Skip to content

Commit

Permalink
Explicitly include user identifiers in related.user field descripti…
Browse files Browse the repository at this point in the history 
…on (#1420) (#1437)
  • Loading branch information
@ebeahan
ebeahan committed May 26, 2021
1 parent a00eb89 commit d01b166
Show file tree
Hide file tree
Showing 12 changed files with 17 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Thanks, you're awesome :-) -->

* Fix ecs GitHub repo link source branch #1393
* Add --exclude flag to Generator to support field removal testing #1411
* Explicitly include user identifiers in `relater.user` description. #1420

#### Deprecated

Expand Down
2 changes: 1 addition & 1 deletion code/go/ecs/related.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion docs/field-details.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6638,7 +6638,7 @@ Note: this field should contain an array of values.
[[field-related-user]]
<<field-related-user, related.user>>

| All the user names seen on your event.
| All the user names or other user identifiers seen on the event.

type: keyword

Expand Down
2 changes: 1 addition & 1 deletion experimental/generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6111,7 +6111,7 @@
level: extended
type: keyword
ignore_above: 1024
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
default_field: false
- name: rule
title: Rule
Expand Down
2 changes: 1 addition & 1 deletion experimental/generated/csv/fields.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -706,7 +706,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
1.11.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
1.11.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
1.11.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
1.11.0-dev+exp,true,related,related.user,keyword,extended,array,,All the user names seen on your event.
1.11.0-dev+exp,true,related,related.user,keyword,extended,array,,All the user names or other user identifiers seen on the event.
1.11.0-dev+exp,true,rule,rule.author,keyword,extended,array,"[""Star-Lord""]",Rule author
1.11.0-dev+exp,true,rule,rule.category,keyword,extended,,Attempted Information Leak,Rule category
1.11.0-dev+exp,true,rule,rule.description,keyword,extended,,Block requests to public DNS over HTTPS / TLS protocols,Rule description
Expand Down
4 changes: 2 additions & 2 deletions experimental/generated/ecs/ecs_flat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8866,14 +8866,14 @@ related.ip:
type: ip
related.user:
dashed_name: related-user
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
normalize:
- array
short: All the user names seen on your event.
short: All the user names or other user identifiers seen on the event.
type: keyword
rule.author:
dashed_name: rule-author
Expand Down
4 changes: 2 additions & 2 deletions experimental/generated/ecs/ecs_nested.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10800,14 +10800,14 @@ related:
type: ip
related.user:
dashed_name: related-user
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
normalize:
- array
short: All the user names seen on your event.
short: All the user names or other user identifiers seen on the event.
type: keyword
group: 2
name: related
Expand Down
2 changes: 1 addition & 1 deletion generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5126,7 +5126,7 @@
level: extended
type: keyword
ignore_above: 1024
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
default_field: false
- name: rule
title: Rule
Expand Down
2 changes: 1 addition & 1 deletion generated/csv/fields.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
1.11.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
1.11.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
1.11.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
1.11.0-dev,true,related,related.user,keyword,extended,array,,All the user names seen on your event.
1.11.0-dev,true,related,related.user,keyword,extended,array,,All the user names or other user identifiers seen on the event.
1.11.0-dev,true,rule,rule.author,keyword,extended,array,"[""Star-Lord""]",Rule author
1.11.0-dev,true,rule,rule.category,keyword,extended,,Attempted Information Leak,Rule category
1.11.0-dev,true,rule,rule.description,keyword,extended,,Block requests to public DNS over HTTPS / TLS protocols,Rule description
Expand Down
4 changes: 2 additions & 2 deletions generated/ecs/ecs_flat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7443,14 +7443,14 @@ related.ip:
type: ip
related.user:
dashed_name: related-user
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
normalize:
- array
short: All the user names seen on your event.
short: All the user names or other user identifiers seen on the event.
type: keyword
rule.author:
dashed_name: rule-author
Expand Down
4 changes: 2 additions & 2 deletions generated/ecs/ecs_nested.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9013,14 +9013,14 @@ related:
type: ip
related.user:
dashed_name: related-user
description: All the user names seen on your event.
description: All the user names or other user identifiers seen on the event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
normalize:
- array
short: All the user names seen on your event.
short: All the user names or other user identifiers seen on the event.
type: keyword
group: 2
name: related
Expand Down
3 changes: 2 additions & 1 deletion schemas/related.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@
level: extended
type: keyword
description: >
All the user names seen on your event.
All the user names or other user identifiers seen on the event.
normalize:
- array

Expand Down

0 comments on commit d01b166

Please sign in to comment.