elastic · marc-gr · Feb 19, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 6, 2025
@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: "git@v8.11.0"
+ reference: "git@v8.17.0"
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.20.0"
+ changes:
+ - description: ECS version updated to 8.17.0.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/12636
 - version: "1.19.0"
  changes:
  - description: Add 9.0.0 constraint.

@@ -3,7 +3,7 @@
  {
  "@timestamp": "2021-01-16T00:38:18.515Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -32,7 +32,7 @@
  {
  "@timestamp": "2021-01-16T00:35:25.258Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -61,7 +61,7 @@
  {
  "@timestamp": "2021-01-27T00:31:24.499Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -90,7 +90,7 @@
  {
  "@timestamp": "2021-01-16T00:35:34.317Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -119,7 +119,7 @@
  {
  "@timestamp": "2021-02-05T08:41:11.845Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -155,7 +155,7 @@
  {
  "@timestamp": "2021-01-16T11:54:34.234Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -191,7 +191,7 @@
  {
  "@timestamp": "2021-10-21T19:13:31.679Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -220,7 +220,7 @@
  {
  "@timestamp": "2021-01-16T00:35:32.941Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -261,7 +261,7 @@
  {
  "@timestamp": "2021-01-16T11:54:18.663Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -299,7 +299,7 @@
  {
  "@timestamp": "2021-02-05T08:41:11.845Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -335,7 +335,7 @@
  {
  "@timestamp": "2021-02-05T08:41:11.845Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -369,7 +369,7 @@
  {
  "@timestamp": "2021-02-05T08:43:13.839Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -404,7 +404,7 @@
  {
  "@timestamp": "2021-01-16T11:54:25.839Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -439,7 +439,7 @@
  {
  "@timestamp": "2021-01-27T14:36:47.026Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -475,7 +475,7 @@
  {
  "@timestamp": "2021-02-04T18:03:38.605Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -512,7 +512,7 @@
  {
  "@timestamp": "2021-01-16T00:35:32.958Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "timezone": "UTC"
@@ -539,4 +539,4 @@
  }
  }
  ]
-}
+}
@@ -3,7 +3,7 @@ description: Pipeline for parsing hid_bravura_monitor logs
 processors:
  - set:
  field: ecs.version
- value: '8.11.0'
+ value: '8.17.0'
  description: Set ecs.version to 1.12.0
  - rename:
  field: message

@@ -13,7 +13,7 @@
  "type": "logs"
  },
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "elastic_agent": {
  "id": "891454b6-66ae-48e0-a2df-0f093ea30e4c",

@@ -3,7 +3,7 @@
  {
  "@timestamp": "2020-05-13T09:04:04.755Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "code": "118",
@@ -45,7 +45,7 @@
  {
  "@timestamp": "2021-11-03T20:05:14.092Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "code": "64",
@@ -90,7 +90,7 @@
  {
  "@timestamp": "2021-11-03T20:05:14.092Z",
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "code": "94",
@@ -135,4 +135,4 @@
  }
  }
  ]
-}
+}
@@ -350,7 +350,7 @@ processors:
 
  - set:
  field: ecs.version
- value: '8.11.0'
+ value: '8.17.0'
 
  - set:
  field: log.level

@@ -26,7 +26,7 @@
  "region": "us-east-1"
  },
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "code": 92,

@@ -167,7 +167,7 @@ An example event for `log` looks as following:
  "type": "logs"
  },
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "elastic_agent": {
  "id": "891454b6-66ae-48e0-a2df-0f093ea30e4c",
@@ -427,10 +427,10 @@ An example event for `log` looks as following:
 | url.path | Path of the request, such as "/search". | wildcard |
 | url.port | Port of the request, such as 443. | long |
 | url.query | The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. | keyword |
-| url.registered_domain | The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword |
+| url.registered_domain | The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (https://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword |
 | url.scheme | Scheme of the request, such as "https". Note: The `:` is not part of the scheme. | keyword |
 | url.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword |
-| url.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword |
+| url.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (https://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword |
 | url.username | Username of the request. | keyword |
 | user.email | User email address. | keyword |
 | user.id | Unique identifier of the user. | keyword |
@@ -473,7 +473,7 @@ An example event for `winlog` looks as following:
  "region": "us-east-1"
  },
  "ecs": {
- "version": "8.11.0"
+ "version": "8.17.0"
  },
  "event": {
  "code": 92,

@@ -1,6 +1,6 @@
 name: hid_bravura_monitor
 title: Bravura Monitor
-version: "1.19.0"
+version: "1.20.0"
 categories: ["security", "iam"]
 description: Collect logs from Bravura Security Fabric with Elastic Agent.
 type: integration

@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: "git@v8.11.0"
+ reference: "git@v8.17.0"
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.26.0"
+ changes:
+ - description: ECS version updated to 8.17.0.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/12636
 - version: "1.25.0"
  changes:
  - description: Add 9.0.0 constraint.