From 60990a62785e21098066cf20a2c31905a005ba66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Thu, 7 Mar 2024 14:07:45 +0100
Subject: [PATCH] Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator
---
 .../event-generator/event_generator.py                     | 5 ++++-
 ecs/vulnerability-detector/fields/custom/wazuh.yml         | 7 ++++++-
 ecs/vulnerability-detector/fields/subset.yml               | 2 --
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ecs/vulnerability-detector/event-generator/event_generator.py b/ecs/vulnerability-detector/event-generator/event_generator.py
index 24ecf744b8272..0ed75ec9600a1 100755
--- a/ecs/vulnerability-detector/event-generator/event_generator.py
+++ b/ecs/vulnerability-detector/event-generator/event_generator.py
@@ -176,6 +176,9 @@ def generate_random_wazuh():
         },
         'manager': {
             'name': f'wazuh-manager-{random.randint(0,10)}'
+        },
+        'schema': {
+            'version': '1.7.0'
         }
     }
     return wazuh
@@ -187,7 +190,7 @@ def generate_random_data(number):
         event_data = {
             '@timestamp': generate_random_date(),
             'agent': generate_random_agent(),
-            'ecs': {'version': '1.7.0'},
+            # 'ecs': {'version': '1.7.0'},
             # 'event': generate_random_event(),
             'host': generate_random_host(),
             # 'labels': generate_random_labels(),
diff --git a/ecs/vulnerability-detector/fields/custom/wazuh.yml b/ecs/vulnerability-detector/fields/custom/wazuh.yml
index abba5563e2c12..f7bcf4f897c07 100644
--- a/ecs/vulnerability-detector/fields/custom/wazuh.yml
+++ b/ecs/vulnerability-detector/fields/custom/wazuh.yml
@@ -18,4 +18,9 @@
       type: keyword
       level: custom
       description: >
-        Wazuh manager name. Used by dashboards to filter results on single node deployments.
\ No newline at end of file
+        Wazuh manager name. Used by dashboards to filter results on single node deployments.
+    - name: schema.version
+      type: keyword
+      level: custom
+      description: >
+        Wazuh schema version.
\ No newline at end of file
diff --git a/ecs/vulnerability-detector/fields/subset.yml b/ecs/vulnerability-detector/fields/subset.yml
index 75e9d0b92686c..f5b0d60757794 100644
--- a/ecs/vulnerability-detector/fields/subset.yml
+++ b/ecs/vulnerability-detector/fields/subset.yml
@@ -8,8 +8,6 @@ fields:
       message: ""
   agent:
     fields: "*"
-  ecs:
-    fields: "*"
   package:
     fields: "*"
   host: