Skip to content

Commit

Permalink
artifacts
Browse files Browse the repository at this point in the history
  • Loading branch information
@ebeahan
ebeahan committed Oct 2, 2023
1 parent ab32b35 commit dfcac64
Show file tree
Hide file tree
Showing 2 changed files with 262 additions and 0 deletions.
131 changes: 131 additions & 0 deletions experimental/generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13451,6 +13451,137 @@
ignore_above: 1024
description: Version of the user agent.
example: 12.0
- name: volume
title: Volume
group: 2
description: Fields related to storage volume details.
type: group
default_field: true
fields:
- name: bus_type
level: extended
type: keyword
ignore_above: 1024
description: Bus type of the device, such as `Nvme`, `Usb`, or `FileBackedVirtual`.
example: FileBackedVirtual
default_field: false
- name: default_access
level: extended
type: keyword
ignore_above: 1024
description: Describes the default access(es) of the volume.
default_field: false
- name: device_name
level: extended
type: keyword
ignore_above: 1024
description: 'Full path of the volume device.
Only populate this field for POSIX system volumes.'
default_field: false
- name: device_type
level: extended
type: keyword
ignore_above: 1024
description: 'Volume device type.
The most frequently seen volume device types are `Disk File System` and `CD-ROM
File System`.'
example: CD-ROM File System
default_field: false
- name: dos_name
level: extended
type: keyword
ignore_above: 1024
description: 'The MS-DOS name of a device.
DOS device name is in the format of driver letters, such as `C:`. The field
is relevant to Windows systems only.'
example: 'E:'
default_field: false
- name: file_system_type
level: extended
type: keyword
ignore_above: 1024
description: 'Volume device file system type.
The most common volume file system types are `NTFS` and `UDF`.'
default_field: false
- name: mount_name
level: extended
type: keyword
ignore_above: 1024
description: 'Mount name of the volume device.
Only populate this field for POSIX system volumes.'
default_field: false
- name: nt_name
level: extended
type: keyword
ignore_above: 1024
description: 'The NT device name.
NT device name uses a format of `\Device\HarddiskVolume2`. The field is relevant
to Windows systems only.'
example: \Device\Cdrom1
default_field: false
- name: product_id
level: extended
type: keyword
ignore_above: 1024
description: 'ProductID of the device.
The vendor provides the ProductID for the volume, if any.'
default_field: false
- name: product_name
level: extended
type: keyword
ignore_above: 1024
description: 'Product name of the volume.
The volume device vendor provides this value.'
example: Virtual DVD-ROM
default_field: false
- name: removable
level: extended
type: boolean
description: Indicates if the volume is removable.
default_field: false
- name: serial_number
level: extended
type: keyword
ignore_above: 1024
description: 'Serial number identifier for the volume device.
The serial number is provided by the vendor of the device, if any.'
default_field: false
- name: size
level: extended
type: long
description: Size of the volume device in bytes.
default_field: false
- name: vendor_id
level: extended
type: keyword
ignore_above: 1024
description: 'VendorID of the volume device.
The volume device vendor provides this value.'
default_field: false
- name: vendor_name
level: extended
type: keyword
ignore_above: 1024
description: 'Vendor name of the volume device.
The value is provided by the vendor of the device.'
example: Msft
default_field: false
- name: writable
level: extended
type: boolean
description: Indicates if the volume is writable.
default_field: false
- name: vulnerability
title: Vulnerability
group: 2
Expand Down
131 changes: 131 additions & 0 deletions generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13401,6 +13401,137 @@
ignore_above: 1024
description: Version of the user agent.
example: 12.0
- name: volume
title: Volume
group: 2
description: Fields related to storage volume details.
type: group
default_field: true
fields:
- name: bus_type
level: extended
type: keyword
ignore_above: 1024
description: Bus type of the device, such as `Nvme`, `Usb`, or `FileBackedVirtual`.
example: FileBackedVirtual
default_field: false
- name: default_access
level: extended
type: keyword
ignore_above: 1024
description: Describes the default access(es) of the volume.
default_field: false
- name: device_name
level: extended
type: keyword
ignore_above: 1024
description: 'Full path of the volume device.
Only populate this field for POSIX system volumes.'
default_field: false
- name: device_type
level: extended
type: keyword
ignore_above: 1024
description: 'Volume device type.
The most frequently seen volume device types are `Disk File System` and `CD-ROM
File System`.'
example: CD-ROM File System
default_field: false
- name: dos_name
level: extended
type: keyword
ignore_above: 1024
description: 'The MS-DOS name of a device.
DOS device name is in the format of driver letters, such as `C:`. The field
is relevant to Windows systems only.'
example: 'E:'
default_field: false
- name: file_system_type
level: extended
type: keyword
ignore_above: 1024
description: 'Volume device file system type.
The most common volume file system types are `NTFS` and `UDF`.'
default_field: false
- name: mount_name
level: extended
type: keyword
ignore_above: 1024
description: 'Mount name of the volume device.
Only populate this field for POSIX system volumes.'
default_field: false
- name: nt_name
level: extended
type: keyword
ignore_above: 1024
description: 'The NT device name.
NT device name uses a format of `\Device\HarddiskVolume2`. The field is relevant
to Windows systems only.'
example: \Device\Cdrom1
default_field: false
- name: product_id
level: extended
type: keyword
ignore_above: 1024
description: 'ProductID of the device.
The vendor provides the ProductID for the volume, if any.'
default_field: false
- name: product_name
level: extended
type: keyword
ignore_above: 1024
description: 'Product name of the volume.
The volume device vendor provides this value.'
example: Virtual DVD-ROM
default_field: false
- name: removable
level: extended
type: boolean
description: Indicates if the volume is removable.
default_field: false
- name: serial_number
level: extended
type: keyword
ignore_above: 1024
description: 'Serial number identifier for the volume device.
The serial number is provided by the vendor of the device, if any.'
default_field: false
- name: size
level: extended
type: long
description: Size of the volume device in bytes.
default_field: false
- name: vendor_id
level: extended
type: keyword
ignore_above: 1024
description: 'VendorID of the volume device.
The volume device vendor provides this value.'
default_field: false
- name: vendor_name
level: extended
type: keyword
ignore_above: 1024
description: 'Vendor name of the volume device.
The value is provided by the vendor of the device.'
example: Msft
default_field: false
- name: writable
level: extended
type: boolean
description: Indicates if the volume is writable.
default_field: false
- name: vulnerability
title: Vulnerability
group: 2
Expand Down

0 comments on commit dfcac64

Please # to comment.