Skip to content

Commit

Permalink
Refresh ECS, Beats manifest and schemas (#3993)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shashank-elastic
shashank-elastic authored Aug 20, 2024
1 parent 10ba6ad commit d3dc231
Show file tree
Hide file tree
Showing 72 changed files with 130 additions and 220 deletions.
36 changes: 9 additions & 27 deletions detection_rules/etc/api_schemas/master/master.base.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,6 @@
},
"name": {
"description": "RuleName",
"pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$",
"type": "string"
},
"note": {
Expand Down Expand Up @@ -182,6 +181,10 @@
"min_compat": "8.3",
"type": "array"
},
"revision": {
"min_compat": "8.8",
"type": "integer"
},
"risk_score": {
"description": "MaxSignals",
"maximum": 100,
Expand Down Expand Up @@ -364,36 +367,10 @@
},
"timeline_id": {
"description": "TimelineTemplateId",
"enum": [
"db366523-f1c6-4c1f-8731-6ce5ed9e5717",
"91832785-286d-4ebe-b884-1a208d111a70",
"76e52245-7519-4251-91ab-262fb1a1728c",
"495ad7a7-316e-4544-8a0f-9c098daee76e",
"4d4c0b59-ea83-483f-b8c1-8c360ee53c5c",
"e70679c2-6cde-4510-9764-4823df18f7db",
"300afc76-072d-4261-864d-4149714bf3f1",
"3e47ef71-ebfc-4520-975c-cb27fc090799",
"3e827bab-838a-469f-bd1e-5e19a2bff2fd",
"4434b91a-94ca-4a89-83cb-a37cdc0532b7"
],
"enumNames": [],
"type": "string"
},
"timeline_title": {
"description": "TimelineTemplateTitle",
"enum": [
"Generic Endpoint Timeline",
"Generic Network Timeline",
"Generic Process Timeline",
"Generic Threat Match Timeline",
"Comprehensive File Timeline",
"Comprehensive Process Timeline",
"Comprehensive Network Timeline",
"Comprehensive Registry Timeline",
"Alerts Involving a Single User Timeline",
"Alerts Involving a Single Host Timeline"
],
"enumNames": [],
"type": "string"
},
"timestamp_override": {
Expand All @@ -415,6 +392,11 @@
],
"enumNames": [],
"type": "string"
},
"version": {
"description": "PositiveInteger",
"minimum": 1,
"type": "integer"
}
},
"required": [
Expand Down
36 changes: 9 additions & 27 deletions detection_rules/etc/api_schemas/master/master.eql.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,6 @@
},
"name": {
"description": "RuleName",
"pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$",
"type": "string"
},
"note": {
Expand Down Expand Up @@ -258,6 +257,10 @@
"min_compat": "8.3",
"type": "array"
},
"revision": {
"min_compat": "8.8",
"type": "integer"
},
"risk_score": {
"description": "MaxSignals",
"maximum": 100,
Expand Down Expand Up @@ -444,36 +447,10 @@
},
"timeline_id": {
"description": "TimelineTemplateId",
"enum": [
"db366523-f1c6-4c1f-8731-6ce5ed9e5717",
"91832785-286d-4ebe-b884-1a208d111a70",
"76e52245-7519-4251-91ab-262fb1a1728c",
"495ad7a7-316e-4544-8a0f-9c098daee76e",
"4d4c0b59-ea83-483f-b8c1-8c360ee53c5c",
"e70679c2-6cde-4510-9764-4823df18f7db",
"300afc76-072d-4261-864d-4149714bf3f1",
"3e47ef71-ebfc-4520-975c-cb27fc090799",
"3e827bab-838a-469f-bd1e-5e19a2bff2fd",
"4434b91a-94ca-4a89-83cb-a37cdc0532b7"
],
"enumNames": [],
"type": "string"
},
"timeline_title": {
"description": "TimelineTemplateTitle",
"enum": [
"Generic Endpoint Timeline",
"Generic Network Timeline",
"Generic Process Timeline",
"Generic Threat Match Timeline",
"Comprehensive File Timeline",
"Comprehensive Process Timeline",
"Comprehensive Network Timeline",
"Comprehensive Registry Timeline",
"Alerts Involving a Single User Timeline",
"Alerts Involving a Single Host Timeline"
],
"enumNames": [],
"type": "string"
},
"timestamp_field": {
Expand All @@ -491,6 +468,11 @@
"eql"
],
"type": "string"
},
"version": {
"description": "PositiveInteger",
"minimum": 1,
"type": "integer"
}
},
"required": [
Expand Down
36 changes: 9 additions & 27 deletions detection_rules/etc/api_schemas/master/master.esql.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,6 @@
},
"name": {
"description": "RuleName",
"pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$",
"type": "string"
},
"note": {
Expand Down Expand Up @@ -254,6 +253,10 @@
