Skip to content

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680)#101847

Merged
kibanamachine merged 1 commit intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-101680
Jun 10, 2021
Merged

[7.x] [Security Solution][Detections] Update detection alert mappings to ECS v1.10.0 (#101680)#101847
kibanamachine merged 1 commit intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-101680

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Jun 9, 2021

Backports the following commits to 7.x:

@FrankHassanabad @kibanamachine
[Security Solution][Detections] Update detection alert mappings to EC…
7ce7a9e 
…S v1.10.0 (elastic#101680)

## Summary

* Grabbed the ECS mappings from [v1.10.0 tag]( https://github.com/elastic/ecs/blob/v1.10.0/generated/elasticsearch/7/template.json)
* Updated the fields that had `constant_keyword` to `keyword` since we do many to 1 of source to signals index
* Wrote a unit tests which tests to ensure we don't have any `constant_keyword` fields
* Updated the `SIGNALS_TEMPLATE_VERSION` version by an increment of 10.

This should mostly fix:
elastic#101572

Since agents add their data into `_source` even though they have a `constant_keyword`. When agents do not include the values in `_source` we will have to merge `fields` into `_source` before copying which are still planning on doing before release.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Jun 9, 2021
@kibanamachine kibanamachine enabled auto-merge (squash) June 9, 2021 22:09
@kibanamachine kibanamachine mentioned this pull request Jun 9, 2021
Merged
1 task
@kibanamachine
Copy link
Copy Markdown
Contributor Author

kibanamachine commented Jun 10, 2021

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @FrankHassanabad

@kibanamachine kibanamachine merged commit 5f5cd72 into elastic:7.x Jun 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@FrankHassanabad FrankHassanabad

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kibanamachine @FrankHassanabad