Bump package version, changelog description

elastic · andrewkroh · Sep 25, 2024 · May 28, 2024 · May 28, 2024 · May 29, 2024
commit 2037f9a4b1baf270273d03081b6af7eddafc2a77
@@ -1,3 +1,8 @@
+- version: "1.11.5"
+  changes:
+    - description: Add `event.reason` log field for exact data found in requests that matches a firewall rule.
+      type: enhancement
+      link: ""
 - version: "1.11.4"
   changes:
     - description: Replace Azure AD with Microsoft Entra ID.

diff --git a/packages/azure/docs/application_gateway.md b/packages/azure/docs/application_gateway.md
@@ -205,6 +205,7 @@ An example event for `application_gateway` looks as following:
 | event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword |
 | event.module | Event module | constant_keyword |
 | event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword |
+| event.reason | Reason why this event happened, according to the source. This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). | keyword |
 | event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword |
 | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword |
 | http.response.status_code | HTTP response status code. | long |
@@ -220,7 +221,6 @@ An example event for `application_gateway` looks as following:
 | related.ip | All of the IPs seen on your event. | ip |
 | rule.category | A categorization value keyword used by the entity using the rule for detection of this event. | keyword |
 | rule.description | The description of the rule generating the event. | keyword |
-| rule.matched_data | Specific data found in request that matched the rule. | keyword |
 | rule.id | A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. | keyword |
 | rule.ruleset | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | keyword |
 | rule.version | The version / revision of the rule being used for analysis. | keyword |

@@ -1,6 +1,6 @@
 name: azure
 title: Azure Logs
-version: 1.11.4
+version: 1.11.5
 description: This Elastic integration collects logs from Azure
 type: integration
 icons: