diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 9876f4706677..0c9f79276659 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: make GA + type: enhancement + link: https://github.com/elastic/integrations/pull/1217 + - description: Set "event.module" and "event.dataset" + type: enhancement + link: https://github.com/elastic/integrations/pull/1217 - version: "0.8.4" changes: - description: Add support for Splunk authorization tokens diff --git a/packages/zeek/data_stream/capture_loss/fields/base-fields.yml b/packages/zeek/data_stream/capture_loss/fields/base-fields.yml index 7c798f4534ca..9c7832bd787d 100644 --- a/packages/zeek/data_stream/capture_loss/fields/base-fields.yml +++ b/packages/zeek/data_stream/capture_loss/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.capture_loss - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/capture_loss/manifest.yml b/packages/zeek/data_stream/capture_loss/manifest.yml index 32dd6292ce7a..5f66ef81d259 100644 --- a/packages/zeek/data_stream/capture_loss/manifest.yml +++ b/packages/zeek/data_stream/capture_loss/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek capture_loss logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/connection/fields/base-fields.yml b/packages/zeek/data_stream/connection/fields/base-fields.yml index 7c798f4534ca..9790a9113a25 100644 --- a/packages/zeek/data_stream/connection/fields/base-fields.yml +++ b/packages/zeek/data_stream/connection/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.connection - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/connection/manifest.yml b/packages/zeek/data_stream/connection/manifest.yml index 13ad5ed7bf0a..05f23885b622 100644 --- a/packages/zeek/data_stream/connection/manifest.yml +++ b/packages/zeek/data_stream/connection/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek connection logs -release: experimental streams: - input: logfile template_path: log.yml.hbs diff --git a/packages/zeek/data_stream/dce_rpc/fields/base-fields.yml b/packages/zeek/data_stream/dce_rpc/fields/base-fields.yml index 7c798f4534ca..3a568c3f5363 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/base-fields.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.dce_rpc - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/dce_rpc/manifest.yml b/packages/zeek/data_stream/dce_rpc/manifest.yml index 1cfd4ee274b7..557f87bc917d 100644 --- a/packages/zeek/data_stream/dce_rpc/manifest.yml +++ b/packages/zeek/data_stream/dce_rpc/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek dce_rpc logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/dhcp/fields/base-fields.yml b/packages/zeek/data_stream/dhcp/fields/base-fields.yml index 7c798f4534ca..82a42a99d37d 100644 --- a/packages/zeek/data_stream/dhcp/fields/base-fields.yml +++ b/packages/zeek/data_stream/dhcp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.dhcp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/dhcp/manifest.yml b/packages/zeek/data_stream/dhcp/manifest.yml index 179f82683d84..f99de0f15568 100644 --- a/packages/zeek/data_stream/dhcp/manifest.yml +++ b/packages/zeek/data_stream/dhcp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek dhcp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/dnp3/fields/base-fields.yml b/packages/zeek/data_stream/dnp3/fields/base-fields.yml index 7c798f4534ca..5b952e8fd07e 100644 --- a/packages/zeek/data_stream/dnp3/fields/base-fields.yml +++ b/packages/zeek/data_stream/dnp3/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.dnp3 - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/dnp3/manifest.yml b/packages/zeek/data_stream/dnp3/manifest.yml index fb8dc9eeb946..58fc30a92672 100644 --- a/packages/zeek/data_stream/dnp3/manifest.yml +++ b/packages/zeek/data_stream/dnp3/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek dnp3 logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/dns/fields/base-fields.yml b/packages/zeek/data_stream/dns/fields/base-fields.yml index 7c798f4534ca..6997ee2f127e 100644 --- a/packages/zeek/data_stream/dns/fields/base-fields.yml +++ b/packages/zeek/data_stream/dns/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.dns - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/dns/manifest.yml b/packages/zeek/data_stream/dns/manifest.yml index c37422cf7e92..cfb0e18a5701 100644 --- a/packages/zeek/data_stream/dns/manifest.yml +++ b/packages/zeek/data_stream/dns/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek dns logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/dpd/fields/base-fields.yml b/packages/zeek/data_stream/dpd/fields/base-fields.yml index 7c798f4534ca..a1358e73f5a4 100644 --- a/packages/zeek/data_stream/dpd/fields/base-fields.yml +++ b/packages/zeek/data_stream/dpd/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.dpd - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/dpd/manifest.yml b/packages/zeek/data_stream/dpd/manifest.yml index 953ff2241726..7f39a5fbc1b7 100644 --- a/packages/zeek/data_stream/dpd/manifest.yml +++ b/packages/zeek/data_stream/dpd/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek dpd logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/files/fields/base-fields.yml b/packages/zeek/data_stream/files/fields/base-fields.yml index 7c798f4534ca..48206e9d5100 100644 --- a/packages/zeek/data_stream/files/fields/base-fields.yml +++ b/packages/zeek/data_stream/files/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.files - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/files/manifest.yml b/packages/zeek/data_stream/files/manifest.yml index bd5ff7558385..b87633f65160 100644 --- a/packages/zeek/data_stream/files/manifest.yml +++ b/packages/zeek/data_stream/files/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek files logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/ftp/fields/base-fields.yml b/packages/zeek/data_stream/ftp/fields/base-fields.yml index 7c798f4534ca..96d39c2748e4 100644 --- a/packages/zeek/data_stream/ftp/fields/base-fields.yml +++ b/packages/zeek/data_stream/ftp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.ftp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/ftp/manifest.yml b/packages/zeek/data_stream/ftp/manifest.yml index a7dfea3bc641..3b1974cbb3a1 100644 --- a/packages/zeek/data_stream/ftp/manifest.yml +++ b/packages/zeek/data_stream/ftp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek ftp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/http/fields/base-fields.yml b/packages/zeek/data_stream/http/fields/base-fields.yml index 7c798f4534ca..4d1ce81520cb 100644 --- a/packages/zeek/data_stream/http/fields/base-fields.yml +++ b/packages/zeek/data_stream/http/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.http - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/http/manifest.yml b/packages/zeek/data_stream/http/manifest.yml index 7531dba7a4a6..6fae84056ffc 100644 --- a/packages/zeek/data_stream/http/manifest.yml +++ b/packages/zeek/data_stream/http/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek http logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/intel/fields/base-fields.yml b/packages/zeek/data_stream/intel/fields/base-fields.yml index 7c798f4534ca..9a9df3515f5d 100644 --- a/packages/zeek/data_stream/intel/fields/base-fields.yml +++ b/packages/zeek/data_stream/intel/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.intel - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/intel/manifest.yml b/packages/zeek/data_stream/intel/manifest.yml index c7104f0d6178..723e99f395fd 100644 --- a/packages/zeek/data_stream/intel/manifest.yml +++ b/packages/zeek/data_stream/intel/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek intel logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/irc/fields/base-fields.yml b/packages/zeek/data_stream/irc/fields/base-fields.yml index 7c798f4534ca..97d9860af064 100644 --- a/packages/zeek/data_stream/irc/fields/base-fields.yml +++ b/packages/zeek/data_stream/irc/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.irc - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/irc/manifest.yml b/packages/zeek/data_stream/irc/manifest.yml index a792de09a583..42e693551ecb 100644 --- a/packages/zeek/data_stream/irc/manifest.yml +++ b/packages/zeek/data_stream/irc/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek irc logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/kerberos/fields/base-fields.yml b/packages/zeek/data_stream/kerberos/fields/base-fields.yml index 7c798f4534ca..bb4e2c75f5d1 100644 --- a/packages/zeek/data_stream/kerberos/fields/base-fields.yml +++ b/packages/zeek/data_stream/kerberos/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.kerberos - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/kerberos/manifest.yml b/packages/zeek/data_stream/kerberos/manifest.yml index a586aab077b9..8de52255d55d 100644 --- a/packages/zeek/data_stream/kerberos/manifest.yml +++ b/packages/zeek/data_stream/kerberos/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek kerberos logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/modbus/fields/base-fields.yml b/packages/zeek/data_stream/modbus/fields/base-fields.yml index 7c798f4534ca..6f2c2ac706c4 100644 --- a/packages/zeek/data_stream/modbus/fields/base-fields.yml +++ b/packages/zeek/data_stream/modbus/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.modbus - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/modbus/manifest.yml b/packages/zeek/data_stream/modbus/manifest.yml index 0f81ff74f01d..eb770cf866d9 100644 --- a/packages/zeek/data_stream/modbus/manifest.yml +++ b/packages/zeek/data_stream/modbus/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek modbus logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/mysql/fields/base-fields.yml b/packages/zeek/data_stream/mysql/fields/base-fields.yml index 7c798f4534ca..abbb37d349bd 100644 --- a/packages/zeek/data_stream/mysql/fields/base-fields.yml +++ b/packages/zeek/data_stream/mysql/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.mysql - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/mysql/manifest.yml b/packages/zeek/data_stream/mysql/manifest.yml index 480e05bcb715..9acee92a4492 100644 --- a/packages/zeek/data_stream/mysql/manifest.yml +++ b/packages/zeek/data_stream/mysql/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek mysql logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/notice/fields/base-fields.yml b/packages/zeek/data_stream/notice/fields/base-fields.yml index 7c798f4534ca..0ac336f28c3c 100644 --- a/packages/zeek/data_stream/notice/fields/base-fields.yml +++ b/packages/zeek/data_stream/notice/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.notice - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/notice/manifest.yml b/packages/zeek/data_stream/notice/manifest.yml index 2b0d5621b341..230a456c4b1d 100644 --- a/packages/zeek/data_stream/notice/manifest.yml +++ b/packages/zeek/data_stream/notice/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek notice logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/ntlm/fields/base-fields.yml b/packages/zeek/data_stream/ntlm/fields/base-fields.yml index 7c798f4534ca..c337a7604970 100644 --- a/packages/zeek/data_stream/ntlm/fields/base-fields.yml +++ b/packages/zeek/data_stream/ntlm/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.ntlm - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/ntlm/manifest.yml b/packages/zeek/data_stream/ntlm/manifest.yml index 4615352591a2..38c3afa8a3d9 100644 --- a/packages/zeek/data_stream/ntlm/manifest.yml +++ b/packages/zeek/data_stream/ntlm/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek ntlm logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/ocsp/fields/base-fields.yml b/packages/zeek/data_stream/ocsp/fields/base-fields.yml index 7c798f4534ca..488e62b186f2 100644 --- a/packages/zeek/data_stream/ocsp/fields/base-fields.yml +++ b/packages/zeek/data_stream/ocsp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.ocsp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/ocsp/manifest.yml b/packages/zeek/data_stream/ocsp/manifest.yml index d83357c196d1..1066b168a89d 100644 --- a/packages/zeek/data_stream/ocsp/manifest.yml +++ b/packages/zeek/data_stream/ocsp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek ocsp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/pe/fields/base-fields.yml b/packages/zeek/data_stream/pe/fields/base-fields.yml index 7c798f4534ca..98af311efa4f 100644 --- a/packages/zeek/data_stream/pe/fields/base-fields.yml +++ b/packages/zeek/data_stream/pe/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.pe - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/pe/manifest.yml b/packages/zeek/data_stream/pe/manifest.yml index cb8fbb8825f9..7387997eba4c 100644 --- a/packages/zeek/data_stream/pe/manifest.yml +++ b/packages/zeek/data_stream/pe/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek pe logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/radius/fields/base-fields.yml b/packages/zeek/data_stream/radius/fields/base-fields.yml index 7c798f4534ca..a9e14f26e2e4 100644 --- a/packages/zeek/data_stream/radius/fields/base-fields.yml +++ b/packages/zeek/data_stream/radius/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.radius - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/radius/manifest.yml b/packages/zeek/data_stream/radius/manifest.yml index 3b260dfd488f..5ca5cd766b8b 100644 --- a/packages/zeek/data_stream/radius/manifest.yml +++ b/packages/zeek/data_stream/radius/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek radius logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/rdp/fields/base-fields.yml b/packages/zeek/data_stream/rdp/fields/base-fields.yml index 7c798f4534ca..4fae2e698d8a 100644 --- a/packages/zeek/data_stream/rdp/fields/base-fields.yml +++ b/packages/zeek/data_stream/rdp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.rdp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/rdp/manifest.yml b/packages/zeek/data_stream/rdp/manifest.yml index 30f892fbc555..ba3f66a0e501 100644 --- a/packages/zeek/data_stream/rdp/manifest.yml +++ b/packages/zeek/data_stream/rdp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek rdp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/rfb/fields/base-fields.yml b/packages/zeek/data_stream/rfb/fields/base-fields.yml index 7c798f4534ca..0908f5c5ed3c 100644 --- a/packages/zeek/data_stream/rfb/fields/base-fields.yml +++ b/packages/zeek/data_stream/rfb/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.rfb - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/rfb/manifest.yml b/packages/zeek/data_stream/rfb/manifest.yml index 596cde7d2ae6..dc620d9e21af 100644 --- a/packages/zeek/data_stream/rfb/manifest.yml +++ b/packages/zeek/data_stream/rfb/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek rfb logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/sip/fields/base-fields.yml b/packages/zeek/data_stream/sip/fields/base-fields.yml index 7c798f4534ca..7e5ed093a6f8 100644 --- a/packages/zeek/data_stream/sip/fields/base-fields.yml +++ b/packages/zeek/data_stream/sip/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.sip - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/sip/manifest.yml b/packages/zeek/data_stream/sip/manifest.yml index 7d4f7ee3ad7a..010396ae0065 100644 --- a/packages/zeek/data_stream/sip/manifest.yml +++ b/packages/zeek/data_stream/sip/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek sip logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/smb_cmd/fields/base-fields.yml b/packages/zeek/data_stream/smb_cmd/fields/base-fields.yml index 7c798f4534ca..2da0d47a431e 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/base-fields.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.smb_cmd - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/smb_cmd/manifest.yml b/packages/zeek/data_stream/smb_cmd/manifest.yml index c454761e6784..d8387b5cc863 100644 --- a/packages/zeek/data_stream/smb_cmd/manifest.yml +++ b/packages/zeek/data_stream/smb_cmd/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek smb_cmd logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/smb_files/fields/base-fields.yml b/packages/zeek/data_stream/smb_files/fields/base-fields.yml index 7c798f4534ca..21aa2739e6dc 100644 --- a/packages/zeek/data_stream/smb_files/fields/base-fields.yml +++ b/packages/zeek/data_stream/smb_files/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.smb_files - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/smb_files/manifest.yml b/packages/zeek/data_stream/smb_files/manifest.yml index 1c5530d0936f..dcc309d2b6c8 100644 --- a/packages/zeek/data_stream/smb_files/manifest.yml +++ b/packages/zeek/data_stream/smb_files/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek smb_files logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/smb_mapping/fields/base-fields.yml b/packages/zeek/data_stream/smb_mapping/fields/base-fields.yml index 7c798f4534ca..b790ebf75283 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/base-fields.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.smb_mapping - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/smb_mapping/manifest.yml b/packages/zeek/data_stream/smb_mapping/manifest.yml index db6198947254..65d967d3c5fd 100644 --- a/packages/zeek/data_stream/smb_mapping/manifest.yml +++ b/packages/zeek/data_stream/smb_mapping/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek smb_mapping logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/smtp/fields/base-fields.yml b/packages/zeek/data_stream/smtp/fields/base-fields.yml index 7c798f4534ca..c3f1dee8ed30 100644 --- a/packages/zeek/data_stream/smtp/fields/base-fields.yml +++ b/packages/zeek/data_stream/smtp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.smtp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/smtp/manifest.yml b/packages/zeek/data_stream/smtp/manifest.yml index 7fbe841c33fa..f6c149387ec0 100644 --- a/packages/zeek/data_stream/smtp/manifest.yml +++ b/packages/zeek/data_stream/smtp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek