-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[okta]: Handle invalid values in client.ipAddress #3010
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Link: | ||
- '<http://{{ hostname }}:{{ env "PORT" }}/api/v1/logs?after=2>; rel="next"' | ||
- '<https://{{ hostname }}:{{ env "PORT" }}/api/v1/logs?after=1>; rel="self"' | ||
body: "[\n { \n \"actor\": {\n \"alternateId\": \"xxxxxx@elastic.co\",\n \"detailEntry\": null,\n \"displayName\": \"xxxxxx\",\n \"id\": \"00u1abvz4pYqdM8ms4x6\",\n \"type\": \"User\"\n },\n \"authenticationContext\": {\n \"authenticationProvider\": null,\n \"authenticationStep\": 0,\n \"credentialProvider\": null,\n \"credentialType\": null,\n \"externalSessionId\": \"102bZDNFfWaQSyEZQuDgWt-uQ\",\n \"interface\": null,\n \"issuer\": null\n },\n \"client\": {\n \"device\": \"Computer\",\n \"geographicalContext\": {\n \"city\": \"Dublin\",\n \"country\": \"United States\",\n \"geolocation\": {\n \"lat\": 37.7201,\n \"lon\": -121.919\n },\n \"postalCode\": \"94568\",\n \"state\": \"California\"\n },\n \"id\": null,\n \"ipAddress\": \"null\",\n \"userAgent\": {\n \"browser\": \"FIREFOX\",\n \"os\": \"Mac OS X\",\n \"rawUserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"\n },\n \"zone\": \"null\"\n },\n \"debugContext\": {\n \"debugData\": {\n \"deviceFingerprint\": \"541daf91d15bef64a7e08c946fd9a9d0\",\n \"requestId\": \"XkcAsWb8WjwDP76xh@1v8wAABp0\",\n \"requestUri\": \"/api/v1/authn\",\n \"threatSuspected\": \"false\",\n \"url\": \"/api/v1/authn?\"\n }\n },\n \"displayMessage\": \"Evaluation of sign-on policy\",\n \"eventType\": \"policy.evaluate_sign_on\",\n \"legacyEventType\": null,\n \"outcome\": {\n \"reason\": \"Sign-on policy evaluation resulted in ALLOW\",\n \"result\": \"ALLOW\"\n },\n \"published\": \"2020-02-14T20:18:57.762Z\",\n \"request\": {\n \"ipChain\": [\n {\n \"geographicalContext\": {\n \"city\": \"Dublin\",\n \"country\": \"United States\",\n \"geolocation\": {\n \"lat\": 37.7201,\n \"lon\": -121.919\n },\n \"postalCode\": \"94568\",\n \"state\": \"California\"\n },\n \"ip\": \"108.255.197.247\",\n \"source\": null,\n \"version\": \"V4\"\n }\n ]\n },\n \"securityContext\": {\n \"asNumber\": null,\n \"asOrg\": null,\n \"domain\": null,\n \"isProxy\": null,\n \"isp\": null\n },\n \"severity\": \"INFO\",\n \"target\": [\n {\n \"alternateId\": \"unknown\",\n \"detailEntry\": {\n \"policyType\": \"OktaSignOn\"\n },\n \"displayName\": \"Default Policy\",\n \"id\": \"00p1abvweGGDW10Ur4x6\",\n \"type\": \"PolicyEntity\"\n },\n {\n \"alternateId\": \"00p1abvweGGDW10Ur4x6\",\n \"detailEntry\": null,\n \"displayName\": \"Default Rule\",\n \"id\": \"0pr1abvwfqGFI4n064x6\",\n \"type\": \"PolicyRule\"\n }\n ],\n \"transaction\": {\n \"detail\": {},\n \"id\": \"XkcAsWb8WjwDP76xh@1v8wAABp0\",\n \"type\": \"WEB\"\n },\n \"uuid\": \"3af594f9-4f67-11ea-abd3-1f5d113f2546\",\n \"version\": \"0\"\n }\n]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this would be better with a quoted block?
body: |
[
{ ...
"category": [ | ||
"authentication", | ||
"session" | ||
], | ||
"id": "faf7398a-4f77-11ea-97fb-5925e98228bd", | ||
"ingested": "2022-04-06T08:41:54.467956900Z", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove event.ingested
?
What does this PR do?
client.ipAddress
field.Checklist
changelog.yml
file.I have verified that Kibana version constraints are current according to guidelines.How to test this PR locally
Pipeline test
elastic-package test pipeline -v
System test
elastic-package test system -v
Related issues