Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680) #101847

Merged
merged 1 commit into from
Jun 10, 2021
Merged

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680) #101847

merged 1 commit into from
Jun 10, 2021

Conversation

kibanamachine
Copy link
Contributor

Backports the following commits to 7.x:

@FrankHassanabad @kibanamachine
[Security Solution][Detections] Update detection alert mappings to EC…
7ce7a9e 
…S v1.10.0 (elastic#101680)

## Summary

* Grabbed the ECS mappings from [v1.10.0 tag]( https://github.com/elastic/ecs/blob/v1.10.0/generated/elasticsearch/7/template.json)
* Updated the fields that had `constant_keyword` to `keyword` since we do many to 1 of source to signals index
* Wrote a unit tests which tests to ensure we don't have any `constant_keyword` fields
* Updated the `SIGNALS_TEMPLATE_VERSION` version by an increment of 10.

This should mostly fix:
elastic#101572

Since agents add their data into `_source` even though they have a `constant_keyword`. When agents do not include the values in `_source` we will have to merge `fields` into `_source` before copying which are still planning on doing before release.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
@kibanamachine kibanamachine enabled auto-merge (squash) June 9, 2021 22:09
@kibanamachine kibanamachine mentioned this pull request Jun 9, 2021
Merged
1 task
@kibanamachine
Copy link
Contributor Author

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @FrankHassanabad

@kibanamachine kibanamachine merged commit 5f5cd72 into elastic:7.x Jun 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@FrankHassanabad FrankHassanabad

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kibanamachine @FrankHassanabad