elastic · r00tu53r · Feb 3, 2022 · Jan 2, 2022 · Jan 4, 2022 · Jan 6, 2022
@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: git@1.12
+ reference: git@8.0
@@ -18,86 +18,116 @@ Fields published for AMQP packets.
 
 {{fields "amqp"}}
 
+{{event "amqp"}}
+
 ### Cassandra
 
 Fields published for Apache Cassandra packets.
 
 {{fields "cassandra"}}
 
+{{event "cassandra"}}
+
 ### DHCP
 
 Fields published for DHCPv4 packets.
 
 {{fields "dhcpv4"}}
 
+{{event "dhcpv4"}}
+
 ### DNS
 
 Fields published for DNS packets.
 
 {{fields "dns"}}
 
+{{event "dns"}}
+
 ### HTTP
 
 Fields published for HTTP packets.
 
 {{fields "http"}}
 
+{{event "http"}}
+
 ### ICMP
 
 Fields published for ICMP packets.
 
 {{fields "icmp"}}
 
+{{event "icmp"}}
+
 ### Memcached
 
 Fields published for Memcached packets.
 
 {{fields "memcached"}}
 
+{{event "memcached"}}
+
 ### MongoDB
 
 Fields published for MongoDB packets.
 
 {{fields "mongodb"}}
 
+{{event "mongodb"}}
+
 ### MySQL
 
 Fields published for MySQL packets.
 
 {{fields "mysql"}}
 
+{{event "mysql"}}
+
 ### NFS
 
 Fields published for NFS packets.
 
 {{fields "nfs"}}
 
+{{event "nfs"}}
+
 ### PostgreSQL
 
 Fields published for PostgreSQL packets.
 
 {{fields "pgsql"}}
 
+{{event "pgsql"}}
+
 ### Redis
 
 Fields published for Redis packets.
 
 {{fields "redis"}}
 
+{{event "redis"}}
+
 ### SIP
 
 Fields published for SIP packets.
 
 {{fields "sip"}}
 
+{{event "sip"}}
+
 ### Thrift
 
 Fields published for Thrift packets.
 
 {{fields "thrift"}}
 
+{{event "thrift"}}
+
 ### TLS
 
 Fields published for TLS packets.
 
 {{fields "tls"}}
+
+{{event "tls"}}
@@ -1,9 +1,14 @@
 # newer versions go on top
+- version: "0.6.0"
+ changes:
+ - description: Update to ECS 8.0
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/2426
 - version: "0.5.1"
  changes:
  - description: Fix mapping for tls.detailed.server_certificate_chain
  type: bugfix
- link: https://github.com/elastic/integrations/pull/nnnn
+ link: https://github.com/elastic/integrations/pull/2517
 - version: "0.5.0"
  changes:
  - description: Add 8.0.0 version constraint

@@ -0,0 +1,27 @@
+---
+description: Pipeline for processing amqp traffic
+processors:
+- set:
+ field: ecs.version
+ value: 8.0.0
+##
+# Set host.mac to dash separated upper case value
+# as per ECS recommendation
+##
+- gsub:
+ field: host.mac
+ pattern: '[-:.]'
+ replacement: ''
+ ignore_missing: true
+- gsub:
+ field: host.mac
+ pattern: '(..)(?!$)'
+ replacement: '$1-'
+ ignore_missing: true
+- uppercase:
+ field: host.mac
+ ignore_missing: true
+on_failure:
+- set:
+ field: error.message
+ value: "{{ _ingest.on_failure_message }}"
@@ -0,0 +1,101 @@
+{
+ "@timestamp": "2022-02-03T10:17:53.765Z",
+ "agent": {
+ "ephemeral_id": "3fea1b50-9461-4f1e-b816-1531794e7487",
+ "id": "584f3aea-648c-4e58-aba4-32b8f88d4396",
+ "name": "docker-fleet-agent",
+ "type": "packetbeat",
+ "version": "8.0.0-beta1"
+ },
+ "amqp": {
+ "durable": true,
+ "exchange": "titres",
+ "exchange-type": "fanout",
+ "no-wait": true,
+ "passive": false
+ },
+ "client": {
+ "bytes": 33,
+ "ip": "127.0.0.1",
+ "port": 34445
+ },
+ "data_stream": {
+ "dataset": "network_traffic.amqp",
+ "namespace": "ep",
+ "type": "logs"
+ },
+ "destination": {
+ "ip": "127.0.0.1",
+ "port": 5672
+ },
+ "ecs": {
+ "version": "8.0.0"
+ },
+ "elastic_agent": {
+ "id": "584f3aea-648c-4e58-aba4-32b8f88d4396",
+ "snapshot": false,
+ "version": "8.0.0-beta1"
+ },
+ "event": {
+ "action": "amqp.exchange.declare",
+ "agent_id_status": "verified",
+ "category": [
+ "network"
+ ],
+ "dataset": "network_traffic.amqp",
+ "ingested": "2022-02-03T10:17:54Z",
+ "kind": "event",
+ "start": "2022-02-03T10:17:53.765Z",
+ "type": [
+ "connection",
+ "protocol"
+ ]
+ },
+ "host": {
+ "architecture": "x86_64",
+ "containerized": true,
+ "hostname": "docker-fleet-agent",
+ "id": "4ccba669f0df47fa3f57a9e4169ae7f1",
+ "ip": [
+ "172.19.0.6"
+ ],
+ "mac": [
+ "02-42-AC-13-00-06"
+ ],
+ "name": "docker-fleet-agent",
+ "os": {
+ "codename": "Core",
+ "family": "redhat",
+ "kernel": "5.13.0-27-generic",
+ "name": "CentOS Linux",
+ "platform": "centos",
+ "type": "linux",
+ "version": "7 (Core)"
+ }
+ },
+ "method": "exchange.declare",
+ "network": {
+ "bytes": 33,
+ "community_id": "1:ocT5O96pI2Ji2EIPYIEymNmQXrE=",
+ "direction": "ingress",
+ "protocol": "amqp",
+ "transport": "tcp",
+ "type": "ipv4"
+ },
+ "related": {
+ "ip": [
+ "127.0.0.1"
+ ]
+ },
+ "server": {
+ "ip": "127.0.0.1",
+ "port": 5672
+ },
+ "source": {
+ "bytes": 33,
+ "ip": "127.0.0.1",
+ "port": 34445
+ },
+ "status": "OK",
+ "type": "amqp"
+}
@@ -0,0 +1,27 @@
+---
+description: Pipeline for processing cassandra traffic
+processors:
+- set:
+ field: ecs.version
+ value: 8.0.0
+##
+# Set host.mac to dash separated upper case value
+# as per ECS recommendation
+##
+- gsub:
+ field: host.mac
+ pattern: '[-:.]'
+ replacement: ''
+ ignore_missing: true
+- gsub:
+ field: host.mac
+ pattern: '(..)(?!$)'
+ replacement: '$1-'
+ ignore_missing: true
+- uppercase:
+ field: host.mac
+ ignore_missing: true
+on_failure:
+- set:
+ field: error.message
+ value: "{{ _ingest.on_failure_message }}"