"min_compat": "8.3",
"type": "array"
},
"revision": {
"min_compat": "8.8",
"type": "integer"
},
"risk_score": {
"description": "MaxSignals",
"maximum": 100,
Expand Down Expand Up @@ -436,36 +439,10 @@
},
"timeline_id": {
"description": "TimelineTemplateId",
"enum": [
"db366523-f1c6-4c1f-8731-6ce5ed9e5717",
"91832785-286d-4ebe-b884-1a208d111a70",
"76e52245-7519-4251-91ab-262fb1a1728c",
"495ad7a7-316e-4544-8a0f-9c098daee76e",
"4d4c0b59-ea83-483f-b8c1-8c360ee53c5c",
"e70679c2-6cde-4510-9764-4823df18f7db",
"300afc76-072d-4261-864d-4149714bf3f1",
"3e47ef71-ebfc-4520-975c-cb27fc090799",
"3e827bab-838a-469f-bd1e-5e19a2bff2fd",
"4434b91a-94ca-4a89-83cb-a37cdc0532b7"
],
"enumNames": [],
"type": "string"
},
"timeline_title": {
"description": "TimelineTemplateTitle",
"enum": [
"Generic Endpoint Timeline",
"Generic Network Timeline",
"Generic Process Timeline",
"Generic Threat Match Timeline",
"Comprehensive File Timeline",
"Comprehensive Process Timeline",
"Comprehensive Network Timeline",
"Comprehensive Registry Timeline",
"Alerts Involving a Single User Timeline",
"Alerts Involving a Single Host Timeline"
],
"enumNames": [],
"type": "string"
},
"timestamp_override": {
Expand All @@ -479,6 +456,11 @@
"esql"
],
"type": "string"
},
"version": {
"description": "PositiveInteger",
"minimum": 1,
"type": "integer"
}
},
"required": [
Expand Down
90 changes: 63 additions & 27 deletions detection_rules/etc/api_schemas/master/master.machine_learning.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,60 @@
},
"type": "array"
},
"alert_suppression": {
"additionalProperties": false,
"properties": {
"duration": {
"additionalProperties": false,
"properties": {
"unit": {
"enum": [
"s",
"m",
"h"
],
"enumNames": [],
"type": "string"
},
"value": {
"description": "AlertSupressionValue",
"minimum": 1,
"type": "integer"
}
},
"required": [
"unit",
"value"
],
"type": "object"
},
"group_by": {
"description": "AlertSuppressionGroupBy",
"items": {
"description": "NonEmptyStr",
"minLength": 1,
"type": "string"
},
"maxItems": 3,
"minItems": 1,
"type": "array"
},
"missing_fields_strategy": {
"description": "AlertSuppressionMissing",
"enum": [
"suppress",
"doNotSuppress"
],
"enumNames": [],
"type": "string"
}
},
"required": [
"group_by",
"missing_fields_strategy"
],
"type": "object"
},
"anomaly_threshold": {
"type": "integer"
},
Expand Down Expand Up @@ -128,7 +182,6 @@
},
"name": {
"description": "RuleName",
"pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$",
"type": "string"
},
"note": {
Expand Down Expand Up @@ -198,6 +251,10 @@
"min_compat": "8.3",
"type": "array"
},
"revision": {
"min_compat": "8.8",
"type": "integer"
},
"risk_score": {
"description": "MaxSignals",
"maximum": 100,
Expand Down Expand Up @@ -380,36 +437,10 @@
},
"timeline_id": {
"description": "TimelineTemplateId",
"enum": [
"db366523-f1c6-4c1f-8731-6ce5ed9e5717",
"91832785-286d-4ebe-b884-1a208d111a70",
"76e52245-7519-4251-91ab-262fb1a1728c",
"495ad7a7-316e-4544-8a0f-9c098daee76e",
"4d4c0b59-ea83-483f-b8c1-8c360ee53c5c",
"e70679c2-6cde-4510-9764-4823df18f7db",
"300afc76-072d-4261-864d-4149714bf3f1",
"3e47ef71-ebfc-4520-975c-cb27fc090799",
"3e827bab-838a-469f-bd1e-5e19a2bff2fd",
"4434b91a-94ca-4a89-83cb-a37cdc0532b7"
],
"enumNames": [],
"type": "string"
},
"timeline_title": {
"description": "TimelineTemplateTitle",
"enum": [
"Generic Endpoint Timeline",
"Generic Network Timeline",
"Generic Process Timeline",
"Generic Threat Match Timeline",
"Comprehensive File Timeline",
"Comprehensive Process Timeline",
"Comprehensive Network Timeline",
"Comprehensive Registry Timeline",
"Alerts Involving a Single User Timeline",
"Alerts Involving a Single Host Timeline"
],
"enumNames": [],
"type": "string"
},
"timestamp_override": {
Expand All @@ -423,6 +454,11 @@
"machine_learning"
],
"type": "string"
},
"version": {
"description": "PositiveInteger",
"minimum": 1,
"type": "integer"
}
},
"required": [
Expand Down
Loading

0 comments on commit d3dc231

Please sign in to comment.