Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing risk short fields #2010

Merged
merged 13 commits into from
Jul 28, 2022
Merged

Fixing risk short fields #2010

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
72f7fef
[8.5] Cutting 8.4 HFF changelog (#2005)
kgeller Jul 26, 2022
2a5fe90
adding 8.5 placeholder release notes (#2002)
kgeller Jul 26, 2022
4c5c569
8.5 SFF changelog (#2003)
kgeller Jul 26, 2022
4d8d963
adding a short description
kgeller Jul 26, 2022
4f51f6c
artifacts
kgeller Jul 26, 2022
e602e91
Merge branch 'main' into fixing-risk-short-fields
kgeller Jul 26, 2022
727c790
appending to changelog
kgeller Jul 26, 2022
243ca34
Merge branch 'main' into fixing-risk-short-fields
kgeller Jul 26, 2022
2e8bc34
changelog fix
kgeller Jul 26, 2022
c4a228d
one more changelog fix
kgeller Jul 26, 2022
4534485
comma
kgeller Jul 26, 2022
0ee69cc
pulling in main and remaking
kgeller Jul 26, 2022
65dbadd
Merge branch 'main' into fixing-risk-short-fields
kgeller Jul 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CHANGELOG.next.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Thanks, you're awesome :-) -->

#### Added

* Adding `risk.*` fields as experimental. #1994
* Adding `risk.*` fields as experimental. #1994, #2010

