Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections]Update detection alert mappings to ECS 1.9 #97573

Merged
merged 7 commits into from
Apr 20, 2021
Merged

[Security Solution][Detections]Update detection alert mappings to ECS 1.9 #97573

merged 7 commits into from
Apr 20, 2021

Commits on Apr 19, 2021

  1. adds snapshot test for getSignalsTemplate

    @ecezalp @rylnd
    ecezalp authored and rylnd committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    9383792 View commit details
    Browse the repository at this point in the history

  2. [CTI] Extracts non-ecs, non-signal mappings to separate file

    @ecezalp @rylnd
    ecezalp authored and rylnd committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    ac228c2 View commit details
    Browse the repository at this point in the history

  3. adds updated ECS mappings

    @ecezalp @rylnd
    ecezalp authored and rylnd committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    cf66c98 View commit details
    Browse the repository at this point in the history

Commits on Apr 20, 2021

  1. Normalize/clean up various mappings files 

    * Adds a wrapping "mappings.properties" around our extra mappings
* Spreads our other mappings similarly to ECS mappings
* Moves dynamic: false out of ECS mappings and into our main template
* Ensures we include 'threat.properties.indicator', since that's where
  our 'type: nested' declaration resides
    @rylnd
    rylnd committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    a4ee0dd View commit details
    Browse the repository at this point in the history

  2. Update ECS mappings snapshot post-1.9 updates 

    This updated snapshot reflects the mappings changes that one will receive when
migrating/rolling over to a 7.13 alerts index.
    @rylnd
    rylnd committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    84ea941 View commit details
    Browse the repository at this point in the history

  3. Update signals template version as per guidelines. 

    The last released mappings update was elastic#92928, which bumped from 24 ->
25. The few unreleased updates since then have increased this by 1, but
since these changes are going out with 7.13 we are bumping by 10 _since
the last release_, in order to give "room" for minor releases.
    @rylnd
    rylnd committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    99e7bbf View commit details
    Browse the repository at this point in the history

  4. Fix cypress test failure due to updated mappings 

    This magic number represents "the number of mapped fields that begin
with 'host.geo.c' and, because this PR adds a mapping for
host.geo.continent_code, the test needed to be updated.
    @rylnd
    rylnd committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    ff66eb3 View commit details
    Browse the repository at this point in the history