Skip to content

Commit

Permalink
Adding examples
Browse files Browse the repository at this point in the history
  • Loading branch information
@f-galland
f-galland committed Nov 12, 2024
1 parent 4f29128 commit 6d73c3a
Show file tree
Hide file tree
Showing 7 changed files with 100 additions and 100 deletions.
20 changes: 10 additions & 10 deletions ecs/docs/inventory-hardware.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,16 @@ Based on ECS:
- [Host Fields](https://www.elastic.co/guide/en/ecs/current/ecs-host.html).
- [Observer Fields](https://www.elastic.co/guide/en/ecs/current/ecs-observer.html).

| | Field name | Data type | Description | Example |
| --- | --------------------------- | --------- | ------------------------------------ | ------- |
| | @timestamp | date | Date/time when the event originated. | |
| | observer.serial_number | keyword | Observer serial number. | |
| * | host.cpu.name | keyword | Name of the CPU | |
| * | host.cpu.cores | long | Number of CPU cores | |
| * | host.cpu.speed | long | Speed of the CPU in MHz | |
| * | host.memory.total | long | Total RAM in the system | |
| * | host.memory.free | long | Free RAM in the system | |
| * | host.memory.used.percentage | long | RAM usage as a percentage | |
| | Field name | Data type | Description | Example |
| --- | --------------------------- | --------- | ------------------------------------ | ------------------------ |
| | @timestamp | date | Date/time when the event originated. | 2016-05-23T08:05:34.853Z |
| | observer.serial_number | keyword | Observer serial number. | |
| * | host.cpu.name | keyword | Name of the CPU | |
| * | host.cpu.cores | long | Number of CPU cores | |
| * | host.cpu.speed | long | Speed of the CPU in MHz | |
| * | host.memory.total | long | Total RAM in the system | |
| * | host.memory.free | long | Free RAM in the system | |
| * | host.memory.used.percentage | long | RAM usage as a percentage | |

\* Custom fields

Expand Down
8 changes: 4 additions & 4 deletions ecs/docs/inventory-hotfixes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ Based on ECS:

- [Package Fields](https://www.elastic.co/guide/en/ecs/current/ecs-package.html).

| | Field name | Data type | Description | Example |
| --- | ------------------- | --------- | --------------------- | ------- |
| | @timestamp | date | Timestamp of the scan | |
| * | package.hotfix.name | keyword | Name of the hotfix | |
| | Field name | Data type | Description | Example |
| --- | ------------------- | --------- | --------------------- | ------------------------ |
| | @timestamp | date | Timestamp of the scan | 2016-05-23T08:05:34.853Z |
| * | package.hotfix.name | keyword | Name of the hotfix | |

\* Custom fields

Expand Down
52 changes: 26 additions & 26 deletions ecs/docs/inventory-networks.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,32 +10,32 @@ Based on ECS:
- [Interface Fields](https://www.elastic.co/guide/en/ecs/current/ecs-interface.html).
- [Network Fields](https://www.elastic.co/guide/en/ecs/current/ecs-network.html).

| | Field name | Data type | Description | Example |
| --- | -------------------------------- | --------- | ----------------------------------------------------------------------------- | ------- |
| | @timestamp | date | Date/time when the event originated | |
| | device.id | keyword | The unique identifier of a device. | |
| | host.ip | ip | Host ip addresses | |
| | host.mac | keyword | Host MAC addresses. | | |
| | host.network.egress.bytes | long | The number of bytes sent on all network interfaces | |
| | host.network.egress.packets | long | The number of packets sent on all network interfaces | |
| | host.network.ingress.bytes | long | The number of bytes received on all network interfaces | |
| | host.network.ingress.packets | long | The number of packets received on all network interfaces | |
| | network.protocol | keyword | Application protocol name | |
| | network.type | keyword | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc | |
| | observer.ingress.interface.alias | keyword | Interface alias | |
| | observer.ingress.interface.name | keyword | Interface name | |
| * | host.network.egress.drops | long | Number of dropped transmitted packets | |
| * | host.network.egress.errors | long | Number of transmission errors | |
| * | host.network.ingress.drops | long | Number of dropped received packets | |
| * | host.network.ingress.errors | long | Number of reception errors | |
| * | interface.mtu | long | Maximum transmission unit size | |
| * | interface.state | keyword | State of the network interface | |
| * | interface.type | keyword | Interface type (eg. "wireless" or "ethernet") | |
| * | network.broadcast | ip | Broadcast address | |
| * | network.dhcp | keyword | DHCP status (enabled, disabled, unknown, BOOTP) | |
| * | network.gateway | ip | Gateway address | |
| * | network.metric | long | Metric of the network protocol | |
| * | network.netmask | ip | Network mask | |
| | Field name | Data type | Description | Example |
| --- | -------------------------------- | --------- | ----------------------------------------------------------------------------- | ------------------------------------ |
| | @timestamp | date | Date/time when the event originated | 2016-05-23T08:05:34.853Z |
| | device.id | keyword | The unique identifier of a device. | 00000000-54b3-e7c7-0000-000046bffd97 |
| | host.ip | ip | Host ip addresses | 192.168.0.100 |
| | host.mac | keyword | Host MAC addresses. | | |
| | host.network.egress.bytes | long | The number of bytes sent on all network interfaces | |
| | host.network.egress.packets | long | The number of packets sent on all network interfaces | |
| | host.network.ingress.bytes | long | The number of bytes received on all network interfaces | |
| | host.network.ingress.packets | long | The number of packets received on all network interfaces | |
| | network.protocol | keyword | Application protocol name | http |
| | network.type | keyword | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc | ipv4 |
| | observer.ingress.interface.alias | keyword | Interface alias | outside |
| | observer.ingress.interface.name | keyword | Interface name | eth0 |
| * | host.network.egress.drops | long | Number of dropped transmitted packets | |
| * | host.network.egress.errors | long | Number of transmission errors | |
| * | host.network.ingress.drops | long | Number of dropped received packets | |
| * | host.network.ingress.errors | long | Number of reception errors | |
| * | interface.mtu | long | Maximum transmission unit size | |
| * | interface.state | keyword | State of the network interface | |
| * | interface.type | keyword | Interface type (eg. "wireless" or "ethernet") | |
| * | network.broadcast | ip | Broadcast address | |
| * | network.dhcp | keyword | DHCP status (enabled, disabled, unknown, BOOTP) | |
| * | network.gateway | ip | Gateway address | |
| * | network.metric | long | Metric of the network protocol | |
| * | network.netmask | ip | Network mask | |