smtp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/snmp/fields/base-fields.yml b/packages/zeek/data_stream/snmp/fields/base-fields.yml index 7c798f4534ca..604ea318eb84 100644 --- a/packages/zeek/data_stream/snmp/fields/base-fields.yml +++ b/packages/zeek/data_stream/snmp/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.snmp - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/snmp/manifest.yml b/packages/zeek/data_stream/snmp/manifest.yml index b8617637922f..ee4659f751ba 100644 --- a/packages/zeek/data_stream/snmp/manifest.yml +++ b/packages/zeek/data_stream/snmp/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek snmp logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/socks/fields/base-fields.yml b/packages/zeek/data_stream/socks/fields/base-fields.yml index 7c798f4534ca..8363b20b60d5 100644 --- a/packages/zeek/data_stream/socks/fields/base-fields.yml +++ b/packages/zeek/data_stream/socks/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.socks - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/socks/manifest.yml b/packages/zeek/data_stream/socks/manifest.yml index bf9cd6209028..b9e1f9af306b 100644 --- a/packages/zeek/data_stream/socks/manifest.yml +++ b/packages/zeek/data_stream/socks/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek socks logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/ssh/fields/base-fields.yml b/packages/zeek/data_stream/ssh/fields/base-fields.yml index 7c798f4534ca..0f408feeb083 100644 --- a/packages/zeek/data_stream/ssh/fields/base-fields.yml +++ b/packages/zeek/data_stream/ssh/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.ssh - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/ssh/manifest.yml b/packages/zeek/data_stream/ssh/manifest.yml index 88cee1dd8ce0..f01683502d8d 100644 --- a/packages/zeek/data_stream/ssh/manifest.yml +++ b/packages/zeek/data_stream/ssh/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek ssh logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/ssl/fields/base-fields.yml b/packages/zeek/data_stream/ssl/fields/base-fields.yml index 7c798f4534ca..762c6239d505 100644 --- a/packages/zeek/data_stream/ssl/fields/base-fields.yml +++ b/packages/zeek/data_stream/ssl/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.ssl - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/ssl/manifest.yml b/packages/zeek/data_stream/ssl/manifest.yml index 597930269766..c9b7afdf9229 100644 --- a/packages/zeek/data_stream/ssl/manifest.yml +++ b/packages/zeek/data_stream/ssl/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek ssl logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/stats/fields/base-fields.yml b/packages/zeek/data_stream/stats/fields/base-fields.yml index 7c798f4534ca..ea7cc2e519bc 100644 --- a/packages/zeek/data_stream/stats/fields/base-fields.yml +++ b/packages/zeek/data_stream/stats/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.stats - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/stats/manifest.yml b/packages/zeek/data_stream/stats/manifest.yml index 3e4b50cbf96d..215920bc6da3 100644 --- a/packages/zeek/data_stream/stats/manifest.yml +++ b/packages/zeek/data_stream/stats/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek stats logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/syslog/fields/base-fields.yml b/packages/zeek/data_stream/syslog/fields/base-fields.yml index 7c798f4534ca..1bd5bc925837 100644 --- a/packages/zeek/data_stream/syslog/fields/base-fields.yml +++ b/packages/zeek/data_stream/syslog/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.syslog - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/syslog/manifest.yml b/packages/zeek/data_stream/syslog/manifest.yml index 429a6e2f91e5..f3f6db4679cc 100644 --- a/packages/zeek/data_stream/syslog/manifest.yml +++ b/packages/zeek/data_stream/syslog/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek syslog logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/traceroute/fields/base-fields.yml b/packages/zeek/data_stream/traceroute/fields/base-fields.yml index 7c798f4534ca..9168f187a499 100644 --- a/packages/zeek/data_stream/traceroute/fields/base-fields.yml +++ b/packages/zeek/data_stream/traceroute/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.traceroute - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/traceroute/manifest.yml b/packages/zeek/data_stream/traceroute/manifest.yml index 118cc46aa44b..d4452526704d 100644 --- a/packages/zeek/data_stream/traceroute/manifest.yml +++ b/packages/zeek/data_stream/traceroute/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek traceroute logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/tunnel/fields/base-fields.yml b/packages/zeek/data_stream/tunnel/fields/base-fields.yml index 7c798f4534ca..215a69fc4830 100644 --- a/packages/zeek/data_stream/tunnel/fields/base-fields.yml +++ b/packages/zeek/data_stream/tunnel/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.tunnel - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/tunnel/manifest.yml b/packages/zeek/data_stream/tunnel/manifest.yml index 003b89ee4dea..575db110bacd 100644 --- a/packages/zeek/data_stream/tunnel/manifest.yml +++ b/packages/zeek/data_stream/tunnel/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek tunnel logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/weird/fields/base-fields.yml b/packages/zeek/data_stream/weird/fields/base-fields.yml index 7c798f4534ca..1a19d1706277 100644 --- a/packages/zeek/data_stream/weird/fields/base-fields.yml +++ b/packages/zeek/data_stream/weird/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.weird - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/weird/manifest.yml b/packages/zeek/data_stream/weird/manifest.yml index 9d01a8e75516..d8ec7ea27f56 100644 --- a/packages/zeek/data_stream/weird/manifest.yml +++ b/packages/zeek/data_stream/weird/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek weird logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/data_stream/x509/fields/base-fields.yml b/packages/zeek/data_stream/x509/fields/base-fields.yml index 7c798f4534ca..3a93a8353ed7 100644 --- a/packages/zeek/data_stream/x509/fields/base-fields.yml +++ b/packages/zeek/data_stream/x509/fields/base-fields.yml @@ -7,6 +7,14 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. +- name: event.module + type: constant_keyword + description: Event module + value: zeek +- name: event.dataset + type: constant_keyword + description: Event dataset + value: zeek.x509 - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/zeek/data_stream/x509/manifest.yml b/packages/zeek/data_stream/x509/manifest.yml index 8fe67befc0fa..98bc3c67d327 100644 --- a/packages/zeek/data_stream/x509/manifest.yml +++ b/packages/zeek/data_stream/x509/manifest.yml @@ -1,6 +1,5 @@ type: logs title: Zeek x509 logs -release: experimental streams: - input: logfile vars: diff --git a/packages/zeek/docs/README.md b/packages/zeek/docs/README.md index a6abb6725b95..dc51e35dd33c 100644 --- a/packages/zeek/docs/README.md +++ b/packages/zeek/docs/README.md @@ -42,8 +42,10 @@ which contains packet loss rate data. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -120,10 +122,12 @@ contains TCP/UDP/ICMP connection data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.duration | Duration of the event in nanoseconds. | long | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -227,9 +231,11 @@ contains Distributed Computing Environment/RPC data. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -311,9 +317,11 @@ DHCP lease data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -412,9 +420,11 @@ requests and replies. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -522,10 +532,12 @@ activity. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.duration | Duration of the event in nanoseconds. | long | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.original | Raw text message of entire event. | keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | @@ -633,9 +645,11 @@ protocol detection failures. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -711,9 +725,11 @@ file analysis results. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.hash.md5 | MD5 hash. | keyword | | file.hash.sha1 | SHA1 hash. | keyword | @@ -817,9 +833,11 @@ activity. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.mime_type | Media type of file, document, or arrangement of bytes. | keyword | | file.size | File size in bytes. | long | @@ -931,9 +949,11 @@ HTTP requests and replies. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -1061,8 +1081,10 @@ intelligence data matches. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.original | Raw text message of entire event. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -1162,9 +1184,11 @@ commands and responses. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.mime_type | Media type of file, document, or arrangement of bytes. | keyword | | file.name | Name of the file including the extension, without the directory. | keyword | @@ -1266,9 +1290,11 @@ contains kerberos data. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -1392,9 +1418,11 @@ modbus commands and responses. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -1485,9 +1513,11 @@ MySQL data. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Date/time when the event was first read by an agent, or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -1579,9 +1609,11 @@ Zeek notices. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.mime_type | Media type of file, document, or arrangement of bytes. | keyword | | file.size | File size in bytes. | long | @@ -1694,9 +1726,11 @@ LAN Manager(NTLM) data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.path | Full path to the log file this event came from. | keyword | @@ -1780,8 +1814,10 @@ Online Certificate Status Protocol (OCSP) data. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | file.path | Full path to the log file this event came from. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -1849,8 +1885,10 @@ portable executable data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -1936,9 +1974,11 @@ RADIUS authentication attempts. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -2036,9 +2076,11 @@ data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -2142,9 +2184,11 @@ Remote Framebuffer (RFB) data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -2241,9 +2285,11 @@ data. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -2353,9 +2399,11 @@ contains SMB commands. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -2461,9 +2509,11 @@ contains SMB file data. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.accessed | Last time the file was accessed. | date | | file.created | File creation time. | date | @@ -2568,9 +2618,11 @@ which contains SMB trees. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.path | Full path to the log file this event came from. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -2661,9 +2713,11 @@ SMTP transactions.. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -2773,9 +2827,11 @@ SNMP messages. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -2869,9 +2925,11 @@ SOCKS proxy requests. | ecs.version | ECS version this event conforms to. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -2969,9 +3027,11 @@ connection data. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -3071,9 +3131,11 @@ SSL/TLS handshake info. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -3211,8 +3273,10 @@ memory/event/packet/lag statistics. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | @@ -3304,9 +3368,11 @@ syslog messages. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | @@ -3395,8 +3461,10 @@ contains traceroute detections. | error.message | Error message. | text | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -3480,9 +3548,11 @@ tunneling protocol events. | event.action | The action captured by the event. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -3566,9 +3636,11 @@ unexpected network-level activity. | ecs.version | ECS version this event conforms to. | keyword | | event.category | Event category. The second categorization field in the hierarchy. | keyword | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | @@ -3643,9 +3715,11 @@ X.509 certificate info. | ecs.version | ECS version this event conforms to. | keyword | | error.message | Error message. | text | | event.created | Time when the event was first read by an agent or by your pipeline. | date | +| event.dataset | Event dataset | constant_keyword | | event.id | Unique ID to describe the event. | keyword | | event.ingested | Timestamp when an event arrived in the central data store. | date | | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword | +| event.module | Event module | constant_keyword | | event.type | Event type. The third categorization field in the hierarchy. | keyword | | file.x509.alternative_names | List of subject alternative names (SAN). | keyword | | file.x509.issuer.common_name | List of common name (CN) of issuing certificate authority. | keyword | diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 4aefdaf00ba4..6c83982772be 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,7 +1,7 @@ name: zeek title: Zeek -version: 0.8.4 -release: beta +version: 1.0.0 +release: ga description: Zeek Integration type: integration icons: @@ -13,7 +13,7 @@ format_version: 1.0.0 license: basic categories: [network, monitoring, security] conditions: - kibana.version: '^7.13.0' + kibana.version: '^7.14.0' screenshots: - src: /img/kibana-zeek.png title: kibana zeek