From f15fee0c2970fb027952989c67c71bfa3c29117f Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Thu, 12 Sep 2024 11:39:52 -0300 Subject: [PATCH] Add process.tty as a custom field --- .../fields/custom/tty.yml | 12 +++ .../fields/subset.yml | 73 +++++++++---------- 2 files changed, 48 insertions(+), 37 deletions(-) create mode 100644 ecs/states-inventory-processes/fields/custom/tty.yml diff --git a/ecs/states-inventory-processes/fields/custom/tty.yml b/ecs/states-inventory-processes/fields/custom/tty.yml new file mode 100644 index 0000000000000..f8f4d50e907af --- /dev/null +++ b/ecs/states-inventory-processes/fields/custom/tty.yml @@ -0,0 +1,12 @@ +--- +- name: process + title: Wazuh Agents + short: Wazuh Inc. custom fields. + type: group + group: 2 + fields: + - name: tty + type: keyword + level: custom + description: > + The groups the agent belongs to. diff --git a/ecs/states-inventory-processes/fields/subset.yml b/ecs/states-inventory-processes/fields/subset.yml index 3e064258ae2db..b316d42cef925 100644 --- a/ecs/states-inventory-processes/fields/subset.yml +++ b/ecs/states-inventory-processes/fields/subset.yml @@ -5,40 +5,39 @@ fields: fields: "@timestamp": {} tags: [] - agent: - fields: - id: {} - groups: {} - process: - fields: - pid: {} - name: "" - parent: - fields: - pid: {} - command_line: "" - args: "" - user: - fields: - id: "" - real_user: - fields: - id: "" - saved_user: - fields: - id: "" - group: - fields: - id: "" - real_group: - fields: - id: "" - saved_group: - fields: - id: "" - start: {} - thread: - fields: - id: "" - tty: {} - + agent: + fields: + id: {} + groups: {} + process: + fields: + pid: {} + name: "" + parent: + fields: + pid: {} + command_line: "" + args: "" + user: + fields: + id: "" + real_user: + fields: + id: "" + saved_user: + fields: + id: "" + group: + fields: + id: "" + real_group: + fields: + id: "" + saved_group: + fields: + id: "" + start: {} + thread: + fields: + id: "" + tty: ""