ECS 8.6.1

What's new in ECS 8.5.1

Schema Changes

Bugfixes

• Fixing tlp_version and tlp field for threat. #2156

ECS 8.6.0

8.6.0 RELEASE

Schema Changes

Added

• Adding vulnerability option for event.category. #2029
• Added device.* field set as beta. #2030
• Added tlp.version to threat #2074
• Added fields for executable object format metadata for ELF, Mach-O and PE #2083

Improvements

• Added CLEAR and AMBER+STRICT as valid values for threat.indicator.marking.tlp and enrichments.indicator.marking.tlp to accept new TLP 2.0 markings #2022, #2074

ECS 8.6.0-rc1

Schema Changes

Added

• Adding vulnerability option for event.category. #2029
• Added device.* field set as beta. #2030
• Added tlp.version to threat #2074
• Added fields for executable object format metadata for ELF, Mach-O and PE #2083

Improvements

• Added CLEAR and AMBER+STRICT as valid values for threat.indicator.marking.tlp and enrichments.indicator.marking.tlp to accept new TLP 2.0 markings #2022, #2074

ECS 8.5.2

What's new in ECS 8.5.2

Schema Changes

Bugfixes

• Fixes invalid number type on 4 process.io subfields. #2105

ECS 8.5.1

What's new in ECS 8.5.1

Tooling and Artifact Changes

Bugfixes

• Fix type of normalize in process.io.bytes_skipped. #2094

ECS 8.5.0

What's new in ECS 8.5.0

Schema Changes

Added

• Adding risk.* fields as experimental. #1994, #2010
• Adding process.io.* as beta fields. #1956, #2031
• Adding process.tty.rows and process.tty.columns as beta fields. #2031
• Changed process.env_vars field type to be an array of keywords. #2038
• process.attested_user and process.attested_groups as beta fields. #2050
• Added risk.* fieldset to beta. #2051, #2058
• Moved Linux event model fields to GA. #2082

Improvements

• Advances threat.enrichments.indicator to GA. #1928
• Added ios and android as valid values for os.type #1999

Tooling and Artifact Changes

Bugfixes

• Added Deprecation Warning for misspell task #1993
• Fix typo in client schema #2014

ECS 8.5.0-rc1

ECS Release Candidate

Schema Changes

Added

• Adding risk.* fields as experimental. #1994, #2010
• Adding process.io.* as beta fields. #1956, #2031
• Adding process.tty.rows and process.tty.columns as beta fields. #2031
• Changed process.env_vars field type to be an array of keywords. #2038
• process.attested_user and process.attested_groups as beta fields. #2050
• Added risk.* fieldset to beta. #2051

Improvements

• Advances threat.enrichments.indicator to GA. #1928
• Added ios and android as valid values for os.type #1999

Tooling and Artifact Changes

Bugfixes

• Added Deprecation Warning for misspell task #1993
• Fix typo in client schema #2014

ECS 8.4.0

What's new in ECS 8.4

New field attribute expected_values

ECS schema field definitions will now support an attribute to provide a consistent location to capture a list of expected values.

Schema Changes

Added

• Initial set of expected_values. #1962
• Adding service.node.roles. #1981

Tooling and Artifact Changes

Added

• Introduce expected_values attribute. #1952

Improvements

• Additional type annotations. #1950

ECS 8.4.0-rc1

ECS Release Candidate

ECS will publish a release candidate version, starting with 8.4.0, to better aid in development efforts.

Changelog

Schema Changes

Added

• Initial set of expected_values. #1962
• Adding service.node.roles. #1981

Tooling and Artifact Changes

Added

• Introduce expected_values attribute. #1952

Improvements

• Additional type annotations. #1950

ECS 8.3.1

Schema Changes

Deprecated

• Deprecate service.node.role in favor of upcoming service.node.roles. #1976