Update PAD and LMD transform mappings to ECS (#14696)

* update transform mappings to ecs

* add build.yml

* update changelog and manifests

* fix package version in changelog

* bump fleet transform versions

Author: jmcarlock

packages/lmd/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: "[email protected]"

packages/lmd/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.5.2"
+  changes:
+    - description: Update transform mappings to use ECS
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14696
 - version: "2.5.1"
   changes:
     - description: Update platform support docs

packages/lmd/elasticsearch/transform/pivot_transform/fields/fields.yml

@@ -1,13 +1,13 @@
-- name: host.name
-  type: keyword
-- name: user.name
-  type: keyword
+- external: ecs
+  name: host.name
+- external: ecs
+  name: user.name
 - name: process.Ext.authentication_id
   type: keyword
-- name: destination.ip
-  type: ip
-- name: source.ip
-  type: ip
+- external: ecs
+  name: destination.ip
+- external: ecs
+  name: source.ip
 - name: session.start_time
   type: date
 - name: session.complete_time

packages/lmd/elasticsearch/transform/pivot_transform/transform.yml

@@ -75,5 +75,5 @@ sync:
     delay: 60s
     field: '@timestamp'
 _meta:
-  fleet_transform_version: 2.4.0
+  fleet_transform_version: 2.4.1
   run_as_kibana_system: false

packages/lmd/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.0.0
 name: lmd
 title: "Lateral Movement Detection"
-version: 2.5.1
+version: 2.5.2
 source:
   license: "Elastic-2.0"
 description: "ML package to detect lateral movement based on file transfer activity and Windows RDP events."

packages/pad/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: "[email protected]"

packages/pad/changelog.yml

@@ -1,3 +1,8 @@
+- version: "0.6.2"
+  changes:
+    - description: Update transform mappings to use ECS
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14696
 - version: "0.6.1"
   changes:
     - description: Update platform support docs

packages/pad/elasticsearch/transform/pivot_transform_okta_multiple_sessions/fields/fields.yml

@@ -1,14 +1,14 @@
-- name: source.user.name
-  type: keyword
-- name: source.user.full_name
-  type: keyword
+- external: ecs
+  name: source.user.name
+- external: ecs
+  name: source.user.full_name
 - name: okta_distinct_ips
   type: long
 - name: okta_distinct_countries
   type: long
 - name: okta_session_info.has_end_event
   type: long
-- name: agent.name
-  type: keyword
-- name: '@timestamp'
-  type: date
+- external: ecs
+  name: agent.name
+- external: ecs
+  name: '@timestamp'

packages/pad/elasticsearch/transform/pivot_transform_okta_multiple_sessions/transform.yml

@@ -58,5 +58,5 @@ sync:
     delay: 60s
     field: '@timestamp'
 _meta:
-  fleet_transform_version: 0.0.1
+  fleet_transform_version: 0.0.2
   run_as_kibana_system: false

packages/pad/elasticsearch/transform/pivot_transform_windows_privilege_list/fields/fields.yml

@@ -1,14 +1,14 @@
-- name: host.name
-  type: keyword
-- name: user.name
-  type: keyword
+- external: ecs
+  name: host.name
+- external: ecs
+  name: user.name
 - name: privilege_type
   type: keyword
-- name: event.action
-  type: keyword
-- name: event.code
-  type: keyword
-- name: event.category
-  type: keyword
-- name: '@timestamp'
-  type: date
+- external: ecs
+  name: event.action
+- external: ecs
+  name: event.code
+- external: ecs
+  name: event.category
+- external: ecs
+  name: '@timestamp'