diff --git a/detection_rules/etc/api_schemas/master/master.base.json b/detection_rules/etc/api_schemas/master/master.base.json index d5272291d..23138b136 100644 --- a/detection_rules/etc/api_schemas/master/master.base.json +++ b/detection_rules/etc/api_schemas/master/master.base.json @@ -112,7 +112,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -182,6 +181,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -364,36 +367,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -415,6 +392,11 @@ ], "enumNames": [], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.eql.json b/detection_rules/etc/api_schemas/master/master.eql.json index d4981cbef..30f489eed 100644 --- a/detection_rules/etc/api_schemas/master/master.eql.json +++ b/detection_rules/etc/api_schemas/master/master.eql.json @@ -185,7 +185,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -258,6 +257,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -444,36 +447,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_field": { @@ -491,6 +468,11 @@ "eql" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.esql.json b/detection_rules/etc/api_schemas/master/master.esql.json index b8d40663a..b3e42f35b 100644 --- a/detection_rules/etc/api_schemas/master/master.esql.json +++ b/detection_rules/etc/api_schemas/master/master.esql.json @@ -181,7 +181,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -254,6 +253,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -436,36 +439,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -479,6 +456,11 @@ "esql" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.machine_learning.json b/detection_rules/etc/api_schemas/master/master.machine_learning.json index 547790b07..7b1b42c22 100644 --- a/detection_rules/etc/api_schemas/master/master.machine_learning.json +++ b/detection_rules/etc/api_schemas/master/master.machine_learning.json @@ -14,6 +14,60 @@ }, "type": "array" }, + "alert_suppression": { + "additionalProperties": false, + "properties": { + "duration": { + "additionalProperties": false, + "properties": { + "unit": { + "enum": [ + "s", + "m", + "h" + ], + "enumNames": [], + "type": "string" + }, + "value": { + "description": "AlertSupressionValue", + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "unit", + "value" + ], + "type": "object" + }, + "group_by": { + "description": "AlertSuppressionGroupBy", + "items": { + "description": "NonEmptyStr", + "minLength": 1, + "type": "string" + }, + "maxItems": 3, + "minItems": 1, + "type": "array" + }, + "missing_fields_strategy": { + "description": "AlertSuppressionMissing", + "enum": [ + "suppress", + "doNotSuppress" + ], + "enumNames": [], + "type": "string" + } + }, + "required": [ + "group_by", + "missing_fields_strategy" + ], + "type": "object" + }, "anomaly_threshold": { "type": "integer" }, @@ -128,7 +182,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -198,6 +251,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -380,36 +437,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -423,6 +454,11 @@ "machine_learning" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.new_terms.json b/detection_rules/etc/api_schemas/master/master.new_terms.json index 3b2fa86e0..c0d7d437f 100644 --- a/detection_rules/etc/api_schemas/master/master.new_terms.json +++ b/detection_rules/etc/api_schemas/master/master.new_terms.json @@ -185,7 +185,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "new_terms": { @@ -308,6 +307,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -490,36 +493,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -533,6 +510,11 @@ "new_terms" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.query.json b/detection_rules/etc/api_schemas/master/master.query.json index 6c6d9b82f..408c8bbb9 100644 --- a/detection_rules/etc/api_schemas/master/master.query.json +++ b/detection_rules/etc/api_schemas/master/master.query.json @@ -185,7 +185,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -258,6 +257,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -440,36 +443,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -483,6 +460,11 @@ "query" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.threat_match.json b/detection_rules/etc/api_schemas/master/master.threat_match.json index f2df907f6..f10aa0d85 100644 --- a/detection_rules/etc/api_schemas/master/master.threat_match.json +++ b/detection_rules/etc/api_schemas/master/master.threat_match.json @@ -195,7 +195,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -268,6 +267,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -529,36 +532,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -572,6 +549,11 @@ "threat_match" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/api_schemas/master/master.threshold.json b/detection_rules/etc/api_schemas/master/master.threshold.json index dc6f2f0a8..584696214 100644 --- a/detection_rules/etc/api_schemas/master/master.threshold.json +++ b/detection_rules/etc/api_schemas/master/master.threshold.json @@ -164,7 +164,6 @@ }, "name": { "description": "RuleName", - "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9\\[\\]()]$", "type": "string" }, "note": { @@ -237,6 +236,10 @@ "min_compat": "8.3", "type": "array" }, + "revision": { + "min_compat": "8.8", + "type": "integer" + }, "risk_score": { "description": "MaxSignals", "maximum": 100, @@ -465,36 +468,10 @@ }, "timeline_id": { "description": "TimelineTemplateId", - "enum": [ - "db366523-f1c6-4c1f-8731-6ce5ed9e5717", - "91832785-286d-4ebe-b884-1a208d111a70", - "76e52245-7519-4251-91ab-262fb1a1728c", - "495ad7a7-316e-4544-8a0f-9c098daee76e", - "4d4c0b59-ea83-483f-b8c1-8c360ee53c5c", - "e70679c2-6cde-4510-9764-4823df18f7db", - "300afc76-072d-4261-864d-4149714bf3f1", - "3e47ef71-ebfc-4520-975c-cb27fc090799", - "3e827bab-838a-469f-bd1e-5e19a2bff2fd", - "4434b91a-94ca-4a89-83cb-a37cdc0532b7" - ], - "enumNames": [], "type": "string" }, "timeline_title": { "description": "TimelineTemplateTitle", - "enum": [ - "Generic Endpoint Timeline", - "Generic Network Timeline", - "Generic Process Timeline", - "Generic Threat Match Timeline", - "Comprehensive File Timeline", - "Comprehensive Process Timeline", - "Comprehensive Network Timeline", - "Comprehensive Registry Timeline", - "Alerts Involving a Single User Timeline", - "Alerts Involving a Single Host Timeline" - ], - "enumNames": [], "type": "string" }, "timestamp_override": { @@ -508,6 +485,11 @@ "threshold" ], "type": "string" + }, + "version": { + "description": "PositiveInteger", + "minimum": 1, + "type": "integer" } }, "required": [ diff --git a/detection_rules/etc/beats_schemas/main.json.gz b/detection_rules/etc/beats_schemas/main.json.gz index 40b73d361..08a40fcd2 100644 Binary files a/detection_rules/etc/beats_schemas/main.json.gz and b/detection_rules/etc/beats_schemas/main.json.gz differ diff --git a/detection_rules/etc/beats_schemas/v8.15.0.json.gz b/detection_rules/etc/beats_schemas/v8.15.0.json.gz new file mode 100644 index 000000000..f2177a595 Binary files /dev/null and b/detection_rules/etc/beats_schemas/v8.15.0.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.10.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.10.0/ecs_flat.json.gz index fbeb38b08..e59f311bf 100644 Binary files a/detection_rules/etc/ecs_schemas/1.10.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.10.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.10.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.10.0/ecs_nested.json.gz index c57690aed..15d9eb2e9 100644 Binary files a/detection_rules/etc/ecs_schemas/1.10.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.10.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.11.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.11.0/ecs_flat.json.gz index 0206868a4..c36cc1eba 100644 Binary files a/detection_rules/etc/ecs_schemas/1.11.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.11.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.11.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.11.0/ecs_nested.json.gz index c7a93c331..bd92dc972 100644 Binary files a/detection_rules/etc/ecs_schemas/1.11.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.11.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.12.0/ecs_flat.json.gz index f9de082a7..98deb7af4 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.12.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.12.0/ecs_nested.json.gz index 94cdfdcb6..0efede982 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.12.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.12.1/ecs_flat.json.gz index d8ddc7b71..101f479dc 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.12.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.12.1/ecs_nested.json.gz index fee6888b9..a23316cfc 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.12.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.2/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.12.2/ecs_flat.json.gz index c6dbb8493..86a50635e 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.2/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.12.2/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.12.2/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.12.2/ecs_nested.json.gz index c29ce042e..f9cb119fe 100644 Binary files a/detection_rules/etc/ecs_schemas/1.12.2/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.12.2/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.7.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.7.0/ecs_flat.json.gz index fad38628a..af054c966 100644 Binary files a/detection_rules/etc/ecs_schemas/1.7.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.7.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.7.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.7.0/ecs_nested.json.gz index b6b691d49..f872c66e5 100644 Binary files a/detection_rules/etc/ecs_schemas/1.7.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.7.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.8.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.8.0/ecs_flat.json.gz index 94c7ec0b2..d0e73c694 100644 Binary files a/detection_rules/etc/ecs_schemas/1.8.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.8.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.8.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.8.0/ecs_nested.json.gz index f4c08acf3..4b9e62a51 100644 Binary files a/detection_rules/etc/ecs_schemas/1.8.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.8.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.9.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/1.9.0/ecs_flat.json.gz index 04ecc2b53..3b302a0f5 100644 Binary files a/detection_rules/etc/ecs_schemas/1.9.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/1.9.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/1.9.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/1.9.0/ecs_nested.json.gz index 6e910ea58..8c4aff856 100644 Binary files a/detection_rules/etc/ecs_schemas/1.9.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/1.9.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.0.