diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 5996082bf8..9613fb89e6 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -21,6 +21,7 @@ Thanks, you're awesome :-) --> * Advanced `process.env_vars` to GA. #2315 * Advanced `process.io` and `process.tty` fields to GA. #2317 * Added `threat.indicator.id`. #2324 +* Added `process.group` to generated schemas. #2335 #### Improvements diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 61e5088661..bc95a6db22 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5496,6 +5496,18 @@ start).' example: 137 default_field: false + - name: group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false - name: group_leader.args level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 360d885076..292ac5f917 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -690,6 +690,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,process,process.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev+exp,true,process,process.exit_code,long,extended,,137,The exit code of the process. +8.12.0-dev+exp,true,process,process.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. +8.12.0-dev+exp,true,process,process.group.name,keyword,extended,,,Name of the group. 8.12.0-dev+exp,true,process,process.group_leader.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev+exp,true,process,process.group_leader.args_count,long,extended,,4,Length of the process.args array. 8.12.0-dev+exp,true,process,process.group_leader.command_line,wildcard,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 56716a240c..02b972886f 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -8930,6 +8930,28 @@ process.exit_code: normalize: [] short: The exit code of the process. type: long +process.group.id: + dashed_name: process-group-id + description: Unique identifier for the group on the system/platform. + flat_name: process.group.id + ignore_above: 1024 + level: extended + name: id + normalize: [] + original_fieldset: group + short: Unique identifier for the group on the system/platform. + type: keyword +process.group.name: + dashed_name: process-group-name + description: Name of the group. + flat_name: process.group.name + ignore_above: 1024 + level: extended + name: name + normalize: [] + original_fieldset: group + short: Name of the group. + type: keyword process.group_leader.args: dashed_name: process-group-leader-args description: 'Array of process arguments, starting with the absolute path to the diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 312cf49b80..f600ab293a 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -11140,6 +11140,28 @@ process: normalize: [] short: The exit code of the process. type: long + process.group.id: + dashed_name: process-group-id + description: Unique identifier for the group on the system/platform. + flat_name: process.group.id + ignore_above: 1024 + level: extended + name: id + normalize: [] + original_fieldset: group + short: Unique identifier for the group on the system/platform. + type: keyword + process.group.name: + dashed_name: process-group-name + description: Name of the group. + flat_name: process.group.name + ignore_above: 1024 + level: extended + name: name + normalize: [] + original_fieldset: group + short: Name of the group. + type: keyword process.group_leader.args: dashed_name: process-group-leader-args description: 'Array of process arguments, starting with the absolute path to diff --git a/experimental/generated/elasticsearch/composable/component/process.json b/experimental/generated/elasticsearch/composable/component/process.json index 3f144db017..f4dd52c1ce 100644 --- a/experimental/generated/elasticsearch/composable/component/process.json +++ b/experimental/generated/elasticsearch/composable/component/process.json @@ -481,6 +481,18 @@ "exit_code": { "type": "long" }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "group_leader": { "properties": { "args": { diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 1dc48de290..18386e190c 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -3202,6 +3202,18 @@ "exit_code": { "type": "long" }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "group_leader": { "properties": { "args": { diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index b88a755686..fa0007884b 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -5446,6 +5446,18 @@ start).' example: 137 default_field: false + - name: group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false - name: group_leader.args level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 3ca25f1445..c31a8de31c 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -683,6 +683,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,process,process.executable,keyword,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.executable.text,match_only_text,extended,,/usr/bin/ssh,Absolute path to the process executable. 8.12.0-dev,true,process,process.exit_code,long,extended,,137,The exit code of the process. +8.12.0-dev,true,process,process.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. +8.12.0-dev,true,process,process.group.name,keyword,extended,,,Name of the group. 8.12.0-dev,true,process,process.group_leader.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.12.0-dev,true,process,process.group_leader.args_count,long,extended,,4,Length of the process.args array. 8.12.0-dev,true,process,process.group_leader.command_line,wildcard,extended,,/usr/bin/ssh -l user 10.0.0.16,Full command line that started the process. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 50e16f1826..2022bddaf4 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -8861,6 +8861,28 @@ process.exit_code: normalize: [] short: The exit code of the process. type: long +process.group.id: + dashed_name: process-group-id + description: Unique identifier for the group on the system/platform. + flat_name: process.group.id + ignore_above: 1024 + level: extended + name: id + normalize: [] + original_fieldset: group + short: Unique identifier for the group on the system/platform. + type: keyword +process.group.name: + dashed_name: process-group-name + description: Name of the group. + flat_name: process.group.name + ignore_above: 1024 + level: extended + name: name + normalize: [] + original_fieldset: group + short: Name of the group. + type: keyword process.group_leader.args: dashed_name: process-group-leader-args description: 'Array of process arguments, starting with the absolute path to the diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index fa5f354d5f..8057eeed15 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -11060,6 +11060,28 @@ process: normalize: [] short: The exit code of the process. type: long + process.group.id: + dashed_name: process-group-id + description: Unique identifier for the group on the system/platform. + flat_name: process.group.id + ignore_above: 1024 + level: extended + name: id + normalize: [] + original_fieldset: group + short: Unique identifier for the group on the system/platform. + type: keyword + process.group.name: + dashed_name: process-group-name + description: Name of the group. + flat_name: process.group.name + ignore_above: 1024 + level: extended + name: name + normalize: [] + original_fieldset: group + short: Name of the group. + type: keyword process.group_leader.args: dashed_name: process-group-leader-args description: 'Array of process arguments, starting with the absolute path to diff --git a/generated/elasticsearch/composable/component/process.json b/generated/elasticsearch/composable/component/process.json index c20dbd00f2..6cc1382d11 100644 --- a/generated/elasticsearch/composable/component/process.json +++ b/generated/elasticsearch/composable/component/process.json @@ -481,6 +481,18 @@ "exit_code": { "type": "long" }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "group_leader": { "properties": { "args": { diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index 0e26f73020..a6b67033e2 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -3160,6 +3160,18 @@ "exit_code": { "type": "long" }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "group_leader": { "properties": { "args": { diff --git a/schemas/subsets/main.yml b/schemas/subsets/main.yml index 69391cf839..ebefde9e2e 100644 --- a/schemas/subsets/main.yml +++ b/schemas/subsets/main.yml @@ -360,6 +360,10 @@ fields: args: {} args_count: {} executable: {} + group: + fields: + id: {} + name: {} real_group: fields: id: {}