[EDR Workflows] Update Osquery and ECS fields schemas (elastic#193399)

kibanamachine · Sep 19, 2024 · f32ba5c · f32ba5c
1 parent 460ca2a
commit f32ba5c
Show file tree

Hide file tree

Showing 8 changed files with 10 additions and 8 deletions.
diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json
diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json
diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts
@@ -17,7 +17,7 @@ let osqueryTables: TablesJSON | null = null;
 export const getOsqueryTables = () => {
   if (!osqueryTables) {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
-    osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.10.2.json'));
+    osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.13.1.json'));
   }
 
   return osqueryTables;

diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx
@@ -47,8 +47,8 @@ import {
   convertECSMappingToArray,
   convertECSMappingToObject,
 } from '../../../common/utils/converters';
-import ECSSchema from '../../common/schemas/ecs/v8.11.0.json';
-import osquerySchema from '../../common/schemas/osquery/v5.10.2.json';
+import ECSSchema from '../../common/schemas/ecs/v8.12.0.json';
+import osquerySchema from '../../common/schemas/osquery/v5.13.1.json';
 
 import { FieldIcon } from '../../common/lib/kibana';
 import { OsqueryIcon } from '../../components/osquery_icon';

diff --git a/x-pack/plugins/osquery/scripts/readme.md b/x-pack/plugins/osquery/scripts/readme.md
@@ -6,8 +6,10 @@ currently manually curated). This assumes the targeted schema files will be in
 `public/editor/osquery_schema`.
 
 ```
-node ecs.js --schema_version=4.6.0                  // (filename without .json extension)
+node ecs.js --schema_version=4.6.0          // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json
+```
 Possibly it's going to be necessary to transform fields' names into lower case, because CSV exports Fields with Capital Letters. 
 
-node osquery.js --schema_version=4.6.0              // (filename without .json extension)
+node osquery.js --schema_version=4.6.0      // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json
+
 ```
diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts
@@ -28,7 +28,7 @@ run(
     formattedSchema.push(...elasticTables);
 
     await fs.writeFile(
-      path.join(schemaPath, `v${flags.schema_version}-formatted`),
+      path.join(schemaPath, `v${flags.schema_version}-formatted.json`),
       JSON.stringify(formattedSchema)
     );
   },