "2.5.0" release: ga description: Collect logs from Suricata with Elastic Agent. type: integration diff --git a/packages/symantec_endpoint/_dev/build/build.yml b/packages/symantec_endpoint/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/symantec_endpoint/_dev/build/build.yml +++ b/packages/symantec_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index f71a12ab6e5..fd8ef94fb1e 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.0.1" changes: - description: Remove duplicate field. diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json index 5a1d28d50c6..57a23ea4918 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-administrative.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -37,7 +37,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json index c25e47d4f50..3f5d85ba79a 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-activity.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json index de5c0bccf0a..f009cdec2c0 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-behavior.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json index 73d06b1c25c..6abf16cc549 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-packet.log-expected.json @@ -6,7 +6,7 @@ "port": 138 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json index b34a775a35f..41204495b24 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-proactive-detection-sonar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-02-16T08:01:33.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Left alone", @@ -82,7 +82,7 @@ { "@timestamp": "2020-05-04T06:57:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Left alone", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json index 426ed64affd..5f01d74d680 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-risk.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-03T08:12:25.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "All actions failed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json index c43bc78a1f6..b8ef9fe3e95 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-scan.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "started", @@ -55,7 +55,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "completed", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json index f541a200267..96ed8e0eb12 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-security.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -106,7 +106,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -195,7 +195,7 @@ "mac": "2D-FF-88-AA-BB-DC" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 5985 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "ip": "216.160.83.61" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -487,7 +487,7 @@ "port": 5112 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json index 855db3aa11c..b6c1fb71a53 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-system.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-08-19T07:14:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json index f3c57aab08f..0bb06638cb5 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-agent-traffic.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -121,7 +121,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -201,7 +201,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json index 433681a5cdb..c74cd436b36 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-policy.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json index 768b96c788c..db075ad5a5e 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-remove-mapped-fields.log-expected.json @@ -16,7 +16,7 @@ "mac": "AA-BB-CC-DD-EE-FF" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -91,7 +91,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json index 35a28f87360..eb07b410047 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc3164.log-expected.json @@ -15,7 +15,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json index b368a7e833b..5ef463d10ed 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-rfc5424.log-expected.json @@ -12,7 +12,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json index 90c195a5a31..1cdc608305b 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-system.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -24,7 +24,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -68,7 +68,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json index fbacca0d7f9..e5d2eec8d20 100644 --- a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json +++ b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-text-log-dump.log-expected.json @@ -8,7 +8,7 @@ "port": 5112 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index fcd7dbc4d3a..a081b3ab3e2 100644 --- a/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - grok: description: Parse syslog header. diff --git a/packages/symantec_endpoint/data_stream/log/sample_event.json b/packages/symantec_endpoint/data_stream/log/sample_event.json index 4dfa5436fb0..804a24e00dd 100644 --- a/packages/symantec_endpoint/data_stream/log/sample_event.json +++ b/packages/symantec_endpoint/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/symantec_endpoint/docs/README.md b/packages/symantec_endpoint/docs/README.md index 428b3cf5dc3..e2fb4ffcaa2 100644 --- a/packages/symantec_endpoint/docs/README.md +++ b/packages/symantec_endpoint/docs/README.md @@ -367,7 +367,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index e2ff803751a..825b771e799 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -1,6 +1,6 @@ name: symantec_endpoint title: Symantec Endpoint Protection -version: "2.0.1" +version: "2.1.0" release: ga description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration diff --git a/packages/tcp/_dev/build/build.yml b/packages/tcp/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/tcp/_dev/build/build.yml +++ b/packages/tcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index 67ffbd52513..9f0cff3a44a 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.1" changes: - description: Fix indentation of syslog processor in agent handlebars file. diff --git a/packages/tcp/manifest.yml b/packages/tcp/manifest.yml index 111fd11f108..29b609bbe3d 100644 --- a/packages/tcp/manifest.yml +++ b/packages/tcp/manifest.yml @@ -3,7 +3,7 @@ name: tcp title: Custom TCP Logs description: Collect raw TCP data from listening TCP port with Elastic Agent. type: integration -version: "1.4.1" +version: "1.5.0" release: ga conditions: kibana.version: "^8.2.1" diff --git a/packages/tenable_sc/_dev/build/build.yml b/packages/tenable_sc/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/tenable_sc/_dev/build/build.yml +++ b/packages/tenable_sc/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index c4c905a8035..53d87f3a788 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.1" changes: - description: Fix an indefinite pagination bug by adding explicit pagination termination conditions. In Agent versions >= 8.2.0 pagination termination was never happening. diff --git a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 63278a69e4f..7477d894c6e 100644 --- a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "host", @@ -78,7 +78,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "host", @@ -154,7 +154,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "host", diff --git a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index ea681a7950c..9a872bb47f5 100644 --- a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc asset logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json index 511fc1dba89..ad02ef1ab1d 100644 --- a/packages/tenable_sc/data_stream/asset/sample_event.json +++ b/packages/tenable_sc/data_stream/asset/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index d01fb03c540..66d2757a9aa 100644 --- a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -90,7 +90,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -230,7 +230,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", @@ -353,7 +353,7 @@ { "@timestamp": "2021-09-27T01:33:53.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "kind": "event", diff --git a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index c429326c2d1..aab5b00321f 100644 --- a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc plugin logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json index 4bc05949832..eb26bd75c83 100644 --- a/packages/tenable_sc/data_stream/plugin/sample_event.json +++ b/packages/tenable_sc/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", diff --git a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index 985f7b96fba..eab8fa2ae12 100644 --- a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -117,7 +117,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -234,7 +234,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -415,7 +415,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -630,7 +630,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 96e13949afc..2396761f4da 100644 --- a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc vulnerability logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json index d9673a611e7..8937b4a1be9 100644 --- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md index b3761673507..a2ea8f84edf 100644 --- a/packages/tenable_sc/docs/README.md +++ b/packages/tenable_sc/docs/README.md @@ -43,7 +43,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", @@ -235,7 +235,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", @@ -491,7 +491,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "652f8609-1989-4515-8c01-c16c9e892066", diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index 9385ac7051f..c2c4eb453ae 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: "1.4.1" +version: "1.5.0" license: basic description: | Collect logs from Tenable.sc with Elastic Agent. diff --git a/packages/ti_abusech/_dev/build/build.yml b/packages/ti_abusech/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_abusech/_dev/build/build.yml +++ b/packages/ti_abusech/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index f75b7d1e399..e0619a5d31e 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.1" changes: - description: Change abusech.malwarebazaar.code_sign to Nested field diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index 7420b471a88..6ee2f6fe7bc 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -5,7 +5,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -50,7 +50,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -146,7 +146,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -191,7 +191,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -284,7 +284,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -421,7 +421,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -466,7 +466,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -511,7 +511,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -601,7 +601,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -693,7 +693,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -785,7 +785,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -830,7 +830,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -875,7 +875,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -922,7 +922,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -967,7 +967,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1012,7 +1012,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1102,7 +1102,7 @@ "malware": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index 9bf4d0aec09..4c50ae26cea 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malware/sample_event.json b/packages/ti_abusech/data_stream/malware/sample_event.json index f54999bff80..a422be4e8d8 100644 --- a/packages/ti_abusech/data_stream/malware/sample_event.json +++ b/packages/ti_abusech/data_stream/malware/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index dc49b1607e9..2dc5d7ecc22 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -406,7 +406,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -547,7 +547,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -628,7 +628,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index 5dc0fed403f..004fe3cb461 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json index e58965abca4..0c1b49c76d8 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json b/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json index 12b135c5216..0aefca41dd9 100644 --- a/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/threatfox/_dev/test/pipeline/test-threatfox-ndjson.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -55,7 +55,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -100,7 +100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -267,7 +267,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -312,7 +312,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -403,7 +403,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -456,7 +456,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -654,7 +654,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -707,7 +707,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -755,7 +755,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -807,7 +807,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -854,7 +854,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -901,7 +901,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -954,7 +954,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1003,7 +1003,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1101,7 +1101,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1150,7 +1150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1199,7 +1199,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1248,7 +1248,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1297,7 +1297,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1396,7 +1396,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1497,7 +1497,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1550,7 +1550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1598,7 +1598,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1651,7 +1651,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1699,7 +1699,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1751,7 +1751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1852,7 +1852,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1898,7 +1898,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1940,7 +1940,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1985,7 +1985,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2027,7 +2027,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2072,7 +2072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2161,7 +2161,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2205,7 +2205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2259,7 +2259,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2300,7 +2300,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2386,7 +2386,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2433,7 +2433,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2474,7 +2474,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2515,7 +2515,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2557,7 +2557,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2599,7 +2599,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2646,7 +2646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2693,7 +2693,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2791,7 +2791,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2838,7 +2838,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2890,7 +2890,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2938,7 +2938,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2986,7 +2986,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3038,7 +3038,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3086,7 +3086,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3138,7 +3138,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3190,7 +3190,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3237,7 +3237,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3284,7 +3284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3336,7 +3336,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3384,7 +3384,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3436,7 +3436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3487,7 +3487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml index fffebbcb734..d910f8b5a34 100644 --- a/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/threatfox/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/threatfox/sample_event.json b/packages/ti_abusech/data_stream/threatfox/sample_event.json index c6744c49d51..86b814add15 100644 --- a/packages/ti_abusech/data_stream/threatfox/sample_event.json +++ b/packages/ti_abusech/data_stream/threatfox/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json index 4903795eeac..df4c42e6c83 100644 --- a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -402,7 +402,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -498,7 +498,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -546,7 +546,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -594,7 +594,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -642,7 +642,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -690,7 +690,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -834,7 +834,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -882,7 +882,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -930,7 +930,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -978,7 +978,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1074,7 +1074,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1122,7 +1122,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1216,7 +1216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1263,7 +1263,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1310,7 +1310,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1357,7 +1357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1501,7 +1501,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1549,7 +1549,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1596,7 +1596,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1643,7 +1643,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1690,7 +1690,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1784,7 +1784,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1833,7 +1833,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1975,7 +1975,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2071,7 +2071,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2119,7 +2119,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2215,7 +2215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2263,7 +2263,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2311,7 +2311,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2359,7 +2359,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2407,7 +2407,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2455,7 +2455,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2503,7 +2503,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2550,7 +2550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2595,7 +2595,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2640,7 +2640,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2685,7 +2685,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2730,7 +2730,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2775,7 +2775,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2865,7 +2865,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2910,7 +2910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2955,7 +2955,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3000,7 +3000,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3090,7 +3090,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3135,7 +3135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3180,7 +3180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3225,7 +3225,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3270,7 +3270,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3450,7 +3450,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3495,7 +3495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3540,7 +3540,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3585,7 +3585,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3630,7 +3630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3675,7 +3675,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3720,7 +3720,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3765,7 +3765,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3810,7 +3810,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3855,7 +3855,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3945,7 +3945,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3990,7 +3990,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4035,7 +4035,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4080,7 +4080,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4125,7 +4125,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4170,7 +4170,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4215,7 +4215,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4260,7 +4260,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4305,7 +4305,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4350,7 +4350,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4395,7 +4395,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4485,7 +4485,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4530,7 +4530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4575,7 +4575,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4620,7 +4620,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4665,7 +4665,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4710,7 +4710,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4755,7 +4755,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4845,7 +4845,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4890,7 +4890,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4935,7 +4935,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5025,7 +5025,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5070,7 +5070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5115,7 +5115,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5160,7 +5160,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5205,7 +5205,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5295,7 +5295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5340,7 +5340,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5385,7 +5385,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5430,7 +5430,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5475,7 +5475,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5520,7 +5520,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5565,7 +5565,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5655,7 +5655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5700,7 +5700,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5745,7 +5745,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5790,7 +5790,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5880,7 +5880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5925,7 +5925,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5970,7 +5970,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6015,7 +6015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6105,7 +6105,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6150,7 +6150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6195,7 +6195,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6240,7 +6240,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6330,7 +6330,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6375,7 +6375,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6420,7 +6420,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6465,7 +6465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6510,7 +6510,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6555,7 +6555,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6600,7 +6600,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6645,7 +6645,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6692,7 +6692,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6740,7 +6740,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6788,7 +6788,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6836,7 +6836,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6884,7 +6884,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6932,7 +6932,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -6980,7 +6980,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7028,7 +7028,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7076,7 +7076,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7124,7 +7124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7172,7 +7172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7220,7 +7220,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7268,7 +7268,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7316,7 +7316,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7364,7 +7364,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7412,7 +7412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7460,7 +7460,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7508,7 +7508,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7556,7 +7556,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7652,7 +7652,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7700,7 +7700,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7748,7 +7748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7796,7 +7796,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7844,7 +7844,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7892,7 +7892,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7941,7 +7941,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -7988,7 +7988,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8036,7 +8036,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8084,7 +8084,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8132,7 +8132,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8180,7 +8180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8228,7 +8228,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8276,7 +8276,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8324,7 +8324,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8372,7 +8372,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8420,7 +8420,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8468,7 +8468,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8517,7 +8517,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8564,7 +8564,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8612,7 +8612,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8660,7 +8660,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8708,7 +8708,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8756,7 +8756,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8804,7 +8804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8852,7 +8852,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8900,7 +8900,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8948,7 +8948,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -8996,7 +8996,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9044,7 +9044,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9092,7 +9092,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9140,7 +9140,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9188,7 +9188,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9236,7 +9236,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9284,7 +9284,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9332,7 +9332,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9380,7 +9380,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9428,7 +9428,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9476,7 +9476,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9525,7 +9525,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9574,7 +9574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9622,7 +9622,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9670,7 +9670,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9718,7 +9718,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9766,7 +9766,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9814,7 +9814,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9862,7 +9862,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9910,7 +9910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -9958,7 +9958,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10006,7 +10006,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10054,7 +10054,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10102,7 +10102,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10150,7 +10150,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10198,7 +10198,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10246,7 +10246,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10294,7 +10294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10342,7 +10342,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10390,7 +10390,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10438,7 +10438,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10486,7 +10486,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10534,7 +10534,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10582,7 +10582,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10630,7 +10630,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10678,7 +10678,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10726,7 +10726,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10774,7 +10774,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10823,7 +10823,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10872,7 +10872,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10919,7 +10919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -10967,7 +10967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11015,7 +11015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11063,7 +11063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11111,7 +11111,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11159,7 +11159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11207,7 +11207,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11255,7 +11255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11303,7 +11303,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11351,7 +11351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11399,7 +11399,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11447,7 +11447,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11495,7 +11495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11543,7 +11543,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11591,7 +11591,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11639,7 +11639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11687,7 +11687,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11735,7 +11735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11783,7 +11783,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11831,7 +11831,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11880,7 +11880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11928,7 +11928,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -11976,7 +11976,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12022,7 +12022,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12070,7 +12070,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12118,7 +12118,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12166,7 +12166,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12214,7 +12214,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12262,7 +12262,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12310,7 +12310,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12358,7 +12358,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12406,7 +12406,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12454,7 +12454,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12503,7 +12503,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12550,7 +12550,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12598,7 +12598,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12646,7 +12646,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12694,7 +12694,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12742,7 +12742,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12790,7 +12790,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12838,7 +12838,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12886,7 +12886,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12934,7 +12934,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -12982,7 +12982,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13030,7 +13030,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13078,7 +13078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13127,7 +13127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13175,7 +13175,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13223,7 +13223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13271,7 +13271,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13319,7 +13319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13367,7 +13367,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13415,7 +13415,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13463,7 +13463,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13511,7 +13511,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13559,7 +13559,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13607,7 +13607,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13655,7 +13655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13703,7 +13703,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13751,7 +13751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13799,7 +13799,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13847,7 +13847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13895,7 +13895,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13943,7 +13943,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -13991,7 +13991,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14039,7 +14039,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14087,7 +14087,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14135,7 +14135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14183,7 +14183,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14231,7 +14231,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14279,7 +14279,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14327,7 +14327,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14375,7 +14375,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14424,7 +14424,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14473,7 +14473,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14520,7 +14520,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14568,7 +14568,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14616,7 +14616,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14664,7 +14664,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14712,7 +14712,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14760,7 +14760,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14808,7 +14808,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14856,7 +14856,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14904,7 +14904,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -14952,7 +14952,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15000,7 +15000,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15048,7 +15048,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15096,7 +15096,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15144,7 +15144,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15192,7 +15192,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15240,7 +15240,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15288,7 +15288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15336,7 +15336,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15384,7 +15384,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15432,7 +15432,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15480,7 +15480,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15529,7 +15529,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15574,7 +15574,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15621,7 +15621,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15668,7 +15668,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15716,7 +15716,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15764,7 +15764,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15812,7 +15812,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15860,7 +15860,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15908,7 +15908,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -15956,7 +15956,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16004,7 +16004,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16052,7 +16052,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16100,7 +16100,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16148,7 +16148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16196,7 +16196,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16244,7 +16244,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16292,7 +16292,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16340,7 +16340,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16388,7 +16388,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16436,7 +16436,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16484,7 +16484,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16532,7 +16532,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16581,7 +16581,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16629,7 +16629,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16677,7 +16677,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16725,7 +16725,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16773,7 +16773,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16822,7 +16822,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16871,7 +16871,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16918,7 +16918,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -16967,7 +16967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17015,7 +17015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17063,7 +17063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17111,7 +17111,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17159,7 +17159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17207,7 +17207,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17255,7 +17255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17303,7 +17303,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17351,7 +17351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17399,7 +17399,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17447,7 +17447,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17495,7 +17495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17543,7 +17543,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17591,7 +17591,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17639,7 +17639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17688,7 +17688,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17735,7 +17735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17784,7 +17784,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17832,7 +17832,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17880,7 +17880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17928,7 +17928,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -17976,7 +17976,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18024,7 +18024,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18072,7 +18072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18120,7 +18120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18168,7 +18168,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18216,7 +18216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18263,7 +18263,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18310,7 +18310,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18357,7 +18357,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18404,7 +18404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18451,7 +18451,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18498,7 +18498,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18546,7 +18546,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18593,7 +18593,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18640,7 +18640,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18688,7 +18688,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18735,7 +18735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18782,7 +18782,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18830,7 +18830,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18877,7 +18877,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18924,7 +18924,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -18972,7 +18972,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19020,7 +19020,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19068,7 +19068,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19116,7 +19116,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19163,7 +19163,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19212,7 +19212,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19260,7 +19260,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19308,7 +19308,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19356,7 +19356,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19404,7 +19404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19452,7 +19452,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19500,7 +19500,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19548,7 +19548,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19596,7 +19596,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19644,7 +19644,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19692,7 +19692,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19740,7 +19740,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19788,7 +19788,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19836,7 +19836,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19884,7 +19884,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19932,7 +19932,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -19980,7 +19980,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20028,7 +20028,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20076,7 +20076,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20124,7 +20124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20172,7 +20172,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20220,7 +20220,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20268,7 +20268,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20316,7 +20316,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20364,7 +20364,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20412,7 +20412,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20460,7 +20460,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20508,7 +20508,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20556,7 +20556,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20604,7 +20604,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20652,7 +20652,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20700,7 +20700,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20748,7 +20748,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20796,7 +20796,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20845,7 +20845,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20894,7 +20894,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20942,7 +20942,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -20990,7 +20990,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21038,7 +21038,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21086,7 +21086,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21134,7 +21134,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21182,7 +21182,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21230,7 +21230,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21278,7 +21278,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21326,7 +21326,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21374,7 +21374,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21422,7 +21422,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21470,7 +21470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21518,7 +21518,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21566,7 +21566,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21614,7 +21614,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21662,7 +21662,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21710,7 +21710,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21758,7 +21758,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21806,7 +21806,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21854,7 +21854,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21902,7 +21902,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21951,7 +21951,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -21999,7 +21999,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22047,7 +22047,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22095,7 +22095,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22143,7 +22143,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22191,7 +22191,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22239,7 +22239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22287,7 +22287,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22335,7 +22335,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22383,7 +22383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22431,7 +22431,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22479,7 +22479,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22527,7 +22527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22575,7 +22575,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22623,7 +22623,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22671,7 +22671,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22719,7 +22719,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22767,7 +22767,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22815,7 +22815,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22863,7 +22863,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22911,7 +22911,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -22959,7 +22959,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23007,7 +23007,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23055,7 +23055,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23103,7 +23103,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23151,7 +23151,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23199,7 +23199,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23247,7 +23247,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23295,7 +23295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23343,7 +23343,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23392,7 +23392,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23440,7 +23440,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23487,7 +23487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23535,7 +23535,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23583,7 +23583,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23631,7 +23631,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23679,7 +23679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23727,7 +23727,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23775,7 +23775,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23823,7 +23823,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23871,7 +23871,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23919,7 +23919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23967,7 +23967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24015,7 +24015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24063,7 +24063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24111,7 +24111,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24159,7 +24159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24207,7 +24207,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24255,7 +24255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24303,7 +24303,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24351,7 +24351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24400,7 +24400,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24449,7 +24449,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24496,7 +24496,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24544,7 +24544,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24592,7 +24592,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24640,7 +24640,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24688,7 +24688,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24736,7 +24736,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24784,7 +24784,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24832,7 +24832,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24880,7 +24880,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24928,7 +24928,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -24976,7 +24976,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25024,7 +25024,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25072,7 +25072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25120,7 +25120,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25168,7 +25168,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25216,7 +25216,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25264,7 +25264,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25313,7 +25313,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25361,7 +25361,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25409,7 +25409,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25505,7 +25505,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25554,7 +25554,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25601,7 +25601,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25647,7 +25647,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25695,7 +25695,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25743,7 +25743,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25791,7 +25791,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25839,7 +25839,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25887,7 +25887,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25935,7 +25935,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -25983,7 +25983,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26032,7 +26032,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26079,7 +26079,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26127,7 +26127,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26175,7 +26175,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26223,7 +26223,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26271,7 +26271,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26319,7 +26319,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26367,7 +26367,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26415,7 +26415,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26463,7 +26463,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26511,7 +26511,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26559,7 +26559,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26607,7 +26607,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26655,7 +26655,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26703,7 +26703,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26751,7 +26751,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26799,7 +26799,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26847,7 +26847,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26895,7 +26895,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26943,7 +26943,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -26991,7 +26991,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27039,7 +27039,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27087,7 +27087,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27135,7 +27135,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27184,7 +27184,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27231,7 +27231,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27279,7 +27279,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27327,7 +27327,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27375,7 +27375,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27423,7 +27423,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27471,7 +27471,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27519,7 +27519,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27568,7 +27568,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27615,7 +27615,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27663,7 +27663,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27711,7 +27711,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27759,7 +27759,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27807,7 +27807,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27855,7 +27855,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27903,7 +27903,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27951,7 +27951,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -27999,7 +27999,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28047,7 +28047,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28095,7 +28095,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28143,7 +28143,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28191,7 +28191,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28239,7 +28239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28287,7 +28287,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28335,7 +28335,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28383,7 +28383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28432,7 +28432,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28479,7 +28479,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28527,7 +28527,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28576,7 +28576,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28624,7 +28624,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28672,7 +28672,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28720,7 +28720,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28766,7 +28766,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28812,7 +28812,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28858,7 +28858,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28906,7 +28906,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -28954,7 +28954,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29002,7 +29002,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29050,7 +29050,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29098,7 +29098,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29146,7 +29146,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29194,7 +29194,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29242,7 +29242,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29290,7 +29290,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29338,7 +29338,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29386,7 +29386,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29434,7 +29434,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29482,7 +29482,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29530,7 +29530,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29578,7 +29578,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29626,7 +29626,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29674,7 +29674,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29722,7 +29722,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29770,7 +29770,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29818,7 +29818,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29867,7 +29867,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29914,7 +29914,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -29962,7 +29962,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30008,7 +30008,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30055,7 +30055,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30103,7 +30103,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30151,7 +30151,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30199,7 +30199,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30247,7 +30247,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30295,7 +30295,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30344,7 +30344,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30391,7 +30391,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30439,7 +30439,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30487,7 +30487,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30535,7 +30535,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30583,7 +30583,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30631,7 +30631,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30679,7 +30679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30727,7 +30727,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30775,7 +30775,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30823,7 +30823,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30871,7 +30871,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30919,7 +30919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -30967,7 +30967,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31015,7 +31015,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31063,7 +31063,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31111,7 +31111,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31159,7 +31159,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31207,7 +31207,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31255,7 +31255,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31303,7 +31303,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31351,7 +31351,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31400,7 +31400,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31447,7 +31447,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31495,7 +31495,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31543,7 +31543,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31591,7 +31591,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31639,7 +31639,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31687,7 +31687,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31735,7 +31735,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31783,7 +31783,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -31831,7 +31831,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml index 7fb2584cdc9..f4c822be3b0 100644 --- a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/url/sample_event.json b/packages/ti_abusech/data_stream/url/sample_event.json index 8a19bfedad6..01a2e83b283 100644 --- a/packages/ti_abusech/data_stream/url/sample_event.json +++ b/packages/ti_abusech/data_stream/url/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "87d4d8f8-b034-42ba-a5bb-33ff670e619e", diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index 541f61068c4..79280753c12 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: "1.7.1" +version: "1.8.0" release: ga description: Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent. type: integration diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 3b6d514605e..b7a2adf3a2c 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Deprecate EOL Limo datastream. See https://www.anomali.com/resources/limo. diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index d0e48a24c91..254c992d66b 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -326,7 +326,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -389,7 +389,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -448,7 +448,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -501,7 +501,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -563,7 +563,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1014,7 +1014,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1069,7 +1069,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1124,7 +1124,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1289,7 +1289,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1460,7 +1460,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1515,7 +1515,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1569,7 +1569,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1621,7 +1621,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1744,7 +1744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1855,7 +1855,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1963,7 +1963,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2018,7 +2018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2126,7 +2126,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2180,7 +2180,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2293,7 +2293,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2465,7 +2465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2520,7 +2520,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2580,7 +2580,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2641,7 +2641,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2695,7 +2695,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2749,7 +2749,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2859,7 +2859,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2973,7 +2973,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3192,7 +3192,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3246,7 +3246,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3355,7 +3355,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3470,7 +3470,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3525,7 +3525,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3579,7 +3579,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3689,7 +3689,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3744,7 +3744,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3798,7 +3798,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3851,7 +3851,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3912,7 +3912,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3965,7 +3965,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4072,7 +4072,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4132,7 +4132,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4186,7 +4186,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4239,7 +4239,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4294,7 +4294,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4410,7 +4410,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4531,7 +4531,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4592,7 +4592,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4644,7 +4644,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4702,7 +4702,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4763,7 +4763,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4825,7 +4825,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4892,7 +4892,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4953,7 +4953,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5010,7 +5010,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5190,7 +5190,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5309,7 +5309,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5369,7 +5369,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5418,7 +5418,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5465,7 +5465,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5514,7 +5514,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5562,7 +5562,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -5611,7 +5611,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index 19669f17bfe..fcc302871cc 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - fingerprint: fields: - event.dataset diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index 3f9e65e6f4a..8aba36f1e53 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -32,7 +32,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "83b444a9-8a29-4729-964a-a91e7b770094", diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index 579df81a710..932ecb79ada 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -53,7 +53,7 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "83b444a9-8a29-4729-964a-a91e7b770094", diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 5a1525671ec..13e59694060 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: "1.7.0" +version: "1.8.0" release: ga description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration diff --git a/packages/ti_cif3/_dev/build/build.yml b/packages/ti_cif3/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/ti_cif3/_dev/build/build.yml +++ b/packages/ti_cif3/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/ti_cif3/changelog.yml b/packages/ti_cif3/changelog.yml index b267c7d8736..715b5fcadc5 100644 --- a/packages/ti_cif3/changelog.yml +++ b/packages/ti_cif3/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "0.2.2" changes: - description: Remove duplicate field. diff --git a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json index 2e0b2ab3724..2968db38ff3 100644 --- a/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json +++ b/packages/ti_cif3/data_stream/feed/_dev/test/pipeline/test-cif3-sample-ndjson.log-expected.json @@ -7,7 +7,7 @@ "uuid": "3fbdd654-b2b0-498c-8e20-ef87bce73672" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -45,4 +45,4 @@ } } ] -} +} \ No newline at end of file diff --git a/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml index 710037d1b14..92a06b500cd 100644 --- a/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cif3/data_stream/feed/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.4.0" + value: "8.5.