diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8fe748c1bf5..a0456e3a99e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -43,7 +43,7 @@ CHANGELOG* /filebeat/module/mysql @elastic/security-external-integrations /filebeat/module/nats @elastic/integrations /filebeat/module/nginx @elastic/obs-infraobs-integrations -/filebeat/module/osquery @elastic/security-asset-management +/filebeat/module/osquery @elastic/security-external-integrations /filebeat/module/pensando @elastic/security-external-integrations /filebeat/module/postgresql @elastic/obs-infraobs-integrations /filebeat/module/redis @elastic/obs-infraobs-integrations @@ -196,7 +196,7 @@ CHANGELOG* /x-pack/metricbeat/module/statsd @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/stan/ @elastic/obs-cloudnative-monitoring /x-pack/metricbeat/module/tomcat @elastic/obs-infraobs-integrations -/x-pack/osquerybeat/ @elastic/security-asset-management +/x-pack/osquerybeat/ @elastic/security-external-integrations /x-pack/packetbeat/ @elastic/security-external-integrations /x-pack/winlogbeat/ @elastic/security-external-integrations /x-pack/libbeat/reader/parquet/ @elastic/security-external-integrations diff --git a/.mergify.yml b/.mergify.yml index 34d48d228d1..91a9b940704 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -276,3 +276,16 @@ pull_request_rules: labels: - "backport" title: "[{{ destination_branch }}](backport #{{ number }}) {{ title }}" + - name: backport patches to 8.11 branch + conditions: + - merged + - label=backport-v8.11.0 + actions: + backport: + assignees: + - "{{ author }}" + branches: + - "8.11" + labels: + - "backport" + title: "[{{ destination_branch }}](backport #{{ number }}) {{ title }}" diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 22f9fb33ee8..d1d1db40166 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -231,6 +231,7 @@ is collected by it. - Add CEL partial value debug function. {pull}36652[36652] - Added support for new features and removed partial save mechanism in the GCS input. {issue}35847[35847] {pull}36713[36713] - Re-use buffers to optimise memory allocation in fingerprint mode of filestream {pull}36736[36736] +- Allow http_endpoint input to receive PUT and PATCH requests. {pull}36734[36734] *Auditbeat* diff --git a/NOTICE.txt b/NOTICE.txt index 8c45fb2b215..03627af32a3 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -21167,11 +21167,11 @@ THE SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/osquery/osquery-go -Version: v0.0.0-20220706183148-4e1f83012b42 +Version: v0.0.0-20230707154813-2e4891a0f444 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/osquery/osquery-go@v0.0.0-20220706183148-4e1f83012b42/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/osquery/osquery-go@v0.0.0-20230707154813-2e4891a0f444/LICENSE: MIT License @@ -24929,11 +24929,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : golang.org/x/sys -Version: v0.11.0 +Version: v0.12.0 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/golang.org/x/sys@v0.11.0/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/sys@v0.12.0/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -31151,11 +31151,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/apache/thrift -Version: v0.18.1 +Version: v0.19.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/apache/thrift@v0.18.1/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/apache/thrift@v0.19.0/LICENSE: Apache License @@ -36259,11 +36259,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/go-logr/logr -Version: v1.2.3 +Version: v1.2.4 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/go-logr/logr@v1.2.3/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/go-logr/logr@v1.2.4/LICENSE: Apache License Version 2.0, January 2004 @@ -36468,6 +36468,217 @@ Contents of probable licence file $GOMODCACHE/github.com/go-logr/logr@v1.2.3/LIC limitations under the License. +-------------------------------------------------------------------------------- +Dependency : github.com/go-logr/stdr +Version: v1.2.2 +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/go-logr/stdr@v1.2.2/LICENSE: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + -------------------------------------------------------------------------------- Dependency : github.com/go-martini/martini Version: v0.0.0-20170121215854-22fa46961aab @@ -49950,6 +50161,639 @@ Contents of probable licence file $GOMODCACHE/go.opencensus.io@v0.24.0/LICENSE: See the License for the specific language governing permissions and limitations under the License. +-------------------------------------------------------------------------------- +Dependency : go.opentelemetry.io/otel +Version: v1.19.0 +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/go.opentelemetry.io/otel@v1.19.0/LICENSE: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +-------------------------------------------------------------------------------- +Dependency : go.opentelemetry.io/otel/metric +Version: v1.19.0 +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/go.opentelemetry.io/otel/metric@v1.19.0/LICENSE: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +-------------------------------------------------------------------------------- +Dependency : go.opentelemetry.io/otel/trace +Version: v1.19.0 +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/go.opentelemetry.io/otel/trace@v1.19.0/LICENSE: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + -------------------------------------------------------------------------------- Dependency : go.uber.org/goleak Version: v1.2.0 diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index 7dbbb98bbef..32fbef2da04 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1348,6 +1348,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is auditbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "auditbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1362,6 +1364,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 84bd161d88f..7f86b5aa9d2 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -2444,6 +2444,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is filebeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "filebeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -2458,6 +2460,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/go.mod b/go.mod index 7bb6919fde9..5deb71586d1 100644 --- a/go.mod +++ b/go.mod @@ -125,7 +125,7 @@ require ( github.com/mitchellh/hashstructure v1.1.0 github.com/mitchellh/mapstructure v1.5.0 github.com/olekukonko/tablewriter v0.0.5 - github.com/osquery/osquery-go v0.0.0-20220706183148-4e1f83012b42 + github.com/osquery/osquery-go v0.0.0-20230707154813-2e4891a0f444 github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0 github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.0 @@ -158,7 +158,7 @@ require ( golang.org/x/net v0.10.0 golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.11.0 + golang.org/x/sys v0.12.0 golang.org/x/text v0.12.0 golang.org/x/time v0.3.0 golang.org/x/tools v0.6.0 @@ -245,7 +245,7 @@ require ( github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect github.com/andybalholm/brotli v1.0.5 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect - github.com/apache/thrift v0.18.1 // indirect + github.com/apache/thrift v0.19.0 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/aws/aws-sdk-go v1.38.60 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8 // indirect @@ -276,7 +276,8 @@ require ( github.com/felixge/httpsnoop v1.0.1 // indirect github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-stack/stack v1.8.0 // indirect github.com/gobuffalo/here v0.6.7 // indirect @@ -357,6 +358,9 @@ require ( github.com/zeebo/xxh3 v1.0.2 // indirect go.elastic.co/fastjson v1.1.0 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect golang.org/x/exp v0.0.0-20220921023135-46d9e7742f1e // indirect golang.org/x/term v0.11.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index 2c5cbe6a6f2..d96c6592261 100644 --- a/go.sum +++ b/go.sum @@ -254,8 +254,8 @@ github.com/apache/arrow/go/v12 v12.0.1-0.20230605094802-c153c6d36ccf/go.mod h1:w github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= -github.com/apache/thrift v0.18.1 h1:lNhK/1nqjbwbiOPDBPFJVKxgDEGSepKuTh6OLiXW8kg= -github.com/apache/thrift v0.18.1/go.mod h1:rdQn/dCcDKEWjjylUeueum4vQEjG2v8v2PqriUnbr+I= +github.com/apache/thrift v0.19.0 h1:sOqkWPzMj7w6XaYbJQG7m4sGqVolaW/0D28Ln7yPzMk= +github.com/apache/thrift v0.19.0/go.mod h1:SUALL216IiaOw2Oy+5Vs9lboJ/t9g40C+G07Dc0QC1I= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -782,8 +782,12 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= @@ -1555,8 +1559,8 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/osquery/osquery-go v0.0.0-20220706183148-4e1f83012b42 h1:Epwxipb+y/e8ss/SJ7947F8J6dwjv3RHRCz2g0OkCII= -github.com/osquery/osquery-go v0.0.0-20220706183148-4e1f83012b42/go.mod h1:0KzmMhe0PL19cdYq6nd1cT9/5bMMJBTssAfuEgM2i34= +github.com/osquery/osquery-go v0.0.0-20230707154813-2e4891a0f444 h1:UO3MEdZ4hkmAfhf7kXfuKR+e44gsHlEEsdWGOwZNLyQ= +github.com/osquery/osquery-go v0.0.0-20230707154813-2e4891a0f444/go.mod h1:mLJRc1Go8uP32LRALGvWj2lVJ+hDYyIfxDzVa+C5Yo8= github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= @@ -1938,6 +1942,12 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -2321,8 +2331,8 @@ golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index ff2ac644a9d..89fc08ef8e6 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1440,6 +1440,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is heartbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "heartbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1454,6 +1456,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/libbeat/_meta/config/setup.dsl.reference.yml.tmpl b/libbeat/_meta/config/setup.dsl.reference.yml.tmpl index e66e83f17c2..9b718645ff3 100644 --- a/libbeat/_meta/config/setup.dsl.reference.yml.tmpl +++ b/libbeat/_meta/config/setup.dsl.reference.yml.tmpl @@ -8,6 +8,8 @@ # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is {{.BeatName}}-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "{{.BeatName}}-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -21,4 +23,4 @@ #setup.dsl.check_exists: true # Overwrite the lifecycle policy at startup. The default is false. -#setup.dsl.overwrite: false \ No newline at end of file +#setup.dsl.overwrite: false diff --git a/libbeat/version/version.go b/libbeat/version/version.go index 960ed3c72e6..ef3de6455a0 100644 --- a/libbeat/version/version.go +++ b/libbeat/version/version.go @@ -18,4 +18,4 @@ // Code generated by dev-tools/set_version package version -const defaultBeatVersion = "8.11.0" +const defaultBeatVersion = "8.12.0" diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 3fc3c2a011c..88e353e883b 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -2183,6 +2183,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is metricbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "metricbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -2197,6 +2199,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 4c90eb43b9f..aebeb1947a6 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1814,6 +1814,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is packetbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "packetbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1828,6 +1830,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 0605c6531c5..89615d4d53a 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0-4d413233-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0-4e7ff248-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.11.0-4d413233-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.11.0-4e7ff248-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.11.0-4d413233-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.11.0-4e7ff248-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index bf94da0c118..5619e9a6375 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1230,6 +1230,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is winlogbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "winlogbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1244,6 +1246,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 9e08ae7c167..999f0416354 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1404,6 +1404,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is auditbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "auditbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1418,6 +1420,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/filebeat/docs/inputs/input-cel.asciidoc b/x-pack/filebeat/docs/inputs/input-cel.asciidoc index b4389e34c3c..35fbc4654f2 100644 --- a/x-pack/filebeat/docs/inputs/input-cel.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-cel.asciidoc @@ -693,7 +693,8 @@ filebeat.inputs: user: user@domain.tld password: P@$$W0₹D redact: - fields: password + fields: + - password delete: true ---- diff --git a/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc b/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc index ed25c5f719d..036ab9b2781 100644 --- a/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc @@ -279,6 +279,12 @@ This option defines the provider of the webhook that uses CRC (Challenge-Respons The secret token provided by the webhook owner for the CRC validation. It is required when a `crc.provider` is set. +[float] +==== `method` + +The HTTP method handled by the endpoint. If specified, `method` must be `POST`, `PUT` or `PATCH`. +The default method is `POST`. If `PUT` or `PATCH` are specified, requests using those method types are accepted, but are treated as `POST` requests and are expected to have a request body containing the request data. + [float] === Metrics diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 5768cb55689..29704a80ad4 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -4814,6 +4814,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is filebeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "filebeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -4828,6 +4830,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/filebeat/input/http_endpoint/config.go b/x-pack/filebeat/input/http_endpoint/config.go index d60ffdeb989..48fa51bd00b 100644 --- a/x-pack/filebeat/input/http_endpoint/config.go +++ b/x-pack/filebeat/input/http_endpoint/config.go @@ -8,6 +8,7 @@ import ( "encoding/json" "errors" "fmt" + "net/http" "net/textproto" "strings" @@ -20,8 +21,9 @@ var crcProviders = map[string]func(string) *crcValidator{ "zoom": newZoomCRC, } -// Config contains information about httpjson configuration +// Config contains information about http_endpoint configuration type config struct { + Method string `config:"method"` TLS *tlscommon.ServerConfig `config:"ssl"` BasicAuth bool `config:"basic_auth"` Username string `config:"username"` @@ -47,6 +49,7 @@ type config struct { func defaultConfig() config { return config{ + Method: http.MethodPost, BasicAuth: false, Username: "", Password: "", @@ -73,6 +76,12 @@ func (c *config) Validate() error { return errors.New("response_body must be valid JSON") } + switch c.Method { + case http.MethodPost, http.MethodPut, http.MethodPatch: + default: + return fmt.Errorf("method must be POST, PUT or PATCH: %s", c.Method) + } + if c.BasicAuth { if c.Username == "" || c.Password == "" { return errors.New("username and password required when basicauth is enabled") diff --git a/x-pack/filebeat/input/http_endpoint/input.go b/x-pack/filebeat/input/http_endpoint/input.go index 72454b3a81c..3b236aaec08 100644 --- a/x-pack/filebeat/input/http_endpoint/input.go +++ b/x-pack/filebeat/input/http_endpoint/input.go @@ -289,7 +289,7 @@ func newHandler(c config, pub stateless.Publisher, log *logp.Logger, metrics *in basicAuth: c.BasicAuth, username: c.Username, password: c.Password, - method: http.MethodPost, + method: c.Method, contentType: c.ContentType, secretHeader: c.SecretHeader, secretValue: c.SecretValue, diff --git a/x-pack/filebeat/input/http_endpoint/input_test.go b/x-pack/filebeat/input/http_endpoint/input_test.go index d172a0eed5f..c7c1b89bf3a 100644 --- a/x-pack/filebeat/input/http_endpoint/input_test.go +++ b/x-pack/filebeat/input/http_endpoint/input_test.go @@ -25,6 +25,7 @@ import ( var serverPoolTests = []struct { name string + method string cfgs []*httpEndpoint events []target want []mapstr.M @@ -55,6 +56,60 @@ var serverPoolTests = []struct { {"json": mapstr.M{"c": int64(3)}}, }, }, + { + name: "put", + method: http.MethodPut, + cfgs: []*httpEndpoint{{ + addr: "127.0.0.1:9001", + config: config{ + Method: http.MethodPut, + ResponseCode: 200, + ResponseBody: `{"message": "success"}`, + ListenAddress: "127.0.0.1", + ListenPort: "9001", + URL: "/", + Prefix: "json", + ContentType: "application/json", + }, + }}, + events: []target{ + {url: "http://127.0.0.1:9001/", event: `{"a":1}`}, + {url: "http://127.0.0.1:9001/", event: `{"b":2}`}, + {url: "http://127.0.0.1:9001/", event: `{"c":3}`}, + }, + want: []mapstr.M{ + {"json": mapstr.M{"a": int64(1)}}, + {"json": mapstr.M{"b": int64(2)}}, + {"json": mapstr.M{"c": int64(3)}}, + }, + }, + { + name: "patch", + method: http.MethodPatch, + cfgs: []*httpEndpoint{{ + addr: "127.0.0.1:9001", + config: config{ + Method: http.MethodPatch, + ResponseCode: 200, + ResponseBody: `{"message": "success"}`, + ListenAddress: "127.0.0.1", + ListenPort: "9001", + URL: "/", + Prefix: "json", + ContentType: "application/json", + }, + }}, + events: []target{ + {url: "http://127.0.0.1:9001/", event: `{"a":1}`}, + {url: "http://127.0.0.1:9001/", event: `{"b":2}`}, + {url: "http://127.0.0.1:9001/", event: `{"c":3}`}, + }, + want: []mapstr.M{ + {"json": mapstr.M{"a": int64(1)}}, + {"json": mapstr.M{"b": int64(2)}}, + {"json": mapstr.M{"c": int64(3)}}, + }, + }, { name: "distinct_ports", cfgs: []*httpEndpoint{ @@ -249,7 +304,7 @@ func TestServerPool(t *testing.T) { } } for i, e := range test.events { - resp, err := http.Post(e.url, "application/json", strings.NewReader(e.event)) + resp, err := doRequest(test.method, e.url, "application/json", strings.NewReader(e.event)) if err != nil { t.Fatalf("failed to post event #%d: %v", i, err) } @@ -288,6 +343,18 @@ func TestServerPool(t *testing.T) { } } +func doRequest(method, url, contentType string, body io.Reader) (*http.Response, error) { + if method == "" { + method = http.MethodPost + } + req, err := http.NewRequest(method, url, body) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", contentType) + return http.DefaultClient.Do(req) +} + // Is is included to simplify testing, but is not exposed to avoid unwanted error // matching outside tests. func (e invalidTLSStateErr) Is(err error) bool { diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 3f2308b6eff..b9a54bd88ec 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1068,6 +1068,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is functionbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "functionbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1082,6 +1084,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml index ff2ac644a9d..89fc08ef8e6 100644 --- a/x-pack/heartbeat/heartbeat.reference.yml +++ b/x-pack/heartbeat/heartbeat.reference.yml @@ -1440,6 +1440,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is heartbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "heartbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1454,6 +1456,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index eb685b2322f..63acc6f5245 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -2744,6 +2744,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is metricbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "metricbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -2758,6 +2760,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/osquerybeat/beater/action_handler.go b/x-pack/osquerybeat/beater/action_handler.go index 041c6e8c952..c4650ee9f16 100644 --- a/x-pack/osquerybeat/beater/action_handler.go +++ b/x-pack/osquerybeat/beater/action_handler.go @@ -26,7 +26,7 @@ type publisher interface { } type queryExecutor interface { - Query(ctx context.Context, sql string) ([]map[string]interface{}, error) + Query(ctx context.Context, sql string, timeout time.Duration) ([]map[string]interface{}, error) } type namespaceProvider interface { @@ -68,7 +68,7 @@ func (a *actionHandler) Execute(ctx context.Context, req map[string]interface{}) func (a *actionHandler) execute(ctx context.Context, req map[string]interface{}) (int, error) { ac, err := action.FromMap(req) if err != nil { - return 0, fmt.Errorf("%v: %w", err, ErrQueryExecution) + return 0, fmt.Errorf("%w: %w", err, ErrQueryExecution) } var namespace string @@ -95,7 +95,7 @@ func (a *actionHandler) executeQuery(ctx context.Context, index string, ac actio start := time.Now() - hits, err := a.queryExec.Query(ctx, ac.Query) + hits, err := a.queryExec.Query(ctx, ac.Query, ac.Timeout) if err != nil { a.log.Errorf("Failed to execute query, err: %v", err) diff --git a/x-pack/osquerybeat/beater/action_handler_test.go b/x-pack/osquerybeat/beater/action_handler_test.go index 81925fdbe4b..f3008e4ee76 100644 --- a/x-pack/osquerybeat/beater/action_handler_test.go +++ b/x-pack/osquerybeat/beater/action_handler_test.go @@ -7,6 +7,7 @@ package beater import ( "context" "testing" + "time" "github.com/gofrs/uuid" "github.com/google/go-cmp/cmp" @@ -23,7 +24,7 @@ type mockExecutor struct { receivedSql string } -func (e *mockExecutor) Query(ctx context.Context, sql string) ([]map[string]interface{}, error) { +func (e *mockExecutor) Query(ctx context.Context, sql string, to time.Duration) ([]map[string]interface{}, error) { e.receivedSql = sql return e.result, e.err diff --git a/x-pack/osquerybeat/beater/osquerybeat.go b/x-pack/osquerybeat/beater/osquerybeat.go index 35e396a7c69..35b42914570 100644 --- a/x-pack/osquerybeat/beater/osquerybeat.go +++ b/x-pack/osquerybeat/beater/osquerybeat.go @@ -44,7 +44,8 @@ const ( // osqueryd child process requests configuration from the configuration plugin implemented in osquerybeat configurationRefreshIntervalSecs = 60 - osqueryTimeout = 60 * time.Second + osqueryTimeout = 1 * time.Minute + osqueryMaxTimeout = 15 * time.Minute ) const ( @@ -271,6 +272,7 @@ func (bt *osquerybeat) runOsquery(ctx context.Context, b *beat.Beat, osq *osqd.O cli := osqdcli.New(socketPath, osqdcli.WithLogger(bt.log), osqdcli.WithTimeout(osqueryTimeout), + osqdcli.WithMaxTimeout(osqueryMaxTimeout), osqdcli.WithCache(cache, adhocOsqueriesTypesCacheSize), ) @@ -337,7 +339,7 @@ func runExtensionServer(ctx context.Context, socketPath string, configPlugin *Co // Register config and logger extensions extserver, err := osquery.NewExtensionManagerServer(extManagerServerName, socketPath, osquery.ServerTimeout(timeout)) if err != nil { - return + return err } // Register osquery configuration plugin diff --git a/x-pack/osquerybeat/internal/action/action.go b/x-pack/osquerybeat/internal/action/action.go index 3eaeeaee5d8..8cfa59abc41 100644 --- a/x-pack/osquerybeat/internal/action/action.go +++ b/x-pack/osquerybeat/internal/action/action.go @@ -7,7 +7,9 @@ package action import ( "errors" "fmt" + "strconv" "strings" + "time" "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/ecs" ) @@ -17,8 +19,10 @@ var ( ) type Action struct { - Query string - ID string + Query string + ID string + // The optional action timeout + Timeout time.Duration ECSMapping ecs.Mapping } @@ -72,11 +76,24 @@ func FromMap(m map[string]interface{}) (a Action, err error) { return a, fmt.Errorf("missing query: %w", ErrActionRequest) } - return Action{ + a = Action{ Query: query, ID: id, ECSMapping: ecsm, - }, nil + } + + if v, ok := m["timeout"]; ok { + timeout, err := convertToInt64(v) + if err != nil { + return a, fmt.Errorf("invalid timeout value %v: %w", v, err) + } + if timeout > 0 { + // Convert from seconds to duration + a.Timeout = time.Duration(timeout) * time.Second + } + } + + return a, nil } func parseECSMapping(m map[string]interface{}) (ecsm ecs.Mapping, err error) { @@ -121,3 +138,31 @@ func parseECSMapping(m map[string]interface{}) (ecsm ecs.Mapping, err error) { } return ecsm, err } + +func convertToInt64(i interface{}) (int64, error) { + switch v := i.(type) { + case int8: + return int64(v), nil + case int16: + return int64(v), nil + case int32: + return int64(v), nil + case int64: + return v, nil + case uint8: + return int64(v), nil + case uint16: + return int64(v), nil + case uint32: + return int64(v), nil + case uint64: + return int64(v), nil + case float32: + return int64(v), nil + case float64: + return int64(v), nil + case string: + return strconv.ParseInt(v, 10, 64) + } + return 0, fmt.Errorf("unexpected type: %T", i) +} diff --git a/x-pack/osquerybeat/internal/osqdcli/client.go b/x-pack/osquerybeat/internal/osqdcli/client.go index a0a6c695904..ca9ce790580 100644 --- a/x-pack/osquerybeat/internal/osqdcli/client.go +++ b/x-pack/osquerybeat/internal/osqdcli/client.go @@ -21,7 +21,11 @@ import ( ) const ( - defaultTimeout = 30 * time.Second + // The default query timeout + defaultTimeout = 1 * time.Minute + + // The longest the query is allowed to run. Since queries are run one at a time, this will block all other queries until this query completes. + defaultMaxTimeout = 15 * time.Minute defaultConnectRetries = 10 ) @@ -50,8 +54,13 @@ func (e *ErrorQueryFailure) Error() string { } type Client struct { - socketPath string + socketPath string + + // Query timeout, currently can only be set at the transport level. + // This means that while the query will return with error the osqueryd internally continues to execute the query until completion. + // This is a known issue with osquery/osquery-go/thrift RPC implementation at the moment: there is effectively no way to cancel the long running query timeout time.Duration + maxTimeout time.Duration connectRetries int log *logp.Logger @@ -72,6 +81,13 @@ func WithTimeout(to time.Duration) Option { } } +// WithMaxTimeout allows to define the max timeout per query, default is defaultMaxTimeout +func WithMaxTimeout(maxTimeout time.Duration) Option { + return func(c *Client) { + c.maxTimeout = maxTimeout + } +} + func WithLogger(log *logp.Logger) Option { return func(c *Client) { c.log = log @@ -88,6 +104,7 @@ func New(socketPath string, opts ...Option) *Client { c := &Client{ socketPath: socketPath, timeout: defaultTimeout, + maxTimeout: defaultMaxTimeout, connectRetries: defaultConnectRetries, cache: &nullSafeCache{}, cliLimiter: semaphore.NewWeighted(limit), @@ -121,22 +138,31 @@ func (c *Client) Connect(ctx context.Context) error { func (c *Client) reconnect(ctx context.Context) error { c.close() + cli, err := c.connectWithRetry(ctx, c.timeout) + if err != nil { + return err + } + c.cli = cli + return nil +} +func (c *Client) connectWithRetry(ctx