Epic: https://github.com/elastic/security-team/issues/4021
Endpoint-dev work is done, see: https://github.com/elastic/endpoint-dev/pull/11890/files
Based on the entity_id's added in the above PR, we should add mappings to both file and network data streams in endpoint-package for the following fields.
-process.entry_leader.entity_id
-process.session_leader.entity_id
-process.group_leader.entity_id
-process.parent.entity_id
-process.parent.group_leader.entity_id
-process.entry_leader.parent.entity_id
Epic: https://github.com/elastic/security-team/issues/4021
Endpoint-dev work is done, see: https://github.com/elastic/endpoint-dev/pull/11890/files
Based on the entity_id's added in the above PR, we should add mappings to both file and network data streams in endpoint-package for the following fields.
-process.entry_leader.entity_id
-process.session_leader.entity_id
-process.group_leader.entity_id
-process.parent.entity_id
-process.parent.group_leader.entity_id
-process.entry_leader.parent.entity_id