Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.0] [RAC,Security Solution]Update alerts mappings to ECS 1.12 (#118812) #119874

Merged
merged 1 commit into from
Nov 29, 2021
Merged

[8.0] [RAC,Security Solution]Update alerts mappings to ECS 1.12 (#118812) #119874

merged 1 commit into from
Nov 29, 2021

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Nov 29, 2021

Backports the following commits to 8.0:

@rylnd @ecezalp @kibanamachine
[RAC,Security Solution]Update alerts mappings to ECS 1.12 (elastic#11…
f1ea21c 
…8812)

* Update output directory for generative script

These files were moved in elastic#98935 but the script has become out of date.

* Update ECS fieldmap with ECS 1.12

This fieldmap was missing fields from ECS 1.11+. Notable ommissions were
the threat.indicator and threat.enrichments fieldsets.

* Remove non-additive mappings changes

These are incompatible with the current alerts framework.

* Add only necessary threat fields for CTI features

This could probably be pared down further, as most of these fields are
not critical for CTI features. Additionally, these additions now exceed
the limit of 1000 fields and is causing an error in the ruleRegistry
bootstrapping.

* Remove file.pe threat fields

* Remove geo threat indicator fields

* Remove all threat.indicator mappings

These are not relevant for alerts, which will only have enrichments.

* increments index mappings total fields limit to 1200

Co-authored-by: Ece Ozalp <ozale272@newschool.edu>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@rylnd rylnd added the backport label Nov 29, 2021
@rylnd rylnd enabled auto-merge (squash) November 29, 2021 18:40
@rylnd rylnd merged commit 4cbe554 into elastic:8.0 Nov 29, 2021
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
apm 2.7MB 2.7MB +6.6KB
observability 361.9KB 368.6KB +6.6KB
total +13.3KB

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd deleted the backport/8.0/pr-118812 branch November 29, 2021 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rylnd @kibana-ci