From 271d17fec12b723a3988f23540fba97f5da0cfb5 Mon Sep 17 00:00:00 2001
From: f-galland <federico.galland@wazuh.com>
Date: Tue, 12 Nov 2024 11:11:00 -0300
Subject: [PATCH] Migrate 525 to 2.17.1

---
 ecs/agent/fields/custom/host.yml        |  6 ++++++
 ecs/agent/fields/custom/os.yml          |  6 ++++++
 ecs/agent/fields/custom/risk.yml        |  6 ++++++
 ecs/agent/fields/custom/wazuh-agent.yml |  9 +++++++--
 ecs/agent/fields/subset.yml             | 10 +++-------
 5 files changed, 28 insertions(+), 9 deletions(-)
 create mode 100644 ecs/agent/fields/custom/host.yml
 create mode 100644 ecs/agent/fields/custom/os.yml
 create mode 100644 ecs/agent/fields/custom/risk.yml

diff --git a/ecs/agent/fields/custom/host.yml b/ecs/agent/fields/custom/host.yml
new file mode 100644
index 0000000000000..4398a5d791e6a
--- /dev/null
+++ b/ecs/agent/fields/custom/host.yml
@@ -0,0 +1,6 @@
+---
+- name: host
+  reusable:
+    top_level: false
+    expected:
+      - agent
\ No newline at end of file
diff --git a/ecs/agent/fields/custom/os.yml b/ecs/agent/fields/custom/os.yml
new file mode 100644
index 0000000000000..952c2d6e93a40
--- /dev/null
+++ b/ecs/agent/fields/custom/os.yml
@@ -0,0 +1,6 @@
+---
+- name: os
+  reusable:
+    top_level: false
+    expected:
+      - agent.host
\ No newline at end of file
diff --git a/ecs/agent/fields/custom/risk.yml b/ecs/agent/fields/custom/risk.yml
new file mode 100644
index 0000000000000..1c06213bc6205
--- /dev/null
+++ b/ecs/agent/fields/custom/risk.yml
@@ -0,0 +1,6 @@
+---
+- name: risk
+  reusable:
+    top_level: false
+    expected:
+      - agent.host
\ No newline at end of file
diff --git a/ecs/agent/fields/custom/wazuh-agent.yml b/ecs/agent/fields/custom/wazuh-agent.yml
index 0492778271095..7ad791f023672 100644
--- a/ecs/agent/fields/custom/wazuh-agent.yml
+++ b/ecs/agent/fields/custom/wazuh-agent.yml
@@ -20,8 +20,13 @@
       level: custom
       description: >
         The agent's last login.
-    - name: is_connected
-      type: boolean
+    - name: status
+      type: keyword
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.
+      allowed_values:
+        - name: active
+          description: Active agent status
+        - name: disconnected
+          description: Disconnected agent status
\ No newline at end of file
diff --git a/ecs/agent/fields/subset.yml b/ecs/agent/fields/subset.yml
index 2d24cd20429f2..93442c30b420c 100644
--- a/ecs/agent/fields/subset.yml
+++ b/ecs/agent/fields/subset.yml
@@ -13,10 +13,6 @@ fields:
       groups: {}
       key: {}
       last_login: {}
-      is_connected: {}
-  host:
-    fields:
-      ip: {}
-      os:
-        fields:
-          full: {}
\ No newline at end of file
+      status: {}
+      host:
+        fields: "*"
\ No newline at end of file