Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cisco_secure_endpoint] Fix propagation of information from host.name #2915

Merged
merged 18 commits into from
Apr 6, 2022
Merged

[cisco_secure_endpoint] Fix propagation of information from host.name #2915

merged 18 commits into from
Apr 6, 2022

Conversation

LaZyDK
Copy link
Contributor

@LaZyDK LaZyDK commented Mar 30, 2022
edited
Loading

What does this PR do?

Propagating information from the host.name field.
Also taking into account that Install Started events use the cisco.secure_endpoint.hostname field.
Adding process.command_line, process.args, process.args_count and process.executable from
cisco.secure_endpoint.command_line.arguments field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@LaZyDK LaZyDK requested a review from a team as a code owner March 30, 2022 07:55
@LaZyDK
Referenced self
3e54fc1 
Referenced pull request
@elasticmachine
Copy link

elasticmachine commented Mar 30, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-04-06T18:00:12.707+0000

  • Duration: 13 min 27 sec

Test stats 🧪

Test Results
Failed 0
Passed 12
Skipped 0
Total 12

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@andrewkroh
Copy link
Member

/test

@andrewkroh andrewkroh changed the title Fix propagation of information from host.name [cisco_secure_endpoint] Fix propagation of information from host.name Mar 30, 2022
@P1llus
Copy link
Member

P1llus commented Apr 4, 2022

/test

@andrewkroh
Fix painless format
0dffb03
@andrewkroh
Add event.kind and event.start mappings
b78a293
@andrewkroh
Update docs and generated events
37da5e0 
[git-generate]

cd packages/cisco_secure_endpoint
elastic-package build
elastic-package test pipeline -g
andrewkroh
andrewkroh requested changes Apr 6, 2022
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need some test data to validate the new command_line parsing script processors.

I pushed some updates to make the pipeline valid, added descriptions, added two missing event.* fields, and generated the pipeline test data.

packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
@andrewkroh
Copy link
Member

/test

LaZyDK and others added 3 commits April 6, 2022 16:03
@LaZyDK
New tests including command_line
d9b3072
@andrewkroh
Split data array from sample for pipeline tests
1610aca 
Changed the script processor to fix a bug. The backing array is immutable to removeIf fails.

Unhandled Exception unsupported_operation_exception

remove

Stack:
[
  "java.base/java.util.Iterator.remove(Iterator.java:102)",
  "java.base/java.util.Collection.removeIf(Collection.java:577)",
  "arg -> (arg == \"\"));\n    ",
  "^---- HERE"
]
@andrewkroh
Update readme
06579a1
andrewkroh
andrewkroh previously approved these changes Apr 6, 2022
View reviewed changes
@andrewkroh andrewkroh dismissed their stale review April 6, 2022 16:39

Added a question

LaZyDK and others added 2 commits April 6, 2022 19:47
@LaZyDK
Copy host.name to host.hostname if empty.
6ef559d
@andrewkroh
Update generated docs
5895149 
[git-generate]

cd packages/cisco_secure_endpoint
elastic-package test pipeline -g
@andrewkroh andrewkroh merged commit a8abe54 into elastic:main Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
Integration:Cisco
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@LaZyDK @elasticmachine @andrewkroh @P1llus @jamiehynds