Skip to content

Releases: elastic/ecs

ECS v8.16.0

13 Nov 21:25
@mjwolf mjwolf
v8.16.0
ba56ea8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS v8.16.0 Latest
Latest

Schema Changes

Bugfixes

  • Fix broken link in docs for vulnerability.id. #2328

Added

  • Added volume.* as beta field set. #2269
  • Advanced process.env_vars to GA. #2315
  • Advanced process.io and process.tty fields to GA. #2317
  • Added threat.indicator.id. #2324
  • Added process.group to generated schemas. #2335

Improvements

  • Define base encoding of x509.serial_number. #2383

Tooling and Artifact Changes

Bugfixes

  • Fix broken link for vulnerabilty.id #2328

Added

  • Documentation in README.md providing instruction on contributions to ECS during the OTel donation #2325
Assets 2
Loading

ECS 8.11.0

07 Nov 20:27
@taylor-swanson taylor-swanson
v8.11.0
ce703ab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.11.0

Schema Changes

Bugfixes

  • Remove expected_values from threat.*.indicator.name fields. #2281

Tooling and Artifact Changes

Bugfixes

  • Respect reusable.top_level in Beats generator #2278
Assets 2
Loading

ECS 8.10.0

12 Sep 19:50
@chrisberkhout chrisberkhout
v8.10.0
43a1a61
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.10.0

ECS 8.10.0

Schema Changes

Added

  • Added container.security_context.privileged to indicated whether a container was started in privileged mode. #2219, #2225, #2246
  • Added process.thread.capabilities.permitted to contain the current thread's possible capabilities. #2245
  • Added process.thread.capabilities.effective to contain the current thread's effective capabilities. #2245

Improvements

  • Permit ignore_above if explicitly set on a flattened field. #2248

Tooling and Artifact Changes

Improvements

  • Improved documentation formatting to better follow the contributing guide. #2226
  • Bump gitpython dependency from 3.1.30 to 3.1.35 for security fixes. #2251, #2264, #2265
Assets 2
Loading

ECS 8.9.0

26 Jul 18:17
@bhapas bhapas
v8.9.0
f816f2a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.9.0

8.9.0

Schema Changes

Bugfixes

Added

  • Added process.vpid for namespaced process ids. #2211

Improvements

Deprecated

  • Removed faas.trigger: nested since we only have one trigger. #2194
Assets 2
Loading

ECS 8.8.0

25 May 18:54
@kgeller kgeller
v8.8.0
969aeba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.8.0

ECS 8.8.0

Schema Changes

Added

  • Add access as an allowed type for event.type: file. #2174
  • Add orchestrator.resource.annotation and orchestrator.resource.label. #2181
  • Add event.kind: asset as a beta category. #2191

Tooling and Artifact Changes

Added

  • Add parameters property for field definitions, to provide any mapping parameter. #2084
Assets 2
Loading

ECS 8.7.0

30 Mar 13:20
@marc-gr marc-gr
v8.7.0
7a56b30
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.7.0

Schema Changes

Bugfixes

  • remove duplicated client.domain definition #2120

Added

  • adding name field to threat.indicator #2121
  • adding api option to event.category #2147
  • adding library option to event.category #2154

Improvements

  • description for host.name definition updated to encourage use of FDQN #2122

Tooling and Artifact Changes

Improvements

  • Updated usage docs to include threat.indicator.url.domain and changed indicator.marking.tlp and indicator.enrichments.marking.tlp from "WHITE" to "CLEAR" to align with TLP 2.0. #2124
  • Bump gitpython from 3.1.27 to 3.1.30 in /scripts. #2139
Assets 2
Loading

ECS 8.7.0-rc1

08 Feb 15:05
@marc-gr marc-gr
v8.7.0-rc1
ad9672f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.7.0-rc1 Pre-release
Pre-release

Schema Changes

Bugfixes

  • remove duplicated client.domain definition #2120

Added

  • adding name field to threat.indicator #2121
  • adding api option to event.category #2147
  • adding library option to event.category #2154

Improvements

  • description for host.name definition updated to encourage use of FDQN #2122

Tooling and Artifact Changes

Improvements

  • Updated usage docs to include threat.indicator.url.domain and changed indicator.marking.tlp and indicator.enrichments.marking.tlp from "WHITE" to "CLEAR" to align with TLP 2.0. #2124
  • Bump gitpython from 3.1.27 to 3.1.30 in /scripts. #2139
Assets 2
Loading

ECS 8.6.1

06 Feb 13:46
@kgeller kgeller
v8.6.1
5f217d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.6.1

What's new in ECS 8.5.1

Schema Changes

Bugfixes

  • Fixing tlp_version and tlp field for threat. #2156
Assets 2
Loading

ECS 8.6.0

10 Jan 16:26
@djptek djptek
v8.6.0
7a4148f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.6.0

8.6.0 RELEASE

Schema Changes

Added

  • Adding vulnerability option for event.category. #2029
  • Added device.* field set as beta. #2030
  • Added tlp.version to threat #2074
  • Added fields for executable object format metadata for ELF, Mach-O and PE #2083

Improvements

  • Added CLEAR and AMBER+STRICT as valid values for threat.indicator.marking.tlp and enrichments.indicator.marking.tlp to accept new TLP 2.0 markings #2022, #2074
Assets 2
Loading

ECS 8.6.0-rc1

21 Nov 11:25
@djptek djptek
v8.6.0-rc1
a9e19ed
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ECS 8.6.0-rc1

Schema Changes

Added

  • Adding vulnerability option for event.category. #2029
  • Added device.* field set as beta. #2030
  • Added tlp.version to threat #2074
  • Added fields for executable object format metadata for ELF, Mach-O and PE #2083

Improvements

  • Added CLEAR and AMBER+STRICT as valid values for threat.indicator.marking.tlp and enrichments.indicator.marking.tlp to accept new TLP 2.0 markings #2022, #2074
Assets 2
Loading