Add required version number to audit log (#85390)

* Add required version number to audit log

* Added suggestion from code review

x-pack/plugins/security/server/audit/audit_events.ts

@@ -9,7 +9,7 @@ import { AuthenticationResult } from '../authentication/authentication_result';
 
 /**
  * Audit event schema using ECS format.
- * https://www.elastic.co/guide/en/ecs/1.5/index.html
+ * https://www.elastic.co/guide/en/ecs/1.6/index.html
  * @public
  */
 export interface AuditEvent {

x-pack/plugins/security/server/audit/audit_service.test.ts

@@ -103,6 +103,7 @@ describe('#asScoped', () => {
 
     audit.asScoped(request).log({ message: 'MESSAGE', event: { action: 'ACTION' } });
     expect(logger.info).toHaveBeenCalledWith('MESSAGE', {
+      ecs: { version: '1.6.0' },
       event: { action: 'ACTION' },
       kibana: { space_id: 'default' },
       message: 'MESSAGE',

x-pack/plugins/security/server/audit/audit_service.ts

@@ -19,6 +19,8 @@ import { SpacesPluginSetup } from '../../../spaces/server';
 import { AuditEvent, httpRequestEvent } from './audit_events';
 import { SecurityPluginSetup } from '..';
 
+export const ECS_VERSION = '1.6.0';
+
 /**
  * @deprecated
  */
@@ -31,6 +33,9 @@ export interface AuditLogger {
 }
 
 interface AuditLogMeta extends AuditEvent {
+  ecs: {
+    version: string;
+  };
   session?: {
     id: string;
   };
@@ -119,7 +124,7 @@ export class AuditService {
        *   message: 'User is updating dashboard [id=123]',
        *   event: {
        *     action: 'saved_object_update',
-       *     outcome: 'unknown'
+       *     outcome: EventOutcome.UNKNOWN
        *   },
        *   kibana: {
        *     saved_object: { type: 'dashboard', id: '123' }
@@ -134,6 +139,7 @@ export class AuditService {
         const user = getCurrentUser(request);
         const spaceId = getSpaceId(request);
         const meta: AuditLogMeta = {
+          ecs: { version: ECS_VERSION },
           ...event,
           user:
             (user && {