From 857af88df44e752b32bdbb8e660ca2d0c8197b82 Mon Sep 17 00:00:00 2001 From: Aleksandr Maus Date: Thu, 31 Oct 2024 10:12:14 -0400 Subject: [PATCH] [osquery_manager] Add mappings for ECS email fields (#11583) * [osquery_manager] Add mappings for ECS email fields * Update PR number in the changelog * Honing down on this being an enhancement --- packages/osquery_manager/changelog.yml | 5 ++ .../data_stream/result/fields/ecs.yml | 46 +++++++++++++++++++ packages/osquery_manager/manifest.yml | 2 +- 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml index 82ab137c432..393ac16bd61 100644 --- a/packages/osquery_manager/changelog.yml +++ b/packages/osquery_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.15.0" + changes: + - description: Add mappings for ECS email fields + type: enhancement + link: https://github.com/elastic/integrations/pull/11583 - version: "1.14.0" changes: - description: Update schema for osquery 5.13.1 diff --git a/packages/osquery_manager/data_stream/result/fields/ecs.yml b/packages/osquery_manager/data_stream/result/fields/ecs.yml index 43e8b7603a4..884e1ecc32d 100644 --- a/packages/osquery_manager/data_stream/result/fields/ecs.yml +++ b/packages/osquery_manager/data_stream/result/fields/ecs.yml @@ -69,12 +69,58 @@ name: dns.answers.ttl - external: ecs name: dns.resolved_ip +- external: ecs + name: email.attachments +- external: ecs + name: email.attachments.file.extension +- external: ecs + name: email.attachments.file.hash.md5 +- external: ecs + name: email.attachments.file.hash.sha1 +- external: ecs + name: email.attachments.file.hash.sha256 +- external: ecs + name: email.attachments.file.hash.sha384 +- external: ecs + name: email.attachments.file.hash.sha512 +- external: ecs + name: email.attachments.file.hash.ssdeep +- external: ecs + name: email.attachments.file.hash.tlsh +- external: ecs + name: email.attachments.file.mime_type +- external: ecs + name: email.attachments.file.name - external: ecs name: email.attachments.file.size +- external: ecs + name: email.bcc.address +- external: ecs + name: email.cc.address +- external: ecs + name: email.content_type - external: ecs name: email.delivery_timestamp +- external: ecs + name: email.direction +- external: ecs + name: email.from.address +- external: ecs + name: email.local_id +- external: ecs + name: email.message_id - external: ecs name: email.origination_timestamp +- external: ecs + name: email.reply_to.address +- external: ecs + name: email.sender.address +- external: ecs + name: email.subject +- external: ecs + name: email.to.address +- external: ecs + name: email.x_mailer - external: ecs name: event.created - external: ecs diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml index 87f8eea05f2..e31b526208b 100644 --- a/packages/osquery_manager/manifest.yml +++ b/packages/osquery_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: osquery_manager title: Osquery Manager -version: 1.14.0 +version: 1.15.0 description: Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana type: integration categories: