Skip to content

Commit 34e09b3

Browse files
tomsonpltomsonpl
committed
[EDR Workflows] Update Osquery and ECS fields schemas (#193399)
(cherry picked from commit f32ba5c)
1 parent 297ab0b commit 34e09b3

8 files changed

Lines changed: 10 additions & 8 deletions

File tree

x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json

Lines changed: 1 addition & 0 deletions
Large diffs are not rendered by default.

x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json

Lines changed: 1 addition & 0 deletions
Large diffs are not rendered by default.

x-pack/plugins/osquery/public/editor/osquery_tables.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ let osqueryTables: TablesJSON | null = null;
1717
export const getOsqueryTables = () => {
1818
if (!osqueryTables) {
1919
// eslint-disable-next-line @typescript-eslint/no-var-requires
20-
osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.10.2.json'));
20+
osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.13.1.json'));
2121
}
2222

2323
return osqueryTables;

x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ import {
4747
convertECSMappingToArray,
4848
convertECSMappingToObject,
4949
} from '../../../common/utils/converters';
50-
import ECSSchema from '../../common/schemas/ecs/v8.11.0.json';
51-
import osquerySchema from '../../common/schemas/osquery/v5.10.2.json';
50+
import ECSSchema from '../../common/schemas/ecs/v8.12.0.json';
51+
import osquerySchema from '../../common/schemas/osquery/v5.13.1.json';
5252

5353
import { FieldIcon } from '../../common/lib/kibana';
5454
import { OsqueryIcon } from '../../components/osquery_icon';

x-pack/plugins/osquery/scripts/readme.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,10 @@ currently manually curated). This assumes the targeted schema files will be in
66
`public/editor/osquery_schema`.
77

88
```
9-
node ecs.js --schema_version=4.6.0 // (filename without .json extension)
9+
node ecs.js --schema_version=4.6.0 // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json
10+
```
1011
Possibly it's going to be necessary to transform fields' names into lower case, because CSV exports Fields with Capital Letters.
1112

12-
node osquery.js --schema_version=4.6.0 // (filename without .json extension)
13+
node osquery.js --schema_version=4.6.0 // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json
14+
1315
```

x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ run(
2828
formattedSchema.push(...elasticTables);
2929

3030
await fs.writeFile(
31-
path.join(schemaPath, `v${flags.schema_version}-formatted`),
31+
path.join(schemaPath, `v${flags.schema_version}-formatted.json`),
3232
JSON.stringify(formattedSchema)
3333
);
3434
},

0 commit comments

Comments
 (0)