From 1dd7be57bf5cf11edbde3d2dabeba610e5a3649b Mon Sep 17 00:00:00 2001
From: Kevin Ledesma <kevinledesmam95@gmail.com>
Date: Fri, 6 Dec 2024 10:22:13 -0300
Subject: [PATCH] Update state-inventory-port ECS definition add interface at
 root level (#581)

LGTM! Merging
---
 .../event-generator/event_generator.py                       | 5 ++++-
 ecs/states-inventory-ports/fields/custom/interface.yml       | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ecs/states-inventory-ports/event-generator/event_generator.py b/ecs/states-inventory-ports/event-generator/event_generator.py
index f8af9c3606d01..5f0c13a3b513c 100644
--- a/ecs/states-inventory-ports/event-generator/event_generator.py
+++ b/ecs/states-inventory-ports/event-generator/event_generator.py
@@ -188,7 +188,10 @@ def generate_random_data(number):
                 'protocol': random.choice(['TCP', 'UDP', 'ICMP'])
             },
             'process': generate_random_process(),
-            'source': generate_random_source()
+            'source': generate_random_source(),
+            'interface': {
+                'state': random.choice(['Active', 'Inactive', 'Unknown'])
+            }
         }
         data.append(event_data)
     return data
diff --git a/ecs/states-inventory-ports/fields/custom/interface.yml b/ecs/states-inventory-ports/fields/custom/interface.yml
index 155961408d456..e2cd63e94f3b2 100644
--- a/ecs/states-inventory-ports/fields/custom/interface.yml
+++ b/ecs/states-inventory-ports/fields/custom/interface.yml
@@ -1,5 +1,9 @@
 ---
 - name: interface
+  reusable:
+    top_level: true
+    expected:
+      - { at: observer.egress.interface, as: observer.ingress.interface }
   title: Interface
   type: group
   group: 2