├── .backportrc.json ├── .editorconfig ├── .gitattributes ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── config.yml │ ├── schema-changes-additions.md │ ├── schema-issue.md │ └── tooling-bug.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── build_ecs_typescript.yml │ ├── docs-build.yml │ ├── docs-cleanup.yml │ ├── docs-preview-comment.yml │ ├── github-commands-comment.yml │ ├── stale.yml │ └── test.yml ├── .gitignore ├── .mergify.yml ├── CHANGELOG.md ├── CHANGELOG.next.md ├── CONTRIBUTING.md ├── LICENSE.txt ├── Makefile ├── NOTICE.txt ├── README.md ├── USAGE.md ├── docs ├── docset.yml ├── fields │ └── usage │ │ └── README.md ├── redirects.yml ├── reference │ ├── ecs-additional-information.md │ ├── ecs-agent.md │ ├── ecs-allowed-values-entity-type.md │ ├── ecs-allowed-values-event-category.md │ ├── ecs-allowed-values-event-kind.md │ ├── ecs-allowed-values-event-outcome.md │ ├── ecs-allowed-values-event-type.md │ ├── ecs-artifacts.md │ ├── ecs-as.md │ ├── ecs-base.md │ ├── ecs-category-field-values-reference.md │ ├── ecs-client.md │ ├── ecs-cloud-usage.md │ ├── ecs-cloud.md │ ├── ecs-code_signature.md │ ├── ecs-container.md │ ├── ecs-contributing.md │ ├── ecs-conventions.md │ ├── ecs-converting.md │ ├── ecs-custom-fields-in-ecs.md │ ├── ecs-data_stream.md │ ├── ecs-destination.md │ ├── ecs-device.md │ ├── ecs-dll.md │ ├── ecs-dns.md │ ├── ecs-ecs.md │ ├── ecs-elf.md │ ├── ecs-email.md │ ├── ecs-entity.md │ ├── ecs-error.md │ ├── ecs-event.md │ ├── ecs-faas.md │ ├── ecs-faq.md │ ├── ecs-field-reference.md │ ├── ecs-file.md │ ├── ecs-gen_ai.md │ ├── ecs-geo.md │ ├── ecs-getting-started.md │ ├── ecs-group.md │ ├── ecs-guidelines.md │ ├── ecs-hash.md │ ├── ecs-host.md │ ├── ecs-http.md │ ├── ecs-interface.md │ ├── ecs-log.md │ ├── ecs-macho.md │ ├── ecs-mapping-network-events.md │ ├── ecs-network.md │ ├── ecs-observer.md │ ├── ecs-opentelemetry.md │ ├── ecs-orchestrator.md │ ├── ecs-organization.md │ ├── ecs-os.md │ ├── ecs-otel-alignment-details.md │ ├── ecs-otel-alignment-overview.md │ ├── ecs-package.md │ ├── ecs-pe.md │ ├── ecs-principles-design.md │ ├── ecs-principles-implementation.md │ ├── ecs-process.md │ ├── ecs-products-solutions.md │ ├── ecs-registry.md │ ├── ecs-related.md │ ├── ecs-risk.md │ ├── ecs-rule.md │ ├── ecs-server.md │ ├── ecs-service-usage.md │ ├── ecs-service.md │ ├── ecs-source.md │ ├── ecs-threat-usage.md │ ├── ecs-threat.md │ ├── ecs-tls.md │ ├── ecs-tracing.md │ ├── ecs-url.md │ ├── ecs-user-usage.md │ ├── ecs-user.md │ ├── ecs-user_agent.md │ ├── ecs-using-categorization-fields.md │ ├── ecs-using-ecs.md │ ├── ecs-vlan.md │ ├── ecs-volume.md │ ├── ecs-vulnerability.md │ ├── ecs-x509.md │ ├── images │ │ ├── ecs-getting-started-dashboard.png │ │ ├── kib-create-pipeline-from-csv-preview.png │ │ └── kib-create-pipeline-from-csv.png │ ├── index.md │ ├── migrating-to-ecs.md │ └── toc.yml └── release-notes │ ├── breaking-changes.md │ ├── deprecations.md │ ├── index.md │ ├── known-issues.md │ └── toc.yml ├── experimental ├── README.md ├── generated │ ├── beats │ │ └── fields.ecs.yml │ ├── csv │ │ └── fields.csv │ ├── ecs │ │ ├── ecs_flat.yml │ │ └── ecs_nested.yml │ └── elasticsearch │ │ ├── composable │ │ ├── component │ │ │ ├── agent.json │ │ │ ├── base.json │ │ │ ├── cgroup.json │ │ │ ├── client.json │ │ │ ├── cloud.json │ │ │ ├── container.json │ │ │ ├── data_stream.json │ │ │ ├── destination.json │ │ │ ├── device.json │ │ │ ├── dll.json │ │ │ ├── dns.json │ │ │ ├── ecs.json │ │ │ ├── email.json │ │ │ ├── entity.json │ │ │ ├── error.json │ │ │ ├── event.json │ │ │ ├── faas.json │ │ │ ├── file.json │ │ │ ├── gen_ai.json │ │ │ ├── group.json │ │ │ ├── host.json │ │ │ ├── http.json │ │ │ ├── log.json │ │ │ ├── network.json │ │ │ ├── observer.json │ │ │ ├── orchestrator.json │ │ │ ├── organization.json │ │ │ ├── package.json │ │ │ ├── process.json │ │ │ ├── registry.json │ │ │ ├── related.json │ │ │ ├── rule.json │ │ │ ├── server.json │ │ │ ├── service.json │ │ │ ├── source.json │ │ │ ├── threat.json │ │ │ ├── tls.json │ │ │ ├── tracing.json │ │ │ ├── url.json │ │ │ ├── user.json │ │ │ ├── user_agent.json │ │ │ ├── volume.json │ │ │ └── vulnerability.json │ │ └── template.json │ │ └── legacy │ │ └── template.json └── schemas │ ├── cgroup.yml │ └── subsets │ └── experimental.yml ├── generated ├── README.md ├── beats │ └── fields.ecs.yml ├── csv │ └── fields.csv ├── ecs │ ├── .gitignore │ ├── ecs_flat.yml │ └── ecs_nested.yml └── elasticsearch │ ├── README.md │ ├── composable │ ├── component │ │ ├── agent.json │ │ ├── base.json │ │ ├── client.json │ │ ├── cloud.json │ │ ├── container.json │ │ ├── data_stream.json │ │ ├── destination.json │ │ ├── device.json │ │ ├── dll.json │ │ ├── dns.json │ │ ├── ecs.json │ │ ├── email.json │ │ ├── entity.json │ │ ├── error.json │ │ ├── event.json │ │ ├── faas.json │ │ ├── file.json │ │ ├── gen_ai.json │ │ ├── group.json │ │ ├── host.json │ │ ├── http.json │ │ ├── log.json │ │ ├── network.json │ │ ├── observer.json │ │ ├── orchestrator.json │ │ ├── organization.json │ │ ├── package.json │ │ ├── process.json │ │ ├── registry.json │ │ ├── related.json │ │ ├── rule.json │ │ ├── server.json │ │ ├── service.json │ │ ├── source.json │ │ ├── threat.json │ │ ├── tls.json │ │ ├── tracing.json │ │ ├── url.json │ │ ├── user.json │ │ ├── user_agent.json │ │ ├── volume.json │ │ └── vulnerability.json │ └── template.json │ └── legacy │ └── template.json ├── otel-semconv-version ├── renovate.json ├── rfcs ├── 0000-rfc-template.md ├── PROCESS.md ├── README.md └── text │ ├── 0001-wildcard-data-type.md │ ├── 0001 │ ├── error.yml │ ├── http.yml │ ├── process.yml │ ├── registry.yml │ └── url.yml │ ├── 0002-rfc-environment.md │ ├── 0003-object-field.md │ ├── 0004-session.md │ ├── 0005-host-metric-fields.md │ ├── 0005 │ ├── aws-ec2.json │ ├── azure-compute-vm.json │ ├── host.yml │ ├── system-cpu.json │ └── system-network.json │ ├── 0006-host-identifiers.md │ ├── 0007-multiple-users.md │ ├── 0007 │ └── user.yml │ ├── 0008-threat-intel.md │ ├── 0008 │ ├── as.yml │ ├── file.yml │ ├── geo.yml │ ├── hash.yml │ ├── pe.yml │ ├── registry.yml │ ├── threat.yml │ ├── url.yml │ └── x509.yml │ ├── 0009-data_stream-fields.md │ ├── 0009 │ └── data_stream.yml │ ├── 0010-email.md │ ├── 0010 │ ├── email.yml │ ├── event.yml │ └── hash.yml │ ├── 0011-sip-fields.md │ ├── 0011 │ └── Sip-via-ordering-example.txt │ ├── 0012-orchestrator-field-set.md │ ├── 0012 │ └── orchestrator.yml │ ├── 0013-network-headers.md │ ├── 0014-extend-file-pe.md │ ├── 0014 │ └── pe.yml │ ├── 0015-create-file-elf.md │ ├── 0015 │ ├── docs │ │ └── usage │ │ │ └── elf.asciidoc │ └── elf.yml │ ├── 0016-target-process.md │ ├── 0017-remove-log-original.md │ ├── 0017 │ ├── event.yml │ └── log.yml │ ├── 0018-extend-threat-group-software.md │ ├── 0018 │ └── threat.yml │ ├── 0019-rpc-fieldset.md │ ├── 0020-version-type-field-migration.md │ ├── 0020 │ └── ecs.yml │ ├── 0021-threat-enrichment.md │ ├── 0021 │ ├── as.yml │ ├── file.yml │ ├── geo.yml │ ├── hash.yml │ ├── pe.yml │ ├── registry.yml │ ├── threat.yml │ ├── url.yml │ └── x509.yml │ ├── 0022-remove-process-ppid.md │ ├── 0022 │ └── process_exclude.yml │ ├── 0023-match_only_text-data-type.md │ ├── 0023 │ ├── as.yml │ ├── base.yml │ ├── error.yml │ ├── file.yml │ ├── os.yml │ ├── process.yml │ ├── threat.yml │ ├── url.yml │ ├── user.yml │ ├── user_agent.yml │ └── vulnerability.yml │ ├── 0024-ticket-fields.md │ ├── 0025-container-metric-fields.md │ ├── 0025 │ └── container.yml │ ├── 0026-database-object.md │ ├── 0027-faas-fields.md │ ├── 0027 │ ├── cloud.yml │ ├── faas.yml │ └── service.yml │ ├── 0028-cgroups.md │ ├── 0028 │ └── cgroups.yml │ ├── 0029-enforce-single-value-fields.md │ ├── 0030-linux-event-model.md │ ├── 0030 │ ├── group.yml │ ├── host.yml │ ├── process.yml │ ├── source.yml │ └── user.yml │ ├── 0031-risk-fields.md │ ├── 0031 │ └── example-alert.json │ ├── 0032-definition-of-ecs-compliance.md │ ├── 0033-new-cloud-fields.md │ ├── 0034-device-fields.md │ ├── 0034 │ └── device.yml │ ├── 0035-tty-output.md │ ├── 0035 │ └── process.yml │ ├── 0036-authentication-fields.md │ ├── 0037-host-metrics.md │ ├── 0037 │ └── host.yml │ ├── 0038-event-kind-asset.md │ ├── 0038 │ └── event.yml │ ├── 0039-tsdb-dimensions.md │ ├── 0040-volume-device.md │ ├── 0040 │ └── volume.yml │ ├── 0041-asset-integration.md │ ├── 0042-risk-score-extensions.md │ ├── 0042 │ └── risk.yml │ ├── 0043-risk-input-fields.md │ ├── 0044-add-apple-platform-specific-fields.md │ ├── 0044 │ ├── code_signature.yml │ ├── device.yml │ ├── hash.yml │ └── process.yml │ ├── 0045-additional-vulnerability-fields.md │ ├── 0046-additional-rule-field.md │ ├── 0047-fileless-execution-linux.md │ ├── 0048-fileorigin-fields.md │ ├── 0048 │ ├── dll.yml │ ├── file.yml │ └── process.yml │ ├── 0049-entity-fields.md │ ├── 0049 │ └── entity.yml │ ├── 0050-gen_ai-security-fields.md │ ├── 0050 │ └── gen_ai.yaml │ ├── 0051-user-is-privileged.md │ ├── 0052-gen_ai-additional-fields.md │ └── 0053-new-device-fields.md ├── schemas ├── README.md ├── agent.yml ├── as.yml ├── base.yml ├── client.yml ├── cloud.yml ├── code_signature.yml ├── container.yml ├── data_stream.yml ├── destination.yml ├── device.yml ├── dll.yml ├── dns.yml ├── ecs.yml ├── elf.yml ├── email.yml ├── entity.yml ├── error.yml ├── event.yml ├── faas.yml ├── file.yml ├── gen_ai.yml ├── geo.yml ├── group.yml ├── hash.yml ├── host.yml ├── http.yml ├── interface.yml ├── log.yml ├── macho.yml ├── network.yml ├── observer.yml ├── orchestrator.yml ├── organization.yml ├── os.yml ├── package.yml ├── pe.yml ├── process.yml ├── registry.yml ├── related.yml ├── risk.yml ├── rule.yml ├── server.yml ├── service.yml ├── source.yml ├── subsets │ └── main.yml ├── threat.yml ├── tls.yml ├── tracing.yml ├── url.yml ├── user.yml ├── user_agent.yml ├── vlan.yml ├── volume.yml ├── vulnerability.yml └── x509.yml ├── scripts ├── __init__.py ├── ecs_types │ ├── __init__.py │ ├── otel_types.py │ └── schema_fields.py ├── generator.py ├── generators │ ├── __init__.py │ ├── beats.py │ ├── beats_default_fields_allowlist.yml │ ├── csv_generator.py │ ├── ecs_helpers.py │ ├── es_template.py │ ├── intermediate_files.py │ ├── markdown_fields.py │ └── otel.py ├── requirements-dev.txt ├── requirements.txt ├── schema │ ├── __init__.py │ ├── cleaner.py │ ├── exclude_filter.py │ ├── finalizer.py │ ├── loader.py │ ├── subset_filter.py │ └── visitor.py ├── templates │ ├── ecs_field_reference.j2 │ ├── fieldset.j2 │ ├── index.j2 │ ├── macros.j2 │ ├── otel_alignment_details.j2 │ └── otel_alignment_overview.j2 └── tests │ ├── __init__.py │ ├── test_ecs_helpers.py │ ├── test_ecs_spec.py │ ├── test_es_template.py │ ├── test_markdown_fields.py │ └── unit │ ├── __init__.py │ ├── test_beats_generator.py │ ├── test_csv_generator.py │ ├── test_schema_cleaner.py │ ├── test_schema_exclude_filter.py │ ├── test_schema_finalizer.py │ ├── test_schema_loader.py │ └── test_schema_subset_filter.py ├── stages.html └── version /.backportrc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.backportrc.json -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.editorconfig -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | CHANGELOG.md merge=union 2 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Default owners 2 | * @elastic/ecs -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/ISSUE_TEMPLATE/config.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/schema-changes-additions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/ISSUE_TEMPLATE/schema-changes-additions.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/schema-issue.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/ISSUE_TEMPLATE/schema-issue.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/tooling-bug.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/ISSUE_TEMPLATE/tooling-bug.md -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/PULL_REQUEST_TEMPLATE.md -------------------------------------------------------------------------------- /.github/workflows/build_ecs_typescript.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/build_ecs_typescript.yml -------------------------------------------------------------------------------- /.github/workflows/docs-build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/docs-build.yml -------------------------------------------------------------------------------- /.github/workflows/docs-cleanup.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/docs-cleanup.yml -------------------------------------------------------------------------------- /.github/workflows/docs-preview-comment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/docs-preview-comment.yml -------------------------------------------------------------------------------- /.github/workflows/github-commands-comment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/github-commands-comment.yml -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/stale.yml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.gitignore -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/.mergify.yml -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /CHANGELOG.next.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/CHANGELOG.next.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/Makefile -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/NOTICE.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/README.md -------------------------------------------------------------------------------- /USAGE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/USAGE.md -------------------------------------------------------------------------------- /docs/docset.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/docset.yml -------------------------------------------------------------------------------- /docs/fields/usage/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/fields/usage/README.md -------------------------------------------------------------------------------- /docs/redirects.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/redirects.yml -------------------------------------------------------------------------------- /docs/reference/ecs-additional-information.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-additional-information.md -------------------------------------------------------------------------------- /docs/reference/ecs-agent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-agent.md -------------------------------------------------------------------------------- /docs/reference/ecs-allowed-values-entity-type.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-allowed-values-entity-type.md -------------------------------------------------------------------------------- /docs/reference/ecs-allowed-values-event-category.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-allowed-values-event-category.md -------------------------------------------------------------------------------- /docs/reference/ecs-allowed-values-event-kind.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-allowed-values-event-kind.md -------------------------------------------------------------------------------- /docs/reference/ecs-allowed-values-event-outcome.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-allowed-values-event-outcome.md -------------------------------------------------------------------------------- /docs/reference/ecs-allowed-values-event-type.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-allowed-values-event-type.md -------------------------------------------------------------------------------- /docs/reference/ecs-artifacts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-artifacts.md -------------------------------------------------------------------------------- /docs/reference/ecs-as.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-as.md -------------------------------------------------------------------------------- /docs/reference/ecs-base.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-base.md -------------------------------------------------------------------------------- /docs/reference/ecs-category-field-values-reference.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-category-field-values-reference.md -------------------------------------------------------------------------------- /docs/reference/ecs-client.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-client.md -------------------------------------------------------------------------------- /docs/reference/ecs-cloud-usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-cloud-usage.md -------------------------------------------------------------------------------- /docs/reference/ecs-cloud.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-cloud.md -------------------------------------------------------------------------------- /docs/reference/ecs-code_signature.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-code_signature.md -------------------------------------------------------------------------------- /docs/reference/ecs-container.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-container.md -------------------------------------------------------------------------------- /docs/reference/ecs-contributing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-contributing.md -------------------------------------------------------------------------------- /docs/reference/ecs-conventions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-conventions.md -------------------------------------------------------------------------------- /docs/reference/ecs-converting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-converting.md -------------------------------------------------------------------------------- /docs/reference/ecs-custom-fields-in-ecs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-custom-fields-in-ecs.md -------------------------------------------------------------------------------- /docs/reference/ecs-data_stream.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-data_stream.md -------------------------------------------------------------------------------- /docs/reference/ecs-destination.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-destination.md -------------------------------------------------------------------------------- /docs/reference/ecs-device.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-device.md -------------------------------------------------------------------------------- /docs/reference/ecs-dll.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-dll.md -------------------------------------------------------------------------------- /docs/reference/ecs-dns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-dns.md -------------------------------------------------------------------------------- /docs/reference/ecs-ecs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-ecs.md -------------------------------------------------------------------------------- /docs/reference/ecs-elf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-elf.md -------------------------------------------------------------------------------- /docs/reference/ecs-email.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-email.md -------------------------------------------------------------------------------- /docs/reference/ecs-entity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-entity.md -------------------------------------------------------------------------------- /docs/reference/ecs-error.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-error.md -------------------------------------------------------------------------------- /docs/reference/ecs-event.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-event.md -------------------------------------------------------------------------------- /docs/reference/ecs-faas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-faas.md -------------------------------------------------------------------------------- /docs/reference/ecs-faq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-faq.md -------------------------------------------------------------------------------- /docs/reference/ecs-field-reference.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-field-reference.md -------------------------------------------------------------------------------- /docs/reference/ecs-file.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-file.md -------------------------------------------------------------------------------- /docs/reference/ecs-gen_ai.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-gen_ai.md -------------------------------------------------------------------------------- /docs/reference/ecs-geo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-geo.md -------------------------------------------------------------------------------- /docs/reference/ecs-getting-started.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-getting-started.md -------------------------------------------------------------------------------- /docs/reference/ecs-group.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-group.md -------------------------------------------------------------------------------- /docs/reference/ecs-guidelines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-guidelines.md -------------------------------------------------------------------------------- /docs/reference/ecs-hash.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-hash.md -------------------------------------------------------------------------------- /docs/reference/ecs-host.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-host.md -------------------------------------------------------------------------------- /docs/reference/ecs-http.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-http.md -------------------------------------------------------------------------------- /docs/reference/ecs-interface.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-interface.md -------------------------------------------------------------------------------- /docs/reference/ecs-log.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-log.md -------------------------------------------------------------------------------- /docs/reference/ecs-macho.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-macho.md -------------------------------------------------------------------------------- /docs/reference/ecs-mapping-network-events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-mapping-network-events.md -------------------------------------------------------------------------------- /docs/reference/ecs-network.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-network.md -------------------------------------------------------------------------------- /docs/reference/ecs-observer.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-observer.md -------------------------------------------------------------------------------- /docs/reference/ecs-opentelemetry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-opentelemetry.md -------------------------------------------------------------------------------- /docs/reference/ecs-orchestrator.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-orchestrator.md -------------------------------------------------------------------------------- /docs/reference/ecs-organization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-organization.md -------------------------------------------------------------------------------- /docs/reference/ecs-os.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-os.md -------------------------------------------------------------------------------- /docs/reference/ecs-otel-alignment-details.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-otel-alignment-details.md -------------------------------------------------------------------------------- /docs/reference/ecs-otel-alignment-overview.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-otel-alignment-overview.md -------------------------------------------------------------------------------- /docs/reference/ecs-package.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-package.md -------------------------------------------------------------------------------- /docs/reference/ecs-pe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-pe.md -------------------------------------------------------------------------------- /docs/reference/ecs-principles-design.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-principles-design.md -------------------------------------------------------------------------------- /docs/reference/ecs-principles-implementation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-principles-implementation.md -------------------------------------------------------------------------------- /docs/reference/ecs-process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-process.md -------------------------------------------------------------------------------- /docs/reference/ecs-products-solutions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-products-solutions.md -------------------------------------------------------------------------------- /docs/reference/ecs-registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-registry.md -------------------------------------------------------------------------------- /docs/reference/ecs-related.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-related.md -------------------------------------------------------------------------------- /docs/reference/ecs-risk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-risk.md -------------------------------------------------------------------------------- /docs/reference/ecs-rule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-rule.md -------------------------------------------------------------------------------- /docs/reference/ecs-server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-server.md -------------------------------------------------------------------------------- /docs/reference/ecs-service-usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-service-usage.md -------------------------------------------------------------------------------- /docs/reference/ecs-service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-service.md -------------------------------------------------------------------------------- /docs/reference/ecs-source.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-source.md -------------------------------------------------------------------------------- /docs/reference/ecs-threat-usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-threat-usage.md -------------------------------------------------------------------------------- /docs/reference/ecs-threat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-threat.md -------------------------------------------------------------------------------- /docs/reference/ecs-tls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-tls.md -------------------------------------------------------------------------------- /docs/reference/ecs-tracing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-tracing.md -------------------------------------------------------------------------------- /docs/reference/ecs-url.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-url.md -------------------------------------------------------------------------------- /docs/reference/ecs-user-usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-user-usage.md -------------------------------------------------------------------------------- /docs/reference/ecs-user.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-user.md -------------------------------------------------------------------------------- /docs/reference/ecs-user_agent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-user_agent.md -------------------------------------------------------------------------------- /docs/reference/ecs-using-categorization-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-using-categorization-fields.md -------------------------------------------------------------------------------- /docs/reference/ecs-using-ecs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-using-ecs.md -------------------------------------------------------------------------------- /docs/reference/ecs-vlan.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-vlan.md -------------------------------------------------------------------------------- /docs/reference/ecs-volume.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-volume.md -------------------------------------------------------------------------------- /docs/reference/ecs-vulnerability.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-vulnerability.md -------------------------------------------------------------------------------- /docs/reference/ecs-x509.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/ecs-x509.md -------------------------------------------------------------------------------- /docs/reference/images/ecs-getting-started-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/images/ecs-getting-started-dashboard.png -------------------------------------------------------------------------------- /docs/reference/images/kib-create-pipeline-from-csv-preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/images/kib-create-pipeline-from-csv-preview.png -------------------------------------------------------------------------------- /docs/reference/images/kib-create-pipeline-from-csv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/images/kib-create-pipeline-from-csv.png -------------------------------------------------------------------------------- /docs/reference/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/index.md -------------------------------------------------------------------------------- /docs/reference/migrating-to-ecs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/migrating-to-ecs.md -------------------------------------------------------------------------------- /docs/reference/toc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/reference/toc.yml -------------------------------------------------------------------------------- /docs/release-notes/breaking-changes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/release-notes/breaking-changes.md -------------------------------------------------------------------------------- /docs/release-notes/deprecations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/release-notes/deprecations.md -------------------------------------------------------------------------------- /docs/release-notes/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/release-notes/index.md -------------------------------------------------------------------------------- /docs/release-notes/known-issues.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/release-notes/known-issues.md -------------------------------------------------------------------------------- /docs/release-notes/toc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/docs/release-notes/toc.yml -------------------------------------------------------------------------------- /experimental/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/README.md -------------------------------------------------------------------------------- /experimental/generated/beats/fields.ecs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/beats/fields.ecs.yml -------------------------------------------------------------------------------- /experimental/generated/csv/fields.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/csv/fields.csv -------------------------------------------------------------------------------- /experimental/generated/ecs/ecs_flat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/ecs/ecs_flat.yml -------------------------------------------------------------------------------- /experimental/generated/ecs/ecs_nested.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/ecs/ecs_nested.yml -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/agent.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/agent.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/base.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/base.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/cgroup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/cgroup.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/client.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/client.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/cloud.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/cloud.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/container.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/container.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/data_stream.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/data_stream.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/destination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/destination.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/device.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/device.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/dll.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/dll.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/dns.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/dns.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/ecs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/ecs.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/email.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/email.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/entity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/entity.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/error.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/event.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/faas.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/faas.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/file.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/gen_ai.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/gen_ai.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/group.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/group.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/host.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/host.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/http.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/http.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/log.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/log.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/network.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/observer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/observer.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/orchestrator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/orchestrator.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/organization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/organization.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/package.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/process.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/process.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/registry.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/registry.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/related.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/related.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/rule.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/server.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/server.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/service.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/service.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/source.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/source.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/threat.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/threat.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/tls.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/tls.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/tracing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/tracing.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/url.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/url.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/user.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/user.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/user_agent.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/user_agent.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/volume.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/component/vulnerability.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/component/vulnerability.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/composable/template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/composable/template.json -------------------------------------------------------------------------------- /experimental/generated/elasticsearch/legacy/template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/generated/elasticsearch/legacy/template.json -------------------------------------------------------------------------------- /experimental/schemas/cgroup.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/schemas/cgroup.yml -------------------------------------------------------------------------------- /experimental/schemas/subsets/experimental.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/experimental/schemas/subsets/experimental.yml -------------------------------------------------------------------------------- /generated/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/README.md -------------------------------------------------------------------------------- /generated/beats/fields.ecs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/beats/fields.ecs.yml -------------------------------------------------------------------------------- /generated/csv/fields.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/csv/fields.csv -------------------------------------------------------------------------------- /generated/ecs/.gitignore: -------------------------------------------------------------------------------- 1 | ecs.yml 2 | -------------------------------------------------------------------------------- /generated/ecs/ecs_flat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/ecs/ecs_flat.yml -------------------------------------------------------------------------------- /generated/ecs/ecs_nested.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/ecs/ecs_nested.yml -------------------------------------------------------------------------------- /generated/elasticsearch/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/README.md -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/agent.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/agent.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/base.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/base.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/client.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/client.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/cloud.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/cloud.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/container.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/container.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/data_stream.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/data_stream.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/destination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/destination.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/device.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/device.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/dll.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/dll.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/dns.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/dns.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/ecs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/ecs.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/email.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/email.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/entity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/entity.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/error.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/event.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/faas.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/faas.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/file.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/gen_ai.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/gen_ai.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/group.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/group.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/host.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/host.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/http.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/http.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/log.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/log.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/network.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/observer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/observer.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/orchestrator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/orchestrator.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/organization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/organization.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/package.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/process.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/process.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/registry.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/registry.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/related.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/related.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/rule.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/server.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/server.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/service.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/service.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/source.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/source.