Update short description and add process.attested_user and attested_g…

…roups to CHANGELOG
elastic · Sep 19, 2022 · 1fa66c1 · 1fa66c1
1 parent b0d3464
commit 1fa66c1
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -51,6 +51,7 @@ Thanks, you're awesome :-) -->
 * Adding `risk.*` fields as experimental. #1994, #2010
 * Adding `process.io.*` as beta fields. #1956, #2031
 * Adding `process.tty.rows` and `process.tty.columns` as beta fields. #2031
+* `process.attested_user` and `process.attested_groups` as beta fields. #2050
 
 #### Improvements
 

diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc
@@ -7764,7 +7764,7 @@ Note also that the `process` fields may be used directly at the root of the even
 | `process.attested_groups.*`
 | <<ecs-group,group>>| beta:[ Reusing the `group` fields in this location is currently considered beta.]
 
-The externally attested groups.
+The externally attested groups based on an external source such as the Kube API.
 
 Note: this reuse should contain an array of group field set objects.
 

diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml
@@ -6035,7 +6035,8 @@ group:
       full: process.attested_groups
       normalize:
       - array
-      short_override: The externally attested groups.
+      short_override: The externally attested groups based on an external source such
+        as the Kube API.
     top_level: true
   short: User's group relevant to the event.
   title: Group
@@ -12472,7 +12473,8 @@ process:
     normalize:
     - array
     schema_name: group
-    short: The externally attested groups.
+    short: The externally attested groups based on an external source such as the
+      Kube API.
   - full: process.hash
     schema_name: hash
     short: Hashes, usually file hashes.

diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
@@ -5955,7 +5955,8 @@ group:
       full: process.attested_groups
       normalize:
       - array
-      short_override: The externally attested groups.
+      short_override: The externally attested groups based on an external source such
+        as the Kube API.
     top_level: true
   short: User's group relevant to the event.
   title: Group
@@ -12308,7 +12309,8 @@ process:
     normalize:
     - array
     schema_name: group
-    short: The externally attested groups.
+    short: The externally attested groups based on an external source such as the
+      Kube API.
   - full: process.hash
     schema_name: hash
     short: Hashes, usually file hashes.

diff --git a/schemas/group.yml b/schemas/group.yml
@@ -49,7 +49,7 @@
           - array
       - at: process
         as: attested_groups
-        short_override: The externally attested groups.
+        short_override: The externally attested groups based on an external source such as the Kube API.
         beta: Reusing the `group` fields in this location is currently considered beta.
         normalize:
           - array