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_cif3/data_stream/feed/sample_event.json b/packages/ti_cif3/data_stream/feed/sample_event.json index b44e61828b8..5a55da455f1 100755 --- a/packages/ti_cif3/data_stream/feed/sample_event.json +++ b/packages/ti_cif3/data_stream/feed/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f599fd51-b36d-45b4-a90f-4d63240b8477", diff --git a/packages/ti_cif3/docs/README.md b/packages/ti_cif3/docs/README.md index af59f9a5e8c..69e2e5a02d9 100644 --- a/packages/ti_cif3/docs/README.md +++ b/packages/ti_cif3/docs/README.md @@ -141,7 +141,7 @@ An example event for `feed` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "f599fd51-b36d-45b4-a90f-4d63240b8477", diff --git a/packages/ti_cif3/manifest.yml b/packages/ti_cif3/manifest.yml index d8706762eaa..15d5f11a978 100644 --- a/packages/ti_cif3/manifest.yml +++ b/packages/ti_cif3/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: ti_cif3 title: "Collective Intelligence Framework v3" -version: 0.2.2 +version: "0.3.0" release: beta license: basic description: "Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent." @@ -32,7 +32,6 @@ policy_templates: required: true show_user: true description: "Base URL for CIFv3 instance, e.g.: https://cif.yourdomain.tld" - - name: api_token type: password title: API Token diff --git a/packages/ti_cybersixgill/_dev/build/build.yml b/packages/ti_cybersixgill/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_cybersixgill/_dev/build/build.yml +++ b/packages/ti_cybersixgill/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index ed1d4d672f3..b84d45bfad9 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json index 3815733f4f8..c77291d97c8 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -63,7 +63,7 @@ "virustotal": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -111,7 +111,7 @@ "virustotal": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -157,7 +157,7 @@ "virustotal": {} }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index cc69f7d291a..2eab9e01678 100644 --- a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Initial pipeline for parsing Cybersixgill webhooks processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_cybersixgill/data_stream/threat/sample_event.json b/packages/ti_cybersixgill/data_stream/threat/sample_event.json index 0c73c1eda55..9b91d62f5b5 100644 --- a/packages/ti_cybersixgill/data_stream/threat/sample_event.json +++ b/packages/ti_cybersixgill/data_stream/threat/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/docs/README.md b/packages/ti_cybersixgill/docs/README.md index 671acab54f4..a9b41c628a4 100644 --- a/packages/ti_cybersixgill/docs/README.md +++ b/packages/ti_cybersixgill/docs/README.md @@ -126,7 +126,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 5fd3e24922d..0888a5bdf29 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: "1.7.0" +version: "1.8.0" release: ga description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. type: integration diff --git a/packages/ti_misp/_dev/build/build.yml b/packages/ti_misp/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_misp/_dev/build/build.yml +++ b/packages/ti_misp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 016d13e2628..5d082f324a7 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.1" changes: - description: Remove duplicate field. diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index 3c411f58d98..a0cc39545ef 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-21T09:09:22.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -78,7 +78,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -153,7 +153,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -226,7 +226,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -368,7 +368,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -457,7 +457,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -546,7 +546,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -640,7 +640,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -734,7 +734,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -826,7 +826,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -897,7 +897,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -973,7 +973,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1047,7 +1047,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1118,7 +1118,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1189,7 +1189,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1260,7 +1260,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1336,7 +1336,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1410,7 +1410,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1499,7 +1499,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1588,7 +1588,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1677,7 +1677,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1766,7 +1766,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1855,7 +1855,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1949,7 +1949,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2043,7 +2043,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index 8f1789c695c..bd7308bd064 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -81,7 +81,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -158,7 +158,7 @@ { "@timestamp": "2017-04-28T18:23:44.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -235,7 +235,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -310,7 +310,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -381,7 +381,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -454,7 +454,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -524,7 +524,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -599,7 +599,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -672,7 +672,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -751,7 +751,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -822,7 +822,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -899,7 +899,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -971,7 +971,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1043,7 +1043,7 @@ { "@timestamp": "2020-12-13T14:03:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index d5f868a2a80..2e96c2944f1 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_misp/data_stream/threat/sample_event.json b/packages/ti_misp/data_stream/threat/sample_event.json index 101990cd2d8..e33c7977664 100644 --- a/packages/ti_misp/data_stream/threat/sample_event.json +++ b/packages/ti_misp/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "a4d670f7-b402-456c-89b1-fbf01d2c8a8b", diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index 62e7c28f77c..52c96f15170 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -174,7 +174,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "a4d670f7-b402-456c-89b1-fbf01d2c8a8b", diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index 0fd9e889f41..0ab2578db2d 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: "1.7.1" +version: "1.8.0" release: ga description: Ingest threat intelligence indicators from MISP platform with Elastic Agent. type: integration diff --git a/packages/ti_otx/_dev/build/build.yml b/packages/ti_otx/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_otx/_dev/build/build.yml +++ b/packages/ti_otx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index 0ec2d73bba0..8d631e78f65 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 09ad1e3564f..c76758294fa 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -23,7 +23,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -51,7 +51,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -95,7 +95,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -120,7 +120,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -147,7 +147,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -172,7 +172,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -199,7 +199,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -220,7 +220,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -270,7 +270,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -297,7 +297,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -322,7 +322,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -347,7 +347,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -372,7 +372,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -397,7 +397,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -450,7 +450,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -478,7 +478,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -534,7 +534,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -561,7 +561,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -586,7 +586,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -611,7 +611,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -691,7 +691,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -719,7 +719,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -744,7 +744,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -772,7 +772,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -800,7 +800,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -846,7 +846,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -871,7 +871,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -898,7 +898,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -925,7 +925,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -977,7 +977,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1004,7 +1004,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1029,7 +1029,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1085,7 +1085,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1113,7 +1113,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1141,7 +1141,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1164,7 +1164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1185,7 +1185,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1206,7 +1206,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1233,7 +1233,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1260,7 +1260,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1287,7 +1287,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1314,7 +1314,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1341,7 +1341,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1368,7 +1368,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1395,7 +1395,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1416,7 +1416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1437,7 +1437,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1458,7 +1458,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1479,7 +1479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1500,7 +1500,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1525,7 +1525,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1546,7 +1546,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1567,7 +1567,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1588,7 +1588,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1611,7 +1611,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1634,7 +1634,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1657,7 +1657,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1680,7 +1680,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1703,7 +1703,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1726,7 +1726,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1749,7 +1749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1772,7 +1772,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1795,7 +1795,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1822,7 +1822,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1849,7 +1849,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1876,7 +1876,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1903,7 +1903,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1926,7 +1926,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1947,7 +1947,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1968,7 +1968,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1996,7 +1996,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2023,7 +2023,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2050,7 +2050,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 6661c5ead38..970a45f510c 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index e05bdae9230..8ca2f192556 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index 5283b3f5cde..da276fc8aeb 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -115,7 +115,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index e23e34aa1e7..54f5a55f18a 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: "1.5.0" +version: "1.6.0" release: ga description: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. type: integration diff --git a/packages/ti_recordedfuture/_dev/build/build.yml b/packages/ti_recordedfuture/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_recordedfuture/_dev/build/build.yml +++ b/packages/ti_recordedfuture/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml index 862479b7c71..508fab21440 100644 --- a/packages/ti_recordedfuture/changelog.yml +++ b/packages/ti_recordedfuture/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.3.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json index 9772f6e70d8..4e22afe7b5d 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-domain-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -99,7 +99,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -203,7 +203,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -307,7 +307,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -399,7 +399,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -491,7 +491,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -583,7 +583,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -675,7 +675,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json index 30d3cafcead..5691a44f24f 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-hash-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -192,7 +192,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -549,7 +549,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -911,7 +911,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1028,7 +1028,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1327,7 +1327,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1426,7 +1426,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json index e839ba1fac3..df2252b32e8 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-httpjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -202,7 +202,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -306,7 +306,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -490,7 +490,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -582,7 +582,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -766,7 +766,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -858,7 +858,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1139,7 +1139,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1313,7 +1313,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1496,7 +1496,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1858,7 +1858,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -1975,7 +1975,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2089,7 +2089,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2274,7 +2274,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2373,7 +2373,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2488,7 +2488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2607,7 +2607,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2688,7 +2688,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2793,7 +2793,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -2897,7 +2897,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3057,7 +3057,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3124,7 +3124,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3240,7 +3240,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3321,7 +3321,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3459,7 +3459,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3563,7 +3563,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3687,7 +3687,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3767,7 +3767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3868,7 +3868,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -3941,7 +3941,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4013,7 +4013,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4096,7 +4096,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4186,7 +4186,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4258,7 +4258,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4338,7 +4338,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -4417,7 +4417,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json index 661005c70e6..0e2830605c5 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-ip-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -84,7 +84,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -174,7 +174,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -279,7 +279,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -383,7 +383,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -543,7 +543,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -610,7 +610,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -726,7 +726,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -807,7 +807,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json index bb9dd39a911..72cb5aff194 100644 --- a/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json +++ b/packages/ti_recordedfuture/data_stream/threat/_dev/test/pipeline/test-url-default.log-expected.json @@ -3,7 +3,7 @@ null, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -257,7 +257,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -412,7 +412,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -502,7 +502,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -574,7 +574,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -654,7 +654,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -733,7 +733,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index f6100954175..a25bd2350dc 100644 --- a/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_recordedfuture/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.dataset value: "ti_recordedfuture.threat" diff --git a/packages/ti_recordedfuture/data_stream/threat/sample_event.json b/packages/ti_recordedfuture/data_stream/threat/sample_event.json index 180cf3f68ac..cde57a05474 100644 --- a/packages/ti_recordedfuture/data_stream/threat/sample_event.json +++ b/packages/ti_recordedfuture/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/ti_recordedfuture/docs/README.md b/packages/ti_recordedfuture/docs/README.md index 51b6f8f480e..7f2a10e73bb 100644 --- a/packages/ti_recordedfuture/docs/README.md +++ b/packages/ti_recordedfuture/docs/README.md @@ -30,7 +30,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "33b93e16-9d01-4487-9b09-99db9e860912", diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml index 252988eeff9..141f1058a88 100644 --- a/packages/ti_recordedfuture/manifest.yml +++ b/packages/ti_recordedfuture/manifest.yml @@ -1,6 +1,6 @@ name: ti_recordedfuture title: Recorded Future -version: 1.3.0 +version: "1.4.0" release: ga description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent. type: integration diff --git a/packages/ti_threatq/_dev/build/build.yml b/packages/ti_threatq/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/ti_threatq/_dev/build/build.yml +++ b/packages/ti_threatq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 98ccfab59a5..60b2ddb5134 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.6.