Update Deployment and Devices integrations to ECS 8.16.0 (part 1)

[taylor-swanson]

Proposed commit message

Updates the following integrations to ECS 8.16.0:

• arista_ngfw
• cef
• checkpoint
• cisco_aironet
• cisco_asa
• cisco_ftd
• cisco_ios
• cisco_ise
• cisco_nexus
• cisco_secure_email_gateway
• citrix_waf

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

• Relates [meta] Upgrade integrations to ECS 8.17 #11952

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: e2561614d277f14ae42f7af35ab833d5d41d63a6

cc @taylor-swanson

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[dwhyrock]

Looks like there's a hyperlink that needs some attention. I will approve once it's fixed.

[dwhyrock]

This doesn't look correct in the rich diff.

Shouldn't it be something like [Common Vulnerabilities and Exposure CVE ID](https://cve.mitre.org/about/faqs.html#what_is_cve_id) ?

[taylor-swanson]

Oh good catch.

Let me go check ECS, I didn't hand write that, that's pulled directly from the ECS definition (but this could also be an issue with how elastic-package is rendering the markdown).

[taylor-swanson]

Here's the related PR: elastic/ecs#2328

The links render correctly for the ECS docs, but the syntax used for the link is not valid markdown. The integrations doc site seems to use the readme markdown more or less directly, so that will have problems, too.

For comparison, the threat fields do not use a special markup, but rather use the link directly. The ECS docs and the integration readme page in Kibana (Suricata is an example), and the integrations doc site all enrich the URL into a link. Seems like we don't need any special markup here (unless you want to hide the URL behind friendly text, but that doesn't work if it doesn't render correctly).

Unfortunately, this would need to be fixed in ECS, first. Manually fixing it here won't help, since any re-render of the readme from here will just bring the issue back. It just so happens there's an ECS meeting today. I'll bring this issue up there and see where we go from here.

[taylor-swanson]

Deferring to 8.17.0