From ae987fbcdac508ef8e2a665e7755e9ceeb3dfae3 Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 04:17:56 -0400 Subject: [PATCH 01/10] add new fields --- schemas/file.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/schemas/file.yml b/schemas/file.yml index a5e3e76cf7..a2a2beb568 100644 --- a/schemas/file.yml +++ b/schemas/file.yml @@ -225,3 +225,15 @@ short: A fork is additional data associated with a filesystem object. example: Zone.Identifer + + - name: origin_referrer_url + level: extended + type: keyword + description: The url of the webpage that linked to the file. + example: https://example.com + + - name: origin_url + level: extended + type: keyword + description: The url where the file is hosted. + example: https://example.com/file.zip From 7e044e84f0f41b13b2cc04a0a31de9d8c8ac7791 Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 04:22:36 -0400 Subject: [PATCH 02/10] add changelog --- CHANGELOG.next.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 9613fb89e6..133febfd0d 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -22,7 +22,9 @@ Thanks, you're awesome :-) --> * Advanced `process.io` and `process.tty` fields to GA. #2317 * Added `threat.indicator.id`. #2324 * Added `process.group` to generated schemas. #2335 +* Added `file.origin_referrer_url` and `file.origin_url` #2348 +* #### Improvements #### Deprecated From 0e2d6779f0ea3963df7767030c56cca1178bee8f Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 08:36:46 +0000 Subject: [PATCH 03/10] add generated files --- docs/fields/field-details.asciidoc | 32 +++++++++ experimental/generated/beats/fields.ecs.yml | 42 +++++++++++ experimental/generated/csv/fields.csv | 6 ++ experimental/generated/ecs/ecs_flat.yml | 70 +++++++++++++++++++ experimental/generated/ecs/ecs_nested.yml | 70 +++++++++++++++++++ .../composable/component/file.json | 8 +++ .../composable/component/threat.json | 16 +++++ .../elasticsearch/legacy/template.json | 24 +++++++ generated/beats/fields.ecs.yml | 42 +++++++++++ generated/csv/fields.csv | 6 ++ generated/ecs/ecs_flat.yml | 70 +++++++++++++++++++ generated/ecs/ecs_nested.yml | 70 +++++++++++++++++++ .../composable/component/file.json | 8 +++ .../composable/component/threat.json | 16 +++++ generated/elasticsearch/legacy/template.json | 24 +++++++ 15 files changed, 504 insertions(+) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 31273d8c4b..c1db3f9e97 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -4298,6 +4298,38 @@ example: `example.png` // =============================================================== +| +[[field-file-origin-referrer-url]] +<> + +a| The url of the webpage that linked to the file. + +type: keyword + + + +example: `https://example.com` + +| extended + +// =============================================================== + +| +[[field-file-origin-url]] +<> + +a| The url where the file is hosted. + +type: keyword + + + +example: `https://example.com/file.zip` + +| extended + +// =============================================================== + | [[field-file-owner]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index bc95a6db22..d0542fa33d 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2973,6 +2973,20 @@ ignore_above: 1024 description: Name of the file including the extension, without the directory. example: example.png + - name: origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: owner level: extended type: keyword @@ -9569,6 +9583,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: enrichments.indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: enrichments.indicator.file.origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: enrichments.indicator.file.owner level: extended type: keyword @@ -11176,6 +11204,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: indicator.file.origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: indicator.file.owner level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 292ac5f917..cdcc2e4f02 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -358,6 +358,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev+exp,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev+exp,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1218,6 +1220,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1435,6 +1439,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev+exp,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 02b972886f..721422d386 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -4885,6 +4885,28 @@ file.name: normalize: [] short: Name of the file including the extension, without the directory. type: keyword +file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + short: The url of the webpage that linked to the file. + type: keyword +file.origin_url: + dashed_name: file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + short: The url where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -15448,6 +15470,30 @@ threat.enrichments.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword +threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -18158,6 +18204,30 @@ threat.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword +threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index f600ab293a..bb31c8d339 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -5920,6 +5920,28 @@ file: normalize: [] short: Name of the file including the extension, without the directory. type: keyword + file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + short: The url of the webpage that linked to the file. + type: keyword + file.origin_url: + dashed_name: file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + short: The url where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -18113,6 +18135,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword + threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -20829,6 +20875,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword + threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/experimental/generated/elasticsearch/composable/component/file.json b/experimental/generated/elasticsearch/composable/component/file.json index a04643e7d9..bab82891fc 100644 --- a/experimental/generated/elasticsearch/composable/component/file.json +++ b/experimental/generated/elasticsearch/composable/component/file.json @@ -340,6 +340,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/composable/component/threat.json