Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new fields file.origin_referrer_url & file.origin_url #2348

Draft
wants to merge 16 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@ Thanks, you're awesome :-) -->
* Advanced `process.io` and `process.tty` fields to GA. #2317
* Added `threat.indicator.id`. #2324
* Added `process.group` to generated schemas. #2335
* Added `file.origin_referrer_url` and `file.origin_url` #2348

*
AsuNa-jp marked this conversation as resolved.
Show resolved Hide resolved
#### Improvements

#### Deprecated
Expand Down
32 changes: 32 additions & 0 deletions docs/fields/field-details.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -4298,6 +4298,38 @@ example: `example.png`

// ===============================================================

|
[[field-file-origin-referrer-url]]
<<field-file-origin-referrer-url, file.origin_referrer_url>>

a| The url of the webpage that linked to the file.

type: keyword



example: `https://example.com`

| extended

// ===============================================================

|
[[field-file-origin-url]]
<<field-file-origin-url, file.origin_url>>

a| The url where the file is hosted.

type: keyword



example: `https://example.com/file.zip`

| extended

// ===============================================================

|
[[field-file-owner]]
<<field-file-owner, file.owner>>
Expand Down
42 changes: 42 additions & 0 deletions experimental/generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2973,6 +2973,20 @@
ignore_above: 1024
description: Name of the file including the extension, without the directory.
example: example.png
- name: origin_referrer_url
level: extended
type: keyword
ignore_above: 8192
description: The url of the webpage that linked to the file.
example: https://example.com
default_field: false
- name: origin_url
level: extended
type: keyword
ignore_above: 8192
description: The url where the file is hosted.
example: https://example.com/file.zip
default_field: false
- name: owner
level: extended
type: keyword
Expand Down Expand Up @@ -9569,6 +9583,20 @@
description: Name of the file including the extension, without the directory.
example: example.png
default_field: false
- name: enrichments.indicator.file.origin_referrer_url
level: extended
type: keyword
ignore_above: 8192
description: The url of the webpage that linked to the file.
example: https://example.com
default_field: false
- name: enrichments.indicator.file.origin_url
level: extended
type: keyword
ignore_above: 8192
description: The url where the file is hosted.
example: https://example.com/file.zip
default_field: false
- name: enrichments.indicator.file.owner
level: extended
type: keyword
Expand Down Expand Up @@ -11176,6 +11204,20 @@
description: Name of the file including the extension, without the directory.
example: example.png
default_field: false
- name: indicator.file.origin_referrer_url
level: extended
type: keyword
ignore_above: 8192
description: The url of the webpage that linked to the file.
example: https://example.com
default_field: false
- name: indicator.file.origin_url
level: extended
type: keyword
ignore_above: 8192
description: The url where the file is hosted.
example: https://example.com/file.zip
default_field: false
- name: indicator.file.owner
level: extended
type: keyword
Expand Down
6 changes: 6 additions & 0 deletions experimental/generated/csv/fields.csv
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.12.0-dev+exp,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation.
8.12.0-dev+exp,true,file,file.mtime,date,extended,,,Last time the file content was modified.
8.12.0-dev+exp,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory."
8.12.0-dev+exp,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file.
8.12.0-dev+exp,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted.
8.12.0-dev+exp,true,file,file.owner,keyword,extended,,alice,File owner's username.
8.12.0-dev+exp,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name."
8.12.0-dev+exp,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name."
Expand Down Expand Up @@ -1218,6 +1220,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation.
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified.
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory."
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file.
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted.
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username.
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name."
8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name."
Expand Down Expand Up @@ -1435,6 +1439,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.12.0-dev+exp,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation.
8.12.0-dev+exp,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified.
8.12.0-dev+exp,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory."
8.12.0-dev+exp,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file.
8.12.0-dev+exp,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted.
8.12.0-dev+exp,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username.
8.12.0-dev+exp,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name."
8.12.0-dev+exp,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name."
Expand Down
70 changes: 70 additions & 0 deletions experimental/generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4885,6 +4885,28 @@ file.name:
normalize: []
short: Name of the file including the extension, without the directory.
type: keyword
file.origin_referrer_url:
dashed_name: file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
short: The url of the webpage that linked to the file.
type: keyword
file.origin_url:
dashed_name: file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
short: The url where the file is hosted.
type: keyword
file.owner:
dashed_name: file-owner
description: File owner's username.
Expand Down Expand Up @@ -15448,6 +15470,30 @@ threat.enrichments.indicator.file.name:
original_fieldset: file
short: Name of the file including the extension, without the directory.
type: keyword
threat.enrichments.indicator.file.origin_referrer_url:
dashed_name: threat-enrichments-indicator-file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: threat.enrichments.indicator.file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
original_fieldset: file
short: The url of the webpage that linked to the file.
type: keyword
threat.enrichments.indicator.file.origin_url:
dashed_name: threat-enrichments-indicator-file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: threat.enrichments.indicator.file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
original_fieldset: file
short: The url where the file is hosted.
type: keyword
threat.enrichments.indicator.file.owner:
dashed_name: threat-enrichments-indicator-file-owner
description: File owner's username.
Expand Down Expand Up @@ -18158,6 +18204,30 @@ threat.indicator.file.name:
original_fieldset: file
short: Name of the file including the extension, without the directory.
type: keyword
threat.indicator.file.origin_referrer_url:
dashed_name: threat-indicator-file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: threat.indicator.file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
original_fieldset: file
short: The url of the webpage that linked to the file.
type: keyword
threat.indicator.file.origin_url:
dashed_name: threat-indicator-file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: threat.indicator.file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
original_fieldset: file
short: The url where the file is hosted.
type: keyword
threat.indicator.file.owner:
dashed_name: threat-indicator-file-owner
description: File owner's username.
Expand Down
70 changes: 70 additions & 0 deletions experimental/generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5920,6 +5920,28 @@ file:
normalize: []
short: Name of the file including the extension, without the directory.
type: keyword
file.origin_referrer_url:
dashed_name: file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
short: The url of the webpage that linked to the file.
type: keyword
file.origin_url:
dashed_name: file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
short: The url where the file is hosted.
type: keyword
file.owner:
dashed_name: file-owner
description: File owner's username.
Expand Down Expand Up @@ -18113,6 +18135,30 @@ threat:
original_fieldset: file
short: Name of the file including the extension, without the directory.
type: keyword
threat.enrichments.indicator.file.origin_referrer_url:
dashed_name: threat-enrichments-indicator-file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: threat.enrichments.indicator.file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
original_fieldset: file
short: The url of the webpage that linked to the file.
type: keyword
threat.enrichments.indicator.file.origin_url:
dashed_name: threat-enrichments-indicator-file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: threat.enrichments.indicator.file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
original_fieldset: file
short: The url where the file is hosted.
type: keyword
threat.enrichments.indicator.file.owner:
dashed_name: threat-enrichments-indicator-file-owner
description: File owner's username.
Expand Down Expand Up @@ -20829,6 +20875,30 @@ threat:
original_fieldset: file
short: Name of the file including the extension, without the directory.
type: keyword
threat.indicator.file.origin_referrer_url:
dashed_name: threat-indicator-file-origin-referrer-url
description: The url of the webpage that linked to the file.
example: https://example.com
flat_name: threat.indicator.file.origin_referrer_url
ignore_above: 8192
level: extended
name: origin_referrer_url
normalize: []
original_fieldset: file
short: The url of the webpage that linked to the file.
type: keyword
threat.indicator.file.origin_url:
dashed_name: threat-indicator-file-origin-url
description: The url where the file is hosted.
example: https://example.com/file.zip
flat_name: threat.indicator.file.origin_url
ignore_above: 8192
level: extended
name: origin_url
normalize: []
original_fieldset: file
short: The url where the file is hosted.
type: keyword
threat.indicator.file.owner:
dashed_name: threat-indicator-file-owner
description: File owner's username.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,14 @@
"ignore_above": 1024,
"type": "keyword"
},
"origin_referrer_url": {
"ignore_above": 8192,
"type": "keyword"
},
"origin_url": {
"ignore_above": 8192,
"type": "keyword"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,14 @@
"ignore_above": 1024,
"type": "keyword"
},
"origin_referrer_url": {
"ignore_above": 8192,
"type": "keyword"
},
"origin_url": {
"ignore_above": 8192,
"type": "keyword"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
Expand Down Expand Up @@ -1245,6 +1253,14 @@
"ignore_above": 1024,
"type": "keyword"
},
"origin_referrer_url": {
"ignore_above": 8192,
"type": "keyword"
},
"origin_url": {
"ignore_above": 8192,
"type": "keyword"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
Loading
Loading