fix external links

elastic · Mar 6, 2025 · 9472cde · 9472cde
1 parent 5cb6754
commit 9472cde
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/docs/reference/ecs-pe.md b/docs/reference/ecs-pe.md
@@ -24,13 +24,13 @@ These fields contain Windows Portable Executable (PE) metadata.
 | $$$field-pe-go-imports-names-entropy$$$[pe.go_imports_names_entropy](#field-pe-go-imports-names-entropy) | Shannon entropy calculation from the list of Go imports.<br><br>type: long<br> | extended |
 | $$$field-pe-go-imports-names-var-entropy$$$[pe.go_imports_names_var_entropy](#field-pe-go-imports-names-var-entropy) | Variance for Shannon entropy calculation from the list of Go imports.<br><br>type: long<br> | extended |
 | $$$field-pe-go-stripped$$$[pe.go_stripped](#field-pe-go-stripped) | Set to true if the file is a Go executable that has had its symbols stripped or obfuscated and false if an unobfuscated Go executable.<br><br>type: boolean<br> | extended |
-| $$$field-pe-imphash$$$[pe.imphash](#field-pe-imphash) | A hash of the imports in a PE file. An imphash — or import hash — can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.<br><br>Learn more at [https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html](https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.md).<br><br>type: keyword<br><br>example: `0c6803c4e922103c4dca5963aad36ddf`<br> | extended |
+| $$$field-pe-imphash$$$[pe.imphash](#field-pe-imphash) | A hash of the imports in a PE file. An imphash — or import hash — can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.<br><br>Learn more at [https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html](https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html).<br><br>type: keyword<br><br>example: `0c6803c4e922103c4dca5963aad36ddf`<br> | extended |
 | $$$field-pe-import-hash$$$[pe.import_hash](#field-pe-import-hash) | A hash of the imports in a PE file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.<br><br>This is a synonym for imphash.<br><br>type: keyword<br><br>example: `d41d8cd98f00b204e9800998ecf8427e`<br> | extended |
 | $$$field-pe-imports$$$[pe.imports](#field-pe-imports) | List of imported element names and types.<br><br>type: flattened<br><br>Note: this field should contain an array of values.<br> | extended |
 | $$$field-pe-imports-names-entropy$$$[pe.imports_names_entropy](#field-pe-imports-names-entropy) | Shannon entropy calculation from the list of imported element names and types.<br><br>type: long<br> | extended |
 | $$$field-pe-imports-names-var-entropy$$$[pe.imports_names_var_entropy](#field-pe-imports-names-var-entropy) | Variance for Shannon entropy calculation from the list of imported element names and types.<br><br>type: long<br> | extended |
 | $$$field-pe-original-file-name$$$[pe.original_file_name](#field-pe-original-file-name) | Internal name of the file, provided at compile-time.<br><br>type: keyword<br><br>example: `MSPAINT.EXE`<br> | extended |
-| $$$field-pe-pehash$$$[pe.pehash](#field-pe-pehash) | A hash of the PE header and data from one or more PE sections. An pehash can be used to cluster files by transforming structural information about a file into a hash value.<br><br>Learn more at [https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html](https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.md).<br><br>type: keyword<br><br>example: `73ff189b63cd6be375a7ff25179a38d347651975`<br> | extended |
+| $$$field-pe-pehash$$$[pe.pehash](#field-pe-pehash) | A hash of the PE header and data from one or more PE sections. An pehash can be used to cluster files by transforming structural information about a file into a hash value.<br><br>Learn more at [https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html](https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html).<br><br>type: keyword<br><br>example: `73ff189b63cd6be375a7ff25179a38d347651975`<br> | extended |
 | $$$field-pe-product$$$[pe.product](#field-pe-product) | Internal product name of the file, provided at compile-time.<br><br>type: keyword<br><br>example: `Microsoft® Windows® Operating System`<br> | extended |
