[8.13](backport #38199) [Auditbeat] fim(ebpf): enrich file events with process data

[mergify]

Proposed commit message

fim(ebpf): enrich file events with process data

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• Make sure entity ID is calculated consistently everywhere // copied from https://github.com/elastic/beats/blob/main/x-pack/auditbeat/module/system/process/process.go#L139

Related issues

elastic/integrations#7401

Screenshot

---

This is an automatic backport of pull request #38199 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of dbdaac3 has failed:

On branch mergify/bp/8.13/pr-38199
Your branch is up to date with 'origin/8.13'.

You are currently cherry-picking commit dbdaac363e.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   CHANGELOG.next.asciidoc
	modified:   NOTICE.txt
	modified:   auditbeat/module/file_integrity/event.go
	modified:   auditbeat/module/file_integrity/event_linux.go
	modified:   auditbeat/module/file_integrity/event_linux_test.go
	modified:   auditbeat/tests/system/test_file_integrity.py
	new file:   libbeat/ebpf/sys/sys.go
	new file:   libbeat/ebpf/sys/time.go
	modified:   libbeat/tests/system/requirements.txt
	modified:   libbeat/tests/system/requirements_aix.txt
	modified:   metricbeat/Dockerfile

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod
	both modified:   go.sum

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[cla-checker-service]

💚 CLA has been signed

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 180 min 52 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[cmacknz]

This is a new feature. Not sure it is valid to backport this. The Python docker-compose fix should have been a separate PR. That fix also needs to go to 7.17 where the feature additional definitely can't go.

[cmacknz]

I'm not opposed to backporting this if it was always planned to be released in an 8.13.x patch release, I just want to doublecheck we aren't backporting this purely because of the CI fix it contains.

[cmacknz]

I have set the 7.17 backport which contains only the CI fix to also backport to 8.13 #38743.

[pkoutsovasilis]

This is a new feature. Not sure it is valid to backport this. The Python docker-compose fix should have been a separate PR. That fix also needs to go to 7.17 where the feature additional definitely can't go.

the feature is supposed to be backported @cmacknz so all under control.

[pkoutsovasilis]

so this CLA failure is for matt1 who is no longer part of elastic. should we merge this @cmacknz ?

[mergify]

This pull request has not been merged yet. Could you please review and merge it @pkoutsovasilis? 🙏