webmat
commented
4 years ago Added the public feedback document (https://ela.st/ecs-categories-draft) to the body of the pull request.
Open webmat opened 4 years ago
webmat
commented
4 years ago Added the public feedback document (https://ela.st/ecs-categories-draft) to the body of the pull request.
enotspe
commented
4 years ago It is not very clear the difference of networkfrom network_flow. Or what could be an only networkevent and not a network_flow event?
webmat
commented
4 years ago @enotspe That's why these specific values are not out yet. They're some of the most important ones we still have to finish clarifying (hence the gradual release of these values).
By the way, this public doc is meant to accept comments from everyone. Could you confirm whether you're allowed to comment on it? You don't need to actually enter a comment, just want to double check that permissions are correctly set :-)
enotspe
commented
4 years ago @webmat yes, i can see and comment the doc. Should we comment there instead of here?
webmat
commented
4 years ago @enotspe Yes, you can comment in there, especially around the still unpublished values.
My recommendation for feedback would be:
This issue is meant to track the work required to introduce the mandated values for the currently reserved fields (event.kind, event.category, event.type, event.outcome).
This public document lists all values being considered: https://ela.st/ecs-categories-draft. Please note that plan is to introduce the most well understood and stable subset of these values for ECS 1.4, and continue working to release additional official values in future releases. The community's feedback and comments are welcome.
Introduction for ECS 1.4
Follow-up work
values.csv