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index c762b1e26c1..ef7a977febc 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -52,7 +52,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -150,7 +150,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -193,7 +193,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -242,7 +242,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -294,7 +294,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -343,7 +343,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -392,7 +392,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", @@ -441,7 +441,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "threat", diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 06ea9bfec70..fa28f0fa768 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: enrichment diff --git a/packages/ti_threatq/data_stream/threat/sample_event.json b/packages/ti_threatq/data_stream/threat/sample_event.json index 3b6749f3e58..9a162262246 100644 --- a/packages/ti_threatq/data_stream/threat/sample_event.json +++ b/packages/ti_threatq/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "a7be703c-0d78-40ea-8ad7-a02245cca635", diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index 0868762175c..14bf8a0bfae 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -118,7 +118,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "a7be703c-0d78-40ea-8ad7-a02245cca635", diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index 6d1ce79cd47..7eaeb4e61ad 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: "1.6.0" +version: "1.7.0" release: ga description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. type: integration diff --git a/packages/tomcat/_dev/build/build.yml b/packages/tomcat/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/tomcat/_dev/build/build.yml +++ b/packages/tomcat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 22a81e20638..333f70ce13d 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.6.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index b317fd1c518..db8c36d5d0f 100644 --- a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-259-CFYZ: 10.196.153.12||sequa||abo||[12/Feb/2016:1:12:33 PST]||umqui||https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev||pisciv||uii||umexe||estlabo||5222||https://mail.example.com/uat/eporr.jpg?byCicer=luptat#agn||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nulapari", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 26 20:15:08 ctetur5806.api.home %APACHETOMCAT- COOK: 10.156.194.38||gnaali||enatus||[26/Feb/2016:8:15:08 PT]||incid||https://internal.example.com/tetur/idolor.html?ntex=eius#luptat||emape||aer||lupt||tia||7019||https://www.example.com/quis/orisn.txt?anti=ofdeF#metcons||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||nul", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1060-INDEX: 10.196.118.192||tinculp||tur||[12/Mar/2016:3:17:42 CT]||equat||https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu||ionofde||con||uia||quiavo||1156||https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tconsec", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4141-BADMTHD: 10.246.209.145||oluptas||llu||[26/Mar/2016:10:20:16 GMT+02:00]||ommod||https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn||equuntu||eos||enimad||rmagni||1998||https://internal.example.net/onev/tenima.jpg?seq=olorema#ccaecat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||fug", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2964-BADMETHOD: 10.114.191.225||uian||tempo||[09/Apr/2016:5:22:51 PST]||exercit||https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu||pori||occ||ect||reetdolo||2770||https://www5.example.org/uiano/mrema.htm?anim=autfugi#inBCSedu||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||tanimi", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 24 00:25:25 erep2696.www.home %APACHETOMCAT- INDEX: 10.38.77.13||aquaeab||liqu||[24/Apr/2016:12:25:25 PT]||ehend||https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat||loremagn||ipis||gelits||tatevel||3856||https://api.example.com/uovol/dmi.txt?quunt=ptat#ore||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||tsed", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 8 07:27:59 mUt2398.invalid %APACHETOMCAT- DEBUG: 10.11.201.109||boree||ugits||[08/May/2016:7:27:59 CEST]||iinea||https://www.example.org/idexea/riat.txt?tvol=moll#tatione||inB||deomni||tquovol||ntsuntin||3341||https://mail.example.org/imav/ididu.htm?tion=orsitame#quiratio||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||iam", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3097-BADMTHD: 10.182.166.181||apariat||mol||[22/May/2016:2:30:33 CT]||olupta||https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan||iqu||ollit||usan||aper||5529||https://example.org/uaera/sitas.txt?aedic=atquovo#iumto||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||mquaera", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6283-null: 10.185.126.247||vel||quu||[05/Jun/2016:9:33:08 OMST]||avol||https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq||metcon||smo||litessec||emporinc||5075||https://internal.example.com/atcu/oremagna.jpg?remipsum=liq#ist||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||caecatc", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 20 04:35:42 siuta2896.www.localhost %APACHETOMCAT- SEARCH: 10.72.114.23||enia||nsequu||[20/Jun/2016:4:35:42 PST]||rsint||https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf||antiumto||strude||ctetura||usmod||1640||https://mail.example.net/lor/fugit.jpg?rsitamet=lupt#xea||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||orain", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 4 11:38:16 oin6316.www5.host %APACHETOMCAT- TRACE: 10.129.241.147||lores||lapariat||[04/Jul/2016:11:38:16 PST]||etc||https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun||onproide||luptat||itaut||imaven||152||https://internal.example.net/onproide/Nemoen.gif?pitla=ccu#urE||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||inculpaq", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 18 18:40:50 tionemu7691.www.local %APACHETOMCAT- BDMTHD: 10.185.101.76||errorsi||des||[18/Jul/2016:6:40:50 GMT+02:00]||stl||https://www5.example.com/ono/stru.jpg?emaperi=tame#tinvol||tectobe||colabor||iusmodt||etdolo||3768||https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||itecto", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3217-GET: 10.57.170.140||nsec||onse||[02/Aug/2016:1:43:25 OMST]||inibusBo||https://example.net/tion/eataev.htm?uiineavo=tisetq#irati||ici||giatquov||eritquii||dexeac||3088||https://www.example.org/oreseos/uames.txt?msequi=isnostru#iquaUten||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||iadese", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1109-PUT: 10.33.153.47||hil||atquovo||[16/Aug/2016:8:45:59 GMT+02:00]||iineavo||https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip||idolor||emeumfu||CSed||lupt||6136||https://internal.example.net/quip/mporain.txt?uatD=iunt#temveleu||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||tio", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 30 15:48:33 conse2991.internal.lan %APACHETOMCAT- FGET: 10.116.104.101||gnam||tat||[30/Aug/2016:3:48:33 CET]||lumqui||https://internal.example.net/mdolore/rQuisau.gif?iavolu=den#tutla||olorema||iades||siarchi||datatn||5076||https://internal.example.net/mipsumd/eFinib.jpg?remi=saute#ercit||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||remagn", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3361-null: 10.202.194.67||samvolu||ittenbyC||[13/Sep/2016:10:51:07 ET]||eirure||https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame||iadese||nsectet||utla||utei||2716||https://example.com/tlabori/oin.jpg?quisnos=ite#ationul||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||eritqu", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 28 05:53:42 wri2784.api.domain %APACHETOMCAT- PUT: 10.153.111.103||itquiin||modocon||[28/Sep/2016:5:53:42 PST]||taevit||https://www5.example.com/etconse/tincu.txt?lit=asun#estia||eaq||occae||ctetura||labore||4621||https://www.example.com/adeseru/emoe.html?atur=itanimi#itame||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||rehender", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1637-DETECT_METHOD_TYPE: 10.52.186.29||equat||doloreme||[12/Oct/2016:12:56:16 GMT+02:00]||ione||https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex||radipisc||tmo||fficiade||uscipit||4168||https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mcolab", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 26 19:58:50 oquisqu2937.mail.domain %APACHETOMCAT- BDMTHD: 10.209.182.237||tper||olor||[26/Oct/2016:7:58:50 GMT-07:00]||osqui||https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela||boN||eprehend||aevit||aboN||3423||https://example.net/tlabo/uames.gif?mpo=offi#giatnu||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||lor", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 10 03:01:24 dolore1287.internal.lan %APACHETOMCAT- CFYZ: 10.63.194.87||quisno||sin||[10/Nov/2016:3:01:24 CT]||aliquam||https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn||isnisiu||bore||tsu||tcons||3128||https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||dol", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4307-TRACE: 10.62.191.18||tevelite||orporiss||[24/Nov/2016:10:03:59 OMST]||tlabo||https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli||eroi||dtemp||aliquide||ofde||4940||https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||udan", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6040-CFYZ: 10.238.164.29||aturQui||utlabor||[08/Dec/2016:5:06:33 ET]||temvel||https://example.net/nisi/dant.txt?ecte=tinvolu#iurer||iciadese||quidolor||tessec||olupta||2660||https://example.org/idolor/uisau.jpg?llumdolo=nre#ercitat||Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||uiinea", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1612-SEARCH: 10.155.230.17||eni||ionevo||[23/Dec/2016:12:09:07 CT]||Ute||https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius||ipsumdol||tet||etdo||urerepr||4674||https://example.com/tetu/stru.htm?tlabore=Exc#pora||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uteirure", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 6 07:11:41 ide2767.www5.local %APACHETOMCAT- RNDMMTD: 10.102.229.102||nnum||tenbyCi||[06/Jan/2017:7:11:41 PST]||tco||https://example.net/officiad/itam.html?madmi=tur#roi||niamqui||orem||sno||atno||5263||https://mail.example.net/ntocca/ostru.txt?quiavol=rrorsi#temquiav||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||sec", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 20 14:14:16 sBon1759.invalid %APACHETOMCAT- HEAD: 10.194.14.7||ten||vita||[20/Jan/2017:2:14:16 OMST]||ullamcor||https://mail.example.org/tor/qui.txt?eavolup=fugiatn#docon||etconsec||ios||evolu||ersp||3536||https://www5.example.org/sauteiru/mod.gif?tes=mquame#nihilmol||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||orain", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6113-get: 10.99.0.226||madmi||uidol||[03/Feb/2017:9:16:50 ET]||quameius||https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp||utp||ema||rsitv||iciade||5649||https://example.com/lup/tatemUt.html?upida=tvolupt#eufugi||Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36||uredol", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6945-DETECT_METHOD_TYPE: 10.107.174.213||tenimad||minimav||[18/Feb/2017:4:19:24 OMST]||taedicta||https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut||uamni||ctet||ati||uine||2438||https://api.example.org/loreme/untu.htm?ven=con#nisist||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||ium", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 4 11:21:59 idunt4707.host %APACHETOMCAT- ABCD: 10.84.25.23||laudant||isnost||[04/Mar/2017:11:21:59 CET]||rQuisau||https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem||gitsedqu||borios||rsitvolu||quam||5315||https://www.example.org/ineavo/pexe.htm?iadolor=amcol#adeser||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||gitsed", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4367-uGET: 10.193.143.108||idolo||luptate||[18/Mar/2017:6:24:33 PT]||atisun||https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab||rnatur||ofdeFin||essequam||acommo||3105||https://api.example.com/cusant/atemq.gif?itecto=reetdol#totamre||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ercita", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 2 01:27:07 emquia1497.www5.lan %APACHETOMCAT- INDEX: 10.190.51.22||uamei||siut||[02/Apr/2017:1:27:07 CT]||uisa||https://example.com/mexe/its.htm?ice=oles#edic||seq||tutlab||sau||atevelit||2450||https://example.org/aperia/ccaeca.gif?ttenby=boris#stenatu||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||orumSe", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 16 08:29:41 riat3854.www5.home %APACHETOMCAT- BADMETHOD: 10.194.90.130||siut||tconsect||[16/Apr/2017:8:29:41 PT]||piscinge||https://www.example.com/velitess/naali.htm?nre=veli#volupta||rnatu||elitse||ima||quasia||2382||https://www5.example.com/quamqua/eacommod.html?iumdol=tpersp#stla||mobmail android 2.1.3.3150||sequamni", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6198-BDMTHD: 10.10.213.83||nea||psum||[30/Apr/2017:3:32:16 OMST]||ncididun||https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita||dolore||uptate||quidexea||ect||23||https://internal.example.com/ate/odoconse.jpg?quatu=veli#tenim||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||labo", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 14 22:34:50 aboreetd5461.host %APACHETOMCAT- uGET: 10.52.125.9||hit||urv||[14/May/2017:10:34:50 ET]||nimid||https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon||liqua||mvele||isis||uasiar||2552||https://mail.example.net/loremqu/dantium.htm?teirured=onemulla#dolorem||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||rauto", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5770-RNDMMTD: 10.19.17.202||nby||mve||[29/May/2017:5:37:24 PT]||isau||https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun||reprehe||tincu||suntin||itse||814||https://www5.example.org/intocc/amcorp.html?ssecillu=liqua#olo||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aec", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 12 12:39:58 iquidexe304.mail.test %APACHETOMCAT- RNDMMTD: 10.195.64.5||oreetd||uat||[12/Jun/2017:12:39:58 PT]||moenimi||https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal||qua||rsita||ate||ipsamvo||344||https://api.example.com/tdol/upt.htm?asper=idunt#luptat||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||ica", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 26 19:42:33 remips4828.www5.host %APACHETOMCAT- POST: 10.209.77.194||tvolup||itesseq||[26/Jun/2017:7:42:33 OMST]||snost||https://internal.example.com/llamc/nte.htm?utali=porinc#tetur||xce||dat||aincidu||nimadmin||4843||https://mail.example.com/eumfugi/etdolor.htm?dic=cola#amcor||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||elites", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1952-MKCOL: 10.168.6.90||rem||amvolupt||[11/Jul/2017:2:45:07 GMT+02:00]||atisund||https://example.net/ites/isetq.gif?nisiut=tur#avolupt||ariatur||rer||iconseq||porincid||6941||https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||tae", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-7717-rndmmtd: 10.89.137.238||plica||ore||[25/Jul/2017:9:47:41 OMST]||emqu||https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu||est||uptatemU||leumiu||tla||4765||https://api.example.org/isa/niamqui.jpg?dqu=pid#rExc||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||erun", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4574-OPTIONS: 10.246.61.213||ntutlabo||iusmodte||[08/Aug/2017:4:50:15 CT]||loi||https://example.org/Nequepor/eirure.htm?idid=tesse#sequat||giatquov||tconsec||miurerep||toccaec||7645||https://www5.example.net/psaqua/ullamcor.txt?qui=cupi#tame||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||orroq", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 22 23:52:50 orin5238.host %APACHETOMCAT- MKCOL: 10.117.44.138||orem||rcit||[22/Aug/2017:11:52:50 PST]||enderit||https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo||oluptas||emvele||isnost||olorem||2760||https://www5.example.net/quunt/acommod.jpg?sit=rumSect#ita||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||aliq", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4801-PRONECT: 10.69.30.196||tore||elits||[06/Sep/2017:6:55:24 OMST]||ruredo||https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov||itlab||urmag||omm||equ||4808||https://www.example.net/siuta/urmagn.html?uptat=idex#ptateve||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nimveni", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-7668-BADMTHD: 10.135.91.88||ercit||eporroq||[20/Sep/2017:1:57:58 CT]||ugiatn||https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq||tate||urExce||asi||ectiono||2241||https://example.org/onu/liquaUte.txt?velillu=ria#atDu||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||emq", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 4 21:00:32 agnaaliq1829.mail.test %APACHETOMCAT- ABCD: 10.81.45.174||tin||fugitse||[04/Oct/2017:9:00:32 CEST]||liquide||https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor||estl||erun||iruredol||incidid||7699||https://api.example.org/edquian/loremeu.gif?volupta=dmi#untexpl||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mipsamvo", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3517-rndmmtd: 10.87.179.233||mnisiut||avolu||[19/Oct/2017:4:03:07 PST]||eum||https://www.example.org/umetMal/asper.htm?metcons=itasper#uae||mve||uia||iciad||lorem||6137||https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||dexerc", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2669-COOK: 10.198.57.130||hitec||henderit||[02/Nov/2017:11:05:41 OMST]||perspici||https://api.example.net/mquisn/queips.gif?emUte=molestia#quir||eavolup||emip||ver||erc||294||https://example.com/iuntNequ/esseq.txt?remq=veniamq#occ||Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90||emo", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-494-GET: 10.218.0.197||dolor||econs||[16/Nov/2017:6:08:15 ET]||eritin||https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu||iscive||quasiar||aeab||teur||609||https://www.example.org/mol/tur.jpg?usmodi=ree#saquaea||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||eetd", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 1 01:10:49 iatqu7310.api.home %APACHETOMCAT- get: 10.123.199.198||irured||illumqui||[01/Dec/2017:1:10:49 PST]||tionula||https://mail.example.com/ecatcupi/uamei.html?nreprehe=onse#olorem||turvel||eratv||ipsa||asuntexp||1390||https://example.com/oremquel/lmole.jpg?boNem=iumt#tsed||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||mpo", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 15 08:13:24 uamnihil6127.api.domain %APACHETOMCAT- POST: 10.29.119.245||tatnon||leumiur||[15/Dec/2017:8:13:24 ET]||ore||https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu||rsi||taliqui||mides||ciun||39||https://example.org/iatqu/inBCSedu.gif?urExcep=ema#suntex||Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36||anim", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 29 15:15:58 uov1629.internal.invalid %APACHETOMCAT- DETECT_METHOD_TYPE: 10.130.175.17||quide||quaU||[29/Dec/2017:3:15:58 PT]||inimav||https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom||des||atnulapa||billo||rroqu||2170||https://www.example.org/taedi/tquido.html?etconsec=elillum#upt||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||onsectet", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5752-PROPFIND: 10.166.90.130||mdolore||eosquira||[12/Jan/2018:10:18:32 CET]||lloinven||https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat||lupta||npr||etconsec||caboNem||1043||https://internal.example.org/litesseq/atcupida.html?tob=dolores#equamnih||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||deF", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "January 27 05:21:06 orumw5960.www5.home %APACHETOMCAT- GET: 10.248.111.207||dolor||tiumto||[27/Jan/2018:5:21:06 GMT-07:00]||quiavol||https://api.example.org/ratv/alorum.jpg?tali=BCS#qui||ugiatquo||incidid||quin||autemv||6174||https://internal.example.org/mipsumqu/tatio.jpg?admi=onnu#olorema||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atatnon", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2940-asdf: 10.185.37.32||ame||tesseq||[10/Feb/2018:12:23:41 GMT+02:00]||tem||https://internal.example.net/gitse/ugitse.jpg?tvolup=tdolore#ventore||red||sinto||tatev||luptas||3286||https://api.example.net/aev/inrepr.gif?iadese=nisiu#imad||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ptatem", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4927-SEARCH: 10.5.194.202||onproide||ntmo||[24/Feb/2018:7:26:15 CET]||riosa||https://example.org/pisc/urEx.html?rautod=olest#eataev||atcupi||atem||qui||otamr||7278||https://internal.example.com/meaque/uid.htm?tion=tobeatae#maccusa||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||iqua", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 11 02:28:49 deriti6952.mail.domain %APACHETOMCAT- PRONECT: 10.183.34.1||boree||isn||[11/Mar/2018:2:28:49 CEST]||der||https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation||veleum||piciatis||nes||lmolesti||1559||https://www.example.org/emaperia/Section.txt?iame=orroquis#aquio||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||ntmoll", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4472-CFYZ: 10.101.163.40||abor||nBCSe||[25/Mar/2018:9:31:24 CEST]||remips||https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema||odi||ptatems||runtmo||ore||3512||https://internal.example.com/undeom/emullamc.jpg?quaer=eetdo#tlab||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||liq", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 8 16:33:58 nse3421.mail.localhost %APACHETOMCAT- uGET: 10.216.188.152||oremi||ugitsedq||[08/Apr/2018:4:33:58 ET]||atDuis||https://www5.example.com/mUteni/quira.htm?ore=tation#loinve||tatevel||iumdolo||untu||ict||2699||https://internal.example.com/riosamni/icta.gif?umetMa=imadmin#iqui||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||Nequepo", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-1033-nGET: 10.94.140.77||veniam||isnisiu||[22/Apr/2018:11:36:32 OMST]||dol||https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna||isiutali||lumqu||onulamco||ons||5050||https://mail.example.net/unt/tass.html?tla=mquiad#CSe||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||psa", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4133-PUT: 10.223.205.204||lor||ccaec||[07/May/2018:6:39:06 PST]||ommo||https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo||iamea||imaveni||uiacon||iam||7526||https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||tutla", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 21 13:41:41 tautfug689.localdomain %APACHETOMCAT- PUT: 10.85.137.156||atiset||serror||[21/May/2018:1:41:41 CEST]||isiut||https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula||ditautf||itametc||ori||uamqu||2804||https://example.com/quiac/sunt.gif?etdol=dolorsi#nturmag||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||Except", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 4 20:44:15 totam6886.api.localhost %APACHETOMCAT- QUALYS: 10.12.54.142||trudex||liquam||[04/Jun/2018:8:44:15 PST]||lor||https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS||iciadese||riatur||oeni||dol||3000||https://www5.example.net/teturadi/ditau.gif?piscivel=hend#eacommo||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aer", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3864-RNDMMTD: 10.158.6.52||dolorem||sed||[19/Jun/2018:3:46:49 OMST]||Nemoenim||https://example.net/labori/porai.gif?utali=sed#xeac||umdolors||lumdo||acom||eFini||4262||https://internal.example.org/uovol/prehend.html?eque=eufug#est||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||ntincul", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 3 10:49:23 tquo854.api.domain %APACHETOMCAT- MKCOL: 10.195.160.182||ine||urerepre||[03/Jul/2018:10:49:23 CT]||itessequ||https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni||atnul||umfugi||stquidol||Nemoenim||1325||https://example.com/tasnul/tuserr.jpg?amvo=tnul#expl||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isau", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6084-CONNECT: 10.20.68.117||rQuisaut||quas||[17/Jul/2018:5:51:58 ET]||metco||https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat||udan||archi||iutaliq||urQuis||1742||https://example.net/orum/Bonoru.txt?agnamal=quei#quio||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lamcola", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 1 00:54:32 venia6656.api.domain %APACHETOMCAT- CONNECT: 10.94.136.235||mmod||iti||[01/Aug/2018:12:54:32 PST]||amqu||https://www5.example.com/tanimid/onpr.gif?gelitse=oremqu#idex||radip||upta||tetura||rumet||6923||https://www5.example.org/lestia/nde.jpg?pisci=sunt#texplica||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||ore", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 15 07:57:06 veniam1216.www5.invalid %APACHETOMCAT- NCIRCLE: 10.152.11.26||expli||ugiat||[15/Aug/2018:7:57:06 GMT+02:00]||oinBCSed||https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol||elillum||veleumi||nsequatu||nula||2783||https://example.com/santi/ritati.gif?turadip=dip#idolo||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||aco", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 29 14:59:40 runtm5729.invalid %APACHETOMCAT- PRONECT: 10.82.118.95||bore||ptate||[29/Aug/2018:2:59:40 GMT+02:00]||labo||https://www5.example.com/quu/xeac.htm?abor=oreverit#scip||Finibus||Utenimad||olupta||tau||5211||https://www5.example.com/itametco/vel.htm?rere=pta#nonn||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||met", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4322-id: 10.187.152.213||conse||ventor||[12/Sep/2018:10:02:15 CEST]||mag||https://www.example.net/mini/Loremip.html?tur=atnonpr#ita||amquaer||aqui||enby||lpa||3948||https://www5.example.net/iat/ffic.htm?cte=aparia#CSe||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||ugitsedq", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "September 27 05:04:49 pta6012.www.local %APACHETOMCAT- uGET: 10.98.71.45||destla||fugitse||[27/Sep/2018:5:04:49 GMT+02:00]||eirur||https://www.example.net/duntutla/lamco.txt?isci=Dui#reetdo||ever||civelits||eos||ipitlabo||5440||https://internal.example.net/nonn/hite.htm?ariatur=labo#sautei||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||unt", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5971-uGET: 10.86.123.33||ugia||meum||[11/Oct/2018:12:07:23 OMST]||doei||https://www5.example.net/tev/nre.html?occaeca=eturadip#ent||rumSecti||Utenima||olore||orumS||757||https://www5.example.org/eursint/orio.txt?iameaqu=aaliquaU#olu||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||yCiceroi", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2852-FGET: 10.6.112.183||deom||oluptat||[25/Oct/2018:7:09:57 GMT-07:00]||eni||https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi||tam||oremip||eufugi||dunt||6169||https://api.example.net/uidexeac/sequa.html?modoc=magnam#uinesc||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||idatat", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 9 02:12:32 orsi2109.internal.home %APACHETOMCAT- LOCK: 10.227.156.143||sis||idolo||[09/Nov/2018:2:12:32 CEST]||tsedquia||https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu||inimav||tatevel||midestl||nci||6587||https://www5.example.org/nvolupt/meiusm.htm?aturv=ectetura#obeataev||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||seq", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 23 09:15:06 quaeabil2539.www5.lan %APACHETOMCAT- get: 10.124.129.248||iamqui||quide||[23/Nov/2018:9:15:06 CT]||cididun||https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu||eprehen||hilmole||sequ||sectetu||7182||https://example.net/dolor/lorumwri.htm?mquis=lab#uido||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mwrit", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "December 7 16:17:40 aal1598.mail.host %APACHETOMCAT- CONNECT: 10.173.125.112||quiavolu||upta||[07/Dec/2018:4:17:40 OMST]||umtota||https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa||eaqueip||itaedict||olorema||rep||3380||https://www5.example.net/siarc/fdeFin.jpg?tobeata=nesciun#amcolab||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isnisiut", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5227-GET: 10.37.156.140||uisnos||olores||[21/Dec/2018:11:20:14 PST]||epo||https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit||tno||iss||taspe||lum||5911||https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||idolorem", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5776-PRONECT: 10.121.225.135||ufugi||cin||[05/Jan/2019:6:22:49 ET]||byC||https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex||nse||miurere||evit||uatu||2448||https://www5.example.org/uamestqu/mpor.jpg?hender=ptatemU#seq||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tnulapa", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-7708-DEBUG: 10.123.68.56||expl||olore||[19/Jan/2019:1:25:23 CEST]||dentsunt||https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN||ipis||itautfu||nesci||tam||1206||https://mail.example.net/tetura/eeufug.txt?modt=iduntutl#rsitam||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||ntor", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 2 20:27:57 oid218.api.invalid %APACHETOMCAT- RNDMMTD: 10.63.56.164||iquid||evo||[02/Feb/2019:8:27:57 GMT-07:00]||avolu||https://api.example.net/itesse/expl.html?prehende=lup#tpers||orsitv||temseq||uisaute||uun||4638||https://mail.example.net/nemulla/asp.html?ncul=taliq#tautfugi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||umd", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "February 17 03:30:32 sectetur2674.www5.test %APACHETOMCAT- HEAD: 10.62.10.137||eeufugi||deomnisi||[17/Feb/2019:3:30:32 ET]||issus||https://example.net/deritinv/evelite.html?iav=odico#rsint||itl||ttenb||olor||quiav||6648||https://example.com/eumfu/lors.gif?upidata=ici#usant||Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10||con", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "March 3 10:33:06 sequatD4487.internal.localhost %APACHETOMCAT- INDEX: 10.89.154.115||oeiusmo||nimv||[03/Mar/2019:10:33:06 GMT+02:00]||tconse||https://example.org/tseddoei/teursint.htm?remagnaa=lamcolab#ceroinB||umqui||citation||temsequi||mquia||1119||https://api.example.net/iveli/conseq.htm?ercitat=taspe#yCiceroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||cti", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-4758-TRACE: 10.122.252.130||tuser||mmo||[17/Mar/2019:5:35:40 PST]||tlaboru||https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus||boreet||luptasnu||ento||snostr||3904||https://api.example.org/xerc/Nequep.htm?ria=beat#rro||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||uisau", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2573-id: 10.195.152.53||ueporroq||ute||[01/Apr/2019:12:38:14 GMT-07:00]||tationu||https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun||tesse||olupta||isno||oluptas||5560||https://www.example.net/rinrepr/dutp.jpg?modo=uiavo#uisaut||mobmail android 2.1.3.3150||paq", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 15 07:40:49 nul5107.www5.domain %APACHETOMCAT- ABCD: 10.9.255.204||illoin||emUtenim||[15/Apr/2019:7:40:49 CT]||uid||https://mail.example.com/rvelil/adese.htm?incidi=aedictas#rumetMa||mexerci||urEx||ditaut||ctetur||3089||https://mail.example.com/oreeu/mea.jpg?tis=oluptat#emi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||iaeconse", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "April 29 14:43:23 nimadmin5630.localdomain %APACHETOMCAT- RNDMMTD: 10.214.235.133||equ||nulapari||[29/Apr/2019:2:43:23 GMT-07:00]||tsunt||https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor||boriosa||cillumdo||ditau||moenimip||5930||https://internal.example.net/oreetd/lor.txt?etc=eturadip#nost||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||evel", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "May 13 21:45:57 sequuntu3563.internal.test %APACHETOMCAT- TRACE: 10.5.134.204||apari||iarchit||[13/May/2019:9:45:57 PT]||orum||https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu||lors||eumfu||docons||tur||3197||https://api.example.org/uasi/maveniam.html?rspicia=pitl#imi||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||taevit", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6820-SEARCH: 10.144.111.42||sumquia||vento||[28/May/2019:4:48:31 CEST]||asnu||https://example.org/rep/mveni.txt?utpers=num#ctetura||quaerat||tDuisau||aturve||ptateve||7615||https://internal.example.com/tconsect/pariat.gif?etcon=ctobeat#isi||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||lorumw", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-3071-FGET: 10.122.0.80||olupt||ola||[11/Jun/2019:11:51:06 CT]||etquasia||https://example.net/adm/snostr.jpg?tec=itaspe#con||illumdo||antium||remaper||eseosq||2945||https://www.example.com/uae/ata.htm?snulap=cidu#hilmol||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||quamq", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "June 25 18:53:40 tdolo2150.www.example %APACHETOMCAT- ABCD: 10.165.33.19||uamqu||iusmodi||[25/Jun/2019:6:53:40 ET]||aparia||https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec||dit||namaliqu||yCic||tetura||1569||https://www.example.net/ttenb/eirure.txt?rem=exer#eeufug||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lapari", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "July 10 01:56:14 cinge6032.api.local %APACHETOMCAT- BADMTHD: 10.87.92.17||utlabore||tamr||[10/Jul/2019:1:56:14 CT]||iutaliq||https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa||quiav||ctionofd||elit||sam||6211||https://internal.example.org/unt/isni.htm?ecillum=olor#amei||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||quid", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-7615-BADMETHOD: 10.51.52.203||wri||itame||[24/Jul/2019:8:58:48 ET]||dictasun||https://example.com/lorese/olupta.jpg?onsec=idestl#litani||emp||arch||non||mollit||5823||https://internal.example.org/tobeatae/ntut.gif?exe=naa#equat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mqu", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "August 7 16:01:23 ende6053.local %APACHETOMCAT- rndmmtd: 10.0.211.86||rsp||imipsa||[07/Aug/2019:4:01:23 CEST]||int||https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN||utfugi||ursintoc||tio||mmodicon||6776||https://internal.example.net/tvol/lup.gif?ollita=qua#ionula||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||cusa", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-264-OPTIONS: 10.106.34.244||eumiu||nim||[21/Aug/2019:11:03:57 PST]||rehen||https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet||leumiur||ssequamn||ave||taliqui||3714||https://example.net/undeomn/ape.jpg?amco=ons#onsecte||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atquo", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-2943-nGET: 10.191.210.188||inculpa||ruredol||[05/Sep/2019:6:06:31 OMST]||ipit||https://www.example.org/quae/periam.html?emoenimi=iquipex#mqu||onorume||abill||ametcon||ofdeFini||7052||https://example.net/tionev/uasiarch.html?qui=ehender#equa||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||nimides", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-6165-BDMTHD: 10.2.38.49||asiarc||lor||[19/Sep/2019:1:09:05 GMT+02:00]||snula||https://www.example.com/bori/dipi.gif?utf=dolor#dexe||nemul||Duis||lupt||quatur||5775||https://www.example.org/ipsa/con.gif?uianonnu=tatiset#quira||mobmail android 2.1.3.3150||aea", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 3 20:11:40 didun1193.example %APACHETOMCAT- id: 10.66.92.90||orumwri||atisu||[03/Oct/2019:8:11:40 PST]||tse||https://example.com/iat/tqui.gif?utaliqui=emse#emqui||cipitla||tlab||vel||ionevo||4580||https://mail.example.com/volupta/umfu.gif?tisetq=tDuisaut#dolo||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||samvol", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "October 18 03:14:14 apari2660.www5.lan %APACHETOMCAT- BADMTHD: 10.97.108.108||fficiad||teirured||[18/Oct/2019:3:14:14 PST]||sistena||https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost||sequines||olor||sequa||lorum||7649||https://mail.example.com/Sedut/tatis.gif?reeufugi=sequines#minimve||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||toditau", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 1 10:16:48 nvolupta238.www.host %APACHETOMCAT- COOK: 10.147.147.248||onpr||uira||[01/Nov/2019:10:16:48 CET]||ptatev||https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni||econ||aborio||rve||catcup||177||https://www5.example.org/busBon/norumetM.jpg?vitaedi=rna#cons||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||lupta", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 15 17:19:22 icer123.mail.example %APACHETOMCAT- NCIRCLE: 10.152.190.61||imvenia||culp||[15/Nov/2019:5:19:22 GMT-07:00]||nesciu||https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed||sedd||atione||tvolup||oremeu||6708||https://api.example.com/dan/pta.html?oNem=itaedict#eroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uptateve", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "November 30 00:21:57 lumqui6488.api.example %APACHETOMCAT- DETECT_METHOD_TYPE: 10.129.232.105||des||deFini||[30/Nov/2019:12:21:57 GMT-07:00]||aliquaU||https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti||edictasu||eturadi||umS||noru||5321||https://api.example.org/taevitae/tevel.htm?vol=ita#iquipexe||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||quamqua", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "message": "%APACHETOMCAT-5473-TRACE: 10.12.173.112||Excepteu||mco||[14/Dec/2019:7:24:31 PT]||undeom||https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui||litsedd||nidol||inBC||hite||423||https://api.example.net/dminimve/remips.txt?uiac=tquii#tesse||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||emeumfu", "tags": [ diff --git a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 7280be63fee..05581af4f03 100644 --- a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Apache Tomcat processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/tomcat/data_stream/log/sample_event.json b/packages/tomcat/data_stream/log/sample_event.json index 1f5e1506876..eb4d0b2799c 100644 --- a/packages/tomcat/data_stream/log/sample_event.json +++ b/packages/tomcat/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index 4f5f051564a..8e17c786316 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: "1.6.1" +version: "1.7.0" description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga diff --git a/packages/trend_micro_vision_one/_dev/build/build.yml b/packages/trend_micro_vision_one/_dev/build/build.yml index 8d9e4bf7ac8..aaafc5d833b 100644 --- a/packages/trend_micro_vision_one/_dev/build/build.yml +++ b/packages/trend_micro_vision_one/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0 + reference: git@v8.5.1 diff --git a/packages/trend_micro_vision_one/changelog.yml b/packages/trend_micro_vision_one/changelog.yml index a4f25398761..ea5e99a4a97 100644 --- a/packages/trend_micro_vision_one/changelog.yml +++ b/packages/trend_micro_vision_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: '0.1.0' changes: - description: Initial Release. diff --git a/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json b/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json index dc09cd74fb9..732c81ae56a 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/alert/_dev/test/pipeline/test-pipeline-alert.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -115,7 +115,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "id": "WB-9002-20200427-0002", @@ -235,7 +235,7 @@ { "@timestamp": "2022-07-15T12:46:13.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -504,7 +504,7 @@ { "@timestamp": "2030-04-30T00:01:16.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index b9b4ba94f3b..47d5ba6cce7 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/alert/sample_event.json b/packages/trend_micro_vision_one/data_stream/alert/sample_event.json index 70fae695a6d..8cdedd4e4f7 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/alert/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", diff --git a/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json b/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json index 5285eb342c4..e7abe93105e 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/audit/_dev/test/pipeline/test-pipeline-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-02-24T07:29:48.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2022-07-16T04:30:04.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 37d39000a53..5e4c7c815dc 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Audit logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/audit/sample_event.json b/packages/trend_micro_vision_one/data_stream/audit/sample_event.json index c198ffb7acb..4d780c93cd8 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", diff --git a/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json b/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json index 24f010a1e4a..1e736c11162 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json +++ b/packages/trend_micro_vision_one/data_stream/detection/_dev/test/pipeline/test-pipeline-detection.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "clean", @@ -300,7 +300,7 @@ ] }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": [ diff --git a/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml b/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml index 3ec96608462..10f33999cf9 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trend_micro_vision_one/data_stream/detection/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Trend Micro Vision One Alert logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/trend_micro_vision_one/data_stream/detection/sample_event.json b/packages/trend_micro_vision_one/data_stream/detection/sample_event.json index 00c77d025cc..b01702a70e5 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/sample_event.json +++ b/packages/trend_micro_vision_one/data_stream/detection/sample_event.json @@ -20,7 +20,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", diff --git a/packages/trend_micro_vision_one/docs/README.md b/packages/trend_micro_vision_one/docs/README.md index a0628ed587c..6b9d2fe67f8 100644 --- a/packages/trend_micro_vision_one/docs/README.md +++ b/packages/trend_micro_vision_one/docs/README.md @@ -61,7 +61,7 @@ An example event for `alert` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", @@ -318,7 +318,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", @@ -470,7 +470,7 @@ An example event for `detection` looks as following: "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "elastic_agent": { "id": "fcbfb418-43b4-4893-b170-e74a040560f2", diff --git a/packages/trend_micro_vision_one/manifest.yml b/packages/trend_micro_vision_one/manifest.yml index f0d11696596..d05e5899556 100644 --- a/packages/trend_micro_vision_one/manifest.yml +++ b/packages/trend_micro_vision_one/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: trend_micro_vision_one title: Trend Micro Vision One -version: '0.1.0' +version: "0.2.0" license: basic description: Collect logs from Trend Micro Vision One with Elastic Agent. type: integration diff --git a/packages/udp/_dev/build/build.yml b/packages/udp/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/udp/_dev/build/build.yml +++ b/packages/udp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index e90995dc3e5..d2791a8db0e 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.4.1" changes: - description: Fix indentation of syslog processor in agent handlebars file. diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index 343275f4b72..d588c308c54 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -3,7 +3,7 @@ name: udp title: Custom UDP Logs description: Collect raw UDP data from listening UDP port with Elastic Agent. type: integration -version: "1.4.1" +version: "1.5.0" release: ga conditions: kibana.version: "^8.2.1" diff --git a/packages/winlog/_dev/build/build.yml b/packages/winlog/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/winlog/_dev/build/build.yml +++ b/packages/winlog/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index bb9ab2f6d18..c0cc4b45429 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.7.