Skip to content

Releases: elastic/ecs

ECS 9.0.0-rc1

05 Mar 03:24
@mjwolf mjwolf
v9.0.0-rc1
20f81cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 9.0.0-rc1 Pre-release
Pre-release

Schema Changes

Breaking changes

  • Remove deprecated fields from previous major release; process.pgid, service.node.role, and inherited users. #2410

Bugfixes

  • Fix link rendering issues and usage of http in links. #2423

Added

  • Add origin_referrer_url and origin_url fields, which indicate the origin information to the file, process and dll schemas. #2441

Improvements

  • Increase ignore_above value for url.query. #2424
  • Set synthetic_source_keep = none on fields that represent sets. #2422
  • Promote beta fields to GA. #2411
  • Restrict the encoding of x509.serial_number to base 16. #2398
  • Define base encoding of x509.serial_number. #2383

Tooling and Artifact Changes

Added

  • Add mapping between ECS and OpenTelemetry. #2415

Improvements

  • Update data_stream.yml with top level type: group. #2414
Loading

ECS 8.17.0

29 Jan 22:34
@mjwolf mjwolf
v8.17.0
This tag was signed with the committer’s verified signature.
mjwolf Michael Wolf
GPG key ID: 9724F9B10C066D7F
Verified
Learn about vigilant mode.
e3103a2
This commit was signed with the committer’s verified signature.
mjwolf Michael Wolf
GPG key ID: 9724F9B10C066D7F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.17.0 Latest
Latest

Schema Changes

Bugfixes

  • Fix link rendering issues and usage of http in links. #2423

Improvements

  • Increase ignore_above value for url.query. #2424
  • Set synthetic_source_keep = none on fields that represent sets. #2422
Assets 2
Loading

ECS 8.16.0

13 Nov 21:25
@mjwolf mjwolf
v8.16.0
ba56ea8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.16.0

Schema Changes

Bugfixes

  • Fix broken link in docs for vulnerability.id. #2328

Added

  • Added volume.* as beta field set. #2269
  • Advanced process.env_vars to GA. #2315
  • Advanced process.io and process.tty fields to GA. #2317
  • Added threat.indicator.id. #2324
  • Added process.group to generated schemas. #2335

Improvements

  • Define base encoding of x509.serial_number. #2383

Tooling and Artifact Changes

Bugfixes

  • Fix broken link for vulnerabilty.id #2328

Added

  • Documentation in README.md providing instruction on contributions to ECS during the OTel donation #2325
Loading

ECS 8.11.0

07 Nov 20:27
@taylor-swanson taylor-swanson
v8.11.0
ce703ab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.11.0

Schema Changes

Bugfixes

  • Remove expected_values from threat.*.indicator.name fields. #2281

Tooling and Artifact Changes

Bugfixes

  • Respect reusable.top_level in Beats generator #2278
Loading

ECS 8.10.0

12 Sep 19:50
@chrisberkhout chrisberkhout
v8.10.0
43a1a61
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.10.0

ECS 8.10.0

Schema Changes

Added

  • Added container.security_context.privileged to indicated whether a container was started in privileged mode. #2219, #2225, #2246
  • Added process.thread.capabilities.permitted to contain the current thread's possible capabilities. #2245
  • Added process.thread.capabilities.effective to contain the current thread's effective capabilities. #2245

Improvements

  • Permit ignore_above if explicitly set on a flattened field. #2248

Tooling and Artifact Changes

Improvements

  • Improved documentation formatting to better follow the contributing guide. #2226
  • Bump gitpython dependency from 3.1.30 to 3.1.35 for security fixes. #2251, #2264, #2265
Loading

ECS 8.9.0

26 Jul 18:17
@bhapas bhapas
v8.9.0
f816f2a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.9.0

8.9.0

Schema Changes

Bugfixes

Added

  • Added process.vpid for namespaced process ids. #2211

Improvements

Deprecated

  • Removed faas.trigger: nested since we only have one trigger. #2194
Loading

ECS 8.8.0

25 May 18:54
@kgeller kgeller
v8.8.0
969aeba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.8.0

ECS 8.8.0

Schema Changes

Added

  • Add access as an allowed type for event.type: file. #2174
  • Add orchestrator.resource.annotation and orchestrator.resource.label. #2181
  • Add event.kind: asset as a beta category. #2191

Tooling and Artifact Changes

Added

  • Add parameters property for field definitions, to provide any mapping parameter. #2084
Loading

ECS 8.7.0

30 Mar 13:20
@marc-gr marc-gr
v8.7.0
7a56b30
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.7.0

Schema Changes

Bugfixes

  • remove duplicated client.domain definition #2120

Added

  • adding name field to threat.indicator #2121
  • adding api option to event.category #2147
  • adding library option to event.category #2154

Improvements

  • description for host.name definition updated to encourage use of FDQN #2122

Tooling and Artifact Changes

Improvements

  • Updated usage docs to include threat.indicator.url.domain and changed indicator.marking.tlp and indicator.enrichments.marking.tlp from "WHITE" to "CLEAR" to align with TLP 2.0. #2124
  • Bump gitpython from 3.1.27 to 3.1.30 in /scripts. #2139
Loading

ECS 8.7.0-rc1

08 Feb 15:05
@marc-gr marc-gr
v8.7.0-rc1
ad9672f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.7.0-rc1 Pre-release
Pre-release

Schema Changes

Bugfixes

  • remove duplicated client.domain definition #2120

Added

  • adding name field to threat.indicator #2121
  • adding api option to event.category #2147
  • adding library option to event.category #2154

Improvements

  • description for host.name definition updated to encourage use of FDQN #2122

Tooling and Artifact Changes

Improvements

  • Updated usage docs to include threat.indicator.url.domain and changed indicator.marking.tlp and indicator.enrichments.marking.tlp from "WHITE" to "CLEAR" to align with TLP 2.0. #2124
  • Bump gitpython from 3.1.27 to 3.1.30 in /scripts. #2139
Loading

ECS 8.6.1

06 Feb 13:46
@kgeller kgeller
v8.6.1
5f217d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.6.1

What's new in ECS 8.5.1

Schema Changes

Bugfixes

  • Fixing tlp_version and tlp field for threat. #2156
Loading