[Security Solution] Updates Beats fields metadata (#97719)

* Make script dynamic on our BEATS_VERSION constant * Update hardcoded file path in script * Update fields with 7.12.0 beats * Update BEATS_VERSION to reflect what's been captured thus far I simply neglected to commit this change previously * Update unit test implicitly testing field descriptions The fields under test here had a minor grammatical change. Co-authored-by: Kibana Machine <[email protected]>
elastic · May 4, 2021 · 6130f16 · 6130f16
1 parent eba699c
commit 6130f16
Show file tree

Hide file tree

Showing 3 changed files with 6,956 additions and 740 deletions.
diff --git a/x-pack/plugins/security_solution/scripts/beat_docs/build.js b/x-pack/plugins/security_solution/scripts/beat_docs/build.js
@@ -26,35 +26,32 @@ const zlib = require('zlib');
 
 const OUTPUT_DIRECTORY = resolve('scripts', 'beat_docs');
 const OUTPUT_SERVER_DIRECTORY = resolve('server', 'utils', 'beat_schema');
+const BEATS_VERSION = '7.12.0';
 
 const beats = [
   {
-    filePath: `${OUTPUT_DIRECTORY}/auditbeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/auditbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
     index: 'auditbeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/auditbeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/auditbeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
   },
   {
-    filePath: `${OUTPUT_DIRECTORY}/filebeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/filebeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
     index: 'filebeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/filebeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/filebeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
   },
   {
-    filePath: `${OUTPUT_DIRECTORY}/packetbeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/packetbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
     index: 'packetbeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/packetbeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/packetbeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
   },
   {
-    filePath: `${OUTPUT_DIRECTORY}/winlogbeat-7.9.0-windows-x86_64.zip`,
+    filePath: `${OUTPUT_DIRECTORY}/winlogbeat-${BEATS_VERSION}-windows-x86_64.zip`,
     index: 'winlogbeat-*',
     outputDir: `${OUTPUT_DIRECTORY}`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-7.9.0-windows-x86_64.zip',
+    url: `https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-${BEATS_VERSION}-windows-x86_64.zip`,
   },
 ];
 
@@ -141,13 +138,13 @@ const manageZipFields = async (beat, filePath, beatFields) => {
     await extract(filePath, { dir: beat.outputDir });
     console.log('building fields', beat.index);
     const obj = yaml.load(
-      fs.readFileSync(`${beat.outputDir}/winlogbeat-7.9.0-windows-x86_64/fields.yml`, {
+      fs.readFileSync(`${beat.outputDir}/winlogbeat-${BEATS_VERSION}-windows-x86_64/fields.yml`, {
         encoding: 'utf-8',
       })
     );
     const eBeatFields = convertSchemaToHash(obj, beatFields);
     console.log('deleting files', beat.index);
-    rimraf.sync(`${beat.outputDir}/winlogbeat-7.9.0-windows-x86_64`);
+    rimraf.sync(`${beat.outputDir}/winlogbeat-${BEATS_VERSION}-windows-x86_64`);
     rimraf.sync(beat.filePath);
 
     return eBeatFields;
@@ -221,7 +218,7 @@ async function main() {
       * 2.0.
       */
 
-      import { BeatFields } from '../../../common/search_strategy/security_solution/beat_fields';
+      import { BeatFields } from '../../../common/search_strategy/index_fields';
 
       /* eslint-disable @typescript-eslint/naming-convention */
       export const fieldsBeat: BeatFields =

diff --git a/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts
@@ -126,7 +126,7 @@ describe('Index Fields', () => {
           },
           {
             description:
-              'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+              'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
             example: 'filebeat',
             name: 'agent.type',
             type: 'string',
@@ -252,7 +252,7 @@ describe('Index Fields', () => {
         {
           category: 'agent',
           description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
           example: 'filebeat',
           name: 'agent.type',
           type: 'string',
@@ -426,7 +426,7 @@ describe('Index Fields', () => {
         {
           category: 'agent',
           description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
           example: 'filebeat',
           name: 'agent.type',
           type: 'string',