elastic · chemamartinez · Nov 10, 2023 · Nov 8, 2023 · Nov 8, 2023 · Nov 8, 2023
@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: "git@v8.10.0"
+ reference: "git@v8.11.0"
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.10.0
+ changes:
+ - description: ECS version updated to 8.11.0.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/8434
 - version: 1.9.0
  changes:
  - description: ECS version updated to 8.10.0.

@@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiClient Endpoint Security
 processors:
  - set:
  field: ecs.version
- value: '8.10.0'
+ value: '8.11.0'
  - set:
  field: observer.vendor
  value: Fortinet

@@ -19,7 +19,7 @@
  "port": 3994
  },
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "elastic_agent": {
  "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0",

@@ -34,7 +34,7 @@ An example event for `log` looks as following:
  "port": 3994
  },
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "elastic_agent": {
  "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0",

@@ -1,6 +1,6 @@
 name: fortinet_forticlient
 title: Fortinet FortiClient Logs
-version: "1.9.0"
+version: "1.10.0"
 description: Collect logs from Fortinet FortiClient instances with Elastic Agent.
 type: integration
 format_version: 2.7.0

@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: "git@v8.10.0"
+ reference: "git@v8.11.0"
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.14.0
+ changes:
+ - description: ECS version updated to 8.11.0.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/8434
 - version: "1.13.0"
  changes:
  - description: Improve 'event.original' check to avoid errors if set.

@@ -3,14 +3,14 @@
  {
  "@timestamp": "2019-09-18T06:42:18.000Z",
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "event": {
  "action": "blocked",
  "category": "malware",
  "end": "2019-09-18T02:42:18.000Z",
  "id": "458478",
- "original": "\u003c133\u003e1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
+ "original": "<133>1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
  "start": "2019-09-18T02:42:18.000Z"
  },
  "fortinet": {
@@ -92,14 +92,14 @@
  {
  "@timestamp": "2019-09-18T07:42:18.000Z",
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "event": {
  "action": "blocked",
  "category": "malware",
  "end": "2019-09-18T02:42:18.000Z",
  "id": "458478",
- "original": "\u003c133\u003e1 2019-09-18T07:42:18.000Z 1.1.1.1 enSilo 8710 - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
+ "original": "<133>1 2019-09-18T07:42:18.000Z 1.1.1.1 enSilo 8710 - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
  "start": "2019-09-18T02:42:18.000Z"
  },
  "fortinet": {

@@ -3,7 +3,7 @@ description: Pipeline for Fortinet FortiEDR Endpoint Detection and Response
 processors:
  - set:
  field: ecs.version
- value: '8.10.0'
+ value: '8.11.0'
  - set:
  field: observer.vendor
  value: Fortinet

@@ -13,7 +13,7 @@
  "type": "logs"
  },
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "elastic_agent": {
  "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124",
@@ -28,7 +28,7 @@
  "end": "2019-09-18T02:42:18.000Z",
  "id": "458478",
  "ingested": "2022-08-26T07:24:21Z",
- "original": "\u003c133\u003e1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
+ "original": "<133>1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
  "start": "2019-09-18T02:42:18.000Z",
  "timezone": "+00:00"
  },
@@ -115,4 +115,4 @@
  "user": {
  "id": "WIN10-VICTIM\\U"
  }
-}
+}
@@ -38,7 +38,7 @@ An example event for `log` looks as following:
  "type": "logs"
  },
  "ecs": {
- "version": "8.10.0"
+ "version": "8.11.0"
  },
  "elastic_agent": {
  "id": "e2f57999-9659-45c8-a03c-c5bf85dc5124",
@@ -53,7 +53,7 @@ An example event for `log` looks as following:
  "end": "2019-09-18T02:42:18.000Z",
  "id": "458478",
  "ingested": "2022-08-26T07:24:21Z",
- "original": "\u003c133\u003e1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
+ "original": "<133>1 2019-09-18T06:42:18.000Z 1.1.1.1 enSilo - - - Organization: Demo;Organization ID: 156646;Event ID: 458478; Raw Data ID: 1270886879;Device Name: WIN10-VICTIM;Operating System: Windows 10 Pro N; Process Name: svchost.exe;Process Path: \\Device\\HarddiskVolume4\\Windows\\System32\\svchost.exe; Process Type: 64bit;Severity: Critical;Classification: Suspicious;Destination: File Creation; First Seen: 18-Sep-2019, 02:42:18;Last Seen: 18-Sep-2019, 02:42:18;Action: Blocked;Count: 1; Certificate: yes;Rules List: File Encryptor - Suspicious file modification;Users: WIN10-VICTIM\\U; MAC Address: 00-0C-29-D4-75-EC;Script: N/A;Script Path: N/A;Autonomous System: N/A;Country: N/A",
  "start": "2019-09-18T02:42:18.000Z",
  "timezone": "+00:00"
  },
@@ -141,6 +141,7 @@ An example event for `log` looks as following:
  "id": "WIN10-VICTIM\\U"
  }
 }
+
 ```
 
 **Exported fields**

@@ -1,6 +1,6 @@
 name: fortinet_fortiedr
 title: Fortinet FortiEDR Logs
-version: "1.13.0"
+version: "1.14.0"
 description: Collect logs from Fortinet FortiEDR instances with Elastic Agent.
 type: integration
 format_version: "3.0.0"

@@ -1,3 +1,3 @@
 dependencies:
  ecs:
- reference: "git@v8.10.0"
+ reference: "git@v8.11.0"
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.22.0
+ changes:
+ - description: ECS version updated to 8.11.0.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/8434
 - version: "1.21.0"
  changes:
  - description: Add support for FortiOS 7.x.