#### Improvements

Expand Down
20 changes: 10 additions & 10 deletions experimental/generated/csv/fields.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,10 +395,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.6.0-dev+exp,true,host,host.pid_ns_ino,keyword,extended,,256383,Pid namespace inode
8.6.0-dev+exp,true,host,host.risk.calculated_level,keyword,extended,,High,A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,host,host.risk.calculated_score,float,extended,,880.73,A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,host,host.risk.calculated_score_norm,float,extended,,88.73,"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,host,host.risk.calculated_score_norm,float,extended,,88.73,A normalized risk score calculated by an internal system.
8.6.0-dev+exp,true,host,host.risk.static_level,keyword,extended,,High,"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,host,host.risk.static_score,float,extended,,830.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,host,host.risk.static_score_norm,float,extended,,83.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,host,host.risk.static_score_norm,float,extended,,83.0,A normalized risk score calculated by an external system.
8.6.0-dev+exp,true,host,host.type,keyword,core,,,Type of host.
8.6.0-dev+exp,true,host,host.uptime,long,extended,,1325,Seconds the host has been up.
8.6.0-dev+exp,true,http,http.request.body.bytes,long,extended,,887,Size in bytes of the request body.
Expand Down Expand Up @@ -1462,10 +1462,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.6.0-dev+exp,true,user,user.changes.name.text,match_only_text,core,,a.einstein,Short name or login of the user.
8.6.0-dev+exp,true,user,user.changes.risk.calculated_level,keyword,extended,,High,A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.changes.risk.calculated_score,float,extended,,880.73,A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.changes.risk.calculated_score_norm,float,extended,,88.73,"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.changes.risk.calculated_score_norm,float,extended,,88.73,A normalized risk score calculated by an internal system.
8.6.0-dev+exp,true,user,user.changes.risk.static_level,keyword,extended,,High,"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.changes.risk.static_score,float,extended,,830.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.changes.risk.static_score_norm,float,extended,,83.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.changes.risk.static_score_norm,float,extended,,83.0,A normalized risk score calculated by an external system.
8.6.0-dev+exp,true,user,user.changes.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event.
8.6.0-dev+exp,true,user,user.domain,keyword,extended,,,Name of the directory the user is a member of.
8.6.0-dev+exp,true,user,user.effective.domain,keyword,extended,,,Name of the directory the user is a member of.
Expand All @@ -1481,10 +1481,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.6.0-dev+exp,true,user,user.effective.name.text,match_only_text,core,,a.einstein,Short name or login of the user.
8.6.0-dev+exp,true,user,user.effective.risk.calculated_level,keyword,extended,,High,A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.effective.risk.calculated_score,float,extended,,880.73,A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.effective.risk.calculated_score_norm,float,extended,,88.73,"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.effective.risk.calculated_score_norm,float,extended,,88.73,A normalized risk score calculated by an internal system.
8.6.0-dev+exp,true,user,user.effective.risk.static_level,keyword,extended,,High,"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.effective.risk.static_score,float,extended,,830.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.effective.risk.static_score_norm,float,extended,,83.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.effective.risk.static_score_norm,float,extended,,83.0,A normalized risk score calculated by an external system.
8.6.0-dev+exp,true,user,user.effective.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event.
8.6.0-dev+exp,true,user,user.email,keyword,extended,,,User email address.
8.6.0-dev+exp,true,user,user.full_name,keyword,extended,,Albert Einstein,"User's full name, if available."
Expand All @@ -1498,10 +1498,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.6.0-dev+exp,true,user,user.name.text,match_only_text,core,,a.einstein,Short name or login of the user.
8.6.0-dev+exp,true,user,user.risk.calculated_level,keyword,extended,,High,A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.risk.calculated_score,float,extended,,880.73,A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.risk.calculated_score_norm,float,extended,,88.73,"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.risk.calculated_score_norm,float,extended,,88.73,A normalized risk score calculated by an internal system.
8.6.0-dev+exp,true,user,user.risk.static_level,keyword,extended,,High,"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.risk.static_score,float,extended,,830.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.risk.static_score_norm,float,extended,,83.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.risk.static_score_norm,float,extended,,83.0,A normalized risk score calculated by an external system.
8.6.0-dev+exp,true,user,user.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event.
8.6.0-dev+exp,true,user,user.target.domain,keyword,extended,,,Name of the directory the user is a member of.
8.6.0-dev+exp,true,user,user.target.email,keyword,extended,,,User email address.
Expand All @@ -1516,10 +1516,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.6.0-dev+exp,true,user,user.target.name.text,match_only_text,core,,a.einstein,Short name or login of the user.
8.6.0-dev+exp,true,user,user.target.risk.calculated_level,keyword,extended,,High,A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.target.risk.calculated_score,float,extended,,880.73,A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
8.6.0-dev+exp,true,user,user.target.risk.calculated_score_norm,float,extended,,88.73,"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.target.risk.calculated_score_norm,float,extended,,88.73,A normalized risk score calculated by an internal system.
8.6.0-dev+exp,true,user,user.target.risk.static_level,keyword,extended,,High,"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.target.risk.static_score,float,extended,,830.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."
8.6.0-dev+exp,true,user,user.target.risk.static_score_norm,float,extended,,83.0,"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100."
8.6.0-dev+exp,true,user,user.target.risk.static_score_norm,float,extended,,83.0,A normalized risk score calculated by an external system.
8.6.0-dev+exp,true,user,user.target.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event.
8.6.0-dev+exp,true,user_agent,user_agent.device.name,keyword,extended,,iPhone,Name of the device.
8.6.0-dev+exp,true,user_agent,user_agent.name,keyword,extended,,Safari,Name of the user agent.
Expand Down
35 changes: 10 additions & 25 deletions experimental/generated/ecs/ecs_flat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5288,8 +5288,7 @@ host.risk.calculated_score_norm:
name: calculated_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score calculated by an internal system as part of entity
analytics and entity risk scoring, and normalized to a range of 0 to 100.
short: A normalized risk score calculated by an internal system.
type: float
host.risk.static_level:
dashed_name: host-risk-static-level
Expand Down Expand Up @@ -5329,9 +5328,7 @@ host.risk.static_score_norm:
name: static_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score obtained from outside the system, such as from
some external Threat Intelligence Platform, and normalized to a range of 0 to
100.
short: A normalized risk score calculated by an external system.
type: float
host.type:
dashed_name: host-type
Expand Down Expand Up @@ -18527,8 +18524,7 @@ user.changes.risk.calculated_score_norm:
name: calculated_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score calculated by an internal system as part of entity
analytics and entity risk scoring, and normalized to a range of 0 to 100.
short: A normalized risk score calculated by an internal system.
type: float
user.changes.risk.static_level:
dashed_name: user-changes-risk-static-level
Expand Down Expand Up @@ -18568,9 +18564,7 @@ user.changes.risk.static_score_norm:
name: static_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score obtained from outside the system, such as from
some external Threat Intelligence Platform, and normalized to a range of 0 to
100.
short: A normalized risk score calculated by an external system.
type: float
user.changes.roles:
dashed_name: user-changes-roles
Expand Down Expand Up @@ -18753,8 +18747,7 @@ user.effective.risk.calculated_score_norm:
name: calculated_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score calculated by an internal system as part of entity
analytics and entity risk scoring, and normalized to a range of 0 to 100.
short: A normalized risk score calculated by an internal system.
type: float
user.effective.risk.static_level:
dashed_name: user-effective-risk-static-level
Expand Down Expand Up @@ -18794,9 +18787,7 @@ user.effective.risk.static_score_norm:
name: static_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score obtained from outside the system, such as from
some external Threat Intelligence Platform, and normalized to a range of 0 to
100.
short: A normalized risk score calculated by an external system.
type: float
user.effective.roles:
dashed_name: user-effective-roles
Expand Down Expand Up @@ -18949,8 +18940,7 @@ user.risk.calculated_score_norm:
name: calculated_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score calculated by an internal system as part of entity
analytics and entity risk scoring, and normalized to a range of 0 to 100.
short: A normalized risk score calculated by an internal system.
type: float
user.risk.static_level:
dashed_name: user-risk-static-level
Expand Down Expand Up @@ -18990,9 +18980,7 @@ user.risk.static_score_norm:
name: static_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score obtained from outside the system, such as from
some external Threat Intelligence Platform, and normalized to a range of 0 to
100.
short: A normalized risk score calculated by an external system.
type: float
user.roles:
dashed_name: user-roles
Expand Down Expand Up @@ -19162,8 +19150,7 @@ user.target.risk.calculated_score_norm:
name: calculated_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score calculated by an internal system as part of entity
analytics and entity risk scoring, and normalized to a range of 0 to 100.
short: A normalized risk score calculated by an internal system.
type: float
user.target.risk.static_level:
dashed_name: user-target-risk-static-level
Expand Down Expand Up @@ -19203,9 +19190,7 @@ user.target.risk.static_score_norm:
name: static_score_norm
normalize: []
original_fieldset: risk
short: A risk classification score obtained from outside the system, such as from
some external Threat Intelligence Platform, and normalized to a range of 0 to
100.
short: A normalized risk score calculated by an external system.
type: float
user.target.roles:
dashed_name: user-target-roles
Expand Down
Loading