Adds split out fields for subject and issuer

elastic · Mar 25, 2020 · 432c6cf · 432c6cf
1 parent a54d51f
commit 432c6cf
Show file tree

Hide file tree

Showing 10 changed files with 2,458 additions and 113 deletions.
diff --git a/code/go/ecs/x509.go b/code/go/ecs/x509.go
diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc
@@ -6081,6 +6081,29 @@ example: `tls`
 
 // ===============================================================
 
+|=====
+
+==== Field Reuse
+
+
+
+
+[[ecs-tls-nestings]]
+===== Field sets that can be nested under TLS
+
+[options="header"]
+|=====
+| Nested fields | Description
+
+// ===============================================================
+
+
+| <<ecs-x509,tls.x509.*>>
+| These fields contain x509 certificate metadata.
+
+// ===============================================================
+
+
 |=====
 
 [[ecs-tracing]]
@@ -6842,11 +6865,11 @@ example: `Critical`
 |=====
 
 [[ecs-x509]]
-=== x509 Certificate information Fields
+=== x509 Certificate Fields
 
 These fields contain x509 certificate metadata.
 
-==== x509 Certificate information Field Details
+==== x509 Certificate Field Details
 
 [options="header"]
 |=====
@@ -6867,14 +6890,92 @@ example: `*.elastic.co`
 
 // ===============================================================
 
-| x509.issuer
+| x509.issuer.common_name
+| Common name (CN) of issuing certificate authority.
+
+type: keyword
+
+
+
+example: `DigiCert SHA2 High Assurance Server CA`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.country
+| Country (C) code
+
+type: keyword
+
+
+
+example: `US`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.distinguished_name
 | Distinguished name (DN) of issuing certificate authority.
 
 type: keyword
 
 
 
-example: `C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3`
+example: `C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.locality
+| Locality name (L)
+
+type: keyword
+
+
+
+example: `Mountain View`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.organization
+| Organizational units (O) of issuing certificate authority.
+
+type: keyword
+
+
+
+example: `DigiCert Inc`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.organizational_unit
+| List of organizational units (OU) of issuing certificate authority.
+
+type: keyword
+
+
+
+example: `www.digicert.com`
+
+| extended
+
+// ===============================================================
+
+| x509.issuer.state_or_province
+| State or province name (ST, S, or P)
+
+type: keyword
+
+
+
+example: `California`
 
 | extended
 
@@ -6984,7 +7085,33 @@ example: `SHA256-RSA`
 
 // ===============================================================
 
-| x509.subject
+| x509.subject.common_name
+| Common name (CN) of subject.
+
+type: keyword
+
+
+
+example: `r2.shared.global.fastly.net`
+
+| extended
+
+// ===============================================================
+
+| x509.subject.country
+| Country (C) code
+
+type: keyword
+
+
+
+example: `US`
+
+| extended
+
+// ===============================================================
+
+| x509.subject.distinguished_name
 | Distinguished name (DN) of the certificate subject entity.
 
 type: keyword
@@ -6997,6 +7124,58 @@ example: `C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=r2.shared.glo
 
 // ===============================================================
 
+| x509.subject.locality
+| Locality name (L)
+
+type: keyword
+
+
+
+example: `San Francisco`
+
+| extended
+
+// ===============================================================
+
+| x509.subject.organization
+| Organizational units (O) of subject.
+
+type: keyword
+
+
+
+example: `Fastly, Inc.`
+
+| extended
+
+// ===============================================================
+
+| x509.subject.organizational_unit
+| List of organizational units (OU) of subject.
+
+type: keyword
+
+
+
+
+
+| extended
+
+// ===============================================================
+
+| x509.subject.state_or_province
+| State or province name (ST, S, or P)
+
+type: keyword
+
+
+
+example: `California`
+
+| extended
+
+// ===============================================================
+
 | x509.version_number
 | Version of x509 format.
 
@@ -7014,7 +7193,7 @@ example: `3`
 
 ==== Field Reuse
 
-The `x509` fields are expected to be nested at: `file.x509`.
+The `x509` fields are expected to be nested at: `file.x509`, `tls.x509`.
 
 Note also that the `x509` fields are not expected to be used directly at the top level.
 

diff --git a/docs/fields.asciidoc b/docs/fields.asciidoc
@@ -104,7 +104,7 @@ all fields are defined.
 
 | <<ecs-vulnerability,Vulnerability>> | Fields to describe the vulnerability relevant to an event.
 
-| <<ecs-x509,x509 Certificate information>> | These fields contain x509 certificate metadata.
+| <<ecs-x509,x509 Certificate>> | These fields contain x509 certificate metadata.
 
 |=====
-Original file line number
+Diff line change
@@ Expand Up / @@ -104,7 +104,7 @@ all fields are defined. @@
     | <<ecs-vulnerability,Vulnerability>> | Fields to describe the vulnerability relevant to an event.
-    | <<ecs-x509,x509 Certificate information>> | These fields contain x509 certificate metadata.
+    | <<ecs-x509,x509 Certificate>> | These fields contain x509 certificate metadata.
     |=====
@@ Expand Down @@