SECURITY-ENDPOINT: reconcile host.name and host.hostname

custom_subsets/elastic_endpoint/metadata/metadata.yaml

@@ -48,6 +48,8 @@ host:
       fields: "*"
     hostname:
       fields: "*"
+    name:
+      fields: "*"
     mac:
       fields: "*"
     architecture:
@@ -56,6 +58,12 @@ host:
       fields:
         name:
           fields: "*"
+        platform:
+          fields: "*"
+        family:
+          fields: "*"
+        kernel:
+          fields: "*"
         full:
           fields: "*"
         version:

custom_subsets/elastic_endpoint/policy/policy.yaml

@@ -38,3 +38,32 @@ host:
   fields:
     id:
       fields: "*"
+    ip:
+      fields: "*"
+    hostname:
+      fields: "*"
+    name:
+      fields: "*"
+    mac:
+      fields: "*"
+    architecture:
+      fields: "*"
+    os:
+      fields:
+        name:
+          fields: "*"
+        platform:
+          fields: "*"
+        family:
+          fields: "*"
+        kernel:
+          fields: "*"
+        full:
+          fields: "*"
+        version:
+          fields: "*"
+        Ext:
+          fields:
+            variant:
+              fields: "*"
+

generated/metadata/ecs/ecs_flat.yml

@@ -264,6 +264,19 @@ host.mac:
   - array
   short: Host mac addresses.
   type: keyword
+host.name:
+  dashed_name: host-name
+  description: 'Name of the host.
+
+    It can contain what `hostname` returns on Unix systems, the fully qualified domain
+    name, or a name specified by the user. The sender decides which value to use.'
+  flat_name: host.name
+  ignore_above: 1024
+  level: core
+  name: name
+  normalize: []
+  short: Name of the host.
+  type: keyword
 host.os.Ext:
   dashed_name: host-os-Ext
   description: Object for all custom defined fields to live in.
@@ -291,6 +304,18 @@ host.os.Ext.variant:
     system (OS).  For example the distribution for a Linux OS will be entered in this
     field.
   type: keyword
+host.os.family:
+  dashed_name: host-os-family
+  description: OS family (such as redhat, debian, freebsd, windows).
+  example: debian
+  flat_name: host.os.family
+  ignore_above: 1024
+  level: extended
+  name: family
+  normalize: []
+  original_fieldset: os
+  short: OS family (such as redhat, debian, freebsd, windows).
+  type: keyword
 host.os.full:
   dashed_name: host-os-full
   description: Operating system name, including the version or code name.
@@ -308,6 +333,18 @@ host.os.full:
   original_fieldset: os
   short: Operating system name, including the version or code name.
   type: keyword
+host.os.kernel:
+  dashed_name: host-os-kernel
+  description: Operating system kernel version as a raw string.
+  example: 4.4.0-112-generic
+  flat_name: host.os.kernel
+  ignore_above: 1024
+  level: extended
+  name: kernel
+  normalize: []
+  original_fieldset: os
+  short: Operating system kernel version as a raw string.
+  type: keyword
 host.os.name:
   dashed_name: host-os-name
   description: Operating system name, without the version.
@@ -325,6 +362,18 @@ host.os.name:
   original_fieldset: os
   short: Operating system name, without the version.
   type: keyword
+host.os.platform:
+  dashed_name: host-os-platform
+  description: Operating system platform (such centos, ubuntu, windows).
+  example: darwin
+  flat_name: host.os.platform
+  ignore_above: 1024
+  level: extended
+  name: platform
+  normalize: []
+  original_fieldset: os
+  short: Operating system platform (such centos, ubuntu, windows).
+  type: keyword
 host.os.version:
   dashed_name: host-os-version
   description: Operating system version as a raw string.

generated/metadata/elasticsearch/7/template.json

@@ -130,6 +130,10 @@
             "ignore_above": 1024,
             "type": "keyword"
           },
+          "name": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "os": {
             "properties": {
               "Ext": {
@@ -141,6 +145,10 @@
                 },
                 "type": "object"
               },
+              "family": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "full": {
                 "fields": {
                   "text": {
@@ -151,6 +159,10 @@
                 "ignore_above": 1024,
                 "type": "keyword"
               },
+              "kernel": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "name": {
                 "fields": {
                   "text": {
@@ -161,6 +173,10 @@
                 "ignore_above": 1024,
                 "type": "keyword"
               },
+              "platform": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "version": {
                 "ignore_above": 1024,
                 "type": "keyword"

