[Bug] Incorrect Integrations Schema Parsing for Nested Fields (#5058)

* Add proper handling for nested fields

* Updated schemas

* bump patch

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

detection_rules/beats.py

@@ -128,7 +128,11 @@ def _flatten_schema(schema: list[dict[str, Any]] | None, prefix: str = "") -> li
 
             flattened.extend(_flatten_schema(s["fields"], prefix=nested_prefix))
         elif "fields" in s:
-            flattened.extend(_flatten_schema(s["fields"], prefix=prefix))
+            if s.get("name") and s.get("type") == "nested":
+                nested_prefix = prefix + s["name"] + "."
+                flattened.extend(_flatten_schema(s["fields"], prefix=nested_prefix))
+            else:
+                flattened.extend(_flatten_schema(s["fields"], prefix=prefix))
         elif "name" in s:
             _s = s.copy()
             # type is implicitly keyword if not defined

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.3.29"
+version = "1.3.30"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"