all: fix sample events to agree with ECS (#10136)

* cisco_umbrella * forgerock * lumos * mattermost * microsoft_exchange_online_message_trace * pulse_connect_secure * sentinel_one * ti_cybersixgill * trend_micro_vision_one Also fix missed changelog entry link in crowdstrike package.
elastic · Jun 12, 2024 · 3e97417 · 3e97417
1 parent a431cab
commit 3e97417
Show file tree

Hide file tree

Showing 53 changed files with 667 additions and 626 deletions.
diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.24.1"
+  changes:
+    - description: Fix sample event.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10136
 - version: "1.24.0"
   changes:
     - description: Make `event.category` field conform to ECS field definition.

diff --git a/packages/cisco_umbrella/data_stream/log/sample_event.json b/packages/cisco_umbrella/data_stream/log/sample_event.json
@@ -1,17 +1,17 @@
 {
     "@timestamp": "2024-03-14T18:59:23.000Z",
     "agent": {
-        "ephemeral_id": "e35b09c8-23c2-496b-adf0-0328de4ea63d",
-        "id": "2c5ad0eb-f525-4944-8ec2-2cb048f1147d",
+        "ephemeral_id": "4b522414-3f7d-4cec-a7f7-7df2a87de0c9",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.0"
+        "version": "8.13.0"
     },
     "aws": {
         "s3": {
             "bucket": {
-                "arn": "arn:aws:s3:::elastic-package-cisco-umbrella-bucket-33606",
-                "name": "elastic-package-cisco-umbrella-bucket-33606"
+                "arn": "arn:aws:s3:::elastic-package-cisco-umbrella-bucket-37380",
+                "name": "elastic-package-cisco-umbrella-bucket-37380"
             },
             "object": {
                 "key": "auditlogs.log"
@@ -37,24 +37,26 @@
     },
     "data_stream": {
         "dataset": "cisco_umbrella.log",
-        "namespace": "ep",
+        "namespace": "27145",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "2c5ad0eb-f525-4944-8ec2-2cb048f1147d",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.12.0"
+        "version": "8.13.0"
     },
     "event": {
         "action": "update",
         "agent_id_status": "verified",
-        "category": "configuration",
+        "category": [
+            "configuration"
+        ],
         "dataset": "cisco_umbrella.log",
         "id": "1757843536",
-        "ingested": "2024-04-12T02:04:00Z",
+        "ingested": "2024-06-12T03:03:50Z",
         "kind": "event",
         "original": "\"1757843536\",\"2024-03-14 18:59:23\",\"[email protected]\",\"Administrator\",\"logexportconfigurations\",\"update\",\"81.2.69.144\",\"\",\"includeAuditLog: 1\n\"",
         "type": [
@@ -66,7 +68,7 @@
     },
     "log": {
         "file": {
-            "path": "https://elastic-package-cisco-umbrella-bucket-33606.s3.us-east-1.amazonaws.com/auditlogs.log"
+            "path": "https://elastic-package-cisco-umbrella-bucket-37380.s3.us-east-1.amazonaws.com/auditlogs.log"
         },
         "offset": 529
     },

diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md
@@ -19,17 +19,17 @@ An example event for `log` looks as following:
 {
     "@timestamp": "2024-03-14T18:59:23.000Z",
     "agent": {
-        "ephemeral_id": "e35b09c8-23c2-496b-adf0-0328de4ea63d",
-        "id": "2c5ad0eb-f525-4944-8ec2-2cb048f1147d",
+        "ephemeral_id": "4b522414-3f7d-4cec-a7f7-7df2a87de0c9",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.12.0"
+        "version": "8.13.0"
     },
     "aws": {
         "s3": {
             "bucket": {
-                "arn": "arn:aws:s3:::elastic-package-cisco-umbrella-bucket-33606",
-                "name": "elastic-package-cisco-umbrella-bucket-33606"
+                "arn": "arn:aws:s3:::elastic-package-cisco-umbrella-bucket-37380",
+                "name": "elastic-package-cisco-umbrella-bucket-37380"
             },
             "object": {
                 "key": "auditlogs.log"
@@ -55,24 +55,26 @@ An example event for `log` looks as following:
     },
     "data_stream": {
         "dataset": "cisco_umbrella.log",
-        "namespace": "ep",
+        "namespace": "27145",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "2c5ad0eb-f525-4944-8ec2-2cb048f1147d",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.12.0"
+        "version": "8.13.0"
     },
     "event": {
         "action": "update",
         "agent_id_status": "verified",
-        "category": "configuration",
+        "category": [
+            "configuration"
+        ],
         "dataset": "cisco_umbrella.log",
         "id": "1757843536",
-        "ingested": "2024-04-12T02:04:00Z",
+        "ingested": "2024-06-12T03:03:50Z",
         "kind": "event",
         "original": "\"1757843536\",\"2024-03-14 18:59:23\",\"[email protected]\",\"Administrator\",\"logexportconfigurations\",\"update\",\"81.2.69.144\",\"\",\"includeAuditLog: 1\n\"",
         "type": [
@@ -84,7 +86,7 @@ An example event for `log` looks as following:
     },
     "log": {
         "file": {
-            "path": "https://elastic-package-cisco-umbrella-bucket-33606.s3.us-east-1.amazonaws.com/auditlogs.log"
+            "path": "https://elastic-package-cisco-umbrella-bucket-37380.s3.us-east-1.amazonaws.com/auditlogs.log"
         },
         "offset": 529
     },

diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: cisco_umbrella
 title: Cisco Umbrella
-version: "1.24.0"
+version: "1.24.1"
 description: Collect logs from Cisco Umbrella with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml
@@ -68,7 +68,7 @@
   changes:
     - description: Fix drive letter parsing.
       type: bugfix
-      link: https://github.com/elastic/integrations/pull/1
+      link: https://github.com/elastic/integrations/pull/9119
 - version: "1.28.2"
   changes:
     - description: Add missing type mapping for host fields.