generated/policy/ecs/ecs_flat.yml

@@ -933,6 +933,29 @@ event.type:
   - array
   short: Event type. The third categorization field in the hierarchy.
   type: keyword
+host.architecture:
+  dashed_name: host-architecture
+  description: Operating system architecture.
+  example: x86_64
+  flat_name: host.architecture
+  ignore_above: 1024
+  level: core
+  name: architecture
+  normalize: []
+  short: Operating system architecture.
+  type: keyword
+host.hostname:
+  dashed_name: host-hostname
+  description: 'Hostname of the host.
+
+    It normally contains what the `hostname` command returns on the host machine.'
+  flat_name: host.hostname
+  ignore_above: 1024
+  level: core
+  name: hostname
+  normalize: []
+  short: Hostname of the host.
+  type: keyword
 host.id:
   dashed_name: host-id
   description: 'Unique host id.
@@ -947,6 +970,149 @@ host.id:
   normalize: []
   short: Unique host id.
   type: keyword
+host.ip:
+  dashed_name: host-ip
+  description: Host ip addresses.
+  flat_name: host.ip
+  level: core
+  name: ip
+  normalize:
+  - array
+  short: Host ip addresses.
+  type: ip
+host.mac:
+  dashed_name: host-mac
+  description: Host mac addresses.
+  flat_name: host.mac
+  ignore_above: 1024
+  level: core
+  name: mac
+  normalize:
+  - array
+  short: Host mac addresses.
+  type: keyword
+host.name:
+  dashed_name: host-name
+  description: 'Name of the host.
+
+    It can contain what `hostname` returns on Unix systems, the fully qualified domain
+    name, or a name specified by the user. The sender decides which value to use.'
+  flat_name: host.name
+  ignore_above: 1024
+  level: core
+  name: name
+  normalize: []
+  short: Name of the host.
+  type: keyword
+host.os.Ext:
+  dashed_name: host-os-Ext
+  description: Object for all custom defined fields to live in.
+  flat_name: host.os.Ext
+  level: custom
+  name: Ext
+  normalize: []
+  object_type: keyword
+  original_fieldset: os
+  short: Object for all custom defined fields to live in.
+  type: object
+host.os.Ext.variant:
+  dashed_name: host-os-Ext-variant
+  description: A string value or phrase that further aid to classify or qualify the
+    operating system (OS).  For example the distribution for a Linux OS will be entered
+    in this field.
+  example: Ubuntu
+  flat_name: host.os.Ext.variant
+  ignore_above: 1024
+  level: custom
+  name: Ext.variant
+  normalize: []
+  original_fieldset: os
+  short: A string value or phrase that further aid to classify or qualify the operating
+    system (OS).  For example the distribution for a Linux OS will be entered in this
+    field.
+  type: keyword
+host.os.family:
+  dashed_name: host-os-family
+  description: OS family (such as redhat, debian, freebsd, windows).
+  example: debian
+  flat_name: host.os.family
+  ignore_above: 1024
+  level: extended
+  name: family
+  normalize: []
+  original_fieldset: os
+  short: OS family (such as redhat, debian, freebsd, windows).
+  type: keyword
+host.os.full:
+  dashed_name: host-os-full
+  description: Operating system name, including the version or code name.
+  example: Mac OS Mojave
+  flat_name: host.os.full
+  ignore_above: 1024
+  level: extended
+  multi_fields:
+  - flat_name: host.os.full.text
+    name: text
+    norms: false
+    type: text
+  name: full
+  normalize: []
+  original_fieldset: os
+  short: Operating system name, including the version or code name.
+  type: keyword
+host.os.kernel:
+  dashed_name: host-os-kernel
+  description: Operating system kernel version as a raw string.
+  example: 4.4.0-112-generic
+  flat_name: host.os.kernel
+  ignore_above: 1024
+  level: extended
+  name: kernel
+  normalize: []
+  original_fieldset: os
+  short: Operating system kernel version as a raw string.
+  type: keyword
+host.os.name:
+  dashed_name: host-os-name
+  description: Operating system name, without the version.
+  example: Mac OS X
+  flat_name: host.os.name
+  ignore_above: 1024
+  level: extended
+  multi_fields:
+  - flat_name: host.os.name.text
+    name: text
+    norms: false
+    type: text
+  name: name
+  normalize: []
+  original_fieldset: os
+  short: Operating system name, without the version.
+  type: keyword
+host.os.platform:
+  dashed_name: host-os-platform
+  description: Operating system platform (such centos, ubuntu, windows).
+  example: darwin
+  flat_name: host.os.platform
+  ignore_above: 1024
+  level: extended
+  name: platform
+  normalize: []
+  original_fieldset: os
+  short: Operating system platform (such centos, ubuntu, windows).
+  type: keyword
+host.os.version:
+  dashed_name: host-os-version
+  description: Operating system version as a raw string.
+  example: 10.14.1
+  flat_name: host.os.version
+  ignore_above: 1024
+  level: extended
+  name: version
+  normalize: []
+  original_fieldset: os
+  short: Operating system version as a raw string.
+  type: keyword
 message:
   dashed_name: message
   description: 'For log events the message field contains the log message, optimized