Post GA tasks

[ruflin]

First here are some issue I've moved out of the initial 1.0 plan.

• Introduce related.* field set (Propose new top-level prefix 'related' #67)
• Discuss nesting http (and eventually all network protocol field sets) under network?
• increase ignore_above (Increasing of ignore_above for keyword #105)
• Add facility, severity, priority to log or event (closes syslog PRI #36)
• threat & vulnerability TLOs (Additional groups (Vulnerability / Threat) #113)
  • new top level objects
• Add a few fields to user object (Flesh out the user object #117)
• event.start/end/duration (pr Revises event.created and expands with event.start and event.end #80)
• thread and process ids and xids (Missing thread, process + thread id naming DEC+HEX #82)
  • Add thread name? (idea from unrelated New event fields to be able to store info from log4j, log4net, nlog, ... frequently used log frameworks #97)
  • Add process.path and process.path.keyword
• Add tag field status to log (see For boolean values, should we recommend using tags or a boolean field? #100 & related issues)
• tag field for booleans (For boolean values, should we recommend using tags or a boolean field? #100)
  • make it so for log, document a few expected tags
• Add missing fields to host from Beats' add_host_md (Missing host fields #75)
• log4j's logger, module, context, class (New event fields to be able to store info from log4j, log4net, nlog, ... frequently used log frameworks #97), extended?
• APM: span_id, trace_id (APM/Log correlation: add span ID and trace ID #99), extended?
• add cidr and subnet (386, pr Adds .cidr and .netmask #111)
• session (Session object #37, pr New network fields #43)
• connection TLO (pr Proposal: Introduce connection prefix, move source / destination #51)
• forwarding IP (Connection specific info field #40)
• cli/srv (Top level: "client" and "server" #63, see Proposal: Introduce connection prefix, move source / destination #51)
• network stats directionality (pr Revised Network Metrics #2)

Here are some issues that I don't consider critical to hitting 1.0.

• field length limits (Expose keyword length in the CSV and doc #23)
• dhcp use case (New use case: DHCP #61)
• TLS cert meta-data (Enhanced TLS certificate metadata #64)
• anonymization/pseudonymization (Guidance on anonymization/pseudonymization #68)
• transport meta-data (similar to forwarder?) (Making clear about to what device is host object related to #76)
• "time" / Adding support for data format (e.g. units) (see New field "time" #77)
• transaction.id
• ECS-ness (Compatible? Compliant? How to discuss ECS-ness of an integration #98)
• context top level object from EMR document (not in the votes, no details)
• F5 use case (pr f5 use case poc #59)

[ruflin]

I'm closing this issue as it's basically a summary of Github issues and I don't think we need that.