diff --git a/ecs/alerts/fields/custom/agent.yml b/ecs/alerts/fields/custom/agent.yml index 3482123af637a..97004593f75a7 100644 --- a/ecs/alerts/fields/custom/agent.yml +++ b/ecs/alerts/fields/custom/agent.yml @@ -9,4 +9,30 @@ type: keyword level: custom description: > - The groups the agent belongs to. + List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/alerts/fields/custom/host.yml b/ecs/alerts/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/alerts/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/alerts/fields/custom/os.yml b/ecs/alerts/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/alerts/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/alerts/fields/custom/risk.yml b/ecs/alerts/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/alerts/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-fim/fields/custom/host.yml b/ecs/states-fim/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-fim/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-fim/fields/custom/os.yml b/ecs/states-fim/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-fim/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-fim/fields/custom/risk.yml b/ecs/states-fim/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-fim/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-hardware/fields/custom/agent.yml b/ecs/states-inventory-hardware/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-hardware/fields/custom/agent.yml +++ b/ecs/states-inventory-hardware/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-hardware/fields/custom/host.yml b/ecs/states-inventory-hardware/fields/custom/host.yml index 90cfdce2221dd..4398a5d791e6a 100644 --- a/ecs/states-inventory-hardware/fields/custom/host.yml +++ b/ecs/states-inventory-hardware/fields/custom/host.yml @@ -1,52 +1,6 @@ --- - name: host - title: host - type: group - description: > - Host related data. - fields: - - name: memory - description: > - Memory related data - type: object - level: custom - - name: memory.total - description: > - Total memory in MB - type: long - level: custom - - name: memory.free - description: > - Free memory in MB - type: long - level: custom - - name: memory.used - description: > - Used memory related data - type: object - level: custom - - name: memory.used.percentage - description: > - Used memory percentage - type: long - level: custom - - name: cpu - description: > - CPU related data - type: object - level: custom - - name: cpu.name - description: > - CPU Model name - type: keyword - level: custom - - name: cpu.cores - description: > - Number of CPU cores - type: long - level: custom - - name: cpu.speed - description: > - CPU clock speed - type: long - level: custom \ No newline at end of file + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-hardware/fields/custom/os.yml b/ecs/states-inventory-hardware/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-hardware/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-hardware/fields/custom/risk.yml b/ecs/states-inventory-hardware/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-hardware/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-hotfixes/fields/custom/agent.yml b/ecs/states-inventory-hotfixes/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-hotfixes/fields/custom/agent.yml +++ b/ecs/states-inventory-hotfixes/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-hotfixes/fields/custom/host.yml b/ecs/states-inventory-hotfixes/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-inventory-hotfixes/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-hotfixes/fields/custom/os.yml b/ecs/states-inventory-hotfixes/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-hotfixes/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-hotfixes/fields/custom/risk.yml b/ecs/states-inventory-hotfixes/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-hotfixes/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-networks/fields/custom/agent.yml b/ecs/states-inventory-networks/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-networks/fields/custom/agent.yml +++ b/ecs/states-inventory-networks/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-networks/fields/custom/host.yml b/ecs/states-inventory-networks/fields/custom/host.yml index 1adf74051f434..4398a5d791e6a 100644 --- a/ecs/states-inventory-networks/fields/custom/host.yml +++ b/ecs/states-inventory-networks/fields/custom/host.yml @@ -1,24 +1,6 @@ --- - name: host - title: Host - fields: - - name: network.egress.drops - type: long - level: custom - description: > - Number of dropped transmitted packets. - - name: network.egress.errors - type: long - level: custom - description: > - Number of transmission errors. - - name: network.ingress.drops - type: long - level: custom - description: > - Number of dropped received packets. - - name: network.ingress.errors - type: long - level: custom - description: > - Number of reception errors. + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-networks/fields/custom/os.yml b/ecs/states-inventory-networks/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-networks/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-networks/fields/custom/risk.yml b/ecs/states-inventory-networks/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-networks/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-packages/fields/custom/agent.yml b/ecs/states-inventory-packages/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-packages/fields/custom/agent.yml +++ b/ecs/states-inventory-packages/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-packages/fields/custom/host.yml b/ecs/states-inventory-packages/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-inventory-packages/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-packages/fields/custom/os.yml b/ecs/states-inventory-packages/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-packages/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-packages/fields/custom/risk.yml b/ecs/states-inventory-packages/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-packages/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-ports/fields/custom/agent.yml b/ecs/states-inventory-ports/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-ports/fields/custom/agent.yml +++ b/ecs/states-inventory-ports/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-ports/fields/custom/host.yml b/ecs/states-inventory-ports/fields/custom/host.yml index 57d032bb002c8..4398a5d791e6a 100644 --- a/ecs/states-inventory-ports/fields/custom/host.yml +++ b/ecs/states-inventory-ports/fields/custom/host.yml @@ -1,14 +1,6 @@ --- - name: host - title: Host - fields: - - name: network.ingress.queue - type: long - level: custom - description: > - Receive queue length. - - name: network.egress.queue - type: long - level: custom - description: > - Transmit queue length. + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-ports/fields/custom/os.yml b/ecs/states-inventory-ports/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-ports/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-ports/fields/custom/risk.yml b/ecs/states-inventory-ports/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-ports/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-processes/fields/custom/agent.yml b/ecs/states-inventory-processes/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-processes/fields/custom/agent.yml +++ b/ecs/states-inventory-processes/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-processes/fields/custom/host.yml b/ecs/states-inventory-processes/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-inventory-processes/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-processes/fields/custom/os.yml b/ecs/states-inventory-processes/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-processes/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-processes/fields/custom/risk.yml b/ecs/states-inventory-processes/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-processes/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-system/fields/custom/agent.yml b/ecs/states-inventory-system/fields/custom/agent.yml index d1a6751bcc934..97004593f75a7 100644 --- a/ecs/states-inventory-system/fields/custom/agent.yml +++ b/ecs/states-inventory-system/fields/custom/agent.yml @@ -3,9 +3,36 @@ title: Wazuh Agents short: Wazuh Inc. custom fields. type: group + group: 2 fields: - name: groups type: keyword level: custom description: > List of groups the agent belong to. + - name: key + type: keyword + level: custom + description: > + The registration key of the agent. + - name: last_login + type: date + level: custom + description: > +<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml + The agent's last login. + - name: status + type: keyword +======= + The last time the agent logged in. + - name: is_connected + type: boolean +>>>>>>> master:ecs/agent/fields/custom/agent.yml + level: custom + description: > + Agents' interpreted connection status depending on `agent.last_login`. + allowed_values: + - name: active + description: Active agent status + - name: disconnected + description: Disconnected agent status \ No newline at end of file diff --git a/ecs/states-inventory-system/fields/custom/host.yml b/ecs/states-inventory-system/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-inventory-system/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-inventory-system/fields/custom/os.yml b/ecs/states-inventory-system/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-inventory-system/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-inventory-system/fields/custom/risk.yml b/ecs/states-inventory-system/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-inventory-system/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-vulnerabilities/fields/custom/host.yml b/ecs/states-vulnerabilities/fields/custom/host.yml new file mode 100644 index 0000000000000..4398a5d791e6a --- /dev/null +++ b/ecs/states-vulnerabilities/fields/custom/host.yml @@ -0,0 +1,6 @@ +--- +- name: host + reusable: + top_level: false + expected: + - agent \ No newline at end of file diff --git a/ecs/states-vulnerabilities/fields/custom/os.yml b/ecs/states-vulnerabilities/fields/custom/os.yml new file mode 100644 index 0000000000000..952c2d6e93a40 --- /dev/null +++ b/ecs/states-vulnerabilities/fields/custom/os.yml @@ -0,0 +1,6 @@ +--- +- name: os + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file diff --git a/ecs/states-vulnerabilities/fields/custom/risk.yml b/ecs/states-vulnerabilities/fields/custom/risk.yml new file mode 100644 index 0000000000000..1c06213bc6205 --- /dev/null +++ b/ecs/states-vulnerabilities/fields/custom/risk.yml @@ -0,0 +1,6 @@ +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host \ No newline at end of file