diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 8d6c64689ff1..c33b5e052aa0 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -24,6 +24,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 - File integrity dataset (macOS): Replace unnecessary `file.origin.raw` (type keyword) with `file.origin.text` (type `text`). {issue}12423[12423] {pull}15630[15630]
 - Change event.kind=error to event.kind=event to comply with ECS. {issue}18870[18870] {pull}20685[20685]
+- Change network.direction values to ECS recommended values (inbound, outbound). {issue}12445[12445] {pull}20695[20695]
 
 *Filebeat*
 
diff --git a/auditbeat/module/auditd/_meta/accept.json b/auditbeat/module/auditd/_meta/accept.json
index 7d300556af33..2ec04e0226c1 100644
--- a/auditbeat/module/auditd/_meta/accept.json
+++ b/auditbeat/module/auditd/_meta/accept.json
@@ -38,7 +38,7 @@
         "module": "auditd"
     },
     "network": {
-        "direction": "incoming"
+        "direction": "inbound"
     },
     "process": {
         "executable": "/usr/sbin/sshd",
@@ -92,4 +92,4 @@
             "name": "root"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/auditbeat/module/auditd/_meta/data.json b/auditbeat/module/auditd/_meta/data.json
index 7dccb3a6e1bc..906fef698edd 100644
--- a/auditbeat/module/auditd/_meta/data.json
+++ b/auditbeat/module/auditd/_meta/data.json
@@ -36,7 +36,7 @@
         ]
     },
     "network": {
-        "direction": "incoming"
+        "direction": "inbound"
     },
     "process": {
         "executable": "/usr/sbin/sshd",
@@ -55,4 +55,4 @@
         "id": "0",
         "name": "root"
     }
-}
\ No newline at end of file
+}
diff --git a/go.mod b/go.mod
index 2965a0c704e3..aedfd88ebcc0 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	github.com/elastic/ecs v1.5.0
 	github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a
 	github.com/elastic/go-concert v0.0.4
-	github.com/elastic/go-libaudit/v2 v2.0.1
+	github.com/elastic/go-libaudit/v2 v2.0.2
 	github.com/elastic/go-licenser v0.3.1
 	github.com/elastic/go-lookslike v0.3.0
 	github.com/elastic/go-lumber v0.1.0
diff --git a/go.sum b/go.sum
index 4818b113c547..62b8cc7aeb49 100644
--- a/go.sum
+++ b/go.sum
@@ -234,6 +234,8 @@ github.com/elastic/go-concert v0.0.4 h1:pzgYCmJ/xMJsW8PSk33inAWZ065hrwSeP79TpwAb
 github.com/elastic/go-concert v0.0.4/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM=
 github.com/elastic/go-libaudit/v2 v2.0.1 h1:5xcgkgNTIUA6XO6C3Q6P7TZlnDgxrZUWmO2NG3enBXQ=
 github.com/elastic/go-libaudit/v2 v2.0.1/go.mod h1:u100Al3gXDlDelEutZ0CZ6BMM+LsRFqdi7kzdrn6g7o=
+github.com/elastic/go-libaudit/v2 v2.0.2 h1:g83cmsDT0V4Aa6WuuGI9L6WC4fpo2zZjLwOlqBkSna4=
+github.com/elastic/go-libaudit/v2 v2.0.2/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg=
 github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU=
 github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ=
 github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs=