Skip to content

Commit

Permalink
Added related.user field (elastic#694)
Browse files Browse the repository at this point in the history
  • Loading branch information
janniten authored and dcode committed Apr 15, 2020
1 parent e92b190 commit 43a2e53
Show file tree
Hide file tree
Showing 10 changed files with 55 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ Thanks, you're awesome :-) -->
* Added `rule` fields. #665
* Added default `text` analyzer as a multi-field to around 25 more fields. #680
* Added `registry.*` fieldset for the Windows registry. #673
* Added `related.user` #694

#### Improvements

Expand Down
3 changes: 3 additions & 0 deletions code/go/ecs/related.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions docs/field-details.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -3641,6 +3641,17 @@ type: ip



| extended

// ===============================================================

| related.user
| All the user names seen on your event.

type: keyword



| extended

// ===============================================================
Expand Down
5 changes: 5 additions & 0 deletions generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2657,6 +2657,11 @@
level: extended
type: ip
description: All of the IPs seen on your event.
- name: user
level: extended
type: keyword
ignore_above: 1024
description: All the user names seen on your event.
- name: rule
title: Rule
group: 2
Expand Down
1 change: 1 addition & 0 deletions generated/csv/fields.csv
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
1.4.0-dev,true,registry,registry.path,keyword,core,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
1.4.0-dev,true,registry,registry.value,keyword,core,Debugger,Name of the value written.
1.4.0-dev,true,related,related.ip,ip,extended,,All of the IPs seen on your event.
1.4.0-dev,true,related,related.user,keyword,extended,,All the user names seen on your event.
1.4.0-dev,true,rule,rule.category,keyword,extended,Attempted Information Leak,Rule category
1.4.0-dev,true,rule,rule.description,keyword,extended,Block requests to public DNS over HTTPS / TLS protocols,Rule description
1.4.0-dev,true,rule,rule.id,keyword,extended,101,Rule ID
Expand Down
10 changes: 10 additions & 0 deletions generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4142,6 +4142,16 @@ related.ip:
order: 0
short: All of the IPs seen on your event.
type: ip
related.user:
dashed_name: related-user
description: All the user names seen on your event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
order: 1
short: All the user names seen on your event.
type: keyword
rule.category:
dashed_name: rule-category
description: A categorization value keyword used by the entity using the rule for
Expand Down
10 changes: 10 additions & 0 deletions generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4563,6 +4563,16 @@ related:
order: 0
short: All of the IPs seen on your event.
type: ip
user:
dashed_name: related-user
description: All the user names seen on your event.
flat_name: related.user
ignore_above: 1024
level: extended
name: user
order: 1
short: All the user names seen on your event.
type: keyword
group: 2
name: related
prefix: related.
Expand Down
4 changes: 4 additions & 0 deletions generated/elasticsearch/6/template.json
Original file line number Diff line number Diff line change
Expand Up @@ -1664,6 +1664,10 @@
"properties": {
"ip": {
"type": "ip"
},
"user": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
Expand Down
4 changes: 4 additions & 0 deletions generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
Expand Up @@ -1663,6 +1663,10 @@
"properties": {
"ip": {
"type": "ip"
},
"user": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
Expand Down
6 changes: 6 additions & 0 deletions schemas/related.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,9 @@
type: ip
description: >
All of the IPs seen on your event.
- name: user
level: extended
type: keyword
description: >
All the user names seen on your event.

0 comments on commit 43a2e53

Please sign in to comment.