context.Context, timeout time.Duration) (cli *osquery.ExtensionManagerClient, err error) { r := retry{ maxRetry: c.connectRetries, retryWait: retryWait, log: c.log.With("context", "osquery client connect"), } - return r.Run(ctx, func(ctx context.Context) error { - cli, err := osquery.NewClient(c.socketPath, c.timeout) + err = r.Run(ctx, func(_ context.Context) error { + var err error + cli, err = osquery.NewClient(c.socketPath, timeout) if err != nil { r.log.Warnf("failed to connect, reconnect might be attempted, err: %v", err) return err } - c.cli = cli return nil }) + return cli, err } func (c *Client) Close() { @@ -153,12 +179,15 @@ func (c *Client) close() { } // Query executes a given query, resolves the types -func (c *Client) Query(ctx context.Context, sql string) ([]map[string]interface{}, error) { +// +// In order to workaround the issue https://github.com/elastic/beats/issues/36622 +// each query creates it's own RPC connection to osqueryd, allowing it to set a custom timeout per query. +// Current implementation of osqueryd RPC returns the error when the long running query times out, but this timeout is a transport timeout, +// that doesn't cancel the query execution itself. +// This also makes the client RPC unusable until the long running query finishes, returning errors for each subsequent query. +func (c *Client) Query(ctx context.Context, sql string, timeout time.Duration) ([]map[string]interface{}, error) { c.mx.Lock() defer c.mx.Unlock() - if c.cli == nil { - return nil, ErrClientClosed - } err := c.cliLimiter.Acquire(ctx, limit) if err != nil { @@ -166,11 +195,31 @@ func (c *Client) Query(ctx context.Context, sql string) ([]map[string]interface{ } defer c.cliLimiter.Release(limit) + // If query timeout is <= 0, then use client timeout (default is 1 minute) + if timeout <= 0 { + timeout = c.timeout + } + + // If query timeout is greater that the maxTimeout, set it to the max timeout value + if timeout > c.maxTimeout { + timeout = c.maxTimeout + } + + c.log.Debugf("osquery connect, query: %s, timeout: %v", sql, timeout) + + // Use a separate connection for queries in order to be able to recover from timed out queries + cli, err := c.connectWithRetry(ctx, timeout) + if err != nil { + return nil, err + } + defer cli.Close() + var res *genosquery.ExtensionResponse - res, err = c.cli.Client.Query(ctx, sql) + res, err = cli.QueryContext(ctx, sql) if err != nil { return nil, fmt.Errorf("osquery failed: %w", err) } + if res.Status.Code != int32(0) { return nil, &ErrorQueryFailure{ code: res.Status.Code, @@ -226,7 +275,7 @@ func (c *Client) queryColumnTypes(ctx context.Context, sql string) (map[string]s err error ) - exres, err = c.cli.Client.GetQueryColumns(ctx, sql) + exres, err = c.cli.GetQueryColumnsContext(ctx, sql) if err != nil { return nil, fmt.Errorf("osquery get query columns failed: %w", err) diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml index 7963a71ea5f..d6770083e62 100644 --- a/x-pack/osquerybeat/osquerybeat.reference.yml +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -787,6 +787,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is osquerybeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "osquerybeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -801,6 +803,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index 4c90eb43b9f..aebeb1947a6 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -1814,6 +1814,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is packetbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "packetbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1828,6 +1830,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index 8d0606ba516..5d52a07b37b 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1232,6 +1232,8 @@ setup.template.settings: # Set the lifecycle policy name or pattern. For DSL, this name must match the data stream that the lifecycle is for. # The default data stream pattern is winlogbeat-%{[agent.version]}" +# The template string `%{[agent.version]}` will resolve to the current stack version. +# The other possible template value is `%{[beat.name]}`. #setup.dsl.data_stream_pattern: "winlogbeat-%{[agent.version]}" # The path to a JSON file that contains a lifecycle policy configuration. Used @@ -1246,6 +1248,7 @@ setup.template.settings: # Overwrite the lifecycle policy at startup. The default is false. #setup.dsl.overwrite: false + # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.