Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove expected_event_types from protocol (elastic#964)
Browse files Browse the repository at this point in the history
ebeahan committed Sep 8, 2020
1 parent 9c4fc4c commit fd2096f
Showing 5 changed files with 2 additions and 22 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
@@ -16,6 +16,8 @@ Thanks, you're awesome :-) -->

#### Bugfixes

* The `protocol` allowed value under `event.type` should not have the `expected_event_types` defined. #964

#### Added

* Added Mime Type fields to HTTP request and response. #944
4 changes: 0 additions & 4 deletions docs/field-values.asciidoc
Original file line number Diff line number Diff line change
@@ -439,10 +439,6 @@ The installation event type is used for the subset of events within a category t
The protocol event type is used for the subset of events within a category that indicate that they contain protocol details or analysis, beyond simply identifying the protocol. Generally, network events that contain specific protocol details will fall into this subcategory. A common example is `event.category:network AND event.type:protocol AND event.type:connection AND event.type:end` (to indicate that the event is a network connection event sent at the end of a connection that also includes a protocol detail breakdown). Note that events that only indicate the name or id of the protocol should not use the protocol value. Further note that when the protocol subcategory is used, the identified protocol is populated in the ECS `network.protocol` field.


*Expected event types for category protocol:*

access, change, end, info, start


[float]
[[ecs-event-type-start]]
6 changes: 0 additions & 6 deletions generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
@@ -2298,12 +2298,6 @@ event.type:
indicate the name or id of the protocol should not use the protocol value. Further
note that when the protocol subcategory is used, the identified protocol is
populated in the ECS `network.protocol` field.
expected_event_types:
- access
- change
- end
- info
- start
name: protocol
- description: The start event type is used for the subset of events within a category
that indicate something has started. A common example is `event.category:process
6 changes: 0 additions & 6 deletions generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
@@ -2701,12 +2701,6 @@ event:
should not use the protocol value. Further note that when the protocol subcategory
is used, the identified protocol is populated in the ECS `network.protocol`
field.
expected_event_types:
- access
- change
- end
- info
- start
name: protocol
- description: The start event type is used for the subset of events within
a category that indicate something has started. A common example is `event.category:process
6 changes: 0 additions & 6 deletions schemas/event.yml
Original file line number Diff line number Diff line change
@@ -469,12 +469,6 @@
Note that events that only indicate the name or id of the protocol should not use the protocol value.
Further note that when the protocol subcategory is used, the identified protocol is populated in
the ECS `network.protocol` field.
expected_event_types:
- access
- change
- end
- info
- start
- name: start
description: >
The start event type is used for the subset of events within a category

0 comments on commit fd2096f

Please sign in to comment.