Skip to content

Commit

Permalink
Add hash.* field set.
Browse files Browse the repository at this point in the history
  • Loading branch information
Christoph Wurm committed Apr 10, 2019
1 parent 6f0c5c5 commit d06f72c
Show file tree
Hide file tree
Showing 14 changed files with 2,149 additions and 17 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* Generator for the asciidoc rendering of field definitions. #347
* Generator for the Beats fields.ecs.yml file. #379
* Added field formats to all `.bytes` fields and `event.duration`. #385
* Added `hash.*` field set.

### Improvements

Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ gocodegen:

# Generate the Use Cases
.PHONY: legacy_use_cases
legacy_use_cases:
legacy_use_cases: ve
$(PYTHON) scripts/use-cases.py --stdout=true >> /dev/null

# Check Makefile format.
Expand Down
71 changes: 71 additions & 0 deletions code/go/ecs/hash.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

246 changes: 246 additions & 0 deletions docs/field-details.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1079,6 +1079,29 @@ type: keyword

// ===============================================================

|=====

==== Field Reuse




[[ecs-file-nestings]]
===== Field sets that can be nested under File

[options="header"]
|=====
| Nested fields | Description

// ===============================================================


| <<ecs-hash,file.hash.*>>
| Hashes, usually file hashes.

// ===============================================================


|=====

[[ecs-geo]]
Expand Down Expand Up @@ -1245,6 +1268,206 @@ Note also that the `group` fields may be used directly at the top level.



[[ecs-hash]]
=== Group Fields

The hash fields represent different hash algorithms and their values.

==== Group Field Details

[options="header"]
|=====
| Field | Description | Level

// ===============================================================

| hash.blake2b_256
| BLAKE2b-256 hash.

type: keyword



| extended

// ===============================================================

| hash.blake2b_384
| BLAKE2b-384 hash.

type: keyword



| extended

// ===============================================================

| hash.blake2b_512
| BLAKE2b-512 hash.

type: keyword



| extended

// ===============================================================

| hash.md5
| MD5 hash.

type: keyword



| extended

// ===============================================================

| hash.sha1
| SHA1 hash.

type: keyword



| extended

// ===============================================================

| hash.sha224
| SHA224 hash.

type: keyword



| extended

// ===============================================================

| hash.sha256
| SHA256 hash.

type: keyword



| extended

// ===============================================================

| hash.sha384
| SHA384 hash.

type: keyword



| extended

// ===============================================================

| hash.sha3_224
| SHA3_224 hash.

type: keyword



| extended

// ===============================================================

| hash.sha3_256
| SHA3_256 hash.

type: keyword



| extended

// ===============================================================

| hash.sha3_384
| SHA3_384 hash.

type: keyword



| extended

// ===============================================================

| hash.sha3_512
| SHA3_512 hash.

type: keyword



| extended

// ===============================================================

| hash.sha512
| SHA512 hash.

type: keyword



| extended

// ===============================================================

| hash.sha512_224
| SHA512/224 hash.

type: keyword



| extended

// ===============================================================

| hash.sha512_256
| SHA512/256 hash.

type: keyword



| extended

// ===============================================================

| hash.xxh64
| XX64 hash.

type: keyword



| extended

// ===============================================================

|=====

==== Field Reuse

The `hash` fields are expected to be nested at: `file.hash`, `process.hash`.

Note also that the `hash` fields are not expected to be used directly at the top level.




[[ecs-host]]
=== Host Fields

Expand Down Expand Up @@ -2098,6 +2321,29 @@ example: `/home/alice`

// ===============================================================

|=====

==== Field Reuse




[[ecs-process-nestings]]
===== Field sets that can be nested under Process

[options="header"]
|=====
| Nested fields | Description

// ===============================================================


| <<ecs-hash,process.hash.*>>
| Hashes, usually file hashes.

// ===============================================================


|=====

[[ecs-related]]
Expand Down
2 changes: 2 additions & 0 deletions docs/fields.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ all fields are defined.

| <<ecs-group,Group>> | User's group relevant to the event.

| <<ecs-hash,Group>> | Hashes, usually file hashes.

| <<ecs-host,Host>> | Fields describing the relevant computing instance.

| <<ecs-http,HTTP>> | Fields describing an HTTP request.
Expand Down
Loading

0 comments on commit d06f72c

Please sign in to comment.