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index cbfb90e925a..ea44a212055 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: "1.7.0" +version: "1.8.0" release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' diff --git a/packages/zeek/_dev/build/build.yml b/packages/zeek/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/zeek/_dev/build/build.yml +++ b/packages/zeek/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 5c5e937e84b..bad908c4ee2 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.5.2" changes: - description: Remove duplicate field. diff --git a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json index 627f5854659..1f83f42eeca 100644 --- a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json +++ b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -27,7 +27,7 @@ { "@timestamp": "2021-03-30T00:04:00.941Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -51,7 +51,7 @@ { "@timestamp": "2021-03-30T00:19:00.942Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -75,7 +75,7 @@ { "@timestamp": "2021-03-30T00:34:00.942Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -99,7 +99,7 @@ { "@timestamp": "2021-03-30T00:49:00.942Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -123,7 +123,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml index e4cde141a90..916d078aed4 100644 --- a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - date: field: zeek.capture_loss.ts formats: diff --git a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json index ce5776902c0..c10fa5e489b 100644 --- a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json +++ b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -91,7 +91,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -172,7 +172,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -269,7 +269,7 @@ "packets": 0 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -427,7 +427,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -506,7 +506,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -585,7 +585,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -646,7 +646,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -708,7 +708,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -770,7 +770,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -832,7 +832,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -894,7 +894,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -956,7 +956,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1016,7 +1016,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1076,7 +1076,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1154,7 +1154,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -1242,7 +1242,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml index f14051ded75..4e02bf6d608 100644 --- a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json index a7c4502c905..20907838a4a 100644 --- a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json +++ b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BrowserrQueryOtherDomains", @@ -62,7 +62,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "BrowserrQueryOtherDomains", diff --git a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml index a636924754e..7f7a65bf48d 100644 --- a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json index 41d3991ed68..08e19052c9b 100644 --- a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json @@ -11,7 +11,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ "port": 67 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index e383184ccc8..9833fadc2bb 100644 --- a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json index 6a5ee19ba2d..259621371a2 100644 --- a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json +++ b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json @@ -8,7 +8,7 @@ "port": 20000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", @@ -60,7 +60,7 @@ "port": 20000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "read", diff --git a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml index ad950729685..cb0e3023e6c 100644 --- a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 3171538a6cd..cbdcbbac701 100644 --- a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -42,7 +42,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "type": "query" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -534,7 +534,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -650,7 +650,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "type": "answer" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 872c51b485c..e73da276d4f 100644 --- a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json index 42b9872239e..8784a06f98c 100644 --- a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json +++ b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml index 7ca4a86603b..e5a606212ac 100644 --- a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json index ed620bf7f4c..7e46b71c711 100644 --- a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json +++ b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -150,7 +150,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -298,7 +298,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -522,7 +522,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml index 2980c44181d..5121cc91c79 100644 --- a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json index 5be168e8cd9..88f492218b4 100644 --- a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json +++ b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "EPSV", @@ -77,7 +77,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "RETR", @@ -144,7 +144,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "STOR", @@ -208,7 +208,7 @@ "port": 21 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "STOR", diff --git a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml index 17bac96b504..f67f016a553 100644 --- a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json index 8721faaffc4..19a3168c4bb 100644 --- a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json +++ b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json @@ -26,7 +26,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GET", @@ -138,7 +138,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GET", @@ -244,7 +244,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -335,7 +335,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -426,7 +426,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -608,7 +608,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ "port": 80 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GET", @@ -795,7 +795,7 @@ "port": 7000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "GET", diff --git a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml index d847f409bc8..fa832d59642 100644 --- a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 565744ad847..4cf4654fd1c 100644 --- a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -26,7 +26,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -123,7 +123,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -228,7 +228,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -312,7 +312,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 26a93523d00..49cd28cee54 100644 --- a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: enrichment - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: threat diff --git a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json index 27f7ef17025..9ebbfa12d2c 100644 --- a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json +++ b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json @@ -26,7 +26,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "USER", @@ -97,7 +97,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NICK", @@ -174,7 +174,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "JOIN", @@ -252,7 +252,7 @@ "port": 8000 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "JOIN", diff --git a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml index 3d6fbd5917e..1fad0f50f3c 100644 --- a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json index c0604a5882d..87232e27a6b 100644 --- a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json +++ b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json @@ -11,7 +11,7 @@ "port": 88 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TGS", @@ -118,7 +118,7 @@ "port": 88 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "TGS", diff --git a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml index 15f8f41522c..154494b585f 100644 --- a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: ["network", "authentication"] diff --git a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json index 39af25b3f59..a0f36c911db 100644 --- a/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json +++ b/packages/zeek/data_stream/known_certs/_dev/test/pipeline/test-known-certs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-31T15:15:53.690Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml index f69eedb568c..09b2b79c9c4 100644 --- a/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json index 2abe1224304..709d1993155 100644 --- a/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json +++ b/packages/zeek/data_stream/known_hosts/_dev/test/pipeline/test-known-hosts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:26.260Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -35,7 +35,7 @@ { "@timestamp": "2021-01-03T01:19:27.353Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ { "@timestamp": "2021-01-03T01:19:32.488Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -99,7 +99,7 @@ { "@timestamp": "2021-01-03T01:19:58.792Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -131,7 +131,7 @@ { "@timestamp": "2021-01-03T12:17:22.496Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml index 6c5dfff0d15..cec902aa70d 100644 --- a/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json index e33e772c6a2..aab5a8bf73c 100644 --- a/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json +++ b/packages/zeek/data_stream/known_services/_dev/test/pipeline/test-known-services.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T01:19:36.242Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml index 1d2edab2061..a5e8dc00e1c 100644 --- a/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml @@ -17,7 +17,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json index 8d4fd9692f7..074dfcac38f 100644 --- a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json +++ b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json @@ -8,7 +8,7 @@ "port": 502 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "READ_COILS", @@ -59,7 +59,7 @@ "port": 502 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "READ_COILS", diff --git a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml index a4d34516b95..559a49b2eb7 100644 --- a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json index 3f3bff836ea..805069ff2cc 100644 --- a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json +++ b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json @@ -8,7 +8,7 @@ "port": 3306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "query", @@ -63,7 +63,7 @@ "port": 3306 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "query", diff --git a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index c9fd4e48e0b..4de6f44c328 100644 --- a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json index f19ae8fe90b..a31b462f117 100644 --- a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json +++ b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-11-04T19:44:35.879Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ { "@timestamp": "2021-03-30T09:49:00.958Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml index 04d46c8aa2c..2b4b3b744ee 100644 --- a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: alert - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: intrusion_detection diff --git a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json index 99b8acec019..585132657ab 100644 --- a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json +++ b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml index 8ef39ad970b..701c515bcb7 100644 --- a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json index f2f1dd879e7..380e151ab90 100644 --- a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json +++ b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json @@ -26,7 +26,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", @@ -122,7 +122,7 @@ "port": 123 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml index 173f0afc45a..55650eefb32 100644 --- a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json index 5778eeec464..b3054f4f336 100644 --- a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json +++ b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-06-10T13:27:01.847Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -41,7 +41,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -76,7 +76,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml index 6eeeecda494..20bfa8083a5 100644 --- a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: network.transport value: tcp diff --git a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json index 2317f050a3b..456544d07fa 100644 --- a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json +++ b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml index 78dbe845400..0b02bfd2bba 100644 --- a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json index 78bcfb1b9e3..463acc8a04f 100644 --- a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json +++ b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json @@ -8,7 +8,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 1812 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml index 3e80b298954..02ba546d866 100644 --- a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json index 5bbbdc69ed9..1636d9b45e3 100644 --- a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json +++ b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json @@ -8,7 +8,7 @@ "port": 3389 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -65,7 +65,7 @@ "port": 3389 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml index e14d72f7b9f..626761a8266 100644 --- a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json index cbb1f6d019f..0e3372b323f 100644 --- a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json +++ b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json @@ -8,7 +8,7 @@ "port": 5900 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 5900 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml index 9c770ab56a6..45bb6fff824 100644 --- a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json index 4cd7ab9f978..90edf0964cc 100644 --- a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json +++ b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json @@ -26,7 +26,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml index 895425b2a3f..52171c01ffe 100644 --- a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: alert diff --git a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json index 5dbbd192712..b33daad4f21 100644 --- a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json @@ -26,7 +26,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REGISTER", @@ -126,7 +126,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "INVITE", @@ -245,7 +245,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REGISTER", @@ -343,7 +343,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OPTIONS", @@ -432,7 +432,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "OPTIONS", @@ -539,7 +539,7 @@ "port": 5060 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "REGISTER", diff --git a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 033498f9b8d..2c83b8ab367 100644 --- a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json index ddebab0f1ad..c85bd95046f 100644 --- a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json +++ b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NT_CREATE_ANDX", @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "NT_CREATE_ANDX", diff --git a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml index 4800d870a92..6c1050b913f 100644 --- a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json index c02b820c3dc..4ee77157333 100644 --- a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json +++ b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SMB::FILE_OPEN", @@ -78,7 +78,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "SMB::FILE_OPEN", diff --git a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml index c7ac4c0ddaa..f41fac3d5bb 100644 --- a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json index 10a314cc4b2..4254e42d49e 100644 --- a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json +++ b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -58,7 +58,7 @@ "port": 445 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml index 3d001996a5c..61567a471e7 100644 --- a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json index 081172c424b..56ff3939b44 100644 --- a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json +++ b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json @@ -8,7 +8,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 25 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml index d44d23535fa..5e02df6dda2 100644 --- a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json index 8bb86be4db7..f461352968c 100644 --- a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json +++ b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json @@ -8,7 +8,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ "port": 161 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml index 0896e482647..77157e4049b 100644 --- a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json index 4f721dd6717..ffa36b0f25e 100644 --- a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json +++ b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -66,7 +66,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml index d5d9cf8670f..001b217ff4e 100644 --- a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json index b12c1fc355f..12aab5cdff7 100644 --- a/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json +++ b/packages/zeek/data_stream/software/_dev/test/pipeline/test-software.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-01-03T00:16:22.694Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml index 18387e0b7c8..11ba9ac6736 100644 --- a/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml @@ -21,7 +21,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json index fcfb18326bb..2b07fa89da0 100644 --- a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json +++ b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -285,7 +285,7 @@ "port": 22 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml index 0ded69576cd..9c17a1638c9 100644 --- a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json index c1dd931535d..1f30faa6977 100644 --- a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json +++ b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json @@ -29,7 +29,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -386,7 +386,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -523,7 +523,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -587,7 +587,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -667,7 +667,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -747,7 +747,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -845,7 +845,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -919,7 +919,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1017,7 +1017,7 @@ "port": 9243 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -1124,7 +1124,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml index daca4b04168..ed672364bdb 100644 --- a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json index 4e54c622470..0f99e85855d 100644 --- a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json +++ b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -65,7 +65,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml index ffcb509ce47..3ea3ac67acd 100644 --- a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: zeek.stats.mem target_field: zeek.stats.memory diff --git a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json index b5e2be6fb68..115fceb4cc8 100644 --- a/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/zeek/data_stream/syslog/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -64,7 +64,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -120,7 +120,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -176,7 +176,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -232,7 +232,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -288,7 +288,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -344,7 +344,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -400,7 +400,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -456,7 +456,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -512,7 +512,7 @@ "port": 514 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml index c631ed21704..e560c7caeb4 100644 --- a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - set: field: network.protocol value: syslog diff --git a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json index 295efce5469..99acee722b5 100644 --- a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json +++ b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml index 5832f42673e..88dd7b6f693 100644 --- a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index d5e8c612476..cadd8b1b64c 100644 --- a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -26,7 +26,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Tunnel::DISCOVER", @@ -104,7 +104,7 @@ "port": 8080 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "Tunnel::DISCOVER", diff --git a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 2a42719811d..943e8a092d1 100644 --- a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json index e553e716f60..6e773f85d1c 100644 --- a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json +++ b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json @@ -8,7 +8,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -48,7 +48,7 @@ { "@timestamp": "2020-01-28T16:00:59.342Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 53 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml index 6379f74bc38..1ea5ea2400f 100644 --- a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json index 5b7ce9014cc..e7b56150bf9 100644 --- a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json +++ b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -225,7 +225,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml index 40e0813813b..47a14dac78a 100644 --- a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - append: field: event.type value: info diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 9971dd3b95d..eba225894e1 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: 2.5.2 +version: "2.6.0" release: ga description: Collect logs from Zeek with Elastic Agent. type: integration diff --git a/packages/zerofox/_dev/build/build.yml b/packages/zerofox/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/zerofox/_dev/build/build.yml +++ b/packages/zerofox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index 3930038765b..20aeb58d18a 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index 1e288747a77..37c3d4075eb 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-04-29T18:56:51.