b/experimental/generated/elasticsearch/composable/component/threat.json index 7f002d5bb7..273f380955 100644 --- a/experimental/generated/elasticsearch/composable/component/threat.json +++ b/experimental/generated/elasticsearch/composable/component/threat.json @@ -324,6 +324,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -1245,6 +1253,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 18386e190c..8e06b7ccb7 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -1676,6 +1676,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -5541,6 +5549,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -6462,6 +6478,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index fa0007884b..a47577f1c6 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2923,6 +2923,20 @@ ignore_above: 1024 description: Name of the file including the extension, without the directory. example: example.png + - name: origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: owner level: extended type: keyword @@ -9519,6 +9533,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: enrichments.indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: enrichments.indicator.file.origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: enrichments.indicator.file.owner level: extended type: keyword @@ -11126,6 +11154,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 1024 + description: The url of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: indicator.file.origin_url + level: extended + type: keyword + ignore_above: 1024 + description: The url where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: indicator.file.owner level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index c31a8de31c..fea8503170 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -351,6 +351,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1211,6 +1213,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1428,6 +1432,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. 8.12.0-dev,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 2022bddaf4..34cee80f19 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -4816,6 +4816,28 @@ file.name: normalize: [] short: Name of the file including the extension, without the directory. type: keyword +file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + short: The url of the webpage that linked to the file. + type: keyword +file.origin_url: + dashed_name: file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + short: The url where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -15379,6 +15401,30 @@ threat.enrichments.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword +threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -18089,6 +18135,30 @@ threat.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword +threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 8057eeed15..12cd3dc823 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -5840,6 +5840,28 @@ file: normalize: [] short: Name of the file including the extension, without the directory. type: keyword + file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + short: The url of the webpage that linked to the file. + type: keyword + file.origin_url: + dashed_name: file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + short: The url where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -18033,6 +18055,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword + threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -20749,6 +20795,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The url of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 1024 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The url of the webpage that linked to the file. + type: keyword + threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The url where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 1024 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The url where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/generated/elasticsearch/composable/component/file.json b/generated/elasticsearch/composable/component/file.json index d055adf323..98233f0e36 100644 --- a/generated/elasticsearch/composable/component/file.json +++ b/generated/elasticsearch/composable/component/file.json @@ -340,6 +340,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/composable/component/threat.json b/generated/elasticsearch/composable/component/threat.json index 17d9b1e77f..f928696d50 100644 --- a/generated/elasticsearch/composable/component/threat.json +++ b/generated/elasticsearch/composable/component/threat.json @@ -324,6 +324,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -1245,6 +1253,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index a6b67033e2..48ae350316 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -1634,6 +1634,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -5499,6 +5507,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -6420,6 +6436,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 1024, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" From b6232b72cc93024c28ff834ee4b713c4f5e3386e Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 07:12:36 -0400 Subject: [PATCH 04/10] change ingore_above to 8192 --- experimental/generated/beats/fields.ecs.yml | 12 ++++++------ experimental/generated/ecs/ecs_flat.yml | 12 ++++++------ experimental/generated/ecs/ecs_nested.yml | 12 ++++++------ .../elasticsearch/composable/component/file.json | 4 ++-- .../generated/elasticsearch/legacy/template.json | 12 ++++++------ 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index d0542fa33d..3d715348cc 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2976,14 +2976,14 @@ - name: origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false @@ -9586,14 +9586,14 @@ - name: enrichments.indicator.file.origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: enrichments.indicator.file.origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false @@ -11207,14 +11207,14 @@ - name: indicator.file.origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: indicator.file.origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 721422d386..1e558cb478 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -4890,7 +4890,7 @@ file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -4901,7 +4901,7 @@ file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -15475,7 +15475,7 @@ threat.enrichments.indicator.file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -15487,7 +15487,7 @@ threat.enrichments.indicator.file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -18209,7 +18209,7 @@ threat.indicator.file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -18221,7 +18221,7 @@ threat.indicator.file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index bb31c8d339..bf0da045a2 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -5925,7 +5925,7 @@ file: description: The url of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -5936,7 +5936,7 @@ file: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -18140,7 +18140,7 @@ threat: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -18152,7 +18152,7 @@ threat: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -20880,7 +20880,7 @@ threat: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -20892,7 +20892,7 @@ threat: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] diff --git a/experimental/generated/elasticsearch/composable/component/file.json b/experimental/generated/elasticsearch/composable/component/file.json index bab82891fc..ed3e785c0c 100644 --- a/experimental/generated/elasticsearch/composable/component/file.json +++ b/experimental/generated/elasticsearch/composable/component/file.json @@ -341,11 +341,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 8e06b7ccb7..4dc9cd4007 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -1677,11 +1677,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -5550,11 +5550,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -6479,11 +6479,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { From 9044e9bc61544739d0268f0c33b7b87120253304 Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 08:00:52 -0400 Subject: [PATCH 05/10] change ingore_above to 8192 --- generated/beats/fields.ecs.yml | 12 ++++++------ generated/ecs/ecs_flat.yml | 12 ++++++------ generated/ecs/ecs_nested.yml | 12 ++++++------ .../elasticsearch/composable/component/file.json | 4 ++-- .../elasticsearch/composable/component/threat.json | 8 ++++---- generated/elasticsearch/legacy/template.json | 12 ++++++------ 6 files changed, 30 insertions(+), 30 deletions(-) diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index a47577f1c6..e887d3b490 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2926,14 +2926,14 @@ - name: origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false @@ -9536,14 +9536,14 @@ - name: enrichments.indicator.file.origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: enrichments.indicator.file.origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false @@ -11157,14 +11157,14 @@ - name: indicator.file.origin_referrer_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com default_field: false - name: indicator.file.origin_url level: extended type: keyword - ignore_above: 1024 + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip default_field: false diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 34cee80f19..abe9e4884f 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -4821,7 +4821,7 @@ file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -4832,7 +4832,7 @@ file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -15406,7 +15406,7 @@ threat.enrichments.indicator.file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -15418,7 +15418,7 @@ threat.enrichments.indicator.file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -18140,7 +18140,7 @@ threat.indicator.file.origin_referrer_url: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -18152,7 +18152,7 @@ threat.indicator.file.origin_url: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 12cd3dc823..17a0e5308e 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -5845,7 +5845,7 @@ file: description: The url of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -5856,7 +5856,7 @@ file: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -18060,7 +18060,7 @@ threat: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -18072,7 +18072,7 @@ threat: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] @@ -20800,7 +20800,7 @@ threat: description: The url of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] @@ -20812,7 +20812,7 @@ threat: description: The url where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url - ignore_above: 1024 + ignore_above: 8192 level: extended name: origin_url normalize: [] diff --git a/generated/elasticsearch/composable/component/file.json b/generated/elasticsearch/composable/component/file.json index 98233f0e36..12abc67d40 100644 --- a/generated/elasticsearch/composable/component/file.json +++ b/generated/elasticsearch/composable/component/file.json @@ -341,11 +341,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { diff --git a/generated/elasticsearch/composable/component/threat.json b/generated/elasticsearch/composable/component/threat.json index f928696d50..367a251a23 100644 --- a/generated/elasticsearch/composable/component/threat.json +++ b/generated/elasticsearch/composable/component/threat.json @@ -325,11 +325,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -1254,11 +1254,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index 48ae350316..c4dafc81d0 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -1635,11 +1635,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -5508,11 +5508,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -6437,11 +6437,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { From 41653a4df0235f15dcf9d2561162def703492178 Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 08:02:55 -0400 Subject: [PATCH 06/10] change ingore_above to 8192 --- .../elasticsearch/composable/component/threat.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/experimental/generated/elasticsearch/composable/component/threat.json b/experimental/generated/elasticsearch/composable/component/threat.json index 273f380955..71a444b6ae 100644 --- a/experimental/generated/elasticsearch/composable/component/threat.json +++ b/experimental/generated/elasticsearch/composable/component/threat.json @@ -325,11 +325,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { @@ -1254,11 +1254,11 @@ "type": "keyword" }, "origin_referrer_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "origin_url": { - "ignore_above": 1024, + "ignore_above": 8192, "type": "keyword" }, "owner": { From 6bd7c2be3e2c1a0330d6822433accb1275880d7a Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Thu, 27 Jun 2024 08:24:54 -0400 Subject: [PATCH 07/10] change ingore_above to 8192 --- schemas/file.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/schemas/file.yml b/schemas/file.yml index a2a2beb568..a85db48c9a 100644 --- a/schemas/file.yml +++ b/schemas/file.yml @@ -229,11 +229,13 @@ - name: origin_referrer_url level: extended type: keyword + ignore_above: 8192 description: The url of the webpage that linked to the file. example: https://example.com - name: origin_url level: extended type: keyword + ignore_above: 8192 description: The url where the file is hosted. example: https://example.com/file.zip From 454627d173808387f109910a955b5aecd78f68ce Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Tue, 3 Sep 2024 15:15:11 +0900 Subject: [PATCH 08/10] Update CHANGELOG.next.md Co-authored-by: Michael Wolf --- CHANGELOG.next.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 133febfd0d..a48bd93b08 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -24,7 +24,6 @@ Thanks, you're awesome :-) --> * Added `process.group` to generated schemas. #2335 * Added `file.origin_referrer_url` and `file.origin_url` #2348 -* #### Improvements #### Deprecated From 87cb587f170507b33c76d58cea4b0b499113efc3 Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Tue, 3 Sep 2024 15:45:02 +0900 Subject: [PATCH 09/10] Update file.yml --- schemas/file.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/schemas/file.yml b/schemas/file.yml index a85db48c9a..d0772c0ab2 100644 --- a/schemas/file.yml +++ b/schemas/file.yml @@ -230,12 +230,12 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com - name: origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip From 1dbe5c056aefe2aa9b8d260cb6ba33ef0a3a30df Mon Sep 17 00:00:00 2001 From: Asuka Nakajima Date: Wed, 4 Sep 2024 07:52:47 +0000 Subject: [PATCH 10/10] add regenerated files --- docs/fields/field-details.asciidoc | 4 ++-- experimental/generated/beats/fields.ecs.yml | 12 +++++------ experimental/generated/csv/fields.csv | 12 +++++------ experimental/generated/ecs/ecs_flat.yml | 24 ++++++++++----------- experimental/generated/ecs/ecs_nested.yml | 24 ++++++++++----------- generated/beats/fields.ecs.yml | 12 +++++------ generated/csv/fields.csv | 12 +++++------ generated/ecs/ecs_flat.yml | 24 ++++++++++----------- generated/ecs/ecs_nested.yml | 24 ++++++++++----------- 9 files changed, 74 insertions(+), 74 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index c1db3f9e97..f51db9dfd8 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -4302,7 +4302,7 @@ example: `example.png` [[field-file-origin-referrer-url]] <> -a| The url of the webpage that linked to the file. +a| The URL of the webpage that linked to the file. type: keyword @@ -4318,7 +4318,7 @@ example: `https://example.com` [[field-file-origin-url]] <> -a| The url where the file is hosted. +a| The URL where the file is hosted. type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 3d715348cc..b53aa7dcd2 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2977,14 +2977,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: owner @@ -9587,14 +9587,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: enrichments.indicator.file.origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: enrichments.indicator.file.owner @@ -11208,14 +11208,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: indicator.file.origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: indicator.file.owner diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index cdcc2e4f02..aee9cd2764 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -358,8 +358,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev+exp,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev+exp,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev+exp,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1220,8 +1220,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1439,8 +1439,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev+exp,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev+exp,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 1e558cb478..d4efb6e8a8 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -4887,25 +4887,25 @@ file.name: type: keyword file.origin_referrer_url: dashed_name: file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword file.origin_url: dashed_name: file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url ignore_above: 8192 level: extended name: origin_url normalize: [] - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword file.owner: dashed_name: file-owner @@ -15472,7 +15472,7 @@ threat.enrichments.indicator.file.name: type: keyword threat.enrichments.indicator.file.origin_referrer_url: dashed_name: threat-enrichments-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url ignore_above: 8192 @@ -15480,11 +15480,11 @@ threat.enrichments.indicator.file.origin_referrer_url: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.enrichments.indicator.file.origin_url: dashed_name: threat-enrichments-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url ignore_above: 8192 @@ -15492,7 +15492,7 @@ threat.enrichments.indicator.file.origin_url: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner @@ -18206,7 +18206,7 @@ threat.indicator.file.name: type: keyword threat.indicator.file.origin_referrer_url: dashed_name: threat-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url ignore_above: 8192 @@ -18214,11 +18214,11 @@ threat.indicator.file.origin_referrer_url: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.indicator.file.origin_url: dashed_name: threat-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url ignore_above: 8192 @@ -18226,7 +18226,7 @@ threat.indicator.file.origin_url: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index bf0da045a2..032f2f7b5d 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -5922,25 +5922,25 @@ file: type: keyword file.origin_referrer_url: dashed_name: file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword file.origin_url: dashed_name: file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url ignore_above: 8192 level: extended name: origin_url normalize: [] - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword file.owner: dashed_name: file-owner @@ -18137,7 +18137,7 @@ threat: type: keyword threat.enrichments.indicator.file.origin_referrer_url: dashed_name: threat-enrichments-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url ignore_above: 8192 @@ -18145,11 +18145,11 @@ threat: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.enrichments.indicator.file.origin_url: dashed_name: threat-enrichments-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url ignore_above: 8192 @@ -18157,7 +18157,7 @@ threat: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner @@ -20877,7 +20877,7 @@ threat: type: keyword threat.indicator.file.origin_referrer_url: dashed_name: threat-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url ignore_above: 8192 @@ -20885,11 +20885,11 @@ threat: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.indicator.file.origin_url: dashed_name: threat-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url ignore_above: 8192 @@ -20897,7 +20897,7 @@ threat: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index e887d3b490..8e38623a69 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2927,14 +2927,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: owner @@ -9537,14 +9537,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: enrichments.indicator.file.origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: enrichments.indicator.file.owner @@ -11158,14 +11158,14 @@ level: extended type: keyword ignore_above: 8192 - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com default_field: false - name: indicator.file.origin_url level: extended type: keyword ignore_above: 8192 - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip default_field: false - name: indicator.file.owner diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index fea8503170..cbfddda8ca 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -351,8 +351,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1213,8 +1213,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1432,8 +1432,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." -8.12.0-dev,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The url of the webpage that linked to the file. -8.12.0-dev,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The url where the file is hosted. +8.12.0-dev,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index abe9e4884f..d39ef96e03 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -4818,25 +4818,25 @@ file.name: type: keyword file.origin_referrer_url: dashed_name: file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword file.origin_url: dashed_name: file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url ignore_above: 8192 level: extended name: origin_url normalize: [] - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword file.owner: dashed_name: file-owner @@ -15403,7 +15403,7 @@ threat.enrichments.indicator.file.name: type: keyword threat.enrichments.indicator.file.origin_referrer_url: dashed_name: threat-enrichments-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url ignore_above: 8192 @@ -15411,11 +15411,11 @@ threat.enrichments.indicator.file.origin_referrer_url: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.enrichments.indicator.file.origin_url: dashed_name: threat-enrichments-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url ignore_above: 8192 @@ -15423,7 +15423,7 @@ threat.enrichments.indicator.file.origin_url: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner @@ -18137,7 +18137,7 @@ threat.indicator.file.name: type: keyword threat.indicator.file.origin_referrer_url: dashed_name: threat-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url ignore_above: 8192 @@ -18145,11 +18145,11 @@ threat.indicator.file.origin_referrer_url: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.indicator.file.origin_url: dashed_name: threat-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url ignore_above: 8192 @@ -18157,7 +18157,7 @@ threat.indicator.file.origin_url: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 17a0e5308e..0b1cac771f 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -5842,25 +5842,25 @@ file: type: keyword file.origin_referrer_url: dashed_name: file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: file.origin_referrer_url ignore_above: 8192 level: extended name: origin_referrer_url normalize: [] - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword file.origin_url: dashed_name: file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: file.origin_url ignore_above: 8192 level: extended name: origin_url normalize: [] - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword file.owner: dashed_name: file-owner @@ -18057,7 +18057,7 @@ threat: type: keyword threat.enrichments.indicator.file.origin_referrer_url: dashed_name: threat-enrichments-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.enrichments.indicator.file.origin_referrer_url ignore_above: 8192 @@ -18065,11 +18065,11 @@ threat: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.enrichments.indicator.file.origin_url: dashed_name: threat-enrichments-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.enrichments.indicator.file.origin_url ignore_above: 8192 @@ -18077,7 +18077,7 @@ threat: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner @@ -20797,7 +20797,7 @@ threat: type: keyword threat.indicator.file.origin_referrer_url: dashed_name: threat-indicator-file-origin-referrer-url - description: The url of the webpage that linked to the file. + description: The URL of the webpage that linked to the file. example: https://example.com flat_name: threat.indicator.file.origin_referrer_url ignore_above: 8192 @@ -20805,11 +20805,11 @@ threat: name: origin_referrer_url normalize: [] original_fieldset: file - short: The url of the webpage that linked to the file. + short: The URL of the webpage that linked to the file. type: keyword threat.indicator.file.origin_url: dashed_name: threat-indicator-file-origin-url - description: The url where the file is hosted. + description: The URL where the file is hosted. example: https://example.com/file.zip flat_name: threat.indicator.file.origin_url ignore_above: 8192 @@ -20817,7 +20817,7 @@ threat: name: origin_url normalize: [] original_fieldset: file - short: The url where the file is hosted. + short: The URL where the file is hosted. type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner