We want to enable validation of allowed values defined in ECS fields, but there are some packages that are currently using invalid values, find below the list of current related failures.

Would it be ok to migrate these fields to the values expected according to ECS?

Pinging @elastic/obs-cloud-monitoring @elastic/security-external-integrations @elastic/obs-service-integrations @elastic/integrations as owners of these packages.

Related issues:

• Check being implemented in Check allowed values for fields elastic-package#771.
• PR to test the change in integrations Try to use version of elastic-package with check for allowed values #3017.
• Feature request: Field validator should check for ECS fields marked as arrays elastic-package#615 (comment)).

These are the current failures (once per package), and proposed changes:

• auditd using invalid field values according to ECS #3043
• aws using invalid field values according to ECS #3044
• carbon_black_cloud using invalid field values according to ECS #3407
• cisco cisco,cisco_duo,cisco_ftd: fix event.outcome and event.type field values #3018
• cisco_duo cisco_ftd, cisco_duo using invalid values according to ECS #3328
• cisco_ftd cisco_ftd, cisco_duo using invalid values according to ECS #3328
• crowdstrike using invalid field values according to ECS #3045
• fireeye using invalid field values according to ECS #3053
• microsoft_dhcp using invalid values according to ECS #3406
• nagios_xi using invalid field values according to ECS #3046
• netflow using invalid field values according to ECS #3047
• network_traffic using invalid ECS values #3329
• o365 using invalid field values according to ECS #3048
• panw using invalid field values according to ECS #3049
• symantec_endpoint using invalid field values according to ECS #3050
• system package using invalid field values according to ECS  #3051
• zeek using invalid field values according to ECS #3052