apply review suggestions

auditbeat/_meta/fields.common.yml

@@ -53,15 +53,15 @@
     - name: process
       type: group
       description: >
-        These fields contains process and user information.
+        These fields contain process and user information.
         Available only on Linux when using the eBPF backend.
 
       fields:
       - name: entity_id
         type: keyword
         description: Globally unique identifier for a process.
 
-      - name: executable
+      - name: name
         type: keyword
         description: Process command.
 
@@ -70,15 +70,15 @@
         description: PID.
 
       - name: user.id
-        type: integer
+        type: keyword
         description: User ID (euid).
 
       - name: user.name
         type: keyword
         description: User name.
 
       - name: group.id
-        type: integer
+        type: keyword
         description: Group ID (egid).
 
       - name: group.name

auditbeat/docs/fields.asciidoc

@@ -2661,7 +2661,7 @@ example: s0
 [float]
 === process
 
-These fields contains process and user information. Available only on Linux when using the eBPF backend.
+These fields contain process and user information. Available only on Linux when using the eBPF backend.
 
 
 
@@ -2674,7 +2674,7 @@ type: keyword
 
 --
 
-*`file.process.executable`*::
+*`file.process.name`*::
 +
 --
 Process command.
@@ -2697,7 +2697,7 @@ type: integer
 --
 User ID (euid).
 
-type: integer
+type: keyword
 
 --
 
@@ -2715,7 +2715,7 @@ type: keyword
 --
 Group ID (egid).
 
-type: integer
+type: keyword
 
 --
 

auditbeat/module/file_integrity/event.go

@@ -385,7 +385,7 @@ func buildMetricbeatEvent(e *Event, existedBefore bool) mb.Event {
 
 	if e.Process != nil {
 		file["process.entity_id"] = e.Process.EntityID
-		file["process.executable"] = e.Process.Name
+		file["process.name"] = e.Process.Name
 		file["process.pid"] = e.Process.PID
 		file["process.user.id"] = e.Process.User.ID
 		file["process.user.name"] = e.Process.User.Name