diff --git a/packages/amazon_security_lake/data_stream/application_activity/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/application_activity/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/application_activity/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/application_activity/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/application_activity/fields/fields.yml b/packages/amazon_security_lake/data_stream/application_activity/fields/fields.yml index 9a2b855148db..328884f80092 100644 --- a/packages/amazon_security_lake/data_stream/application_activity/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/application_activity/fields/fields.yml @@ -16,18 +16,11 @@ - name: name type: keyword description: The CIS benchmark name. - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: path type: keyword description: The installation path of the product. diff --git a/packages/amazon_security_lake/data_stream/application_activity/fields/file-fields.yml b/packages/amazon_security_lake/data_stream/application_activity/fields/file-fields.yml index 3fc861e2b4de..f0d2fe6bc6b1 100644 --- a/packages/amazon_security_lake/data_stream/application_activity/fields/file-fields.yml +++ b/packages/amazon_security_lake/data_stream/application_activity/fields/file-fields.yml @@ -391,18 +391,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/application_activity/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/application_activity/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/application_activity/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/application_activity/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/discovery/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/discovery/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/discovery/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/discovery/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/discovery/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/discovery/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/discovery/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/discovery/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/event/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/event/fields/actor-fields.yml index 4bb76683ea42..aac49befedc6 100644 --- a/packages/amazon_security_lake/data_stream/event/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/event/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/event/fields/fields.yml b/packages/amazon_security_lake/data_stream/event/fields/fields.yml index 5702b3e5d69b..d9c8e1ee456b 100644 --- a/packages/amazon_security_lake/data_stream/event/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/event/fields/fields.yml @@ -102,18 +102,11 @@ - name: name type: keyword description: The CIS benchmark name. - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: path type: keyword description: The installation path of the product. @@ -872,18 +865,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1520,18 +1506,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -2010,18 +1989,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: The two letter lower case language codes, as defined by ISO 639-1. @@ -2404,18 +2376,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/event/fields/file-fields.yml b/packages/amazon_security_lake/data_stream/event/fields/file-fields.yml index 3fc861e2b4de..f0d2fe6bc6b1 100644 --- a/packages/amazon_security_lake/data_stream/event/fields/file-fields.yml +++ b/packages/amazon_security_lake/data_stream/event/fields/file-fields.yml @@ -391,18 +391,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/event/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/event/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/event/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/event/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/event/fields/vulnerability-fields.yml b/packages/amazon_security_lake/data_stream/event/fields/vulnerability-fields.yml index f144d7b0e269..621cf5229443 100644 --- a/packages/amazon_security_lake/data_stream/event/fields/vulnerability-fields.yml +++ b/packages/amazon_security_lake/data_stream/event/fields/vulnerability-fields.yml @@ -70,18 +70,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/findings/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/findings/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/findings/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/findings/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/findings/fields/fields.yml b/packages/amazon_security_lake/data_stream/findings/fields/fields.yml index fbb1890f79b8..4d0241810dcb 100644 --- a/packages/amazon_security_lake/data_stream/findings/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/findings/fields/fields.yml @@ -404,18 +404,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: The two letter lower case language codes, as defined by ISO 639-1. diff --git a/packages/amazon_security_lake/data_stream/findings/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/findings/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/findings/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/findings/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/findings/fields/process-fields.yml b/packages/amazon_security_lake/data_stream/findings/fields/process-fields.yml index 732e91359f37..9a2a81816026 100644 --- a/packages/amazon_security_lake/data_stream/findings/fields/process-fields.yml +++ b/packages/amazon_security_lake/data_stream/findings/fields/process-fields.yml @@ -413,18 +413,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -988,18 +981,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/findings/fields/vulnerability-fields.yml b/packages/amazon_security_lake/data_stream/findings/fields/vulnerability-fields.yml index f144d7b0e269..621cf5229443 100644 --- a/packages/amazon_security_lake/data_stream/findings/fields/vulnerability-fields.yml +++ b/packages/amazon_security_lake/data_stream/findings/fields/vulnerability-fields.yml @@ -70,18 +70,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/iam/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/iam/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/iam/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/iam/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/iam/fields/fields.yml b/packages/amazon_security_lake/data_stream/iam/fields/fields.yml index a915cde0324b..088a00284138 100644 --- a/packages/amazon_security_lake/data_stream/iam/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/iam/fields/fields.yml @@ -686,18 +686,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1258,18 +1251,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/iam/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/iam/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/iam/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/iam/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/network_activity/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/network_activity/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/network_activity/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/network_activity/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/network_activity/fields/fields.yml b/packages/amazon_security_lake/data_stream/network_activity/fields/fields.yml index 8db8af09e491..cf29f2021768 100644 --- a/packages/amazon_security_lake/data_stream/network_activity/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/network_activity/fields/fields.yml @@ -556,18 +556,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: The two letter lower case language codes, as defined by ISO 639-1. diff --git a/packages/amazon_security_lake/data_stream/network_activity/fields/file-fields.yml b/packages/amazon_security_lake/data_stream/network_activity/fields/file-fields.yml index 3fc861e2b4de..f0d2fe6bc6b1 100644 --- a/packages/amazon_security_lake/data_stream/network_activity/fields/file-fields.yml +++ b/packages/amazon_security_lake/data_stream/network_activity/fields/file-fields.yml @@ -391,18 +391,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/network_activity/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/network_activity/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/network_activity/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/network_activity/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/system_activity/fields/actor-fields.yml b/packages/amazon_security_lake/data_stream/system_activity/fields/actor-fields.yml index 6b9f27dd831d..316b1f41901a 100644 --- a/packages/amazon_security_lake/data_stream/system_activity/fields/actor-fields.yml +++ b/packages/amazon_security_lake/data_stream/system_activity/fields/actor-fields.yml @@ -486,18 +486,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1075,18 +1068,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/system_activity/fields/fields.yml b/packages/amazon_security_lake/data_stream/system_activity/fields/fields.yml index ac813f70e4e9..77b001b803a1 100644 --- a/packages/amazon_security_lake/data_stream/system_activity/fields/fields.yml +++ b/packages/amazon_security_lake/data_stream/system_activity/fields/fields.yml @@ -452,18 +452,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -983,18 +976,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1458,18 +1444,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -1761,18 +1740,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: The two letter lower case language codes, as defined by ISO 639-1. @@ -2155,18 +2127,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -2732,18 +2697,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' @@ -3307,18 +3265,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/system_activity/fields/file-fields.yml b/packages/amazon_security_lake/data_stream/system_activity/fields/file-fields.yml index 3fc861e2b4de..f0d2fe6bc6b1 100644 --- a/packages/amazon_security_lake/data_stream/system_activity/fields/file-fields.yml +++ b/packages/amazon_security_lake/data_stream/system_activity/fields/file-fields.yml @@ -391,18 +391,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/data_stream/system_activity/fields/metadata-fields.yml b/packages/amazon_security_lake/data_stream/system_activity/fields/metadata-fields.yml index 00f399e22ecd..01b1c11c4dc4 100644 --- a/packages/amazon_security_lake/data_stream/system_activity/fields/metadata-fields.yml +++ b/packages/amazon_security_lake/data_stream/system_activity/fields/metadata-fields.yml @@ -79,18 +79,11 @@ - name: product type: group fields: - - name: feature - type: group - fields: - - name: name - type: keyword - description: The name of the feature. - - name: uid - type: keyword - description: The unique identifier of the feature. - - name: version - type: keyword - description: The version of the feature. + - name: feature.* + type: object + description: The Feature object provides information about the software product feature that generated a specific event. + object_type: keyword + object_type_mapping_type: "*" - name: lang type: keyword description: 'The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).' diff --git a/packages/amazon_security_lake/docs/README.md b/packages/amazon_security_lake/docs/README.md index 8c4e854dcb75..c28d29986f31 100644 --- a/packages/amazon_security_lake/docs/README.md +++ b/packages/amazon_security_lake/docs/README.md @@ -223,9 +223,7 @@ This is the `Event` dataset. | ocsf.actor.process.file.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.actor.process.file.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.actor.process.file.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.actor.process.file.product.feature.name | The name of the feature. | keyword | -| ocsf.actor.process.file.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.actor.process.file.product.feature.version | The version of the feature. | keyword | +| ocsf.actor.process.file.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.actor.process.file.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.actor.process.file.product.name | The name of the feature. | keyword | | ocsf.actor.process.file.product.path | The installation path of the product. | keyword | @@ -393,9 +391,7 @@ This is the `Event` dataset. | ocsf.actor.process.parent_process.file.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.actor.process.parent_process.file.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.actor.process.parent_process.file.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.actor.process.parent_process.file.product.feature.name | The name of the feature. | keyword | -| ocsf.actor.process.parent_process.file.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.actor.process.parent_process.file.product.feature.version | The version of the feature. | keyword | +| ocsf.actor.process.parent_process.file.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.actor.process.parent_process.file.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.actor.process.parent_process.file.product.name | The name of the feature. | keyword | | ocsf.actor.process.parent_process.file.product.path | The installation path of the product. | keyword | @@ -620,9 +616,7 @@ This is the `Event` dataset. | ocsf.api.service.uid | The unique identifier of the service. | keyword | | ocsf.api.service.version | The version of the service. | keyword | | ocsf.api.version | The version of the API service. | keyword | -| ocsf.app.feature.name | The name of the feature. | keyword | -| ocsf.app.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.app.feature.version | The version of the feature. | keyword | +| ocsf.app.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.app.lang | The two letter lower case language codes, as defined by ISO 639-1. | keyword | | ocsf.app.name | The CIS benchmark name. | keyword | | ocsf.app.path | The installation path of the product. | keyword | @@ -947,9 +941,7 @@ This is the `Event` dataset. | ocsf.driver.file.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.driver.file.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.driver.file.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.driver.file.product.feature.name | The name of the feature. | keyword | -| ocsf.driver.file.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.driver.file.product.feature.version | The version of the feature. | keyword | +| ocsf.driver.file.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.driver.file.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.driver.file.product.name | The name of the product. | keyword | | ocsf.driver.file.product.path | The installation path of the product. | keyword | @@ -1170,9 +1162,7 @@ This is the `Event` dataset. | ocsf.file.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.file.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.file.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.file.product.feature.name | The name of the feature. | keyword | -| ocsf.file.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.file.product.feature.version | The version of the feature. | keyword | +| ocsf.file.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.file.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.file.product.name | The name of the product. | keyword | | ocsf.file.product.path | The installation path of the product. | keyword | @@ -1314,9 +1304,7 @@ This is the `Event` dataset. | ocsf.file_result.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.file_result.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.file_result.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.file_result.product.feature.name | The name of the feature. | keyword | -| ocsf.file_result.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.file_result.product.feature.version | The version of the feature. | keyword | +| ocsf.file_result.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.file_result.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.file_result.product.name | The name of the product. | keyword | | ocsf.file_result.product.path | The installation path of the product. | keyword | @@ -1456,9 +1444,7 @@ This is the `Event` dataset. | ocsf.malware.cves.cwe_url | Common Weakness Enumeration (CWE) definition URL. | keyword | | ocsf.malware.cves.modified_time | The Record Modified Date identifies when the CVE record was last updated. | date | | ocsf.malware.cves.modified_time_dt | The Record Modified Date identifies when the CVE record was last updated. | date | -| ocsf.malware.cves.product.feature.name | The name of the feature. | keyword | -| ocsf.malware.cves.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.malware.cves.product.feature.version | The version of the feature. | keyword | +| ocsf.malware.cves.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.malware.cves.product.lang | The two letter lower case language codes, as defined by ISO 639-1. | keyword | | ocsf.malware.cves.product.name | The name of the product. | keyword | | ocsf.malware.cves.product.path | The installation path of the product. | keyword | @@ -1495,9 +1481,7 @@ This is the `Event` dataset. | ocsf.metadata.processed_time | The event processed time, such as an ETL operation. | date | | ocsf.metadata.processed_time_dt | The event processed time, such as an ETL operation. | date | | ocsf.metadata.product.cpe_name | The Common Platform Enumeration (CPE) name as described by (NIST) For example, cpe:/a:apple:safari:16.2. | keyword | -| ocsf.metadata.product.feature.name | The name of the feature. | keyword | -| ocsf.metadata.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.metadata.product.feature.version | The version of the feature. | keyword | +| ocsf.metadata.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.metadata.product.lang | The two letter lowercase language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.metadata.product.name | The name of the product. | keyword | | ocsf.metadata.product.path | The installation path of the product. | keyword | @@ -1606,9 +1590,7 @@ This is the `Event` dataset. | ocsf.module.file.owner.uid_alt | The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID. | keyword | | ocsf.module.file.parent_folder | The parent folder in which the file resides. For example: c:\windows\system32. | keyword | | ocsf.module.file.path | The full path to the file. For example: c:\windows\system32\svchost.exe. | keyword | -| ocsf.module.file.product.feature.name | The name of the feature. | keyword | -| ocsf.module.file.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.module.file.product.feature.version | The version of the feature. | keyword | +| ocsf.module.file.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.module.file.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.module.file.product.name | The name of the product. | keyword | | ocsf.module.file.product.path | The installation path of the product. | keyword | @@ -2066,9 +2048,7 @@ This is the `Event` dataset. | ocsf.vulnerabilities.cve.fix_available | Indicates if a fix is available for the reported vulnerability. | boolean | | ocsf.vulnerabilities.cve.modified_time | The Record Modified Date identifies when the CVE record was last updated. | date | | ocsf.vulnerabilities.cve.modified_time_dt | The Record Modified Date identifies when the CVE record was last updated. | date | -| ocsf.vulnerabilities.cve.product.feature.name | The name of the feature. | keyword | -| ocsf.vulnerabilities.cve.product.feature.uid | The unique identifier of the feature. | keyword | -| ocsf.vulnerabilities.cve.product.feature.version | The version of the feature. | keyword | +| ocsf.vulnerabilities.cve.product.feature.\* | The Feature object provides information about the software product feature that generated a specific event. | object | | ocsf.vulnerabilities.cve.product.lang | The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French). | keyword | | ocsf.vulnerabilities.cve.product.name | The name of the product. | keyword | | ocsf.vulnerabilities.cve.product.path | The installation path of the product. | keyword |