-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECURITY-ENDPOINT: add fields for events to metadata document #70491
SECURITY-ENDPOINT: add fields for events to metadata document #70491
Conversation
@@ -399,6 +399,13 @@ export type HostMetadata = Immutable<{ | |||
'@timestamp': number; | |||
event: { | |||
created: number; | |||
kind: string; | |||
id: string; | |||
category: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
category
and type
can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.
@@ -363,6 +363,13 @@ export class EndpointDocGenerator { | |||
'@timestamp': ts, | |||
event: { | |||
created: ts, | |||
id: this.seededUUIDv4(), | |||
kind: 'metric', | |||
category: 'host', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
category
and type
can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.
My suggestion would be to mimic that and do category: ['host']
type: ['info']
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
…c#70491) SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
* master: (46 commits) [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688) Use dynamic: false for config saved object mappings (elastic#70436) [Ingest Pipelines] Error messages (elastic#70167) [APM] Show transaction rate per minute on Observability Overview page (elastic#70336) Filter out error when calculating a label (elastic#69934) [Visualizations] Each visType returns its supported triggers (elastic#70177) [Telemetry] Report data shippers (elastic#64935) Reduce SavedObjects mappings for Application Usage (elastic#70475) [Lens] fix dimension label performance issues (elastic#69978) Skip failing endgame tests (elastic#70548) [SIEM] Reenabling Cypress tests (elastic#70397) [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707) [Security] Adds field mapping support to rule creation (elastic#70288) SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491) Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130) [SIEM][Exceptions] - Exception builder component (elastic#67013) [Ingest Manager] Rename data sources to package configs (elastic#70259) skip suites blocking es snapshot promomotion (elastic#70532) [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503) fix export response (elastic#70473) ...
#70547) SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Issue:
https://github.com/elastic/endpoint-app-team/issues/492
Checklist