Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Infoblox BloxOne DDI] Ingest Pipeline Errors on Empty IP Fields, and Blank Messages Ingested #7840

Closed
MakoWish opened this issue Sep 15, 2023 · 2 comments · Fixed by #7943
Closed

[Infoblox BloxOne DDI] Ingest Pipeline Errors on Empty IP Fields, and Blank Messages Ingested #7840

MakoWish opened this issue Sep 15, 2023 · 2 comments · Fixed by #7943
Labels
bug Something isn't working Integration:infoblox_bloxone_ddi Infoblox BloxOne DDI (DNS, DHCP, IP management)

Comments

@MakoWish
Copy link
Contributor

MakoWish commented Sep 15, 2023
edited

Describe the Issue

I noticed every document being ingested into our environment had an error.message for attempting to convert a value of '' to IP. We are also getting a new document every time there are zero results returned, but since they are essentially empty responses, those should be dropped.

Screenshots

for_each_error

Sample Data

This is a raw event that will replicate the pipeline error:

{
  "add_edns_option_in_outgoing_query": false,
  "comment": "",
  "created_at": "2023-09-14T18:54:45.215640Z",
  "custom_root_ns": [],
  "custom_root_ns_enabled": false,
  "disabled": false,
  "dnssec_enable_validation": true,
  "dnssec_enabled": true,
  "dnssec_root_keys": [
    {
      "algorithm": 8,
      "protocol_zone": ".",
      "public_key": "loremip/LoremipsumdolorsitametconsecteturadipiscingelitA/liquamcongueenimsitametliberoauctorblanditNullaquisfeliseuligulamaximusblanditsitametacenimInconguedoloripsumetaliquetnisiacc/umsansedDonecvulp/utateorcivitaealiquamelementumSedconguedolormaurisatconsecteturl/igulainterdumegetVivamusmattisnislvelrutrumvariusodiojustocongueliberoetconsecte=",
      "sep": true,
      "zone": "."
    }
  ],
  "dnssec_trust_anchors": [],
  "dnssec_validate_expiry": true,
  "ecs_enabled": false,
  "ecs_forwarding": false,
  "ecs_prefix_v4": 24,
  "ecs_prefix_v6": 56,
  "ecs_zones": [],
  "edns_udp_size": 1232,
  "filter_aaaa_acl": [],
  "filter_aaaa_on_v4": "no",
  "forwarders": [],
  "forwarders_only": false,
  "gss_tsig_enabled": false,
  "id": "dns/view/01234567-89ab-cdef-fedc-ba9876543210",
  "inheritance_sources": null,
  "ip_spaces": [],
  "lame_ttl": 600,
  "match_clients_acl": [
    {
      "access": "allow",
      "acl": null,
      "address": "",
      "element": "any",
      "tsig_key": null
    }
  ],
  "match_destinations_acl": [
    {
      "access": "allow",
      "acl": null,
      "address": "",
      "element": "any",
      "tsig_key": null
    }
  ],
  "match_recursive_only": false,
  "max_cache_ttl": 604800,
  "max_negative_ttl": 10800,
  "max_udp_size": 1232,
  "minimal_responses": false,
  "name": "default-Contoso",
  "notify": false,
  "query_acl": [],
  "recursion_acl": [],
  "recursion_enabled": false,
  "sort_list": [],
  "synthesize_address_records_from_https": false,
  "tags": {
    "nios/grid_name": "Contoso",
    "nios/imported": "true"
  },
  "transfer_acl": [],
  "update_acl": [],
  "updated_at": "2023-09-14T18:54:45.215640Z",
  "use_forwarders_for_subzones": true,
  "use_root_forwarders_for_local_resolution_with_b1td": false,
  "zone_authority": {
    "default_ttl": 28800,
    "expire": 2419200,
    "mname": "ns.foo",
    "negative_ttl": 900,
    "protocol_mname": "ns.foo",
    "protocol_rname": "admin",
    "refresh": 10800,
    "retry": 3600,
    "rname": "admin",
    "use_default_mname": true
  }
}
@MakoWish MakoWish mentioned this issue Sep 15, 2023
Closed
5 tasks
@andrewkroh andrewkroh added bug Something isn't working Integration:infoblox_bloxone_ddi Infoblox BloxOne DDI (DNS, DHCP, IP management) Team:Security-External Integrations labels Sep 16, 2023
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@MakoWish
Copy link
Contributor Author

I accidentally deleted my branch for this, so the PR closed itself. :-( I will resubmit tomorrow.

@MakoWish MakoWish mentioned this issue Sep 22, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Integration:infoblox_bloxone_ddi Infoblox BloxOne DDI (DNS, DHCP, IP management)
Projects
None yet
Milestone
No milestone
3 participants
@andrewkroh @elasticmachine @MakoWish