Update short description and add process.attested_user and attested_g…

…roups to CHANGELOG

CHANGELOG.next.md

@@ -51,6 +51,7 @@ Thanks, you're awesome :-) -->
 * Adding `risk.*` fields as experimental. #1994, #2010
 * Adding `process.io.*` as beta fields. #1956, #2031
 * Adding `process.tty.rows` and `process.tty.columns` as beta fields. #2031
+* `process.attested_user` and `process.attested_groups` as beta fields. #2050
 
 #### Improvements
 

docs/fields/field-details.asciidoc

@@ -7764,7 +7764,7 @@ Note also that the `process` fields may be used directly at the root of the even
 | `process.attested_groups.*`
 | <<ecs-group,group>>| beta:[ Reusing the `group` fields in this location is currently considered beta.]
 
-The externally attested groups.
+The externally attested groups based on an external source such as the Kube API.
 
 Note: this reuse should contain an array of group field set objects.
 
@@ -7774,7 +7774,7 @@ Note: this reuse should contain an array of group field set objects.
 | `process.attested_user.*`
 | <<ecs-user,user>>| beta:[ Reusing the `user` fields in this location is currently considered beta.]
 
-The externally attested user associated with the process based on an external source such as the Kube API.
+The externally attested user based on an external source such as the Kube API.
 
 // ===============================================================
 

experimental/generated/ecs/ecs_nested.yml

@@ -6035,7 +6035,8 @@ group:
       full: process.attested_groups
       normalize:
       - array
-      short_override: The externally attested groups.
+      short_override: The externally attested groups based on an external source such
+        as the Kube API.
     top_level: true
   short: User's group relevant to the event.
   title: Group
@@ -12472,7 +12473,8 @@ process:
     normalize:
     - array
     schema_name: group
-    short: The externally attested groups.
+    short: The externally attested groups based on an external source such as the
+      Kube API.
   - full: process.hash
     schema_name: hash
     short: Hashes, usually file hashes.
@@ -12505,8 +12507,8 @@ process:
   - beta: Reusing the `user` fields in this location is currently considered beta.
     full: process.attested_user
     schema_name: user
-    short: The externally attested user associated with the process based on an external
-      source such as the Kube API.
+    short: The externally attested user based on an external source such as the Kube
+      API.
   - full: process.parent
     schema_name: process
     short: Information about the parent process.
@@ -21692,8 +21694,8 @@ user:
       at: process
       beta: Reusing the `user` fields in this location is currently considered beta.
       full: process.attested_user
-      short_override: The externally attested user associated with the process based
-        on an external source such as the Kube API.
+      short_override: The externally attested user based on an external source such
+        as the Kube API.
     top_level: true
   reused_here:
   - full: user.group

generated/ecs/ecs_nested.yml

@@ -5955,7 +5955,8 @@ group:
       full: process.attested_groups
       normalize:
       - array
-      short_override: The externally attested groups.
+      short_override: The externally attested groups based on an external source such
+        as the Kube API.
     top_level: true
   short: User's group relevant to the event.
   title: Group
@@ -12308,7 +12309,8 @@ process:
     normalize:
     - array
     schema_name: group
-    short: The externally attested groups.
+    short: The externally attested groups based on an external source such as the
+      Kube API.
   - full: process.hash
     schema_name: hash
     short: Hashes, usually file hashes.
@@ -12341,8 +12343,8 @@ process:
   - beta: Reusing the `user` fields in this location is currently considered beta.
     full: process.attested_user
     schema_name: user
-    short: The externally attested user associated with the process based on an external
-      source such as the Kube API.
+    short: The externally attested user based on an external source such as the Kube
+      API.
   - full: process.parent
     schema_name: process
     short: Information about the parent process.
@@ -21115,8 +21117,8 @@ user:
       at: process
       beta: Reusing the `user` fields in this location is currently considered beta.
       full: process.attested_user
-      short_override: The externally attested user associated with the process based
-        on an external source such as the Kube API.
+      short_override: The externally attested user based on an external source such
+        as the Kube API.
     top_level: true
   reused_here:
   - full: user.group

schemas/group.yml

@@ -49,7 +49,7 @@
           - array
       - at: process
         as: attested_groups
-        short_override: The externally attested groups.
+        short_override: The externally attested groups based on an external source such as the Kube API.
         beta: Reusing the `group` fields in this location is currently considered beta.
         normalize:
           - array

schemas/user.yml

@@ -56,7 +56,7 @@
         beta: Reusing the `user` fields in this location is currently considered beta.
       - at: process
         as: attested_user
-        short_override: The externally attested user associated with the process based on an external source such as the Kube API.
+        short_override: The externally attested user based on an external source such as the Kube API.
         beta: Reusing the `user` fields in this location is currently considered beta.
 
   type: group