diff --git a/packages/azure/changelog.yml b/packages/azure/changelog.yml index 643fdecc909..bc13cd00b17 100644 --- a/packages/azure/changelog.yml +++ b/packages/azure/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.11.2" + changes: + - description: Add missing ECS field definitions. + type: bugfix + link: https://github.com/elastic/integrations/pull/9738 - version: "1.11.1" changes: - description: Update description for event hub parameter name recommendations. diff --git a/packages/azure/data_stream/graphactivitylogs/_dev/test/pipeline/test-common-config.yml b/packages/azure/data_stream/graphactivitylogs/_dev/test/pipeline/test-common-config.yml index 0dfb4300ff0..f00b11ca2b6 100644 --- a/packages/azure/data_stream/graphactivitylogs/_dev/test/pipeline/test-common-config.yml +++ b/packages/azure/data_stream/graphactivitylogs/_dev/test/pipeline/test-common-config.yml @@ -1,7 +1,6 @@ fields: tags: - preserve_original_event - dynamic_fields: # This can be removed after ES 8.14 is the minimum version. # Relates: https://github.com/elastic/elasticsearch/pull/105689 diff --git a/packages/azure/data_stream/graphactivitylogs/fields/ecs.yml b/packages/azure/data_stream/graphactivitylogs/fields/ecs.yml index b8b7c4f4bfa..1a4e00bc06e 100644 --- a/packages/azure/data_stream/graphactivitylogs/fields/ecs.yml +++ b/packages/azure/data_stream/graphactivitylogs/fields/ecs.yml @@ -1,3 +1,7 @@ +- name: client.as.number + external: ecs +- name: client.as.organization.name + external: ecs - name: client.ip external: ecs - name: client.geo.city_name @@ -56,6 +60,10 @@ external: ecs - name: source.address external: ecs +- name: source.as.number + external: ecs +- name: source.as.organization.name + external: ecs - name: source.geo.city_name external: ecs - name: source.geo.continent_name diff --git a/packages/azure/docs/graphactivitylogs.md b/packages/azure/docs/graphactivitylogs.md index 4f6d123ff0a..08fc03545b8 100644 --- a/packages/azure/docs/graphactivitylogs.md +++ b/packages/azure/docs/graphactivitylogs.md @@ -253,6 +253,9 @@ An example event for `graphactivitylogs` looks as following: | azure.resource.provider | Resource type/namespace. | keyword | | azure.subscription_id | Azure subscription ID. | keyword | | azure.tenant_id | tenant ID. | keyword | +| client.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| client.as.organization.name | Organization name. | keyword | +| client.as.organization.name.text | Multi-field of `client.as.organization.name`. | match_only_text | | client.geo.city_name | City name. | keyword | | client.geo.continent_name | Name of the continent. | keyword | | client.geo.country_iso_code | Country ISO code. | keyword | @@ -317,6 +320,9 @@ An example event for `graphactivitylogs` looks as following: | related.ip | All of the IPs seen on your event. | ip | | related.user | All the user names or other user identifiers seen on the event. | keyword | | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | +| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | +| source.as.organization.name | Organization name. | keyword | +| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.geo.city_name | City name. | keyword | | source.geo.continent_name | Name of the continent. | keyword | | source.geo.country_iso_code | Country ISO code. | keyword | diff --git a/packages/azure/manifest.yml b/packages/azure/manifest.yml index ab2e428a32a..d68a34cc8ac 100644 --- a/packages/azure/manifest.yml +++ b/packages/azure/manifest.yml @@ -1,6 +1,6 @@ name: azure title: Azure Logs -version: 1.11.1 +version: 1.11.2 description: This Elastic integration collects logs from Azure type: integration icons: diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 525898a80b0..f1bf45a5ead 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.32.2" + changes: + - description: Fix geoip mapping to destination. + type: bugfix + link: https://github.com/elastic/integrations/pull/9738 - version: "1.32.1" changes: - description: Fix cache option name in FDR data stream. diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index 9957d1b2728..5fca7f20fad 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -323,7 +323,7 @@ processors: - geoip: database_file: GeoLite2-ASN.mmdb field: destination.ip - target_field: source.as + target_field: destination.as properties: - asn - organization_name diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index d7aac1271b3..563505fe192 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.32.1" +version: "1.32.2" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: "3.0.0"