Skip to content

Commit e86a807

Browse files
eric-forte-elasticeric-forte-elastic
authored
Merge branch 'main' into esql-field-validation
2 parents f95d70b + 9ee15a1 commit e86a807

File tree

68 files changed

+87
-37
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

68 files changed

+87
-37
lines changed

detection_rules/beats.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,11 @@ def _flatten_schema(schema: list[dict[str, Any]] | None, prefix: str = "") -> li
128128

129129
flattened.extend(_flatten_schema(s["fields"], prefix=nested_prefix))
130130
elif "fields" in s:
131-
flattened.extend(_flatten_schema(s["fields"], prefix=prefix))
131+
if s.get("name") and s.get("type") == "nested":
132+
nested_prefix = prefix + s["name"] + "."
133+
flattened.extend(_flatten_schema(s["fields"], prefix=nested_prefix))
134+
else:
135+
flattened.extend(_flatten_schema(s["fields"], prefix=prefix))
132136
elif "name" in s:
133137
_s = s.copy()
134138
# type is implicitly keyword if not defined

detection_rules/etc/beats_schemas/main.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/beats_schemas/v9.1.3.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.0/ecs_flat.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.0/ecs_nested.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.1/ecs_flat.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.1/ecs_nested.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.2/ecs_flat.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/1.12.2/ecs_nested.json.gz

0 Bytes
Binary file not shown.

detection_rules/etc/ecs_schemas/8.0.0/ecs_flat.json.gz

0 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)