Skip to content

Commit

Permalink
Remove expected_event_types from protocol (#964)
Browse files Browse the repository at this point in the history
  • Loading branch information
ebeahan authored Sep 8, 2020
1 parent e2650b8 commit ff4885d
Show file tree
Hide file tree
Showing 5 changed files with 2 additions and 22 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ Thanks, you're awesome :-) -->

#### Bugfixes

* The `protocol` allowed value under `event.type` should not have the `expected_event_types` defined. #964

#### Added

* Added Mime Type fields to HTTP request and response. #944
Expand Down
4 changes: 0 additions & 4 deletions docs/field-values.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -439,10 +439,6 @@ The installation event type is used for the subset of events within a category t
The protocol event type is used for the subset of events within a category that indicate that they contain protocol details or analysis, beyond simply identifying the protocol. Generally, network events that contain specific protocol details will fall into this subcategory. A common example is `event.category:network AND event.type:protocol AND event.type:connection AND event.type:end` (to indicate that the event is a network connection event sent at the end of a connection that also includes a protocol detail breakdown). Note that events that only indicate the name or id of the protocol should not use the protocol value. Further note that when the protocol subcategory is used, the identified protocol is populated in the ECS `network.protocol` field.


*Expected event types for category protocol:*

access, change, end, info, start


[float]
[[ecs-event-type-start]]
Expand Down
6 changes: 0 additions & 6 deletions generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2298,12 +2298,6 @@ event.type:
indicate the name or id of the protocol should not use the protocol value. Further
note that when the protocol subcategory is used, the identified protocol is
populated in the ECS `network.protocol` field.
expected_event_types:
- access
- change
- end
- info
- start
name: protocol
- description: The start event type is used for the subset of events within a category
that indicate something has started. A common example is `event.category:process
Expand Down
6 changes: 0 additions & 6 deletions generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2701,12 +2701,6 @@ event:
should not use the protocol value. Further note that when the protocol subcategory
is used, the identified protocol is populated in the ECS `network.protocol`
field.
expected_event_types:
- access
- change
- end
- info
- start
name: protocol
- description: The start event type is used for the subset of events within
a category that indicate something has started. A common example is `event.category:process
Expand Down
6 changes: 0 additions & 6 deletions schemas/event.yml
Original file line number Diff line number Diff line change
Expand Up @@ -469,12 +469,6 @@
Note that events that only indicate the name or id of the protocol should not use the protocol value.
Further note that when the protocol subcategory is used, the identified protocol is populated in
the ECS `network.protocol` field.
expected_event_types:
- access
- change
- end
- info
- start
- name: start
description: >
The start event type is used for the subset of events within a category
Expand Down

0 comments on commit ff4885d

Please sign in to comment.