[cloud_security_posture] vulnerability.published_date is keyword while all other packages use date

[andrewkroh]

The cloud_security_posture package declares vulnerability.published_date as a keyword type which conflicts with several other packages that declare this field as a date. We should align the data types to avoid conflicts in the logs-* data view.

integrations/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml

Lines 25 to 26 in 032c9fd

	- name: published_date
	type: keyword

The other usages as date are in:

• packages/m365_defender/data_stream/vulnerability/fields/vulnerability.yml:4:7
• packages/microsoft_defender_endpoint/data_stream/vulnerability/fields/vulnerability.yml:4:7
• packages/nozomi_networks/data_stream/node_cve/fields/vulnerability.yml:4:7 date
• packages/rapid7_insightvm/data_stream/asset_vulnerability/fields/vulnerability.yml:4:7
• packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/vulnerability.yml:4:7
• packages/tenable_io/data_stream/vulnerability/fields/vulnerability.yml:6:7
• packages/tenable_io/elasticsearch/transform/latest_cdr_vulnerabilities/fields/vulnerability.yml:6:7

I recommend adding this field to ECS too. Packages should not generally create new fields under namespaces managed by ECS (e.g. vulnerability.*) because of the potential for conflicting definitions.

[navnit-elastic]

The field vulnerability.published was introduced in the RFC and is currently at stage 1: elastic/ecs#2449.

[kcreddy]

There is already an open issue for this bug in https://github.com/elastic/security-team/issues/12860 and to be done in 9.2.0 milestone.

cc: @maxcold

[maxcold]

сс @niros1 for prioritisation

[kcreddy]

Duplicate of https://github.com/elastic/security-team/issues/12860