[osquery_manager] Add mappings for ECS email fields (elastic#11583)

* [osquery_manager] Add mappings for ECS email fields * Update PR number in the changelog * Honing down on this being an enhancement
taylor-swanson · Oct 31, 2024 · 857af88 · 857af88
1 parent 5de1595
commit 857af88
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 1 deletion.
diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.15.0"
+  changes:
+    - description: Add mappings for ECS email fields
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/11583
 - version: "1.14.0"
   changes:
     - description: Update schema for osquery 5.13.1

diff --git a/packages/osquery_manager/data_stream/result/fields/ecs.yml b/packages/osquery_manager/data_stream/result/fields/ecs.yml
@@ -69,12 +69,58 @@
   name: dns.answers.ttl
 - external: ecs
   name: dns.resolved_ip
+- external: ecs
+  name: email.attachments
+- external: ecs
+  name: email.attachments.file.extension
+- external: ecs
+  name: email.attachments.file.hash.md5
+- external: ecs
+  name: email.attachments.file.hash.sha1
+- external: ecs
+  name: email.attachments.file.hash.sha256
+- external: ecs
+  name: email.attachments.file.hash.sha384
+- external: ecs
+  name: email.attachments.file.hash.sha512
+- external: ecs
+  name: email.attachments.file.hash.ssdeep
+- external: ecs
+  name: email.attachments.file.hash.tlsh
+- external: ecs
+  name: email.attachments.file.mime_type
+- external: ecs
+  name: email.attachments.file.name
 - external: ecs
   name: email.attachments.file.size
+- external: ecs
+  name: email.bcc.address
+- external: ecs
+  name: email.cc.address
+- external: ecs
+  name: email.content_type
 - external: ecs
   name: email.delivery_timestamp
+- external: ecs
+  name: email.direction
+- external: ecs
+  name: email.from.address
+- external: ecs
+  name: email.local_id
+- external: ecs
+  name: email.message_id
 - external: ecs
   name: email.origination_timestamp
+- external: ecs
+  name: email.reply_to.address
+- external: ecs
+  name: email.sender.address
+- external: ecs
+  name: email.subject
+- external: ecs
+  name: email.to.address
+- external: ecs
+  name: email.x_mailer
 - external: ecs
   name: event.created
 - external: ecs

diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.0.0
 name: osquery_manager
 title: Osquery Manager
-version: 1.14.0
+version: 1.15.0
 description: Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana
 type: integration
 categories: