elastic main #8

lksnyder0 · 2024-10-09T15:24:41Z

Merging in upstream changes

Add .caseless subfield to process.name & process.executable (Add .caseless subfield to process.name & process.executable elastic/ecs#2341)
Revert "Add .caseless subfield to process.name & process.executable" (Revert "Add .caseless subfield to process.name & process.executable" elastic/ecs#2350)
[RFC] Apple Platform specific fields ([RFC] Apple Platform specific fields elastic/ecs#2338)
Add renovate.json (Configure Renovate elastic/ecs#2352)
Update template fields (Update templated fields in RFC0044 elastic/ecs#2354)
Pin dependencies (Pin dependencies elastic/ecs#2355)
Update dependency PyYAML to v6.0.2 (Update dependency PyYAML to v6.0.2 elastic/ecs#2356)
Update dependency gitpython to v3.1.43 (Update dependency gitpython to v3.1.43 elastic/ecs#2358)
Update dependency yamllint to v1.35.1 (Update dependency yamllint to v1.35.1 elastic/ecs#2361)
Update stale PR message (Update the stale PR bot message elastic/ecs#2369)
Update actions/checkout action to v4 (Update actions/checkout action to v4 elastic/ecs#2362)
Update actions/github-script action to v7 (Update actions/github-script action to v7 elastic/ecs#2363)
Update actions/setup-python action to v5 (Update actions/setup-python action to v5 elastic/ecs#2364)
Update actions/stale action to v9 (Update actions/stale action to v9 elastic/ecs#2365)
Update dependency mock to v5 (Update dependency mock to v5 elastic/ecs#2367)
Update dependency ubuntu to v22 (Update dependency ubuntu to v22 elastic/ecs#2368)
Update dependency autopep8 to v1.7.0 (Update dependency autopep8 to v1.7.0 elastic/ecs#2359)
Update dependency autopep8 to v2 (Update dependency autopep8 to v2 elastic/ecs#2366)
add license header (add license header like in all other schema yml files elastic/ecs#2377)
Update actions/setup-python digest to f677139 (Update actions/setup-python digest to f677139 elastic/ecs#2374)
[RFC] Stage 0: Introducing new field in rule namespace ([RFC] Stage 0: Introducing new field in rule namespace elastic/ecs#2330)
[RFC] Stage 2: Adding Apple Platform specific fields ([RFC] Stage 2: Adding Apple Platform specific fields elastic/ecs#2370)
code blocks specified language yaml (code blocks specified language yaml elastic/ecs#2380)
trim trailing whitespace in schema (trim trailing whitespace in schema elastic/ecs#2379)
[RFC] Stage 0: Introducing new fields in ECS vulnerability field set ([RFC] Stage 0: Introducing new fields in ECS vulnerability field set elastic/ecs#2331)
Fix type in code signature (Fix type in code signature elastic/ecs#2382)
Enforce yamllint in CI (Enforce yamllint in CI elastic/ecs#2381)
Add Stage0 RFC for new fields for fileless execution on Linux (Add Stage0 RFC for new fields for fileless execution on Linux elastic/ecs#2322)
Add support for settings
Fix settings merging
Restrict test workflow
Fix merge conflicts
Less restrictive
Add docker files and pipeline
Make building more restrictive
Simplify build workflow
Update tagging strategy
Removing unused variable
Kick?
Anchors aren't supported 😭
Fix role name
Test branch name
Remove extra default update (Remove extra default update #3)
Add support for a top-level type (Add support for a top-level type #4)
Type needs to be nested within the field name (Type needs to be nested within the field name #5)
Add documention for parameters field (Add documention for parameters field #6)

…2341) Adds a subfield to the process.name and process.executable fields to improve the compatibility of data sources like System, Sysmon, etc., with our Elastic Defend data, which enables us to handle language limitations in KQL more effectively.

…lastic#2350) This reverts commit 7815b3f from elastic#2341. This is being reverted due to storage concerns. The goal will be to advance the native querying capabilities (ES|QL, KQL) of the Elastic stack such that this extra normalized multi-field is not necessary. In the meantime, localized overrides of the ECS field definition will be used to add the additional multi-field where needed. The downside of localized overrides are that it creates inconsistency across usages of the this field.

Adds RFS stage 0 --------- Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update some templated fields that were missed before merging the RFC

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Add a friendlier stale PR message, based from the [Beats stale message](https://github.com/elastic/beats/blob/main/.github/stale.yml#L63-L74). This will hopefully also prompt contributors to respond, so we'll be better able to track PRs people are still interested in contributing.

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency autopep8 to v1.7.0 --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

* Update dependency autopep8 to v2 --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

@trisch-me

* Update 0000-rfc-template.md Updating the temaplate for RFC Stage 0 for adding 2 new rule fields: rule.tags and rule.remediation * Update 0000-rfc-template.md Incorporating review comments. * Renaming the template file with recommended name * Resolving conflicts * Removing Tag Field * Resolving comments from @trisch-me * Moving file to rfcs/text folder as per @trisch-me comment. using next number in series. * I saw number 44 was used in a recent RFC, using next number in series --------- Co-authored-by: Eric Beahan <eric.beahan@elastic.co> Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>

Updating the RFC and moving it to stage two.

Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

@trisch-me

…lastic#2331) * RFC to add new fields in ECS vulnerability field set RFC to add new fields in ECS vulnerability field set * Moving to separate file * set title and add stage 0 PR # * clean up fields table markdown * Moving to (rfcs/text) and renaming file to next number in series. * Resolving the comments from @trisch-me * Update rfcs/text/0045-additional-vulnerability-fields.md Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co> * Update rfcs/text/0045-additional-vulnerability-fields.md Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co> * Making changed to the date format as per comments from @trisch-me * Resolving @trisch-me comments * Resolving latest comments * Update rfcs/text/0045-additional-vulnerability-fields.md Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co> --------- Co-authored-by: Eric Beahan <eric.beahan@elastic.co> Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>

Change the type of code_signature.flags to keyword, which is what it should be. Also add a unit test that will verify all types are valid.

Start running and enforcing yamllint checks in CI.

…c#2322)

* Remove extra default update * Fix role name

* Add support for a top-level type * Actually, don't need to be all the complicated

* Add undocumented field argument * Remove the PR template

w0rk3r and others added 30 commits July 10, 2024 10:35

[RFC] Apple Platform specific fields (elastic#2338)

fa37023

Adds RFS stage 0 --------- Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Add renovate.json (elastic#2352)

a664f22

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update template fields (elastic#2354)

e3f0f0e

Update some templated fields that were missed before merging the RFC

Pin dependencies (elastic#2355)

86791b1

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency PyYAML to v6.0.2 (elastic#2356)

529cca7

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency gitpython to v3.1.43 (elastic#2358)

33662b6

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency yamllint to v1.35.1 (elastic#2361)

229312a

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update actions/checkout action to v4 (elastic#2362)

70f4bca

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update actions/github-script action to v7 (elastic#2363)

c097a0e

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update actions/setup-python action to v5 (elastic#2364)

22d5d35

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update actions/stale action to v9 (elastic#2365)

07ffbd1

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency mock to v5 (elastic#2367)

71a5e5d

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency ubuntu to v22 (elastic#2368)

5376570

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency autopep8 to v1.7.0 (elastic#2359)

a793bb2

Update dependency autopep8 to v1.7.0 --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Update dependency autopep8 to v2 (elastic#2366)

e3e73de

* Update dependency autopep8 to v2 --------- Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

add license header (elastic#2377)

3f3ff68

Update actions/setup-python digest to f677139 (elastic#2374)

93453f4

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

[RFC] Stage 2: Adding Apple Platform specific fields (elastic#2370)

149a4cc

Updating the RFC and moving it to stage two.

code blocks specified language yaml (elastic#2380)

a967d85

Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

trim trailing whitespace in schema (elastic#2379)

71d285d

Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

Fix type in code signature (elastic#2382)

220ecee

Change the type of code_signature.flags to keyword, which is what it should be. Also add a unit test that will verify all types are valid.

Enforce yamllint in CI (elastic#2381)

e78c424

Start running and enforcing yamllint checks in CI.

Add Stage0 RFC for new fields for fileless execution on Linux (elasti…

68fd038

…c#2322)

Add support for settings

2a8f82e

Fix settings merging

8e10ca5

lksnyder0 added 16 commits October 9, 2024 11:22

Restrict test workflow

cc0994c

Fix merge conflicts

3b19187

Less restrictive

48b7cd2

Add docker files and pipeline

956fd87

Make building more restrictive

5678a99

Simplify build workflow

eb6d217

Update tagging strategy

50898bb

Removing unused variable

1627f7e

Kick?

e3776ad

Anchors aren't supported 😭

5fcc445

Fix role name

ea9a35d

Test branch name

bb823a6

Remove extra default update (#3)

a46fcd3

* Remove extra default update * Fix role name

Add support for a top-level type (#4)

58e9135

* Add support for a top-level type * Actually, don't need to be all the complicated

Type needs to be nested within the field name (#5)

81c2e21

Add documention for parameters field (#6)

d6b4a62

* Add undocumented field argument * Remove the PR template

lksnyder0 self-assigned this Oct 9, 2024

lksnyder0 marked this pull request as ready for review October 9, 2024 15:26

lksnyder0 merged commit 3cf25cb into main Oct 9, 2024
2 checks passed

lksnyder0 deleted the elastic-main branch October 9, 2024 15:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

elastic main #8

elastic main #8

lksnyder0 commented Oct 9, 2024 •

edited

Loading

elastic main #8

elastic main #8

Conversation

lksnyder0 commented Oct 9, 2024 • edited Loading

lksnyder0 commented Oct 9, 2024 •

edited

Loading