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.0.0/ecs_flat.json.gz index 6d08bd92c..db34248e9 100644 Binary files a/detection_rules/etc/ecs_schemas/8.0.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.0.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.0.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.0.0/ecs_nested.json.gz index f94eba3fd..759250aaa 100644 Binary files a/detection_rules/etc/ecs_schemas/8.0.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.0.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.0.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.0.1/ecs_flat.json.gz index a0f474f5f..9cb8c3ffa 100644 Binary files a/detection_rules/etc/ecs_schemas/8.0.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.0.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.0.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.0.1/ecs_nested.json.gz index ff0a3984c..ca286ece5 100644 Binary files a/detection_rules/etc/ecs_schemas/8.0.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.0.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.1.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.1.0/ecs_flat.json.gz index 115b2bb90..b72a95ceb 100644 Binary files a/detection_rules/etc/ecs_schemas/8.1.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.1.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.1.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.1.0/ecs_nested.json.gz index f46e2ce39..86252e340 100644 Binary files a/detection_rules/etc/ecs_schemas/8.1.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.1.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.10.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.10.0/ecs_flat.json.gz index 379bbbdfd..70e5ce2da 100644 Binary files a/detection_rules/etc/ecs_schemas/8.10.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.10.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.10.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.10.0/ecs_nested.json.gz index 25788ac3c..2b232e1d5 100644 Binary files a/detection_rules/etc/ecs_schemas/8.10.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.10.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.11.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.11.0/ecs_flat.json.gz index e110aedfb..3682137b2 100644 Binary files a/detection_rules/etc/ecs_schemas/8.11.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.11.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.11.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.11.0/ecs_nested.json.gz index d2339925f..e69eced7c 100644 Binary files a/detection_rules/etc/ecs_schemas/8.11.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.11.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.2.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.2.0/ecs_flat.json.gz index 21a60727a..b7d8b4194 100644 Binary files a/detection_rules/etc/ecs_schemas/8.2.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.2.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.2.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.2.0/ecs_nested.json.gz index e68ffade9..e9b230378 100644 Binary files a/detection_rules/etc/ecs_schemas/8.2.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.2.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.2.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.2.1/ecs_flat.json.gz index 6a7254090..db2a2eaf8 100644 Binary files a/detection_rules/etc/ecs_schemas/8.2.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.2.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.2.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.2.1/ecs_nested.json.gz index 89c086be9..f2d8cee29 100644 Binary files a/detection_rules/etc/ecs_schemas/8.2.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.2.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.3.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.3.0/ecs_flat.json.gz index 67174eeff..968171024 100644 Binary files a/detection_rules/etc/ecs_schemas/8.3.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.3.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.3.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.3.0/ecs_nested.json.gz index 2db3fd0a5..52437a6d5 100644 Binary files a/detection_rules/etc/ecs_schemas/8.3.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.3.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.3.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.3.1/ecs_flat.json.gz index b8be59f40..54e140951 100644 Binary files a/detection_rules/etc/ecs_schemas/8.3.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.3.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.3.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.3.1/ecs_nested.json.gz index 6925b286c..a8a0536b6 100644 Binary files a/detection_rules/etc/ecs_schemas/8.3.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.3.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_flat.json.gz index 88311eeb6..81dba95ad 100644 Binary files a/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_nested.json.gz index c26bba1cc..efc1ad55c 100644 Binary files a/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.4.0-rc1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.4.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.4.0/ecs_flat.json.gz index 029393fb0..412921536 100644 Binary files a/detection_rules/etc/ecs_schemas/8.4.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.4.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.4.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.4.0/ecs_nested.json.gz index 7abade071..53298a7c6 100644 Binary files a/detection_rules/etc/ecs_schemas/8.4.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.4.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_flat.json.gz index 0d9abb473..044f43261 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_nested.json.gz index 266d0eec4..35b4733ba 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.5.0-rc1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.5.0/ecs_flat.json.gz index 096adbfd3..a0a99631e 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.5.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.5.0/ecs_nested.json.gz index 76164cd04..0e5d0a446 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.5.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.5.1/ecs_flat.json.gz index b5eaae6fa..9a5ba6199 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.5.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.5.1/ecs_nested.json.gz index ff98ce362..0b1b0ee94 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.5.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.2/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.5.2/ecs_flat.json.gz index fa24ab645..0501c8afd 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.2/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.5.2/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.5.2/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.5.2/ecs_nested.json.gz index de90070d6..9e9fb297b 100644 Binary files a/detection_rules/etc/ecs_schemas/8.5.2/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.5.2/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_flat.json.gz index 6d8479629..c26ec6eb7 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_nested.json.gz index f48b16cf8..fa7949abb 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.6.0-rc1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.6.0/ecs_flat.json.gz index fb707b6de..0418d9336 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.6.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.6.0/ecs_nested.json.gz index 44ce35d8b..45ab630db 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.6.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.6.1/ecs_flat.json.gz index 82439e144..4ac849f93 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.6.1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.6.1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.6.1/ecs_nested.json.gz index 54a0c5455..2be2a1dba 100644 Binary files a/detection_rules/etc/ecs_schemas/8.6.1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.6.1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_flat.json.gz index b51124a32..c8e8059c7 100644 Binary files a/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_nested.json.gz index 3ed132f32..e09725a9a 100644 Binary files a/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.7.0-rc1/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.7.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.7.0/ecs_flat.json.gz index 44c0d34bf..a368a5ae8 100644 Binary files a/detection_rules/etc/ecs_schemas/8.7.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.7.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.7.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.7.0/ecs_nested.json.gz index 9fcd1510b..c945ffe56 100644 Binary files a/detection_rules/etc/ecs_schemas/8.7.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.7.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.8.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.8.0/ecs_flat.json.gz index 51325f7d7..00087ea9f 100644 Binary files a/detection_rules/etc/ecs_schemas/8.8.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.8.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.8.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.8.0/ecs_nested.json.gz index 6d7d9e5cc..a03cdbead 100644 Binary files a/detection_rules/etc/ecs_schemas/8.8.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.8.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.9.0/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/8.9.0/ecs_flat.json.gz index b507567c0..67790c8d6 100644 Binary files a/detection_rules/etc/ecs_schemas/8.9.0/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/8.9.0/ecs_flat.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/8.9.0/ecs_nested.json.gz b/detection_rules/etc/ecs_schemas/8.9.0/ecs_nested.json.gz index d8a213444..a6b9ae451 100644 Binary files a/detection_rules/etc/ecs_schemas/8.9.0/ecs_nested.json.gz and b/detection_rules/etc/ecs_schemas/8.9.0/ecs_nested.json.gz differ diff --git a/detection_rules/etc/ecs_schemas/master_8.12.0-dev/ecs_flat.json.gz b/detection_rules/etc/ecs_schemas/master_8.12.0-dev/ecs_flat.json.gz index 12b52562f..30a52a622 100644 Binary files a/detection_rules/etc/ecs_schemas/master_8.12.0-dev/ecs_flat.json.gz and b/detection_rules/etc/ecs_schemas/master_8.12.0-dev/ecs_flat.json.gz differ diff --git a/detection_rules/etc/stack-schema-map.yaml b/detection_rules/etc/stack-schema-map.yaml index c3941bfe0..e0acfce58 100644 --- a/detection_rules/etc/stack-schema-map.yaml +++ b/detection_rules/etc/stack-schema-map.yaml @@ -95,21 +95,21 @@ endgame: "8.4.0" "8.13.0": - beats: "8.12.2" - ecs: "8.11.0" - endgame: "8.4.0" - -"8.14.0": - beats: "8.12.2" - ecs: "8.11.0" - endgame: "8.4.0" - -"8.15.0": beats: "8.13.4" ecs: "8.11.0" endgame: "8.4.0" -"8.16.0": +"8.14.0": beats: "8.14.3" ecs: "8.11.0" + endgame: "8.4.0" + +"8.15.0": + beats: "8.15.0" + ecs: "8.11.0" + endgame: "8.4.0" + +"8.16.0": + beats: "8.15.0" + ecs: "8.11.0" endgame: "8.4.0" \ No newline at end of file