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/threat.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/threat.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/tls.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/tls.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/tracing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/tracing.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/url.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/url.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/user.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/user.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/user_agent.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/user_agent.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/volume.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/component/vulnerability.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/component/vulnerability.json -------------------------------------------------------------------------------- /generated/elasticsearch/composable/template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/composable/template.json -------------------------------------------------------------------------------- /generated/elasticsearch/legacy/template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/generated/elasticsearch/legacy/template.json -------------------------------------------------------------------------------- /otel-semconv-version: -------------------------------------------------------------------------------- 1 | v1.38.0 2 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/renovate.json -------------------------------------------------------------------------------- /rfcs/0000-rfc-template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/0000-rfc-template.md -------------------------------------------------------------------------------- /rfcs/PROCESS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/PROCESS.md -------------------------------------------------------------------------------- /rfcs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/README.md -------------------------------------------------------------------------------- /rfcs/text/0001-wildcard-data-type.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001-wildcard-data-type.md -------------------------------------------------------------------------------- /rfcs/text/0001/error.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001/error.yml -------------------------------------------------------------------------------- /rfcs/text/0001/http.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001/http.yml -------------------------------------------------------------------------------- /rfcs/text/0001/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001/process.yml -------------------------------------------------------------------------------- /rfcs/text/0001/registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001/registry.yml -------------------------------------------------------------------------------- /rfcs/text/0001/url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0001/url.yml -------------------------------------------------------------------------------- /rfcs/text/0002-rfc-environment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0002-rfc-environment.md -------------------------------------------------------------------------------- /rfcs/text/0003-object-field.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0003-object-field.md -------------------------------------------------------------------------------- /rfcs/text/0004-session.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0004-session.md -------------------------------------------------------------------------------- /rfcs/text/0005-host-metric-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005-host-metric-fields.md -------------------------------------------------------------------------------- /rfcs/text/0005/aws-ec2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005/aws-ec2.json -------------------------------------------------------------------------------- /rfcs/text/0005/azure-compute-vm.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005/azure-compute-vm.json -------------------------------------------------------------------------------- /rfcs/text/0005/host.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005/host.yml -------------------------------------------------------------------------------- /rfcs/text/0005/system-cpu.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005/system-cpu.json -------------------------------------------------------------------------------- /rfcs/text/0005/system-network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0005/system-network.json -------------------------------------------------------------------------------- /rfcs/text/0006-host-identifiers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0006-host-identifiers.md -------------------------------------------------------------------------------- /rfcs/text/0007-multiple-users.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0007-multiple-users.md -------------------------------------------------------------------------------- /rfcs/text/0007/user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0007/user.yml -------------------------------------------------------------------------------- /rfcs/text/0008-threat-intel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008-threat-intel.md -------------------------------------------------------------------------------- /rfcs/text/0008/as.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/as.yml -------------------------------------------------------------------------------- /rfcs/text/0008/file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/file.yml -------------------------------------------------------------------------------- /rfcs/text/0008/geo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/geo.yml -------------------------------------------------------------------------------- /rfcs/text/0008/hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/hash.yml -------------------------------------------------------------------------------- /rfcs/text/0008/pe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/pe.yml -------------------------------------------------------------------------------- /rfcs/text/0008/registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/registry.yml -------------------------------------------------------------------------------- /rfcs/text/0008/threat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/threat.yml -------------------------------------------------------------------------------- /rfcs/text/0008/url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/url.yml -------------------------------------------------------------------------------- /rfcs/text/0008/x509.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0008/x509.yml -------------------------------------------------------------------------------- /rfcs/text/0009-data_stream-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0009-data_stream-fields.md -------------------------------------------------------------------------------- /rfcs/text/0009/data_stream.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0009/data_stream.yml -------------------------------------------------------------------------------- /rfcs/text/0010-email.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0010-email.md -------------------------------------------------------------------------------- /rfcs/text/0010/email.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0010/email.yml -------------------------------------------------------------------------------- /rfcs/text/0010/event.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0010/event.yml -------------------------------------------------------------------------------- /rfcs/text/0010/hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0010/hash.yml -------------------------------------------------------------------------------- /rfcs/text/0011-sip-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0011-sip-fields.md -------------------------------------------------------------------------------- /rfcs/text/0011/Sip-via-ordering-example.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0011/Sip-via-ordering-example.txt -------------------------------------------------------------------------------- /rfcs/text/0012-orchestrator-field-set.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0012-orchestrator-field-set.md -------------------------------------------------------------------------------- /rfcs/text/0012/orchestrator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0012/orchestrator.yml -------------------------------------------------------------------------------- /rfcs/text/0013-network-headers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0013-network-headers.md -------------------------------------------------------------------------------- /rfcs/text/0014-extend-file-pe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0014-extend-file-pe.md -------------------------------------------------------------------------------- /rfcs/text/0014/pe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0014/pe.yml -------------------------------------------------------------------------------- /rfcs/text/0015-create-file-elf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0015-create-file-elf.md -------------------------------------------------------------------------------- /rfcs/text/0015/docs/usage/elf.asciidoc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0015/docs/usage/elf.asciidoc -------------------------------------------------------------------------------- /rfcs/text/0015/elf.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0015/elf.yml -------------------------------------------------------------------------------- /rfcs/text/0016-target-process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0016-target-process.md -------------------------------------------------------------------------------- /rfcs/text/0017-remove-log-original.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0017-remove-log-original.md -------------------------------------------------------------------------------- /rfcs/text/0017/event.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0017/event.yml -------------------------------------------------------------------------------- /rfcs/text/0017/log.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0017/log.yml -------------------------------------------------------------------------------- /rfcs/text/0018-extend-threat-group-software.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0018-extend-threat-group-software.md -------------------------------------------------------------------------------- /rfcs/text/0018/threat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0018/threat.yml -------------------------------------------------------------------------------- /rfcs/text/0019-rpc-fieldset.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0019-rpc-fieldset.md -------------------------------------------------------------------------------- /rfcs/text/0020-version-type-field-migration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0020-version-type-field-migration.md -------------------------------------------------------------------------------- /rfcs/text/0020/ecs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0020/ecs.yml -------------------------------------------------------------------------------- /rfcs/text/0021-threat-enrichment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021-threat-enrichment.md -------------------------------------------------------------------------------- /rfcs/text/0021/as.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/as.yml -------------------------------------------------------------------------------- /rfcs/text/0021/file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/file.yml -------------------------------------------------------------------------------- /rfcs/text/0021/geo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/geo.yml -------------------------------------------------------------------------------- /rfcs/text/0021/hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/hash.yml -------------------------------------------------------------------------------- /rfcs/text/0021/pe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/pe.yml -------------------------------------------------------------------------------- /rfcs/text/0021/registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/registry.yml -------------------------------------------------------------------------------- /rfcs/text/0021/threat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/threat.yml -------------------------------------------------------------------------------- /rfcs/text/0021/url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/url.yml -------------------------------------------------------------------------------- /rfcs/text/0021/x509.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0021/x509.yml -------------------------------------------------------------------------------- /rfcs/text/0022-remove-process-ppid.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0022-remove-process-ppid.md -------------------------------------------------------------------------------- /rfcs/text/0022/process_exclude.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0022/process_exclude.yml -------------------------------------------------------------------------------- /rfcs/text/0023-match_only_text-data-type.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023-match_only_text-data-type.md -------------------------------------------------------------------------------- /rfcs/text/0023/as.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/as.yml -------------------------------------------------------------------------------- /rfcs/text/0023/base.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/base.yml -------------------------------------------------------------------------------- /rfcs/text/0023/error.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/error.yml -------------------------------------------------------------------------------- /rfcs/text/0023/file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/file.yml -------------------------------------------------------------------------------- /rfcs/text/0023/os.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/os.yml -------------------------------------------------------------------------------- /rfcs/text/0023/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/process.yml -------------------------------------------------------------------------------- /rfcs/text/0023/threat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/threat.yml -------------------------------------------------------------------------------- /rfcs/text/0023/url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/url.yml -------------------------------------------------------------------------------- /rfcs/text/0023/user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/user.yml -------------------------------------------------------------------------------- /rfcs/text/0023/user_agent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/user_agent.yml -------------------------------------------------------------------------------- /rfcs/text/0023/vulnerability.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0023/vulnerability.yml -------------------------------------------------------------------------------- /rfcs/text/0024-ticket-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0024-ticket-fields.md -------------------------------------------------------------------------------- /rfcs/text/0025-container-metric-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0025-container-metric-fields.md -------------------------------------------------------------------------------- /rfcs/text/0025/container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0025/container.yml -------------------------------------------------------------------------------- /rfcs/text/0026-database-object.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0026-database-object.md -------------------------------------------------------------------------------- /rfcs/text/0027-faas-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0027-faas-fields.md -------------------------------------------------------------------------------- /rfcs/text/0027/cloud.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0027/cloud.yml -------------------------------------------------------------------------------- /rfcs/text/0027/faas.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0027/faas.yml -------------------------------------------------------------------------------- /rfcs/text/0027/service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0027/service.yml -------------------------------------------------------------------------------- /rfcs/text/0028-cgroups.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0028-cgroups.md -------------------------------------------------------------------------------- /rfcs/text/0028/cgroups.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0028/cgroups.yml -------------------------------------------------------------------------------- /rfcs/text/0029-enforce-single-value-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0029-enforce-single-value-fields.md -------------------------------------------------------------------------------- /rfcs/text/0030-linux-event-model.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030-linux-event-model.md -------------------------------------------------------------------------------- /rfcs/text/0030/group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030/group.yml -------------------------------------------------------------------------------- /rfcs/text/0030/host.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030/host.yml -------------------------------------------------------------------------------- /rfcs/text/0030/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030/process.yml -------------------------------------------------------------------------------- /rfcs/text/0030/source.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030/source.yml -------------------------------------------------------------------------------- /rfcs/text/0030/user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0030/user.yml -------------------------------------------------------------------------------- /rfcs/text/0031-risk-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0031-risk-fields.md -------------------------------------------------------------------------------- /rfcs/text/0031/example-alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0031/example-alert.json -------------------------------------------------------------------------------- /rfcs/text/0032-definition-of-ecs-compliance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0032-definition-of-ecs-compliance.md -------------------------------------------------------------------------------- /rfcs/text/0033-new-cloud-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0033-new-cloud-fields.md -------------------------------------------------------------------------------- /rfcs/text/0034-device-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0034-device-fields.md -------------------------------------------------------------------------------- /rfcs/text/0034/device.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0034/device.yml -------------------------------------------------------------------------------- /rfcs/text/0035-tty-output.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0035-tty-output.md -------------------------------------------------------------------------------- /rfcs/text/0035/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0035/process.yml -------------------------------------------------------------------------------- /rfcs/text/0036-authentication-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0036-authentication-fields.md -------------------------------------------------------------------------------- /rfcs/text/0037-host-metrics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0037-host-metrics.md -------------------------------------------------------------------------------- /rfcs/text/0037/host.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0037/host.yml -------------------------------------------------------------------------------- /rfcs/text/0038-event-kind-asset.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0038-event-kind-asset.md -------------------------------------------------------------------------------- /rfcs/text/0038/event.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0038/event.yml -------------------------------------------------------------------------------- /rfcs/text/0039-tsdb-dimensions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0039-tsdb-dimensions.md -------------------------------------------------------------------------------- /rfcs/text/0040-volume-device.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0040-volume-device.md -------------------------------------------------------------------------------- /rfcs/text/0040/volume.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0040/volume.yml -------------------------------------------------------------------------------- /rfcs/text/0041-asset-integration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0041-asset-integration.md -------------------------------------------------------------------------------- /rfcs/text/0042-risk-score-extensions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0042-risk-score-extensions.md -------------------------------------------------------------------------------- /rfcs/text/0042/risk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0042/risk.yml -------------------------------------------------------------------------------- /rfcs/text/0043-risk-input-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0043-risk-input-fields.md -------------------------------------------------------------------------------- /rfcs/text/0044-add-apple-platform-specific-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0044-add-apple-platform-specific-fields.md -------------------------------------------------------------------------------- /rfcs/text/0044/code_signature.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0044/code_signature.yml -------------------------------------------------------------------------------- /rfcs/text/0044/device.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0044/device.yml -------------------------------------------------------------------------------- /rfcs/text/0044/hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0044/hash.yml -------------------------------------------------------------------------------- /rfcs/text/0044/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0044/process.yml -------------------------------------------------------------------------------- /rfcs/text/0045-additional-vulnerability-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0045-additional-vulnerability-fields.md -------------------------------------------------------------------------------- /rfcs/text/0046-additional-rule-field.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0046-additional-rule-field.md -------------------------------------------------------------------------------- /rfcs/text/0047-fileless-execution-linux.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0047-fileless-execution-linux.md -------------------------------------------------------------------------------- /rfcs/text/0048-fileorigin-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0048-fileorigin-fields.md -------------------------------------------------------------------------------- /rfcs/text/0048/dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0048/dll.yml -------------------------------------------------------------------------------- /rfcs/text/0048/file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0048/file.yml -------------------------------------------------------------------------------- /rfcs/text/0048/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0048/process.yml -------------------------------------------------------------------------------- /rfcs/text/0049-entity-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0049-entity-fields.md -------------------------------------------------------------------------------- /rfcs/text/0049/entity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0049/entity.yml -------------------------------------------------------------------------------- /rfcs/text/0050-gen_ai-security-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0050-gen_ai-security-fields.md -------------------------------------------------------------------------------- /rfcs/text/0050/gen_ai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0050/gen_ai.yaml -------------------------------------------------------------------------------- /rfcs/text/0051-user-is-privileged.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0051-user-is-privileged.md -------------------------------------------------------------------------------- /rfcs/text/0052-gen_ai-additional-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0052-gen_ai-additional-fields.md -------------------------------------------------------------------------------- /rfcs/text/0053-new-device-fields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/rfcs/text/0053-new-device-fields.md -------------------------------------------------------------------------------- /schemas/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/README.md -------------------------------------------------------------------------------- /schemas/agent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/agent.yml -------------------------------------------------------------------------------- /schemas/as.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/as.yml -------------------------------------------------------------------------------- /schemas/base.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/base.yml -------------------------------------------------------------------------------- /schemas/client.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/client.yml -------------------------------------------------------------------------------- /schemas/cloud.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/cloud.yml -------------------------------------------------------------------------------- /schemas/code_signature.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/code_signature.yml -------------------------------------------------------------------------------- /schemas/container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/container.yml -------------------------------------------------------------------------------- /schemas/data_stream.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/data_stream.yml -------------------------------------------------------------------------------- /schemas/destination.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/destination.yml -------------------------------------------------------------------------------- /schemas/device.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/device.yml -------------------------------------------------------------------------------- /schemas/dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/dll.yml -------------------------------------------------------------------------------- /schemas/dns.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/dns.yml -------------------------------------------------------------------------------- /schemas/ecs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/ecs.yml -------------------------------------------------------------------------------- /schemas/elf.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/elf.yml -------------------------------------------------------------------------------- /schemas/email.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/email.yml -------------------------------------------------------------------------------- /schemas/entity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/entity.yml -------------------------------------------------------------------------------- /schemas/error.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/error.yml -------------------------------------------------------------------------------- /schemas/event.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/event.yml -------------------------------------------------------------------------------- /schemas/faas.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/faas.yml -------------------------------------------------------------------------------- /schemas/file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/file.yml -------------------------------------------------------------------------------- /schemas/gen_ai.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/gen_ai.yml -------------------------------------------------------------------------------- /schemas/geo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/geo.yml -------------------------------------------------------------------------------- /schemas/group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/group.yml -------------------------------------------------------------------------------- /schemas/hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/hash.yml -------------------------------------------------------------------------------- /schemas/host.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/host.yml -------------------------------------------------------------------------------- /schemas/http.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/http.yml -------------------------------------------------------------------------------- /schemas/interface.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/interface.yml -------------------------------------------------------------------------------- /schemas/log.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/log.yml -------------------------------------------------------------------------------- /schemas/macho.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/macho.yml -------------------------------------------------------------------------------- /schemas/network.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/network.yml -------------------------------------------------------------------------------- /schemas/observer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/observer.yml -------------------------------------------------------------------------------- /schemas/orchestrator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/orchestrator.yml -------------------------------------------------------------------------------- /schemas/organization.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/organization.yml -------------------------------------------------------------------------------- /schemas/os.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/os.yml -------------------------------------------------------------------------------- /schemas/package.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/package.yml -------------------------------------------------------------------------------- /schemas/pe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/pe.yml -------------------------------------------------------------------------------- /schemas/process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/process.yml -------------------------------------------------------------------------------- /schemas/registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/registry.yml -------------------------------------------------------------------------------- /schemas/related.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/related.yml -------------------------------------------------------------------------------- /schemas/risk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/risk.yml -------------------------------------------------------------------------------- /schemas/rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/rule.yml -------------------------------------------------------------------------------- /schemas/server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/server.yml -------------------------------------------------------------------------------- /schemas/service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/service.yml -------------------------------------------------------------------------------- /schemas/source.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/source.yml -------------------------------------------------------------------------------- /schemas/subsets/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/subsets/main.yml -------------------------------------------------------------------------------- /schemas/threat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/threat.yml -------------------------------------------------------------------------------- /schemas/tls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/tls.yml -------------------------------------------------------------------------------- /schemas/tracing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/tracing.yml -------------------------------------------------------------------------------- /schemas/url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/url.yml -------------------------------------------------------------------------------- /schemas/user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/user.yml -------------------------------------------------------------------------------- /schemas/user_agent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/user_agent.yml -------------------------------------------------------------------------------- /schemas/vlan.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/vlan.yml -------------------------------------------------------------------------------- /schemas/volume.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/volume.yml -------------------------------------------------------------------------------- /schemas/vulnerability.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/vulnerability.yml -------------------------------------------------------------------------------- /schemas/x509.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/schemas/x509.yml -------------------------------------------------------------------------------- /scripts/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/__init__.py -------------------------------------------------------------------------------- /scripts/ecs_types/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/ecs_types/__init__.py -------------------------------------------------------------------------------- /scripts/ecs_types/otel_types.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/ecs_types/otel_types.py -------------------------------------------------------------------------------- /scripts/ecs_types/schema_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/ecs_types/schema_fields.py -------------------------------------------------------------------------------- /scripts/generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generator.py -------------------------------------------------------------------------------- /scripts/generators/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/__init__.py -------------------------------------------------------------------------------- /scripts/generators/beats.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/beats.py -------------------------------------------------------------------------------- /scripts/generators/beats_default_fields_allowlist.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/beats_default_fields_allowlist.yml -------------------------------------------------------------------------------- /scripts/generators/csv_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/csv_generator.py -------------------------------------------------------------------------------- /scripts/generators/ecs_helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/ecs_helpers.py -------------------------------------------------------------------------------- /scripts/generators/es_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/es_template.py -------------------------------------------------------------------------------- /scripts/generators/intermediate_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/intermediate_files.py -------------------------------------------------------------------------------- /scripts/generators/markdown_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/markdown_fields.py -------------------------------------------------------------------------------- /scripts/generators/otel.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/generators/otel.py -------------------------------------------------------------------------------- /scripts/requirements-dev.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/requirements-dev.txt -------------------------------------------------------------------------------- /scripts/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/requirements.txt -------------------------------------------------------------------------------- /scripts/schema/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/__init__.py -------------------------------------------------------------------------------- /scripts/schema/cleaner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/cleaner.py -------------------------------------------------------------------------------- /scripts/schema/exclude_filter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/exclude_filter.py -------------------------------------------------------------------------------- /scripts/schema/finalizer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/finalizer.py -------------------------------------------------------------------------------- /scripts/schema/loader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/loader.py -------------------------------------------------------------------------------- /scripts/schema/subset_filter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/subset_filter.py -------------------------------------------------------------------------------- /scripts/schema/visitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/schema/visitor.py -------------------------------------------------------------------------------- /scripts/templates/ecs_field_reference.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/ecs_field_reference.j2 -------------------------------------------------------------------------------- /scripts/templates/fieldset.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/fieldset.j2 -------------------------------------------------------------------------------- /scripts/templates/index.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/index.j2 -------------------------------------------------------------------------------- /scripts/templates/macros.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/macros.j2 -------------------------------------------------------------------------------- /scripts/templates/otel_alignment_details.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/otel_alignment_details.j2 -------------------------------------------------------------------------------- /scripts/templates/otel_alignment_overview.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/templates/otel_alignment_overview.j2 -------------------------------------------------------------------------------- /scripts/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/__init__.py -------------------------------------------------------------------------------- /scripts/tests/test_ecs_helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/test_ecs_helpers.py -------------------------------------------------------------------------------- /scripts/tests/test_ecs_spec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/test_ecs_spec.py -------------------------------------------------------------------------------- /scripts/tests/test_es_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/test_es_template.py -------------------------------------------------------------------------------- /scripts/tests/test_markdown_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/test_markdown_fields.py -------------------------------------------------------------------------------- /scripts/tests/unit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/__init__.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_beats_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_beats_generator.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_csv_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_csv_generator.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_schema_cleaner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_schema_cleaner.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_schema_exclude_filter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_schema_exclude_filter.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_schema_finalizer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_schema_finalizer.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_schema_loader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_schema_loader.py -------------------------------------------------------------------------------- /scripts/tests/unit/test_schema_subset_filter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/scripts/tests/unit/test_schema_subset_filter.py -------------------------------------------------------------------------------- /stages.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/ecs/HEAD/stages.html -------------------------------------------------------------------------------- /version: -------------------------------------------------------------------------------- 1 | 9.3.0-dev 2 | --------------------------------------------------------------------------------