elastic · taylor-swanson · Apr 25, 2022 · Feb 22, 2022 · Feb 22, 2022 · Feb 22, 2022
@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@8.0
+    reference: git@8.2
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.3.0"
+  changes:
+    - description: Update to ECS 8.2
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2778
 - version: "1.2.2"
   changes:
     - description: Fix typo in config template for ignoring host enrichment

@@ -3,7 +3,7 @@
         {
             "@timestamp": "2021-08-30T18:57:42.484Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "event": {
                 "action": "reveal",
@@ -76,7 +76,7 @@
         {
             "@timestamp": "2021-08-30T19:10:00.123Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "event": {
                 "category": [

@@ -16,7 +16,7 @@ processors:
   #######################
   - set:
       field: ecs.version
-      value: "8.0.0"
+      value: "8.2.0"
   # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down
   - set:
       field: event.created

@@ -13,7 +13,7 @@
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "8652330e-4de6-4596-a16f-4463a6c56e9e",

@@ -3,7 +3,7 @@
         {
             "@timestamp": "2021-08-11T14:28:03.000Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "event": {
                 "action": "success",
@@ -78,7 +78,7 @@
         {
             "@timestamp": "2021-08-11T15:04:22.000Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "event": {
                 "action": "credentials_failed",

@@ -16,7 +16,7 @@ processors:
   #######################
   - set:
       field: ecs.version
-      value: "8.0.0"
+      value: "8.2.0"
   # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down
   - set:
       field: event.created

@@ -13,7 +13,7 @@
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "8652330e-4de6-4596-a16f-4463a6c56e9e",

@@ -90,7 +90,7 @@ An example event for `signin_attempts` looks as following:
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "8652330e-4de6-4596-a16f-4463a6c56e9e",
@@ -232,7 +232,7 @@ An example event for `item_usages` looks as following:
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "8652330e-4de6-4596-a16f-4463a6c56e9e",

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: 1password
 title: "1Password Events Reporting"
-version: 1.2.2
+version: 1.3.0
 license: basic
 description: Collect events from 1Password Events API with Elastic Agent.
 type: integration

@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@8.0
+    reference: git@8.2
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.2.0"
+  changes:
+    - description: Update to ECS 8.2
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2778
 - version: "0.1.3"
   changes:
     - description: Fix typo in config template for ignoring host enrichment

@@ -117,7 +117,7 @@
             },
             "@timestamp": "2017-04-04T10:57:02.000Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "related": {
                 "ip": [
@@ -159,7 +159,6 @@
             },
             "event": {
                 "start": "2017-04-04T10:57:02.000Z",
-                "ingested": "2021-12-23T23:43:19.592965333Z",
                 "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"14227\",\"policyId\":\"qik1_26545\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d\",\"ruleData\":\"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX \",\"ruleMessages\":\"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 \",\"ruleSelectors\":\"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b\",\"ruleTags\":\"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R \",\"ruleVersions\":\"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d\",\"rules\":\"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ\"},\"geo\":{\"asn\":\"14618\",\"city\":\"ASHBURN\",\"continent\":\"288\",\"country\":\"US\",\"regionCode\":\"VA\"},\"httpMessage\":{\"bytes\":\"266\",\"host\":\"www.hmapi.com\",\"method\":\"GET\",\"path\":\"/\",\"port\":\"80\",\"protocol\":\"HTTP/1.1\",\"query\":\"option=com_jce%20telnet.exe\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"1158db1758e37bfe67b7c09\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20150\",\"start\":\"1491303422\",\"status\":\"200\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}",
                 "id": "1158db1758e37bfe67b7c09",
                 "category": "network",
@@ -273,7 +272,7 @@
             },
             "@timestamp": "2016-08-11T13:45:33.026Z",
             "ecs": {
-                "version": "8.0.0"
+                "version": "8.2.0"
             },
             "related": {
                 "ip": [
@@ -319,7 +318,6 @@
             },
             "event": {
                 "start": "2016-08-11T13:45:33.026Z",
-                "ingested": "2021-12-23T23:43:19.592973640Z",
                 "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"6724\",\"policyId\":\"scoe_5426\",\"ruleActions\":\"QUxFUlQ;REVOWQ==\",\"ruleData\":\"YWxlcnQo;Y3VybA==\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3 JpcHRpbmcgKFhTUykgQXR0YWNr; UmVxdWVzdCBJbmRpY2F0ZXMgYW4 gYXV0b21hdGVkIHByb2 dyYW0gZXhwbG9yZWQgdGhlIHNpdGU=\",\"ruleSelectors\":\"QVJHUzph;UkVRVUVTVF9IRU FERVJTOlVzZXItQWdlbnQ=\",\"ruleTags\":\"V0VCX0FUVEFDSy9YU1M=;QV VUT01BVElPTi9NSVND\",\"ruleVersions\":\";\",\"rules\":\"OTUwMDA0;OTkwMDEx\"},\"geo\":{\"asn\":\"12271\",\"city\":\"NEWYORK\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"34523\",\"host\":\"www.example.com\",\"method\":\"POST\",\"path\":\"/examples/1/\",\"port\":\"80\",\"protocol\":\"http/2\",\"query\":\"a%3D..%2F..%2F..%2Fetc%2Fpasswd\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"2ab418ac8515f33\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml\",\"start\":\"1470923133.026\",\"status\":\"301\",\"tls\": \"TLSv1.2\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d:30\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}",
                 "id": "2ab418ac8515f33",
                 "category": "network",

@@ -1,12 +1,9 @@
 ---
 description: Pipeline for parsing Akamai logs
 processors:
-- set:
-    field: event.ingested
-    value: '{{_ingest.timestamp}}'
 - set:
     field: ecs.version
-    value: '8.0.0'
+    value: '8.2.0'
 - rename:
     field: message
     target_field: event.original

@@ -99,7 +99,7 @@
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",

@@ -236,7 +236,7 @@ An example event for `siem` looks as following:
         "type": "logs"
     },
     "ecs": {
-        "version": "8.0.0"
+        "version": "8.2.0"
     },
     "elastic_agent": {
         "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",

@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: 0.1.3
+version: 0.2.0
 release: beta
 description: Akamai Integration
 type: integration

@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@8.0
+    reference: git@8.2
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.0"
+  changes:
+    - description: Update to ECS 8.2
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2778
 - version: "1.1.1"
   changes:
     - description: Add documentation for multi-fields