Skip to content

Commit 9b843db

Browse files
maxcoldclaude
andcommitted
Rename overridden ECS fields files to ecs-overridden.yml across CDR transforms
Rename ecs.yml to ecs-overridden.yml for transforms that only contain constant_keyword type overrides in aws (awsconfig, awsinspector), aws_securityhub, google_scc, and microsoft_defender_endpoint. Also strip external: ecs from all ecs-overridden.yml files for consistency. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 65a65b9 commit 9b843db

File tree

20 files changed

+23
-31
lines changed

20 files changed

+23
-31
lines changed

‎packages/aws/changelog.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# newer versions go on top
22
- version: "6.3.0"
33
changes:
4-
- description: Removed ECS field definitions from CDR misconfiguration transform, now covered by ecs@mappings component template on transform destination index templates.
4+
- description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml for awsconfig and awsinspector transforms.
55
type: enhancement
66
link: https://github.com/elastic/integrations/pull/17552
77
- version: "6.2.0"

packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs.yml renamed to packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs-overridden.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
1+
# Define ECS constant fields as constant_keyword
12
- name: cloud.provider
23
type: constant_keyword
3-
external: ecs
44
- name: observer.vendor
55
type: constant_keyword
6-
external: ecs

packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml renamed to packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs-overridden.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
# Define ECS constant fields as constant_keyword
22
- name: observer.vendor
33
type: constant_keyword
4-
external: ecs
54
- name: vulnerability.scanner.vendor
65
type: constant_keyword
7-
external: ecs

‎packages/aws_securityhub/changelog.yml‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "0.2.0"
3+
changes:
4+
- description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/17552
27
- version: "0.1.0"
38
changes:
49
- description: Initial release.

packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs.yml renamed to packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
# Define ECS constant fields as constant_keyword
22
- name: observer.vendor
33
type: constant_keyword
4-
external: ecs
54
- name: vulnerability.scanner.vendor
65
type: constant_keyword
7-
external: ecs

packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml renamed to packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs-overridden.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
# Define ECS constant fields as constant_keyword
22
- name: observer.vendor
33
type: constant_keyword
4-
external: ecs
54
- name: vulnerability.scanner.vendor
65
type: constant_keyword
7-
external: ecs

‎packages/aws_securityhub/manifest.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
format_version: 3.5.0
22
name: aws_securityhub
33
title: "AWS Security Hub"
4-
version: 0.1.0
4+
version: 0.2.0
55
source:
66
license: "Elastic-2.0"
77
description: Collect logs from AWS Security Hub with Elastic Agent.

‎packages/google_scc/changelog.yml‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "2.3.0"
3+
changes:
4+
- description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/17552
27
- version: "2.2.2"
38
changes:
49
- description: Remove duplicate security-solution-default tag references

packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml renamed to packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
11
# Define ECS constant fields as constant_keyword
22
- name: observer.vendor
33
type: constant_keyword
4-
external: ecs

packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs.yml renamed to packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
# Define ECS constant fields as constant_keyword
22
- name: observer.vendor
33
type: constant_keyword
4-
external: ecs
54
- name: vulnerability.scanner.vendor
65
type: constant_keyword
7-
external: ecs

0 commit comments

Comments
 (0)