\* Custom fields

Expand Down
26 changes: 13 additions & 13 deletions ecs/docs/inventory-packages.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,19 @@ Based on ECS:

- [Package Fields](https://www.elastic.co/guide/en/ecs/current/ecs-package.html).

| | Field name | Data type | Description | Example |
| --- | ---------------------- | --------- | ----------------------------------------------------------------- | ------- |
| | `agent.id` | keyword | Agent's ID | |
| * | `agent.groups` | keyword | Agent's groups | |
| | `@timestamp` | date | Timestamp of the scan | |
| | `package.architecture` | keyword | Package architecture. | |
| | `package.description` | keyword | Description of the package. | |
| | `package.installed` | date | Time when package was installed. | |
| | `package.name` | keyword | Package name. | |
| | `package.path` | keyword | Path where the package is installed. | |
| | `package.size` | long | Package size in bytes. | |
| | `package.type` | keyword | Type of package. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. | |
| | `package.version` | keyword | Package version. | |
| | Field name | Data type | Description | Example |
| --- | ---------------------- | --------- | ------------------------------------ | ------- |
| | `@timestamp` | date | Timestamp of the scan | |
| | `agent.id` | keyword | Unique identifier of this agent | |
| | `package.architecture` | keyword | Package architecture. | |
| | `package.description` | keyword | Description of the package. | |
| | `package.installed` | date | Time when package was installed. | |
| | `package.name` | keyword | Package name. | |
| | `package.path` | keyword | Path where the package is installed. | |
| | `package.size` | long | Package size in bytes. | |
| | `package.type` | keyword | Package type | |
| | `package.version` | keyword | Package version | |
| * | `agent.groups` | keyword | Agent's groups | |

\* Custom field

Expand Down
30 changes: 15 additions & 15 deletions ecs/docs/inventory-ports.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,21 @@ Based on ECS:
- [Network Fields](https://www.elastic.co/guide/en/ecs/current/ecs-network.html).
- [Host Fields](https://www.elastic.co/guide/en/ecs/current/ecs-host.html).

| | Field name | Data type | Description | Example |
| --- | -------------------------- | --------- | --------------------------------------------- | ------- |
| | @timestamp | date | Timestamp of the scan | |
| | destination.ip | ip | IP address of the destination | |
| | destination.port | long | Port of the destination | |
| | device.id | keyword | The unique identifier of a device | |
| | file.inode | keyword | Inode representing the file in the filesystem | |
| | network.protocol | keyword | Application protocol name | |
| | process.name | keyword | Process name | |
| | process.pid | long | Process ID | |
| | source.ip | ip | IP address of the source | |
| | source.port | long | Port of the source | |
| * | host.network.egress.queue | long | Transmit queue length | |
| * | host.network.ingress.queue | long | Receive queue length | |
| * | interface.state | keyword | State of the network interface | |
| | Field name | Data type | Description | Example |
| --- | -------------------------- | --------- | --------------------------------------------- | ------------------------------------ |
| | @timestamp | date | Timestamp of the scan | 2016-05-23T08:05:34.853Z |
| | destination.ip | ip | IP address of the destination | 192.168.0.100 |
| | destination.port | long | Port of the destination | |
| | device.id | keyword | The unique identifier of a device | 00000000-54b3-e7c7-0000-000046bffd97 |
| | file.inode | keyword | Inode representing the file in the filesystem | 256383 |
| | network.protocol | keyword | Application protocol name | http |
| | process.name | keyword | Process name | ssh |
| | process.pid | long | Process ID | 4242 |
| | source.ip | ip | IP address of the source | |
| | source.port | long | Port of the source | |
| * | host.network.egress.queue | long | Transmit queue length | |
| * | host.network.ingress.queue | long | Receive queue length | |
| * | interface.state | keyword | State of the network interface | |

\* Custom fields

Expand Down
Loading

0 comments on commit 6d73c3a

Please sign in to comment.