 | $$$field-pe-sections$$$[pe.sections](#field-pe-sections) | An array containing an object for each section of the PE file.<br><br>The keys that should be present in these objects are defined by sub-fields underneath `pe.sections.*`.<br><br>type: nested<br><br>Note: this field should contain an array of values.<br> | extended |
 | $$$field-pe-sections-entropy$$$[pe.sections.entropy](#field-pe-sections-entropy) | Shannon entropy calculation from the section.<br><br>type: long<br> | extended |

diff --git a/docs/reference/ecs-vulnerability.md b/docs/reference/ecs-vulnerability.md
@@ -17,9 +17,9 @@ The vulnerability fields describe information about a vulnerability that is rele
 | --- | --- | --- |
 | $$$field-vulnerability-category$$$[vulnerability.category](#field-vulnerability-category) | The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example ([https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm](https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm))<br><br>This field must be an array.<br><br>type: keyword<br><br>Note: this field should contain an array of values.<br><br>example: `["Firewall"]`<br> | extended |
 | $$$field-vulnerability-classification$$$[vulnerability.classification](#field-vulnerability-classification) | The classification of the vulnerability scoring system. For example ([https://www.first.org/cvss/](https://www.first.org/cvss/))<br><br>type: keyword<br><br>example: `CVSS`<br> | extended |
-| $$$field-vulnerability-description$$$[vulnerability.description](#field-vulnerability-description) | The description of the vulnerability that provides additional context of the vulnerability. For example ([https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created](https://cve.mitre.org/about/faqs.md#cve_entry_descriptions_created))<br><br>type: keyword<br><br>Multi-fields:<br><br>* vulnerability.description.text (type: match_only_text)<br><br>example: `In macOS before 2.12.6, there is a vulnerability in the RPC...`<br> | extended |
+| $$$field-vulnerability-description$$$[vulnerability.description](#field-vulnerability-description) | The description of the vulnerability that provides additional context of the vulnerability. For example ([https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created](https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created))<br><br>type: keyword<br><br>Multi-fields:<br><br>* vulnerability.description.text (type: match_only_text)<br><br>example: `In macOS before 2.12.6, there is a vulnerability in the RPC...`<br> | extended |
 | $$$field-vulnerability-enumeration$$$[vulnerability.enumeration](#field-vulnerability-enumeration) | The type of identifier used for this vulnerability. For example ([https://cve.mitre.org/about/](https://cve.mitre.org/about/))<br><br>type: keyword<br><br>example: `CVE`<br> | extended |
-| $$$field-vulnerability-id$$$[vulnerability.id](#field-vulnerability-id) | The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example ([https://cve.mitre.org/about/faqs.html#what_is_cve_id](https://cve.mitre.org/about/faqs.md#what_is_cve_id))<br><br>type: keyword<br><br>example: `CVE-2019-00001`<br> | extended |
+| $$$field-vulnerability-id$$$[vulnerability.id](#field-vulnerability-id) | The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example ([https://cve.mitre.org/about/faqs.html#what_is_cve_id](https://cve.mitre.org/about/faqs.html#what_is_cve_id))<br><br>type: keyword<br><br>example: `CVE-2019-00001`<br> | extended |
 | $$$field-vulnerability-reference$$$[vulnerability.reference](#field-vulnerability-reference) | A resource that provides additional information, context, and mitigations for the identified vulnerability.<br><br>type: keyword<br><br>example: `https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111`<br> | extended |
 | $$$field-vulnerability-report-id$$$[vulnerability.report_id](#field-vulnerability-report-id) | The report or scan identification number.<br><br>type: keyword<br><br>example: `20191018.0001`<br> | extended |
 | $$$field-vulnerability-scanner-vendor$$$[vulnerability.scanner.vendor](#field-vulnerability-scanner-vendor) | The name of the vulnerability scanner vendor.<br><br>type: keyword<br><br>example: `Tenable`<br> | extended |