Update state-inventory-port ECS definition add interface at root level (

#581) LGTM! Merging
wazuh · Dec 6, 2024 · 1dd7be5 · 1dd7be5
1 parent e626d3d
commit 1dd7be5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/ecs/states-inventory-ports/event-generator/event_generator.py b/ecs/states-inventory-ports/event-generator/event_generator.py
@@ -188,7 +188,10 @@ def generate_random_data(number):
                 'protocol': random.choice(['TCP', 'UDP', 'ICMP'])
             },
             'process': generate_random_process(),
-            'source': generate_random_source()
+            'source': generate_random_source(),
+            'interface': {
+                'state': random.choice(['Active', 'Inactive', 'Unknown'])
+            }
         }
         data.append(event_data)
     return data

diff --git a/ecs/states-inventory-ports/fields/custom/interface.yml b/ecs/states-inventory-ports/fields/custom/interface.yml
@@ -1,5 +1,9 @@
 ---
 - name: interface
+  reusable:
+    top_level: true
+    expected:
+      - { at: observer.egress.interface, as: observer.ingress.interface }
   title: Interface
   type: group
   group: 2