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2017-01-10T11:00:00.000Z", @@ -60,7 +60,7 @@ { "@timestamp": "2021-05-06T13:50:48.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2021-05-06T13:29:27.000Z", @@ -126,7 +126,7 @@ { "@timestamp": "2021-05-05T19:22:00.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "created": "2014-08-09T16:00:16.000Z", diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index e9418538952..a4f837ed54e 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: ## ECS version. - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' ## Event JSON decoding. - rename: diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index e032bf68291..b289de0cd9d 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: 1.5.0 +version: "1.6.0" release: ga description: Collect logs from ZeroFox with Elastic Agent. type: integration diff --git a/packages/zoom/_dev/build/build.yml b/packages/zoom/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/zoom/_dev/build/build.yml +++ b/packages/zoom/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 06421732a83..d3835d25ea4 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index dfa2b226ecc..424857f3212 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account.created", @@ -49,7 +49,7 @@ { "@timestamp": "2019-07-01T17:03:04.527Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account.updated", @@ -103,7 +103,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "account.disassociated", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 775111c2f25..79ef789b75a 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.created", @@ -44,7 +44,7 @@ { "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.updated", @@ -82,7 +82,7 @@ { "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.deleted", @@ -120,7 +120,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.member_invited", @@ -160,7 +160,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.member_joined", @@ -198,7 +198,7 @@ { "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_channel.member_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index 8922d5bbe2f..65733006a81 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-02-11T22:02:11.930Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_message.sent", @@ -45,7 +45,7 @@ { "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_message.updated", @@ -87,7 +87,7 @@ { "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "chat_message.updated", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index 2dc97230527..83af66e2a5d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.alert", @@ -41,7 +41,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.created", @@ -84,7 +84,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.updated", @@ -141,7 +141,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.deleted", @@ -184,7 +184,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.started", @@ -223,7 +223,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.ended", @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.registration_created", @@ -313,7 +313,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.registration_approved", @@ -363,7 +363,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.registration_cancelled", @@ -409,7 +409,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.sharing_started", @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.sharing_ended", @@ -514,7 +514,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.participant_jbh_waiting", @@ -556,7 +556,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.participant_jbh_joined", @@ -598,7 +598,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.participant_joined", @@ -644,7 +644,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "meeting.participant_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index 38938f10f27..1f49abfe296 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.caller_ringing", @@ -49,7 +49,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.caller_connected", @@ -97,7 +97,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.caller_ringing", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.callee_answered", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.callee_missed", @@ -240,7 +240,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.callee_ended", @@ -288,7 +288,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.caller_ended", @@ -336,7 +336,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.callee_rejected", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.voicemail_received", @@ -429,7 +429,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.caller_call_log_completed", @@ -453,7 +453,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "phone.callee_call_log_completed", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index b9208031e17..17a62bfde6d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.started", @@ -46,7 +46,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.paused", @@ -89,7 +89,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.resumed", @@ -132,7 +132,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.stopped", @@ -177,7 +177,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.completed", @@ -224,7 +224,7 @@ { "@timestamp": "2019-12-04T23:00:57.395Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.renamed", @@ -269,7 +269,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.trashed", @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.deleted", @@ -359,7 +359,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.recovered", @@ -404,7 +404,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.transcript_completed", @@ -449,7 +449,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.registration_created", @@ -498,7 +498,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.registration_approved", @@ -547,7 +547,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "recording.registration_denied", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index a6f54e2becd..d337c9d14e2 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.created", @@ -45,7 +45,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.invitation_accepted", @@ -87,7 +87,7 @@ { "@timestamp": "2019-07-19T18:10:54.861Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.updated", @@ -136,7 +136,7 @@ { "@timestamp": "2019-07-19T21:47:06.929Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.settings_updated", @@ -194,7 +194,7 @@ { "@timestamp": "2020-06-29T17:32:19.427Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.settings_updated", @@ -247,7 +247,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.deactivated", @@ -296,7 +296,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.activated", @@ -345,7 +345,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.disassociated", @@ -394,7 +394,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.deleted", @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.presence_status_updated", @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.personal_notes_updated", @@ -528,7 +528,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.signed_in", @@ -568,7 +568,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "user.signed_out", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index 21e55928680..798554c5284 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.created", @@ -45,7 +45,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.updated", @@ -99,7 +99,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.deleted", @@ -142,7 +142,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.started", @@ -183,7 +183,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.ended", @@ -224,7 +224,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.alert", @@ -260,7 +260,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.sharing_started", @@ -313,7 +313,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.sharing_started", @@ -366,7 +366,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.registration_created", @@ -417,7 +417,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.registration_approved", @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.registration_denied", @@ -521,7 +521,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.registration_cancelled", @@ -571,7 +571,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.participant_joined", @@ -619,7 +619,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "webinar.participant_left", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index 0a4815ac045..621815aa5f5 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "zoomroom.alert", @@ -30,7 +30,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "zoomroom.delayed_alert", @@ -58,7 +58,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "zoomroom.checked_in", @@ -90,7 +90,7 @@ }, { "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "zoomroom.checked_in", diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 52e50ff1e40..a603bf17a4a 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: Webhook - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - script: description: Drops null/empty values recursively lang: painless diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index f539984b774..9312fac2633 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: 1.5.0 +version: "1.6.0" release: ga description: Collect logs from Zoom with Elastic Agent. type: integration diff --git a/packages/zscaler_zia/_dev/build/build.yml b/packages/zscaler_zia/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/zscaler_zia/_dev/build/build.yml +++ b/packages/zscaler_zia/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index fc35243b00b..4af3a3b5287 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "2.4.1" changes: - description: Remap network.protocol to valid values for web data stream. diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 6ecd6ec8ab0..5dff7010e74 100644 --- a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "\u003c114\u003eDec 31 12:01:04 [175.16.199.1] ZscalerNSS: Zscaler cloud configuration connection to 175.16.199.1:443 lost and unavailable for the past 2325.00 minutes" @@ -41,7 +41,7 @@ "port": 9012 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "\u003c114\u003eDec 31 13:02:05 [81.2.69.193] ZscalerNSS: SIEM Feed connection \"DNS Logs Feed\" to 81.2.69.193:9012 lost and unavailable for the past 2440.00 minutes" @@ -74,7 +74,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "original": "\u003c114\u003eDec 31 14:03:06 [81.2.69.193] Hey, that's a new type of alert. Isn't it?" diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 41a51f6bfae..82b89e582ff 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler alert logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/alerts/sample_event.json b/packages/zscaler_zia/data_stream/alerts/sample_event.json index 2cd6feb268c..11d14df96b3 100644 --- a/packages/zscaler_zia/data_stream/alerts/sample_event.json +++ b/packages/zscaler_zia/data_stream/alerts/sample_event.json @@ -18,7 +18,7 @@ "port": 9012 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdbd9f20-b5f7-4441-958a-f1845c343465", diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json index bfa714db357..4d0a7f550dd 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns-http-endpoint.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index af5a49673af..257a147ff30 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index b6918fbf574..d5faf0ff318 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler dns logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/dns/sample_event.json b/packages/zscaler_zia/data_stream/dns/sample_event.json index cfd6faf83ac..60b3b4a8f3b 100644 --- a/packages/zscaler_zia/data_stream/dns/sample_event.json +++ b/packages/zscaler_zia/data_stream/dns/sample_event.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdbd9f20-b5f7-4441-958a-f1845c343465", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json index f1ea0db1766..78bbc982f99 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall-http-endpoint.log-expected.json @@ -11,7 +11,7 @@ "port": 456 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "outofrange", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index ef4d7fa34ae..c7f2ea12785 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -11,7 +11,7 @@ "port": 443 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "drop", diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 01414dc5c88..2db0f673962 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler firewall logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/firewall/sample_event.json b/packages/zscaler_zia/data_stream/firewall/sample_event.json index 4e9b93de707..aec49784ca8 100644 --- a/packages/zscaler_zia/data_stream/firewall/sample_event.json +++ b/packages/zscaler_zia/data_stream/firewall/sample_event.json @@ -21,7 +21,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdbd9f20-b5f7-4441-958a-f1845c343465", diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json index 5ef597dc6b4..706f1b1a836 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel-http-endpoint.log-expected.json @@ -7,7 +7,7 @@ "ip": "0.0.0.0" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index 1fa0a324d28..d04e0c58500 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 500 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -166,7 +166,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "IPsec tunnel is up", diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 0233cfb79fc..32898a57d12 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler tunnel logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/tunnel/sample_event.json b/packages/zscaler_zia/data_stream/tunnel/sample_event.json index 310191098fe..6d13c1f7646 100644 --- a/packages/zscaler_zia/data_stream/tunnel/sample_event.json +++ b/packages/zscaler_zia/data_stream/tunnel/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdbd9f20-b5f7-4441-958a-f1845c343465", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json index 184aa5c4235..e175b5dcd8e 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web-http-endpoint.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json index b4deeaf7c9c..c86af410e47 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -122,7 +122,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -234,7 +234,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -350,7 +350,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -466,7 +466,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "blocked", @@ -579,7 +579,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "action": "allowed", diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index 0474dbab86a..c179360af03 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler web logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/web/sample_event.json b/packages/zscaler_zia/data_stream/web/sample_event.json index cb0f7f6632c..00f7b168115 100644 --- a/packages/zscaler_zia/data_stream/web/sample_event.json +++ b/packages/zscaler_zia/data_stream/web/sample_event.json @@ -16,7 +16,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "bdbd9f20-b5f7-4441-958a-f1845c343465", diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 1b3e0b22dcc..24e7fa88602 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: Zscaler Internet Access -version: 2.4.1 +version: "2.5.0" license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/_dev/build/build.yml b/packages/zscaler_zpa/_dev/build/build.yml index 2254d90483c..aaafc5d833b 100644 --- a/packages/zscaler_zpa/_dev/build/build.yml +++ b/packages/zscaler_zpa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.5.1 diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index 4cacf518980..d092bb6f94d 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.5.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/4285 - version: "1.2.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json index dd83221ac60..b0a040bbaa5 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "package", diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml index 8dd7b1e3945..193f3e80545 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler app connector status logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json index f5608e1c94a..3344f488da9 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 0996bb2c1bc..a44982bd4bf 100644 --- a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ @@ -63,7 +63,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 22afadf04c0..eb8bcf742f8 100644 --- a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler audit logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/audit/sample_event.json b/packages/zscaler_zpa/data_stream/audit/sample_event.json index 1185bd2ab92..ffe56cdb1a4 100644 --- a/packages/zscaler_zpa/data_stream/audit/sample_event.json +++ b/packages/zscaler_zpa/data_stream/audit/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json index 8e1cce1083a..e55e88db90c 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json +++ b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json @@ -19,7 +19,7 @@ "port": 60006 }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml index 07caf320e93..0d8ae762e55 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler browser access logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json index b10efe026a4..9c112fd6124 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json +++ b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", diff --git a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json index f10cd8c2693..262a47ec38a 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml index 0024812eb5c..6c7eac4f275 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user activity logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json index eb8f6ebb3a4..f927e12d451 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json index 265225d25b6..d9ddeb75697 100644 --- a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.4.0" + "version": "8.5.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml index 0baee9c0168..574f5bfc9eb 100644 --- a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user status logs processors: - set: field: ecs.version - value: '8.4.0' + value: '8.5.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_status/sample_event.json b/packages/zscaler_zpa/data_stream/user_status/sample_event.json index 3ce762575a0..ddbc72b92f6 100644 --- a/packages/zscaler_zpa/data_stream/user_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_status/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/docs/README.md b/packages/zscaler_zpa/docs/README.md index 1972f57c659..b37d548b932 100644 --- a/packages/zscaler_zpa/docs/README.md +++ b/packages/zscaler_zpa/docs/README.md @@ -228,7 +228,7 @@ An example event for `app_connector_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -444,7 +444,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -661,7 +661,7 @@ An example event for `browser_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", @@ -925,7 +925,7 @@ An example event for `user_activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1168,7 +1168,7 @@ An example event for `user_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.5.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index d4713fec29d..9686887da53 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: "1.2.1" +version: "1.3.0" license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration