Skip to content

Commit

Permalink
generate files
Browse files Browse the repository at this point in the history
  • Loading branch information
@efd6
efd6 committed Nov 1, 2022
1 parent 3650b63 commit e1f930e
Show file tree
Hide file tree
Showing 7 changed files with 681 additions and 307 deletions.
12 changes: 9 additions & 3 deletions docs/fields/field-details.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2266,7 +2266,9 @@ Note: this field should contain an array of values.
[[field-elf-go-import-hash]]
<<field-elf-go-import-hash, elf.go_import_hash>>

a| A hash of the Go language imports in an ELF file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
a| A hash of the Go language imports in an ELF file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation are available [here](https://github.com/elastic/toutoumomoma).

type: keyword

Expand Down Expand Up @@ -5977,7 +5979,9 @@ beta::[ These fields are in beta and are subject to change.]
[[field-macho-go-import-hash]]
<<field-macho-go-import-hash, macho.go_import_hash>>

a| A hash of the Go language imports in an Mach-O file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
a| A hash of the Go language imports in a Mach-O file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation are available [here](https://github.com/elastic/toutoumomoma).

type: keyword

Expand Down Expand Up @@ -7590,7 +7594,9 @@ example: `6.3.9600.17415`
[[field-pe-go-import-hash]]
<<field-pe-go-import-hash, pe.go_import_hash>>

a| A hash of the Go language imports in a PE file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
a| A hash of the Go language imports in a PE file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation are available [here](https://github.com/elastic/toutoumomoma).

type: keyword

Expand Down
174 changes: 119 additions & 55 deletions experimental/generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1519,9 +1519,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: pe.go_imports
Expand Down Expand Up @@ -1881,9 +1885,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: go_imports
Expand Down Expand Up @@ -2895,9 +2903,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: elf.go_imports
Expand Down Expand Up @@ -3189,10 +3201,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an Mach-O file. An import
hash can be used to fingerprint binaries even after recompilation or other
code-level transformations have occurred, which would change more traditional
hash values.
description: 'A hash of the Go language imports in a Mach-O file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: macho.go_imports
Expand Down Expand Up @@ -3371,9 +3386,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: pe.go_imports
Expand Down Expand Up @@ -4519,10 +4538,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an Mach-O file. An import
hash can be used to fingerprint binaries even after recompilation or other
code-level transformations have occurred, which would change more traditional
hash values.
description: 'A hash of the Go language imports in a Mach-O file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: go_imports
Expand Down Expand Up @@ -5427,9 +5449,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: go_imports
Expand Down Expand Up @@ -5715,9 +5741,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: elf.go_imports
Expand Down Expand Up @@ -6696,10 +6726,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an Mach-O file. An import
hash can be used to fingerprint binaries even after recompilation or other
code-level transformations have occurred, which would change more traditional
hash values.
description: 'A hash of the Go language imports in a Mach-O file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: macho.go_imports
Expand Down Expand Up @@ -6962,9 +6995,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: parent.elf.go_imports
Expand Down Expand Up @@ -7310,10 +7347,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an Mach-O file. An import
hash can be used to fingerprint binaries even after recompilation or other
code-level transformations have occurred, which would change more traditional
hash values.
description: 'A hash of the Go language imports in a Mach-O file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: parent.macho.go_imports
Expand Down Expand Up @@ -7462,9 +7502,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: parent.pe.go_imports
Expand Down Expand Up @@ -7801,9 +7845,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: pe.go_imports
Expand Down Expand Up @@ -9975,9 +10023,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: enrichments.indicator.file.elf.go_imports
Expand Down Expand Up @@ -10351,9 +10403,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: enrichments.indicator.file.pe.go_imports
Expand Down Expand Up @@ -11557,9 +11613,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in an ELF file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in an ELF file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: indicator.file.elf.go_imports
Expand Down Expand Up @@ -11933,9 +11993,13 @@
level: extended
type: keyword
ignore_above: 1024
description: A hash of the Go language imports in a PE file. An import hash
can be used to fingerprint binaries even after recompilation or other code-level
transformations have occurred, which would change more traditional hash values.
description: 'A hash of the Go language imports in a PE file excluding standard
library imports. An import hash can be used to fingerprint binaries even after
recompilation or other code-level transformations have occurred, which would
change more traditional hash values.

The algorithm used to calculate the Go symbol hash and a reference implementation
are available [here](https://github.com/elastic/toutoumomoma).'
example: 10bddcb4cee42080f76c88d9ff964491
default_field: false
- name: indicator.file.pe.go_imports
Expand Down
Loading

0 comments on commit e1f930e

Please sign in to comment.