Skip to content

[sentinel_one] Enhance ECS Mappings and Unify Field Structures across all Data Streams #15931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 27, 2025
Merged

[sentinel_one] Enhance ECS Mappings and Unify Field Structures across all Data Streams #15931

merged 6 commits into from
Nov 27, 2025

Conversation

@mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Nov 11, 2025

Proposed commit message

sentinel_one: Enhance ECS mappings and unify fields across all data streams.

Refined and expanded ECS field mappings to ensure consistency across all data streams. 
Aligned field names and structures with the latest ECS standards to improve interoperability, 
data quality, and search normalization in Elastic SIEM.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/sentinel_one directory.
  • Run the following command to run tests.

elastic-package test -v

Related Issue

@mohitjha-elastic mohitjha-elastic self-assigned this Nov 11, 2025
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner November 11, 2025 11:02
@mohitjha-elastic mohitjha-elastic added enhancement New feature or request Integration:sentinel_one SentinelOne Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Nov 11, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 11, 2025
edited
Loading

🚀 Benchmarks report

Package sentinel_one 👍(6) 💚(6) 💔(4)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
application_risk 9718.17 7812.5 -1905.67 (-19.61%) 💔
group 34843.21 25000 -9843.21 (-28.25%) 💔
threat_event 7390.98 5747.13 -1643.85 (-22.24%) 💔
application 20120.72 16501.65 -3619.07 (-17.99%) 💔

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Nov 11, 2025
@kcreddy kcreddy self-requested a review November 12, 2025 05:27
kcreddy
kcreddy reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cpascale43 can you confirm if this requires a dashboard changes as well?

@andrewkroh andrewkroh added dashboard Relates to a Kibana dashboard bug, enhancement, or modification. breaking change labels Nov 19, 2025
@elasticmachine
Copy link

elasticmachine commented Nov 26, 2025

💚 Build Succeeded

History

cc @mohitjha-elastic

@mohitjha-elastic mohitjha-elastic merged commit 6c0b0df into elastic:main Nov 27, 2025
7 checks passed
@mohitjha-elastic mohitjha-elastic deleted the sentinel_one-1.43.0 branch November 27, 2025 05:54
@mohitjha-elastic mohitjha-elastic mentioned this pull request Nov 27, 2025
Closed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 27, 2025

Package sentinel_one - 2.0.0 containing this change is available at https://epr.elastic.co/package/sentinel_one/2.0.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpascale43 cpascale43 cpascale43 left review comments

@kcreddy kcreddy kcreddy approved these changes

Assignees

@mohitjha-elastic mohitjha-elastic

Labels

breaking change dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:sentinel_one SentinelOne Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mohitjha-elastic @elasticmachine @kcreddy @cpascale43 @andrewkroh