[Security Solution] Updates Beats fields metadata (#97719)

* Make script dynamic on our BEATS_VERSION constant * Update hardcoded file path in script * Update fields with 7.12.0 beats * Update BEATS_VERSION to reflect what's been captured thus far I simply neglected to commit this change previously * Update unit test implicitly testing field descriptions The fields under test here had a minor grammatical change. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-05-04 15:43:11 -05:00 · 2021-05-04 15:43:11 -05:00 · 6130f16a6e
parent eba699c23a
commit 6130f16a6e
3 changed files with 6743 additions and 527 deletions
--- a/x-pack/plugins/security_solution/scripts/beat_docs/build.js
+++ b/x-pack/plugins/security_solution/scripts/beat_docs/build.js
@ -26,35 +26,32 @@ const zlib = require('zlib');

 const OUTPUT_DIRECTORY = resolve('scripts', 'beat_docs');
 const OUTPUT_SERVER_DIRECTORY = resolve('server', 'utils', 'beat_schema');
+const BEATS_VERSION = '7.12.0';

 const beats = [
  {
-    filePath: `${OUTPUT_DIRECTORY}/auditbeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/auditbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
    index: 'auditbeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/auditbeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/auditbeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
  },
  {
-    filePath: `${OUTPUT_DIRECTORY}/filebeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/filebeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
    index: 'filebeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/filebeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/filebeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
  },
  {
-    filePath: `${OUTPUT_DIRECTORY}/packetbeat-7.9.0-darwin-x86_64.tar.gz`,
+    filePath: `${OUTPUT_DIRECTORY}/packetbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
    index: 'packetbeat-*',
-    outputDir: `${OUTPUT_DIRECTORY}/packetbeat-7.9.0-darwin-x86_64`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-7.9.0-darwin-x86_64.tar.gz',
+    outputDir: `${OUTPUT_DIRECTORY}/packetbeat-${BEATS_VERSION}-darwin-x86_64`,
+    url: `https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-${BEATS_VERSION}-darwin-x86_64.tar.gz`,
  },
  {
-    filePath: `${OUTPUT_DIRECTORY}/winlogbeat-7.9.0-windows-x86_64.zip`,
+    filePath: `${OUTPUT_DIRECTORY}/winlogbeat-${BEATS_VERSION}-windows-x86_64.zip`,
    index: 'winlogbeat-*',
    outputDir: `${OUTPUT_DIRECTORY}`,
-    url:
-      'https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-7.9.0-windows-x86_64.zip',
+    url: `https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-${BEATS_VERSION}-windows-x86_64.zip`,
  },
 ];

@ -141,13 +138,13 @@ const manageZipFields = async (beat, filePath, beatFields) => {
    await extract(filePath, { dir: beat.outputDir });
    console.log('building fields', beat.index);
    const obj = yaml.load(
-      fs.readFileSync(`${beat.outputDir}/winlogbeat-7.9.0-windows-x86_64/fields.yml`, {
+      fs.readFileSync(`${beat.outputDir}/winlogbeat-${BEATS_VERSION}-windows-x86_64/fields.yml`, {
        encoding: 'utf-8',
      })
    );
    const eBeatFields = convertSchemaToHash(obj, beatFields);
    console.log('deleting files', beat.index);
-    rimraf.sync(`${beat.outputDir}/winlogbeat-7.9.0-windows-x86_64`);
+    rimraf.sync(`${beat.outputDir}/winlogbeat-${BEATS_VERSION}-windows-x86_64`);
    rimraf.sync(beat.filePath);

    return eBeatFields;
@ -221,7 +218,7 @@ async function main() {
      * 2.0.
      */

-      import { BeatFields } from '../../../common/search_strategy/security_solution/beat_fields';
+      import { BeatFields } from '../../../common/search_strategy/index_fields';

      /* eslint-disable @typescript-eslint/naming-convention */
      export const fieldsBeat: BeatFields =
--- a/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts
@ -126,7 +126,7 @@ describe('Index Fields', () => {
          },
          {
            description:
-              'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+              'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
            example: 'filebeat',
            name: 'agent.type',
            type: 'string',
@ -252,7 +252,7 @@ describe('Index Fields', () => {
        {
          category: 'agent',
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
@ -426,7 +426,7 @@ describe('Index Fields', () => {
        {
          category: 'agent',
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
--- a/x-pack/plugins/security_solution/server/utils/beat_schema/fields.ts
+++ b/x-pack/plugins/security_solution/server/utils/beat_schema/fields.ts