[Auditbeat] system.process - report Linux capabilities

**Describe the enhancement:**

Auditbeat [`system.process`](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-dataset-system-process.html) reports information about running processes. ECS 8.10 added new process fields that hold the associated Linux capabilities. The `system.process` module should report the capabilities.

- [`process.thread.capabilities.effective`](https://www.elastic.co/guide/en/ecs/master/ecs-process.html#field-process-thread-capabilities-effective)
- [`process.thread.capabilities.permitted`](https://www.elastic.co/guide/en/ecs/master/ecs-process.html#field-process-thread-capabilities-permitted)

go-sysinfo, which [this code](https://github.com/elastic/beats/blob/ba3bce42590dbf722061d7d92bfdb0bd903e9014/x-pack/auditbeat/module/system/process/process.go#L437) already uses, supports fetching this data ([source](https://github.com/elastic/go-sysinfo/blob/9ea2eba5301c77b511c0475d7137ea3437a55a9a/types/process.go#L141C1-L154C2)), but the returned strings are not in the exact format expected by ECS.

**Describe a specific use case for the enhancement or feature:**


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Auditbeat] system.process - report Linux capabilities #36404

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Auditbeat] system.process - report Linux capabilities #36404

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions