[Osquery] update schemas (#128861)

Update ECS and Osquery schemas
elastic · Mar 31, 2022 · cef1d43 · cef1d43
1 parent ee443e9
commit cef1d43
Show file tree

Hide file tree

Showing 9 changed files with 12 additions and 9 deletions.
diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.2.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.2.0.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.0.1.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.0.1.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.2.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.2.2.json
diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts
@@ -16,7 +16,7 @@ let osqueryTables: TablesJSON | null = null;
 export const getOsqueryTables = () => {
   if (!osqueryTables) {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
-    osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.0.1.json'));
+    osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.2.2.json'));
   }
   return osqueryTables;
 };

diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
@@ -50,8 +50,8 @@ import styled from 'styled-components';
 import deepEqual from 'fast-deep-equal';
 import deepmerge from 'deepmerge';
 
-import ECSSchema from '../../common/schemas/ecs/v1.12.1.json';
-import osquerySchema from '../../common/schemas/osquery/v5.0.1.json';
+import ECSSchema from '../../common/schemas/ecs/v8.2.0.json';
+import osquerySchema from '../../common/schemas/osquery/v5.2.2.json';
 
 import { FieldIcon } from '../../common/lib/kibana';
 import {

diff --git a/x-pack/plugins/osquery/scripts/readme.md b/x-pack/plugins/osquery/scripts/readme.md
@@ -6,5 +6,8 @@ currently manually curated). This assumes the targeted schema files will be in
 `public/editor/osquery_schema`.
 
 ```
-node scripts/schema_formatter --schema_version=v4.6.0
+node ecs.js --schema_version=4.6.0                  // (filename without .json extension)
+Possibly it's going to be necessary to transform fields' names into lower case, because CSV exports Fields with Capital Letters. 
+
+node osquery.js --schema_version=4.6.0              // (filename without .json extension)
 ```
diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts
@@ -40,7 +40,7 @@ const RESTRICTED_FIELDS = [
 
 run(
   async ({ flags }) => {
-    const schemaPath = path.resolve(`public/common/schemas/ecs/`);
+    const schemaPath = path.resolve(`../../public/common/schemas/ecs/`);
     const schemaFile = path.join(schemaPath, flags.schema_version as string);
     const schemaData = await require(schemaFile);
 

diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts
@@ -16,7 +16,7 @@ const ELASTIC_OSQUERY_HOSTFS_TABLES = ['users', 'groups', 'processes'];
 
 run(
   async ({ flags }) => {
-    const schemaPath = path.resolve(`../public/common/schemas/osquery/`);
+    const schemaPath = path.resolve(`../../public/common/schemas/osquery/`);
     const schemaFile = path.join(schemaPath, flags.schema_version as string);
     const schemaData = await require(schemaFile);
 
@@ -28,7 +28,7 @@ run(
     formattedSchema.push(...elasticTables);
 
     await fs.writeFile(
-      path.join(schemaPath, `${flags.schema_version}`),
+      path.join(schemaPath, `v${flags.schema_version}-formatted`),
       JSON.stringify(formattedSchema)
     );
   },