From 713190fc9a0f2dc67d8294d43891726f06172b17 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 8 Dec 2020 20:53:15 -0500 Subject: [PATCH] [Auditbeat] Upgrade to latest go-libaudit to support ECS 1.7 (#23000) * [Auditbeat] Upgrade to latest go-libaudit to support ECS 1.7 * Add changelog --- CHANGELOG.next.asciidoc | 2 ++ NOTICE.txt | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c614fbc07e7..f6d0c301b28 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -40,6 +40,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change network.direction values to ECS recommended values (inbound, outbound). {issue}12445[12445] {pull}20695[20695] - Docker container needs to be explicitly run as user root for auditing. {pull}21202[21202] - File integrity dataset no longer includes the leading dot in `file.extension` values (e.g. it will report "png" instead of ".png") to comply with ECS. {pull}21644[21644] +- Use ingress/egress instead of inbound/outbound for ECS 1.7 in auditd module. {pull}23000[23000] *Filebeat* @@ -561,6 +562,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add `file.mime_type`, `file.extension`, and `file.drive_letter` for file integrity module. {pull}18012[18012] - Add ECS categorization info for auditd module {pull}18596[18596] - Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647] +- Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000] *Filebeat* diff --git a/NOTICE.txt b/NOTICE.txt index 0106cf4bc51..3b1b21c919c 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -6515,11 +6515,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.0 -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-libaudit/v2 -Version: v2.0.2 +Version: v2.1.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.0.2/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.1.0/LICENSE.txt: Apache License diff --git a/go.mod b/go.mod index f29e3b16382..95a05f65f57 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/elastic/ecs v1.6.0 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a github.com/elastic/go-concert v0.0.4 - github.com/elastic/go-libaudit/v2 v2.0.2 + github.com/elastic/go-libaudit/v2 v2.1.0 github.com/elastic/go-licenser v0.3.1 github.com/elastic/go-lookslike v0.3.0 github.com/elastic/go-lumber v0.1.0 diff --git a/go.sum b/go.sum index f2fac60f077..624795075bc 100644 --- a/go.sum +++ b/go.sum @@ -251,8 +251,8 @@ github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQ github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/go-concert v0.0.4 h1:pzgYCmJ/xMJsW8PSk33inAWZ065hrwSeP79TpwAbsLE= github.com/elastic/go-concert v0.0.4/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= -github.com/elastic/go-libaudit/v2 v2.0.2 h1:g83cmsDT0V4Aa6WuuGI9L6WC4fpo2zZjLwOlqBkSna4= -github.com/elastic/go-libaudit/v2 v2.0.2/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= +github.com/elastic/go-libaudit/v2 v2.1.0 h1:yWSKoGaoWLGFPjqWrQ4gwtuM77pTk7K4CsPxXss8he4= +github.com/elastic/go-libaudit/v2 v2.1.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs=