elastic
diff --git a/‎.ci/Jenkinsfile‎
Lines changed: 1 addition & 1 deletion b/‎.ci/Jenkinsfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 8 additions & 8 deletions b/‎go.mod‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎go.sum‎
Lines changed: 158 additions & 12 deletions b/‎go.sum‎
Lines changed: 158 additions & 12 deletions
diff --git a/‎packages/1password/_dev/build/build.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/1password/_dev/build/build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/1password/_dev/build/docs/README.md‎
Lines changed: 37 additions & 0 deletions b/‎packages/1password/_dev/build/docs/README.md‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎packages/1password/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/1password/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json‎
Lines changed: 4 additions & 4 deletions b/‎packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/1password/data_stream/item_usages/fields/ecs.yml‎
Lines changed: 0 additions & 22 deletions b/‎packages/1password/data_stream/item_usages/fields/ecs.yml‎
Lines changed: 0 additions & 22 deletions
diff --git a/‎packages/1password/data_stream/item_usages/sample_event.json‎
Lines changed: 51 additions & 53 deletions b/‎packages/1password/data_stream/item_usages/sample_event.json‎
Lines changed: 51 additions & 53 deletions
@@ -12,7 +12,7 @@ pipeline {
     AWS_ACCOUNT_SECRET = "secret/observability-team/ci/elastic-observability-aws-account-auth"
     HOME = "${env.WORKSPACE}"
     KIND_VERSION = "v0.11.1"
-    K8S_VERSION = "v1.20.2"
+    K8S_VERSION = "v1.23.0"
     JOB_GCS_BUCKET = 'beats-ci-temp'
     JOB_GCS_BUCKET_INTERNAL = 'beats-ci-temp-internal'
     JOB_GCS_CREDENTIALS = 'beats-ci-gcs-plugin'
 
@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/elastic/elastic-package v0.31.0
+	github.com/elastic/elastic-package v0.33.1
 	github.com/elastic/package-registry v1.5.1
 	github.com/magefile/mage v1.11.0
 	github.com/pkg/errors v0.9.1
@@ -21,9 +21,9 @@ require (
 	github.com/Microsoft/go-winio v0.5.1 // indirect
 	github.com/PaesslerAG/gval v1.1.2 // indirect
 	github.com/PaesslerAG/jsonpath v0.1.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20211112122917-428f8eabeeb3 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f // indirect
 	github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a // indirect
-	github.com/ProtonMail/gopenpgp/v2 v2.3.0 // indirect
+	github.com/ProtonMail/gopenpgp/v2 v2.4.2 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
@@ -110,7 +110,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
-	github.com/spf13/cobra v1.2.1 // indirect
+	github.com/spf13/cobra v1.3.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/xanzy/ssh-agent v0.3.1 // indirect
@@ -143,11 +143,11 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	helm.sh/helm/v3 v3.7.2 // indirect
 	howett.net/plist v0.0.0-20201203080718-1454fab16a06 // indirect
-	k8s.io/api v0.23.0 // indirect
+	k8s.io/api v0.23.1 // indirect
 	k8s.io/apiextensions-apiserver v0.23.0 // indirect
-	k8s.io/apimachinery v0.23.0 // indirect
-	k8s.io/cli-runtime v0.23.0 // indirect
-	k8s.io/client-go v0.23.0 // indirect
+	k8s.io/apimachinery v0.23.1 // indirect
+	k8s.io/cli-runtime v0.23.1 // indirect
+	k8s.io/client-go v0.23.1 // indirect
 	k8s.io/component-base v0.23.0 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
 
@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@1.12
+    reference: git@8.0
@@ -0,0 +1,37 @@
+1Password Events Reporting
+==========================
+
+With [1Password Business](https://support.1password.com/explore/business/), you can send your account activity to your security information and event management (SIEM) system using the 1Password Events API. Get reports about 1Password activity like sign-in attempts and item usage while you manage all your company’s applications and services from a central location.
+
+With 1Password Events Reporting and Elastic SIEM, you can:
+
+-	Control your 1Password data retention
+-	Build custom graphs and dashboards
+-	Set up custom alerts that trigger specific actions
+-	Cross-reference 1Password events with the data from other services
+
+You can set up Events Reporting if you’re an owner or administrator.  
+Learn how to [obtain your 1Password Events API credentials](https://support.1password.com/events-reporting/#step-1-set-up-an-events-reporting-integration).
+
+Events
+------
+
+### Sign-in Attempts
+
+Uses the 1Password Events API to retrieve information about sign-in attempts. Events include the name and IP address of the user who attempted to sign in to the account, when the attempt was made, and – for failed attempts – the cause of the failure.
+
+*Exported fields*
+
+{{fields "item_usages"}}
+
+{{event "item_usages"}}
+
+### Item Usages
+
+Uses the 1Password Events API to retrieve information about items in shared vaults that have been modified, accessed, or used. Events include the name and IP address of the user who accessed the item, when it was accessed, and the vault where the item is stored.
+
+*Exported fields*
+
+{{fields "signin_attempts"}}
+
+{{event "signin_attempts"}}
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Update to ECS 8.0
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2368
 - version: "1.0.0"
   changes:
     - description: GA integration
 
@@ -15,7 +15,7 @@
             },
             "@timestamp": "2021-08-30T18:57:42.484Z",
             "ecs": {
-                "version": "1.12.0"
+                "version": "8.0.0"
             },
             "related": {
                 "user": [
@@ -53,7 +53,7 @@
                 "ip": "89.160.20.156"
             },
             "event": {
-                "ingested": "2021-12-14T14:34:03.382903193Z",
+                "ingested": "2021-12-23T23:23:00.336841554Z",
                 "original": "{\"uuid\":\"MCQODBBWJD5HISKYNP3HJPV2DV\",\"timestamp\":\"2021-08-30T18:57:42.484Z\",\"used_version\":1,\"vault_uuid\":\"jaqxqf5qylslqiitnduawrndc5\",\"item_uuid\":\"bvwmmwxisuca7wbehrbyqhag54\",\"user\":{\"uuid\":\"OJQGU46KAPROEJLCK674RHSAY5\",\"name\":\"Name\",\"email\":\"email@1password.com\"},\"client\":{\"app_name\":\"1Password Browser Extension\",\"app_version\":\"1109\",\"platform_name\":\"Chrome\",\"platform_version\":\"93.0.4577.62\",\"os_name\":\"Android\",\"os_version\":\"10\",\"ip_address\":\"89.160.20.156\"}}",
                 "category": [
                     "file"
@@ -88,7 +88,7 @@
             },
             "@timestamp": "2021-08-30T19:10:00.123Z",
             "ecs": {
-                "version": "1.12.0"
+                "version": "8.0.0"
             },
             "related": {
                 "user": [
@@ -126,7 +126,7 @@
                 "ip": "89.160.20.156"
             },
             "event": {
-                "ingested": "2021-12-14T14:34:03.382906002Z",
+                "ingested": "2021-12-23T23:23:00.337283501Z",
                 "original": "{\"uuid\":\"5HBWJDWCQADISKY2DVBNP3HJPV\",\"timestamp\":\"2021-08-30T19:10:00.123Z\",\"used_version\":1,\"vault_uuid\":\"jaqxqf5qylslqiitnduawrndc5\",\"item_uuid\":\"bvwmmwxisuca7wbehrbyqhag54\",\"user\":{\"uuid\":\"OJQGU46KAPROEJLCK674RHSAY5\",\"name\":\"Name\",\"email\":\"email@1password.com\"},\"client\":{\"app_name\":\"1Password Browser Extension\",\"app_version\":\"1109\",\"platform_name\":\"Chrome\",\"platform_version\":\"93.0.4577.62\",\"os_name\":\"Android\",\"os_version\":\"10\",\"ip_address\":\"89.160.20.156\"}}",
                 "category": [
                     "file"
 
@@ -16,7 +16,7 @@ processors:
   #######################
   - set:
       field: ecs.version
-      value: '1.12.0'
+      value: '8.0.0'
   - set:
       field: event.ingested
       value: "{{_ingest.timestamp}}"
 
@@ -1,66 +1,44 @@
 - external: ecs
   name: ecs.version
-  description: ECS version this event conforms to
 - external: ecs
   name: related.user
-  description: All the user names or other user identifiers seen on the event
 - external: ecs
   name: related.ip
-  description: All of the IPs seen on your event
 - external: ecs
   name: event.kind
-  description: This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not
 - external: ecs
   name: event.category
-  description: This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories
 - external: ecs
   name: event.type
-  description: This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types
 - external: ecs
   name: user.id
-  description: The UUID of the user that accessed the item
 - external: ecs
   name: user.full_name
-  description: The name of the user, hydrated at the time the event was generated
 - external: ecs
   name: user.email
-  description: The email address of the user, hydrated at the time the event was generated
 - external: ecs
   name: os.name
-  description: The name of the operating system the item was accessed from
 - external: ecs
   name: os.version
-  description: The version of the operating system the item was accessed from
 - external: ecs
   name: source.as.number
-  description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet
 - external: ecs
   name: source.as.organization.name
-  description: Organization name
 - external: ecs
   name: source.geo.city_name
-  description: City name
 - external: ecs
   name: source.geo.continent_name
-  description: Name of the continent
 - external: ecs
   name: source.geo.country_iso_code
-  description: Country ISO code
 - external: ecs
   name: source.geo.country_name
-  description: Country name
 - external: ecs
   name: source.geo.location
-  description: Longitude and latitude
 - external: ecs
   name: source.geo.region_iso_code
-  description: Region ISO code
 - external: ecs
   name: source.geo.region_name
-  description: Region name
 - external: ecs
   name: source.ip
-  description: The IP address the item was accessed from
 - external: ecs
   name: tags
-  description: List of keywords used to tag each event
@@ -1,82 +1,80 @@
 {
     "@timestamp": "2021-08-30T18:57:42.484Z",
     "agent": {
-        "hostname": "docker-fleet-agent",
+        "ephemeral_id": "d02e8bec-48d2-46c8-bd33-5982bd82059f",
+        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
         "name": "docker-fleet-agent",
-        "id": "3862ac25-d2c0-421f-8a83-b7b891c2ea75",
-        "ephemeral_id": "ad63d20a-bc9f-48ea-8854-7c095e26f126",
         "type": "filebeat",
-        "version": "7.15.0"
-    },
-    "elastic_agent": {
-        "id": "3862ac25-d2c0-421f-8a83-b7b891c2ea75",
-        "version": "7.15.0",
-        "snapshot": true
+        "version": "8.0.0-beta1"
     },
     "data_stream": {
-        "namespace": "default",
-        "type": "logs",
-        "dataset": "1password.item_usages"
+        "dataset": "1password.item_usages",
+        "namespace": "ep",
+        "type": "logs"
     },
     "ecs": {
-        "version": "1.10.0"
+        "version": "8.0.0"
+    },
+    "elastic_agent": {
+        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
+        "snapshot": false,
+        "version": "8.0.0-beta1"
     },
     "event": {
         "agent_id_status": "verified",
-        "ingested": "2021-09-14T13:54:21Z",
-        "created": "2021-09-14T13:54:19.267Z",
-        "dataset": "1password.item_usages"
+        "category": [
+            "file"
+        ],
+        "created": "2021-12-24T00:23:21.039Z",
+        "dataset": "1password.item_usages",
+        "ingested": "2021-12-24T00:23:22Z",
+        "kind": "event",
+        "type": [
+            "access"
+        ]
+    },
+    "host": {
+        "name": "docker-fleet-agent"
+    },
+    "input": {
+        "type": "httpjson"
     },
     "onepassword": {
-        "used_version": 1,
-        "item_uuid": "4bywxbvwqhrhwca7isug5ammbe",
         "client": {
             "app_name": "1Password Browser Extension",
-            "app_version": "20168",
-            "platform_version": "92.0.4515.159",
-            "platform_name": "Chrome"
+            "app_version": "1109",
+            "platform_name": "Chrome",
+            "platform_version": "93.0.4577.62"
         },
-        "uuid": "2DQOHNVMCJDJPVDBBWISKY5HP3",
-        "vault_uuid": "txqfdc5lsjnduylq5awrnaqqii"
-    },
-    "user": {
-        "full_name": "Gero",
-        "id": "OJQGU46KAPROEJLCK674RHSAY5",
-        "email": "geronimo.onativia@1password.com"
+        "item_uuid": "bvwmmwxisuca7wbehrbyqhag54",
+        "used_version": 1,
+        "uuid": "MCQODBBWJD5HISKYNP3HJPV2DV",
+        "vault_uuid": "jaqxqf5qylslqiitnduawrndc5"
     },
     "os": {
-        "name": "Linux",
-        "version": ""
+        "name": "Android",
+        "version": "10"
+    },
+    "related": {
+        "ip": [
+            "1.1.1.1"
+        ],
+        "user": [
+            "OJQGU46KAPROEJLCK674RHSAY5",
+            "email@1password.com",
+            "Name"
+        ]
     },
     "source": {
-        "geo": {
-            "continent_name": "South America",
-            "region_iso_code": "AR-C",
-            "city_name": "Buenos Aires",
-            "country_iso_code": "AR",
-            "country_name": "Argentina",
-            "region_name": "Buenos Aires F.D.",
-            "location": {
-                "lon": -58.3845,
-                "lat": -34.6021
-            }
-        },
-        "as": {
-            "number": 11664,
-            "organization": {
-                "name": "Techtel LMDS Comunicaciones Interactivas S.A."
-            }
-        },
         "ip": "1.1.1.1"
     },
     "tags": [
         "forwarded",
         "1password-item_usages"
     ],
-    "input": {
-        "type": "httpjson"
-    },
-    "host": {
-        "name": "docker-fleet-agent"
+    "user": {
+        "email": "email@1password.com",
+        "full_name": "Name",
+        "id": "OJQGU46KAPROEJLCK674RHSAY5"
     }
 }