Skip to content

Commit

Permalink
[zeek] Make zeek package GA with v1.0.0 (#1217)
Browse files Browse the repository at this point in the history 
* Make zeek package GA with v1.0.0

* Set event.module and event.dataset
  • Loading branch information
@marc-gr
marc-gr authored Jun 30, 2021
1 parent e1299bc commit b1f3857
Show file tree
Hide file tree
Showing 77 changed files with 381 additions and 40 deletions.
8 changes: 8 additions & 0 deletions packages/zeek/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
# newer versions go on top
- version: "1.0.0"
changes:
- description: make GA
type: enhancement
link: https://github.com/elastic/integrations/pull/1217
- description: Set "event.module" and "event.dataset"
type: enhancement
link: https://github.com/elastic/integrations/pull/1217
- version: "0.8.4"
changes:
- description: Add support for Splunk authorization tokens
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/capture_loss/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.capture_loss
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/capture_loss/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek capture_loss logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/connection/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.connection
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/connection/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek connection logs
release: experimental
streams:
- input: logfile
template_path: log.yml.hbs
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/dce_rpc/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.dce_rpc
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/dce_rpc/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek dce_rpc logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/dhcp/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.dhcp
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/dhcp/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek dhcp logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/dnp3/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.dnp3
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/dnp3/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek dnp3 logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/dns/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.dns
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/dns/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek dns logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/dpd/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.dpd
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/dpd/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek dpd logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/files/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.files
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/files/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek files logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/ftp/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.ftp
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/ftp/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek ftp logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/http/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.http
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/http/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek http logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/intel/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.intel
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/intel/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek intel logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/irc/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.irc
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/irc/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek irc logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/kerberos/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.kerberos
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/kerberos/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek kerberos logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/modbus/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.modbus
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/modbus/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek modbus logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/mysql/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.mysql
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/mysql/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek mysql logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/notice/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.notice
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/notice/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek notice logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
8 changes: 8 additions & 0 deletions packages/zeek/data_stream/ntlm/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: event.module
type: constant_keyword
description: Event module
value: zeek
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.ntlm
- name: '@timestamp'
type: date
description: Event timestamp.
1 change: 0 additions & 1 deletion packages/zeek/data_stream/ntlm/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
type: logs
title: Zeek ntlm logs
release: experimental
streams:
- input: logfile
vars:
Expand Down
Loading

0 comments on commit b1f3857

Please sign in to comment.