Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] ECS 1.11 Signal Mappings #108764

Merged
merged 2 commits into from
Aug 17, 2021
Merged

[Security Solution] ECS 1.11 Signal Mappings #108764

merged 2 commits into from
Aug 17, 2021

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Aug 16, 2021
edited
Loading

Summary

This is a release chore for 7.15.0: updating signals mappings with the latest supported ECS version.

For maintainers

@rylnd
Update signals mappings to include ECS 1.11
4a1e462 
* Ensures no constant_keyword mappings
* Bumps index version by 1, since it was already bumped by 10 for 7.15
  in elastic#106049
@rylnd rylnd added release_note:enhancement v8.0.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.15.0 labels Aug 16, 2021
@rylnd rylnd self-assigned this Aug 16, 2021
@rylnd rylnd added the chore label Aug 16, 2021
@rylnd
Remove threat.indicator mappings from signals indices
ea8134e 
Until the old, 7.14 enrichment mappings (which define threat.indicator
as nested) are in our rearview, we cannot add the official, non-nested
threat.indicator mappings as they'll conflict.
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @rylnd

@rylnd rylnd marked this pull request as ready for review August 17, 2021 14:43
@rylnd rylnd requested a review from a team as a code owner August 17, 2021 14:43
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

FrankHassanabad
FrankHassanabad approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM,

  • Looked over the code
  • Double checked that constant_keyword was not added.
  • Saw that the threat mappings were removed which I think this is what we want 👍

@rylnd rylnd added the auto-backport Deprecated - use backport:version if exact versions are needed label Aug 17, 2021
@rylnd rylnd merged commit d509884 into elastic:master Aug 17, 2021
@rylnd rylnd deleted the secsol_ecs_1.11 branch August 17, 2021 18:22
@kibanamachine kibanamachine mentioned this pull request Aug 17, 2021
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Aug 17, 2021
@rylnd @kibanamachine
[Security Solution] ECS 1.11 Signal Mappings (elastic#108764)
2f1303f 
* Update signals mappings to include ECS 1.11

* Ensures no constant_keyword mappings
* Bumps index version by 1, since it was already bumped by 10 for 7.15
  in elastic#106049

* Remove threat.indicator mappings from signals indices

Until the old, 7.14 enrichment mappings (which define threat.indicator
as nested) are in our rearview, we cannot add the official, non-nested
threat.indicator mappings as they'll conflict.
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Aug 17, 2021
@kibanamachine @rylnd
[Security Solution] ECS 1.11 Signal Mappings (#108764) (#108967)
68f727b 
* Update signals mappings to include ECS 1.11

* Ensures no constant_keyword mappings
* Bumps index version by 1, since it was already bumped by 10 for 7.15
  in #106049

* Remove threat.indicator mappings from signals indices

Until the old, 7.14 enrichment mappings (which define threat.indicator
as nested) are in our rearview, we cannot add the official, non-nested
threat.indicator mappings as they'll conflict.

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

Assignees

@rylnd rylnd

Labels
auto-backport Deprecated - use backport:version if exact versions are needed chore release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.15.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rylnd @kibanamachine @elasticmachine @FrankHassanabad