diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 150a7f59b86..2ee0338b1d7 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.28.2" + changes: + - description: Add missing type mapping for host fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/9030 - version: "1.28.1" changes: - description: Changed owners diff --git a/packages/crowdstrike/data_stream/fdr/fields/ecs.yml b/packages/crowdstrike/data_stream/fdr/fields/ecs.yml index 7b4faf503d4..b886814277e 100644 --- a/packages/crowdstrike/data_stream/fdr/fields/ecs.yml +++ b/packages/crowdstrike/data_stream/fdr/fields/ecs.yml @@ -80,8 +80,12 @@ name: host.geo.country_name - external: ecs name: host.geo.timezone +- external: ecs + name: host.domain - external: ecs name: host.hostname +- external: ecs + name: host.ip - external: ecs name: host.name - external: ecs diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 3c24eb55630..671b1a84f6a 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -1017,11 +1017,13 @@ and/or `session_token`. | file.path.text | Multi-field of `file.path`. | match_only_text | | file.size | File size in bytes. Only relevant when `file.type` is "file". | long | | file.type | File type (file, dir, or symlink). | keyword | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | host.geo.city_name | City name. | keyword | | host.geo.continent_name | Name of the continent. | keyword | | host.geo.country_name | Country name. | keyword | | host.geo.timezone | The time zone of the location, such as IANA time zone name. | keyword | | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.ip | Host ip addresses. | ip | | host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index 66f3d2b79b7..7876cddc963 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.28.1" +version: "1.28.2" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: "3.0.0"