Update ECS to 8.4.0 part 3 (#3843)

cisco_nexus
cisco_secure_email_gateway
cisco_secure_endpoint
cisco_umbrella
citrix_waf
cloudflare
crowdstrike
cyberark
cyberarkpas

Author: leehinman

packages/cisco_nexus/_dev/build/build.yml

@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@v8.3.0
+    reference: git@v8.4.0-rc1

packages/cisco_nexus/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.7.0"
+  changes:
+    - description: Update package to ECS 8.4.0
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3843
 - version: "0.6.0"
   changes:
     - description: Update package to ECS 8.3.0.

packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json

@@ -2,7 +2,7 @@
     "expected": [
         {
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login",
             "tags": [

packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus
 processors:
   - set:
       field: ecs.version
-      value: '8.3.0'
+      value: '8.4.0'
   # User agent
   - user_agent:
       field: user_agent.original

packages/cisco_nexus/docs/README.md

@@ -177,7 +177,7 @@ An example event for `log` looks as following:
 | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
 | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword |
 | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long |
-| network.direction | Direction of the network traffic. Recommended values are:   \* ingress   \* egress   \* inbound   \* outbound   \* internal   \* external   \* unknown  When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword |
+| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword |
 | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip |
 | network.interface.name |  | keyword |
 | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long |

packages/cisco_nexus/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: cisco_nexus
 title: Cisco Nexus
-version: "0.6.0"
+version: "0.7.0"
 license: basic
 description: Collect logs from Cisco Nexus with Elastic Agent.
 type: integration

packages/cisco_secure_email_gateway/_dev/build/build.yml

@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@v8.3.0
+    reference: git@v8.4.0-rc1

packages/cisco_secure_email_gateway/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.3.0"
+  changes:
+    - description: Update package to ECS 8.4.0
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3843
 - version: "0.2.1"
   changes:
     - description: Improve SSL config description and example.

packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json

@@ -11,7 +11,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -54,7 +54,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -108,7 +108,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -149,7 +149,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -202,7 +202,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -248,7 +248,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {
@@ -295,7 +295,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "email": {
                 "attachments": {

packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json

@@ -14,7 +14,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "event": {
                 "kind": "event",
@@ -45,7 +45,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "event": {
                 "kind": "event",
@@ -77,7 +77,7 @@
                 }
             },
             "ecs": {
-                "version": "8.3.0"
+                "version": "8.4.0"
             },
             "event": {
                 "kind": "event",