Skip to content

Commit

Permalink
update field values docs
Browse files Browse the repository at this point in the history
  • Loading branch information
ebeahan committed Oct 30, 2020
1 parent 052eb3b commit f52a5f5
Showing 1 changed file with 0 additions and 27 deletions.
27 changes: 0 additions & 27 deletions docs/field-values.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,6 @@
[[ecs-category-field-values-reference]]
== {ecs} Categorization Fields

WARNING: This section of ECS is in beta and is subject to change. These allowed values
are still under active development. Additional values will be published gradually,
and some of the values or relationships described here may change.
Users who want to provide feedback, or who want to have a look at
upcoming allowed values can visit this public feedback document
https://ela.st/ecs-categories-draft.

At a high level, ECS provides fields to classify events in two different ways:
"Where it's from" (e.g., `event.module`, `event.dataset`, `agent.type`, `observer.type`, etc.),
and "What it is." The categorization fields hold the "What it is" information,
Expand Down Expand Up @@ -38,11 +31,6 @@ This is one of four ECS Categorization Fields, and indicates the highest level i

The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not.

WARNING: After the beta period for categorization, only the allowed categorization
values listed in the ECS repository and official ECS documentation should be considered
official. Use of any other values may result in incompatible implementations
that will require subsequent breaking changes.

*Allowed Values*

* <<ecs-event-kind-alert,alert>>
Expand Down Expand Up @@ -125,11 +113,6 @@ This is one of four ECS Categorization Fields, and indicates the second level in

This field is an array. This will allow proper categorization of some events that fall in multiple categories.

WARNING: After the beta period for categorization, only the allowed categorization
values listed in the ECS repository and official ECS documentation should be considered
official. Use of any other values may result in incompatible implementations
that will require subsequent breaking changes.

*Allowed Values*

* <<ecs-event-category-authentication,authentication>>
Expand Down Expand Up @@ -345,11 +328,6 @@ This is one of four ECS Categorization Fields, and indicates the third level in

This field is an array. This will allow proper categorization of some events that fall in multiple event types.

WARNING: After the beta period for categorization, only the allowed categorization
values listed in the ECS repository and official ECS documentation should be considered
official. Use of any other values may result in incompatible implementations
that will require subsequent breaking changes.

*Allowed Values*

* <<ecs-event-type-access,access>>
Expand Down Expand Up @@ -510,11 +488,6 @@ Also note that in the case of a compound event (a single event that contains mul

Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense.

WARNING: After the beta period for categorization, only the allowed categorization
values listed in the ECS repository and official ECS documentation should be considered
official. Use of any other values may result in incompatible implementations
that will require subsequent breaking changes.

*Allowed Values*

* <<ecs-event-outcome-failure,failure>>
Expand Down

0 comments on commit f52a5f5

Please sign in to comment.