elastic · lukeelmers · Oct 1, 2021 · Sep 30, 2021 · Sep 30, 2021 · Sep 30, 2021
diff --git a/packages/kbn-logging/src/ecs/agent.ts b/packages/kbn-logging/src/ecs/agent.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-agent.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-agent.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/autonomous_system.ts b/packages/kbn-logging/src/ecs/autonomous_system.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-as.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-as.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/base.ts b/packages/kbn-logging/src/ecs/base.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-base.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-base.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/client.ts b/packages/kbn-logging/src/ecs/client.ts
@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-client.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-client.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/cloud.ts b/packages/kbn-logging/src/ecs/cloud.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-cloud.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-cloud.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/code_signature.ts b/packages/kbn-logging/src/ecs/code_signature.ts
@@ -7,15 +7,17 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-code_signature.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-code_signature.html
  *
  * @internal
  */
 export interface EcsCodeSignature {
+  digest_algorithm?: string;
   exists?: boolean;
   signing_id?: string;
   status?: string;
   subject_name?: string;
+  timestamp?: string;
   team_id?: string;
   trusted?: boolean;
   valid?: boolean;

diff --git a/packages/kbn-logging/src/ecs/container.ts b/packages/kbn-logging/src/ecs/container.ts
@@ -7,14 +7,21 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-container.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-container.html
  *
  * @internal
  */
 export interface EcsContainer {
+  cpu?: { usage?: number };
+  disk?: Disk;
   id?: string;
   image?: { name?: string; tag?: string[] };
   labels?: Record<string, unknown>;
   name?: string;
   runtime?: string;
 }
+
+interface Disk {
+  read?: { bytes?: number };
+  write?: { bytes?: number };
+}
diff --git a/packages/kbn-logging/src/ecs/data_stream.ts b/packages/kbn-logging/src/ecs/data_stream.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-data_stream.html
+ *
+ * @internal
+ */
+export interface EcsDataStream {
+  dataset?: string;
+  namespace?: string;
+  type?: 'logs' | 'metrics';
+}
diff --git a/packages/kbn-logging/src/ecs/destination.ts b/packages/kbn-logging/src/ecs/destination.ts
@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-destination.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-destination.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/dll.ts b/packages/kbn-logging/src/ecs/dll.ts
@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-dll.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-dll.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/dns.ts b/packages/kbn-logging/src/ecs/dns.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-dns.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-dns.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/elf.ts b/packages/kbn-logging/src/ecs/elf.ts
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-elf.html
+ *
+ * @internal
+ */
+export interface EcsElf {
+  architecture?: string;
+  byte_order?: string;
+  cpu_type?: string;
+  creation_date?: string;
+  exports?: Export[];
+  imports?: Import[];
+  header?: Header;
+  sections?: Section[];
+  segments?: Segment[];
+  shared_libraries?: string[];
+  telfhash?: string;
+}
+
+interface Export {
+  binding?: string;
+  name?: string;
+  section?: string;
+  size?: string;
+  type?: string;
+  version?: string;
+  visibility?: string;
+}
+
+interface Import {
+  library?: string;
+  name?: string;
+  type?: string;
+  version?: string;
+}
+
+interface Header {
+  abi_version?: string;
+  class?: string;
+  data?: string;
+  entrypoint?: number;
+  object_version?: string;
+  os_abi?: string;
+  type?: string;
+  version?: string;
+}
+
+interface Section {
+  chi2?: number;
+  entropy?: number;
+  flags?: string;
+  name?: string;
+  physical_offset?: string;
+  physical_size?: number;
+  type?: string;
+  virtual_address?: number;
+  virtual_size?: number;
+}
+
+interface Segment {
+  sections?: string;
+  type?: string;
+}
diff --git a/packages/kbn-logging/src/ecs/email.ts b/packages/kbn-logging/src/ecs/email.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsFile } from './file';
+import { EcsHash } from './hash';
+
+interface NestedFields {
+  // Not all hash types are explicitly supported, see
+  // https://github.com/elastic/ecs/pull/1569
+  hash?: Pick<EcsHash, 'md5' | 'sha1' | 'sha256'>;
+}
+
+interface AttachmentNestedFields {
+  file?: Pick<EcsFile, 'extension' | 'mime_type' | 'name' | 'size' | 'hash'>;
+}
+
+/**
+ * No docs yet, see https://github.com/elastic/ecs/pull/1569
+ *
+ * @internal
+ */
+export interface EcsEmail extends NestedFields {
+  attachments?: Attachment[];
+  bcc?: string[];
+  cc?: string[];
+  content_type?: string;
+  delivery_timestamp?: string;
+  direction?: string;
+  from?: string;
+  local_id?: string;
+  message_id?: string;
+  origination_timestamp?: string;
+  reply_to?: string;
+  subject?: string;
+  'subject.text'?: string;
+  to?: string[];
+  x_mailer?: string;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface Attachment extends AttachmentNestedFields {
+  // intentionally empty
+}
diff --git a/packages/kbn-logging/src/ecs/error.ts b/packages/kbn-logging/src/ecs/error.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-error.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-error.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/event.ts b/packages/kbn-logging/src/ecs/event.ts
@@ -7,12 +7,13 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-event.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-event.html
  *
  * @internal
  */
 export interface EcsEvent {
   action?: string;
+  agent_id_status?: 'verified' | 'mismatch' | 'missing' | 'auth_metadata_missing';
   category?: EcsEventCategory[];
   code?: string;
   created?: string;

diff --git a/packages/kbn-logging/src/ecs/file.ts b/packages/kbn-logging/src/ecs/file.ts
@@ -7,19 +7,21 @@
  */
 
 import { EcsCodeSignature } from './code_signature';
+import { EcsElf } from './elf';
 import { EcsHash } from './hash';
 import { EcsPe } from './pe';
 import { EcsX509 } from './x509';
 
 interface NestedFields {
   code_signature?: EcsCodeSignature;
+  elf?: EcsElf;
   hash?: EcsHash;
   pe?: EcsPe;
   x509?: EcsX509;
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-file.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-file.html
  *
  * @internal
  */
@@ -32,6 +34,7 @@ export interface EcsFile extends NestedFields {
   directory?: string;
   drive_letter?: string;
   extension?: string;
+  fork_name?: string;
   gid?: string;
   group?: string;
   inode?: string;

diff --git a/packages/kbn-logging/src/ecs/geo.ts b/packages/kbn-logging/src/ecs/geo.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-geo.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-geo.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/group.ts b/packages/kbn-logging/src/ecs/group.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-group.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-group.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/hash.ts b/packages/kbn-logging/src/ecs/hash.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-hash.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-hash.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/host.ts b/packages/kbn-logging/src/ecs/host.ts
@@ -18,7 +18,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-host.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-host.html
  *
  * @internal
  */

diff --git a/packages/kbn-logging/src/ecs/http.ts b/packages/kbn-logging/src/ecs/http.ts
@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-http.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-http.html
  *
  * @internal
  */