diff --git a/packages/forgerock/changelog.yml b/packages/forgerock/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.17.1"
+  changes:
+    - description: Fix sample event.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10136
 - version: "1.17.0"
   changes:
     - description: Make `event.type` and `event.category` fields conform to ECS field definition.

diff --git a/packages/forgerock/data_stream/am_access/sample_event.json b/packages/forgerock/data_stream/am_access/sample_event.json
@@ -1,33 +1,35 @@
 {
     "@timestamp": "2022-11-06T18:16:43.813Z",
     "agent": {
-        "ephemeral_id": "d7b5cd10-b6c7-4ab2-8d07-043fb6d42e2b",
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "ephemeral_id": "82b02cc6-7222-4ccc-b7f4-4c1c55315484",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_access",
-        "namespace": "ep",
+        "namespace": "51919",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "event": {
         "action": "AM-SESSION-IDLE_TIMED_OUT",
         "agent_id_status": "verified",
-        "created": "2023-08-29T18:23:25.132Z",
+        "created": "2024-06-12T03:05:10.979Z",
         "dataset": "forgerock.am_access",
         "id": "688b24d9-968e-4a20-b471-9bd78f1e46ec-79599",
-        "ingested": "2023-08-29T18:23:28Z",
-        "type": "access"
+        "ingested": "2024-06-12T03:05:14Z",
+        "type": [
+            "access"
+        ]
     },
     "forgerock": {
         "eventName": "AM-SESSION-IDLE_TIMED_OUT",
@@ -60,4 +62,4 @@
     "user": {
         "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
     }
-}
+}
diff --git a/packages/forgerock/data_stream/am_activity/sample_event.json b/packages/forgerock/data_stream/am_activity/sample_event.json
@@ -1,32 +1,32 @@
 {
     "@timestamp": "2022-10-05T20:55:59.966Z",
     "agent": {
-        "ephemeral_id": "6af93045-8737-4c3a-87a6-6b24d24d94c3",
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "ephemeral_id": "9db3f780-4230-43f5-832f-203266705932",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_activity",
-        "namespace": "ep",
+        "namespace": "71478",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "event": {
         "action": "AM-SESSION-CREATED",
         "agent_id_status": "verified",
-        "created": "2023-08-29T18:24:18.086Z",
+        "created": "2024-06-12T03:05:53.025Z",
         "dataset": "forgerock.am_activity",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-438366",
-        "ingested": "2023-08-29T18:24:21Z",
+        "ingested": "2024-06-12T03:05:57Z",
         "reason": "CREATE"
     },
     "forgerock": {
@@ -62,4 +62,4 @@
         },
         "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
     }
-}
+}
diff --git a/packages/forgerock/data_stream/am_authentication/sample_event.json b/packages/forgerock/data_stream/am_authentication/sample_event.json
@@ -1,33 +1,35 @@
 {
     "@timestamp": "2022-10-05T18:21:48.253Z",
     "agent": {
-        "ephemeral_id": "3a49e2d0-3cf1-4a2f-8f79-88f5bcc4f5bb",
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "ephemeral_id": "2ffe10cc-935a-4457-869f-95b732cb0c8b",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_authentication",
-        "namespace": "ep",
+        "namespace": "88343",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "event": {
         "action": "AM-LOGIN-COMPLETED",
         "agent_id_status": "verified",
-        "category": "authentication",
-        "created": "2023-08-29T18:25:11.183Z",
+        "category": [
+            "authentication"
+        ],
+        "created": "2024-06-12T03:06:40.162Z",
         "dataset": "forgerock.am_authentication",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-256208",
-        "ingested": "2023-08-29T18:25:14Z",
+        "ingested": "2024-06-12T03:06:44Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -74,4 +76,4 @@
     "user": {
         "id": "id=autoid-resource-server,ou=agent,ou=am-config"
     }
-}
+}
diff --git a/packages/forgerock/data_stream/am_config/sample_event.json b/packages/forgerock/data_stream/am_config/sample_event.json
@@ -1,35 +1,35 @@
 {
     "@timestamp": "2022-09-20T14:40:10.664Z",
     "agent": {
-        "ephemeral_id": "8b20ca54-fc63-4851-8782-615436bf1368",
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "ephemeral_id": "4afe06fa-469e-40e2-babb-b30baf137536",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_config",
-        "namespace": "ep",
+        "namespace": "65246",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
+        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
         "snapshot": false,
-        "version": "8.9.1"
+        "version": "8.13.0"
     },
     "event": {
         "action": "AM-CONFIG-CHANGE",
         "agent_id_status": "verified",
         "category": [
             "configuration"
         ],
-        "created": "2023-08-29T18:26:03.247Z",
+        "created": "2024-06-12T03:07:28.334Z",
         "dataset": "forgerock.am_config",
         "id": "4e8550cd-71d6-4a08-b5b0-bb63bcbbc960-20605",
-        "ingested": "2023-08-29T18:26:06Z"
+        "ingested": "2024-06-12T03:07:31Z"
     },
     "forgerock": {
         "level": "INFO",
@@ -62,4 +62,4 @@
         },
         "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
     }
-}
+}