Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680) #101847

Merged
merged 1 commit into from
Jun 10, 2021
Merged

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680) #101847

merged 1 commit into from
Jun 10, 2021

Commits on Jun 9, 2021

  1. [Security Solution][Detections] Update detection alert mappings to EC… 

    …S v1.10.0 (elastic#101680)

## Summary

* Grabbed the ECS mappings from [v1.10.0 tag]( https://github.com/elastic/ecs/blob/v1.10.0/generated/elasticsearch/7/template.json)
* Updated the fields that had `constant_keyword` to `keyword` since we do many to 1 of source to signals index
* Wrote a unit tests which tests to ensure we don't have any `constant_keyword` fields
* Updated the `SIGNALS_TEMPLATE_VERSION` version by an increment of 10.

This should mostly fix:
elastic#101572

Since agents add their data into `_source` even though they have a `constant_keyword`. When agents do not include the values in `_source` we will have to merge `fields` into `_source` before copying which are still planning on doing before release.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
    @FrankHassanabad @kibanamachine
    FrankHassanabad authored and kibanamachine committed Jun 9, 2021
    Configuration menu
    Copy the full SHA
    7ce7a9e View commit details
    Browse the repository at this point in the history