Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] [LastPass] Add support for event.outcome field and new type of event.action #4847

Merged
merged 3 commits into from Dec 20, 2022
Merged

[Enhancement] [LastPass] Add support for event.outcome field and new type of event.action #4847

merged 3 commits into from Dec 20, 2022

Conversation

vinit-chauhan
Copy link
Contributor

Type of change

  • Enhancement

What does this PR do?

  • Due to changes in the LastPass API response, few conditions in the event report pipeline is updated.
  • Add support for category Failed login event.
  • Add support for event.outcome field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/lastpass directory.
  • Run the following command to run tests.

elastic-package test

Related issues

Screenshots

image
image
image
image

@vinit-chauhan vinit-chauhan requested a review from a team as a code owner December 16, 2022 07:50
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Dec 16, 2022
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-12-19T12:25:27.288+0000

  • Duration: 16 min 17 sec

Test stats 🧪

Test Results
Failed 0
Passed 20
Skipped 0
Total 20

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Dec 16, 2022
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (3/3) 💚
Files 100.0% (3/3) 💚 6.667
Classes 100.0% (3/3) 💚 6.667
Methods 100.0% (38/38) 💚 15.0
Lines 93.953% (637/678) 👎 -2.069
Conditionals 100.0% (0/0) 💚

kcreddy
kcreddy reviewed Dec 16, 2022
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor suggestions.

packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml Outdated
field: lastpass.event_report.data.original
separator: ','
target_field: lastpass.event_report.data.user_email
ignore_failure: true
- script:
description: Separate Shared Folder Name and User Email with comma(',') in Limit Shared Folder Event Type.
description: Separate Shared Folder Name and User Email with comma(',') in limit shared folder Event Type.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This need not be changed as its not the value of field event.action.

packages/lastpass/data_stream/event_report/elasticsearch/ingest_pipeline/default.yml Outdated
- set:
field: event.action
copy_from: lastpass.event_report.action
ignore_failure: true
Copy link
Contributor

@kcreddy kcreddy Dec 16, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you avoid ignore_failure and instead use a conditional since ignore_failure is costly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @kcreddy,
Do you mean to use ignore_empty_value instead of ignore_failure, or do you mean to use a condition statement for a null or empty value?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could use ignore_empty_value. I believe its a similar implementation/efficiency as adding if option

kcreddy
kcreddy approved these changes Dec 20, 2022
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after change

@kcreddy kcreddy merged commit 5bd860e into elastic:main Dec 20, 2022
@elasticmachine
Copy link

Package lastpass - 0.2.4 containing this change is available at https://epr.elastic.co/search?package=lastpass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:Lastpass
Projects
None yet
Milestone
No milestone
3 participants
@vinit-chauhan @elasticmachine @kcreddy