Update ECS to 8.7-dev

[gabriellandau]

Change Summary

Update ECS to the current HEAD of ecs/8.7 (https://github.com/elastic/ecs/commits/8.7).

This gives us API events which Endpoint needs for Credential Access Events.

Once 8.7.0 ECS is tagged, we can update it again, but this is useful before FF so Endpoint can stay ECS-compliant.

Release Target

8.7.0

For mapping changes:

• I ran make after making the schema changes, and committed all changes

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-02-02T22:50:44.012+0000

• Duration: 9 min 9 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[gabriellandau]

Green build. @calladoum-elastic API events are available:

endpoint-package/schemas/v1/api/api.yaml

Lines 121 to 138 in 630af2b

	- description: Events in this category annotate API calls that occured on a system.
	Typical sources for those events could be from the Operating System level through
	the native libraries (for example Windows Win32, Linux libc, etc.), or managed
	sources of events (such as ETW, syslog), but can also include network protocols
	(such as SOAP, RPC, Websocket, REST, etc.)
	expected_event_types:
	- access
	- admin
	- allowed
	- change
	- creation
	- deletion
	- denied
	- end
	- info
	- start
	- user
	name: api

[calladoum-elastic]

👍

[kevinlog]

LGTM! Just mapping additions and description/example updates. I'll merge this in and we'll get it out in 8.7

[elasticmachine]

Package endpoint - 8.7.0 containing this change is available at https://epr.elastic.co/search?package=endpoint