Skip to content

Commit

Permalink
Update security service integrations packages transform mappings (#12841
Browse files Browse the repository at this point in the history 
)

Updated failed mappings found in system tests while validating
the documents based on mappings in the data-streams and the
corresponding transforms. It was required to add some missing
mappings or fix others to match the ECS definitions.
  • Loading branch information
@mrodm
mrodm authored Mar 4, 2025
1 parent 61619e2 commit d5b20ab
Show file tree
Hide file tree
Showing 52 changed files with 126 additions and 48 deletions.
5 changes: 5 additions & 0 deletions packages/github/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.4.1"
changes:
- description: Add missing ECS field in latest_code_scanning transform.
type: bugfix
link: http://github.com/elastic/integrations/pull/12841
- version: "2.4.0"
changes:
- description: Update Kibana constraint to support 9.0.0.
Expand Down
2 changes: 2 additions & 0 deletions packages/github/elasticsearch/transform/latest_code_scanning/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,5 @@
name: rule.name
- external: ecs
name: tags
- external: ecs
name: message
4 changes: 2 additions & 2 deletions packages/github/elasticsearch/transform/latest_code_scanning/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-github_latest.dest_code_scanning-1"
index: "logs-github_latest.dest_code_scanning-2"
aliases:
- alias: "logs-github_latest.code_scanning"
move_on_creation: true
Expand Down Expand Up @@ -38,5 +38,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.0
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 1 addition & 1 deletion packages/github/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: github
title: GitHub
version: "2.4.0"
version: "2.4.1"
description: Collect logs from GitHub with Elastic Agent.
type: integration
format_version: "3.0.2"
Expand Down
5 changes: 5 additions & 0 deletions packages/ti_custom/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.8.1"
changes:
- description: Add mapping for threat.indicator.url.original in transform.
type: bugfix
link: http://github.com/elastic/integrations/pull/12841
- version: "0.8.0"
changes:
- description: Update Kibana constraint to support 9.0.0.
Expand Down
2 changes: 2 additions & 0 deletions packages/ti_custom/elasticsearch/transform/latest_ioc/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@
type: keyword
- name: threat.indicator.url.full
type: keyword
- name: threat.indicator.url.original
type: wildcard
# Below fields to be moved into base-fields.yml after kibana.version changed to >= 8.14
# Related to fix: https://github.com/elastic/kibana/pull/177608
- name: event.module
Expand Down
4 changes: 2 additions & 2 deletions packages/ti_custom/elasticsearch/transform/latest_ioc/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ source:
# us that ability in order to prevent having duplicate IoC data and prevent query
# time field type conflicts.
dest:
index: logs-ti_custom_latest.indicator-3
index: logs-ti_custom_latest.indicator-4
aliases:
- alias: logs-ti_custom_latest.indicator
move_on_creation: true
Expand All @@ -31,4 +31,4 @@ _meta:
managed: true
# Bump this version to delete, reinstall, and restart the transform during package.
# Version bump is needed if there is any code change in transform.
fleet_transform_version: 0.4.0
fleet_transform_version: 0.5.0
2 changes: 1 addition & 1 deletion packages/ti_custom/manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: ti_custom
title: Custom Threat Intelligence
description: Ingest threat intelligence data in STIX 2.1 format with Elastic Agent
type: integration
version: 0.8.0
version: 0.8.1
categories:
- custom
- security
Expand Down
5 changes: 5 additions & 0 deletions packages/tychon/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
- version: "0.3.1"
changes:
- description: Add missing field mappings in transforms.
type: bugfix
link: http://github.com/elastic/integrations/pull/12841
- version: "0.3.0"
changes:
- description: Update Kibana constraint to support 9.0.0.
Expand Down
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/arp/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,5 @@
name: network.type
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/arp/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_arp-1"
index: "logs-tychon_latest.dest_arp-2"
aliases:
- alias: "logs-tychon_latest.arp"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/browser/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,5 @@
name: tags
- external: ecs
name: tls.version_protocol
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/browser/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_browser-1"
index: "logs-tychon_latest.dest_browser-2"
aliases:
- alias: "logs-tychon_latest.browser"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
4 changes: 4 additions & 0 deletions packages/tychon/elasticsearch/transform/ciphers/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@
name: process.user.name
- external: ecs
name: server.address
- external: ecs
name: server.ip
- external: ecs
name: server.port
- external: ecs
Expand All @@ -108,3 +110,5 @@
name: tls.client.supported_ciphers
- external: ecs
name: url.full
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/ciphers/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_ciphers-1"
index: "logs-tychon_latest.dest_ciphers-2"
aliases:
- alias: "logs-tychon_latest.ciphers"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/coams/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/coams/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_coams-1"
index: "logs-tychon_latest.dest_coams-2"
aliases:
- alias: "logs-tychon_latest.coams"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/cpu/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/cpu/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_cpu-1"
index: "logs-tychon_latest.dest_cpu-2"
aliases:
- alias: "logs-tychon_latest.cpu"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/cve/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,5 @@
name: vulnerability.score.version
- external: ecs
name: vulnerability.severity
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/cve/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_cve-1"
index: "logs-tychon_latest.dest_cve-2"
aliases:
- alias: "logs-tychon_latest.cve"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/epp/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,5 @@
name: package.type
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/epp/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_epp-1"
index: "logs-tychon_latest.dest_epp-2"
aliases:
- alias: "logs-tychon_latest.epp"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/exposedservice/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,3 +86,5 @@
name: tags
- external: ecs
name: user.name
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/exposedservice/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_exposedservice-1"
index: "logs-tychon_latest.dest_exposedservice-2"
aliases:
- alias: "logs-tychon_latest.exposedservice"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/externaldevicecontrol/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/externaldevicecontrol/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_externaldevicecontrol-1"
index: "logs-tychon_latest.dest_externaldevicecontrol-2"
aliases:
- alias: "logs-tychon_latest.externaldevicecontrol"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/features/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,5 @@
name: package.type
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/features/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_features-1"
index: "logs-tychon_latest.dest_features-2"
aliases:
- alias: "logs-tychon_latest.features"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/harddrive/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/harddrive/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_harddrive-1"
index: "logs-tychon_latest.dest_harddrive-2"
aliases:
- alias: "logs-tychon_latest.harddrive"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/hardware/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/hardware/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_hardware-1"
index: "logs-tychon_latest.dest_hardware-2"
aliases:
- alias: "logs-tychon_latest.hardware"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/host/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
4 changes: 2 additions & 2 deletions packages/tychon/elasticsearch/transform/host/transform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ source:
# that ability in order to prevent having duplicate data and prevent query
# time field type conflicts.
dest:
index: "logs-tychon_latest.dest_host-1"
index: "logs-tychon_latest.dest_host-2"
aliases:
- alias: "logs-tychon_latest.host"
move_on_creation: true
Expand All @@ -39,5 +39,5 @@ _meta:
managed: false
# Bump this version to delete, reinstall, and restart the transform during
# package installation.
fleet_transform_version: 1.0.1
fleet_transform_version: 1.1.0
run_as_kibana_system: false
2 changes: 2 additions & 0 deletions packages/tychon/elasticsearch/transform/networkadapter/fields/ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,5 @@
name: log.file.path
- external: ecs
name: tags
- external: ecs
name: related.ip
Loading

0 comments on commit d5b20ab

Please sign in to comment.