From 4fd95849eb8a47de4a26f21c9e885f0e9fda5ae0 Mon Sep 17 00:00:00 2001 From: Christiano Haesbaert Date: Fri, 22 Nov 2024 15:00:15 +0100 Subject: [PATCH] Restrict x509.serial_number to base 16 for 9.x (#2398) We made 8.x a `should` for the same field in 4fa0abdf5db87abc91791b9a0093b371cc696032. As discussed in https://github.com/elastic/ecs/pull/2383#discussion_r1764034582 we are making this a `must` for 9.x. Co-authored-by: Michael Wolf --- CHANGELOG.next.md | 1 + docs/fields/field-details.asciidoc | 2 +- experimental/generated/beats/fields.ecs.yml | 14 +++++++------- experimental/generated/ecs/ecs_flat.yml | 14 +++++++------- experimental/generated/ecs/ecs_nested.yml | 16 ++++++++-------- generated/beats/fields.ecs.yml | 14 +++++++------- generated/ecs/ecs_flat.yml | 14 +++++++------- generated/ecs/ecs_nested.yml | 16 ++++++++-------- schemas/x509.yml | 2 +- 9 files changed, 47 insertions(+), 46 deletions(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index aae5b7a87f..b46ee2c925 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -19,6 +19,7 @@ Thanks, you're awesome :-) --> #### Improvements * Define base encoding of `x509.serial_number`. #2383 +* Restrict the encoding of `x509.serial_number` to base 16. #2398 #### Deprecated diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 489828f764..6d5ba6a780 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -13803,7 +13803,7 @@ example: `2048` [[field-x509-serial-number]] <> -a| Unique serial number issued by the certificate authority. For consistency, this should be encoded in base 16 and formatted without colons and uppercase characters. +a| Unique serial number issued by the certificate authority. For consistency, this must be encoded in base 16 and formatted without colons and uppercase characters. type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 4edbea7a0b..3cc3a5847b 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3339,7 +3339,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -9984,7 +9984,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -10541,7 +10541,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -11606,7 +11606,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12174,7 +12174,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12590,7 +12590,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12872,7 +12872,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index d7b749d18d..52e90b2670 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -5510,7 +5510,7 @@ file.x509.public_key_size: file.x509.serial_number: dashed_name: file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: file.x509.serial_number ignore_above: 1024 @@ -16159,7 +16159,7 @@ threat.enrichments.indicator.file.x509.public_key_size: threat.enrichments.indicator.file.x509.serial_number: dashed_name: threat-enrichments-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.file.x509.serial_number ignore_above: 1024 @@ -17085,7 +17085,7 @@ threat.enrichments.indicator.x509.public_key_size: threat.enrichments.indicator.x509.serial_number: dashed_name: threat-enrichments-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.x509.serial_number ignore_above: 1024 @@ -18894,7 +18894,7 @@ threat.indicator.file.x509.public_key_size: threat.indicator.file.x509.serial_number: dashed_name: threat-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.file.x509.serial_number ignore_above: 1024 @@ -19836,7 +19836,7 @@ threat.indicator.x509.public_key_size: threat.indicator.x509.serial_number: dashed_name: threat-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.x509.serial_number ignore_above: 1024 @@ -20526,7 +20526,7 @@ tls.client.x509.public_key_size: tls.client.x509.serial_number: dashed_name: tls-client-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.client.x509.serial_number ignore_above: 1024 @@ -21002,7 +21002,7 @@ tls.server.x509.public_key_size: tls.server.x509.serial_number: dashed_name: tls-server-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.server.x509.serial_number ignore_above: 1024 diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 28fbb237c6..6e1b49a8f9 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -6558,7 +6558,7 @@ file: file.x509.serial_number: dashed_name: file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: file.x509.serial_number @@ -18863,7 +18863,7 @@ threat: threat.enrichments.indicator.file.x509.serial_number: dashed_name: threat-enrichments-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.file.x509.serial_number @@ -19794,7 +19794,7 @@ threat: threat.enrichments.indicator.x509.serial_number: dashed_name: threat-enrichments-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.x509.serial_number @@ -21606,7 +21606,7 @@ threat: threat.indicator.file.x509.serial_number: dashed_name: threat-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.file.x509.serial_number @@ -22553,7 +22553,7 @@ threat: threat.indicator.x509.serial_number: dashed_name: threat-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.x509.serial_number @@ -23308,7 +23308,7 @@ tls: tls.client.x509.serial_number: dashed_name: tls-client-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.client.x509.serial_number @@ -23788,7 +23788,7 @@ tls: tls.server.x509.serial_number: dashed_name: tls-server-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.server.x509.serial_number @@ -25706,7 +25706,7 @@ x509: x509.serial_number: dashed_name: x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: x509.serial_number diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 05a7e4da52..93b81e44bb 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -3289,7 +3289,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -9934,7 +9934,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -10491,7 +10491,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -11556,7 +11556,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12124,7 +12124,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12540,7 +12540,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false @@ -12822,7 +12822,7 @@ type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA default_field: false diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index b58c35d5ff..3ab5bc75d5 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -5441,7 +5441,7 @@ file.x509.public_key_size: file.x509.serial_number: dashed_name: file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: file.x509.serial_number ignore_above: 1024 @@ -16090,7 +16090,7 @@ threat.enrichments.indicator.file.x509.public_key_size: threat.enrichments.indicator.file.x509.serial_number: dashed_name: threat-enrichments-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.file.x509.serial_number ignore_above: 1024 @@ -17016,7 +17016,7 @@ threat.enrichments.indicator.x509.public_key_size: threat.enrichments.indicator.x509.serial_number: dashed_name: threat-enrichments-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.x509.serial_number ignore_above: 1024 @@ -18825,7 +18825,7 @@ threat.indicator.file.x509.public_key_size: threat.indicator.file.x509.serial_number: dashed_name: threat-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.file.x509.serial_number ignore_above: 1024 @@ -19767,7 +19767,7 @@ threat.indicator.x509.public_key_size: threat.indicator.x509.serial_number: dashed_name: threat-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.x509.serial_number ignore_above: 1024 @@ -20457,7 +20457,7 @@ tls.client.x509.public_key_size: tls.client.x509.serial_number: dashed_name: tls-client-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.client.x509.serial_number ignore_above: 1024 @@ -20933,7 +20933,7 @@ tls.server.x509.public_key_size: tls.server.x509.serial_number: dashed_name: tls-server-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase characters. + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.server.x509.serial_number ignore_above: 1024 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 8c8aa6b1a8..c068d535a1 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -6478,7 +6478,7 @@ file: file.x509.serial_number: dashed_name: file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: file.x509.serial_number @@ -18783,7 +18783,7 @@ threat: threat.enrichments.indicator.file.x509.serial_number: dashed_name: threat-enrichments-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.file.x509.serial_number @@ -19714,7 +19714,7 @@ threat: threat.enrichments.indicator.x509.serial_number: dashed_name: threat-enrichments-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.enrichments.indicator.x509.serial_number @@ -21526,7 +21526,7 @@ threat: threat.indicator.file.x509.serial_number: dashed_name: threat-indicator-file-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.file.x509.serial_number @@ -22473,7 +22473,7 @@ threat: threat.indicator.x509.serial_number: dashed_name: threat-indicator-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: threat.indicator.x509.serial_number @@ -23228,7 +23228,7 @@ tls: tls.client.x509.serial_number: dashed_name: tls-client-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.client.x509.serial_number @@ -23708,7 +23708,7 @@ tls: tls.server.x509.serial_number: dashed_name: tls-server-x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: tls.server.x509.serial_number @@ -25626,7 +25626,7 @@ x509: x509.serial_number: dashed_name: x509-serial-number description: Unique serial number issued by the certificate authority. For consistency, - this should be encoded in base 16 and formatted without colons and uppercase + this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA flat_name: x509.serial_number diff --git a/schemas/x509.yml b/schemas/x509.yml index 40f8aa71da..606fdd2827 100644 --- a/schemas/x509.yml +++ b/schemas/x509.yml @@ -52,7 +52,7 @@ type: keyword short: Unique serial number issued by the certificate authority. description: > - Unique serial number issued by the certificate authority. For consistency, this should be + Unique serial number issued by the certificate authority. For consistency, this must be encoded in base 16 and formatted without colons and uppercase characters. example: 55FBB9C7DEBF09809D12CCAA