Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File system type #361

Merged
merged 2 commits into from
Apr 13, 2023
Merged

File system type #361

merged 2 commits into from
Apr 13, 2023

Conversation

Trinity2019
Copy link
Contributor

Change Summary

This adds device.file_system_type field to file/dll/process events and malware alerts. A process event example is here. also adding device.volume_device_type to malware alerts as it shows up in malware alert, example is here.

Sample document shown in above links.

Release Target

8.8.0

For mapping changes:

  • I ran make after making the schema changes, and committed all changes
  • If these field(s) are "exception"-able, I made a companion PR to Kibana adding it (see Readme)
  • If this is a metadata change, I also updated both transform destination schemas to match

For Transform changes:

  • The new transform successfully starts in Kibana
  • The corresponding transform destination schema was updated if necessary

@Trinity2019 Trinity2019 requested a review from a team as a code owner April 13, 2023 05:30
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-04-13T05:30:46.053+0000

  • Duration: 8 min 15 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@Trinity2019
Copy link
Contributor Author

Trinity2019 commented Apr 13, 2023
edited
Loading

@elastic/security-defend-workflows Can I get some reviews please? thanks a lot!

kevinlog
kevinlog approved these changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@kevinlog kevinlog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good to me.

  • only mapping additions
  • all types are keyword which is supported

@Trinity2019
Copy link
Contributor Author

Thanks @kevinlog for review!

@Trinity2019 Trinity2019 merged commit d1a1b70 into main Apr 13, 2023
@Trinity2019 Trinity2019 deleted the file_system_type branch April 13, 2023 22:45
@elasticmachine
Copy link
Contributor

Package endpoint - 8.8.0 containing this change is available at https://epr.elastic.co/search?package=endpoint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevinlog kevinlog kevinlog approved these changes

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski patrykkopycinski is a code owner automatically assigned from elastic/security-defend-workflows

@parkiino parkiino Awaiting requested review from parkiino parkiino is a code owner automatically assigned from elastic/security-defend-workflows

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Trinity2019 @elasticmachine @kevinlog