Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Zscaler ZIA] Add dynamic ECS mapping as well as resolve the issue relate to User Agent and NA fields. #5420

Merged
merged 3 commits into from
Mar 6, 2023
Merged

[Zscaler ZIA] Add dynamic ECS mapping as well as resolve the issue relate to User Agent and NA fields. #5420

merged 3 commits into from
Mar 6, 2023

Conversation

ashaka-elastic
Copy link
Contributor

Type of change

  • Enhancement
  • Bug

What does this PR do?

  • Add dynamic mapping for Zscaler ZIA
  • Resolve the issue related to fields that contain a NA value.
  • Resolve the issue related to the user agent field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/zscaler_zia directory.
  • Run the following command to run tests.

elastic-package test

Related issues

Screenshots

ZIA

@ashaka-elastic
Add support for dynamic ECS mapping as well as resolve the issue rela…
7d53d7e 
…ted to the user agent field and fields that contain a NA value
@ashaka-elastic ashaka-elastic requested a review from a team as a code owner March 1, 2023 06:51
@vinit-chauhan vinit-chauhan added bug Something isn't working Team:Security-External Integrations Integration:zscaler_zia Zscaler Internet Access labels Mar 1, 2023
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Mar 1, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-03-01T12:11:43.350+0000

  • Duration: 21 min 2 sec

Test stats 🧪

Test Results
Failed 0
Passed 37
Skipped 0
Total 37

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Mar 1, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (5/5) 💚
Files 100.0% (5/5) 💚
Classes 100.0% (5/5) 💚
Methods 100.0% (66/66) 💚 3.846
Lines 93.46% (1472/1575) 👎 -6.54
Conditionals 100.0% (0/0) 💚

P1llus
P1llus approved these changes Mar 2, 2023
View reviewed changes
packages/zscaler_zia/data_stream/tunnel/sample_event.json
"port": 0
},
"tags": [
"forwarded",
"zscaler_zia-tunnel"
],
"user": {
"name": "Unknown"
"name": "81.2.69.145"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a user name?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @P1llus,
In the user name field, we are getting an IP, but this IP indicates the user name only. Basically, this field contains the name of vpn credential. So, we mapped it to user.name.

@P1llus P1llus merged commit 3418fe2 into elastic:main Mar 6, 2023
@elasticmachine
Copy link

Package zscaler_zia - 2.7.1 containing this change is available at https://epr.elastic.co/search?package=zscaler_zia

agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 20, 2023
@ashaka-elastic @agithomas
[Zscaler ZIA] Add dynamic ECS mapping as well as resolve the issue re…
ef850df 
…late to User Agent and NA fields. (elastic#5420)

* Add support for dynamic ECS mapping as well as resolve the issue related to the user agent field and fields that contain a NA value

* Update Changelog Entry

* Update ReadMe
agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 21, 2023
@ashaka-elastic @agithomas
[Zscaler ZIA] Add dynamic ECS mapping as well as resolve the issue re…
e6c0c19 
…late to User Agent and NA fields. (elastic#5420)

* Add support for dynamic ECS mapping as well as resolve the issue related to the user agent field and fields that contain a NA value

* Update Changelog Entry

* Update ReadMe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vinit-chauhan vinit-chauhan vinit-chauhan left review comments

@P1llus P1llus P1llus approved these changes

Assignees

@ashaka-elastic ashaka-elastic

Labels
bug Something isn't working Integration:zscaler_zia Zscaler Internet Access
Projects
None yet
Milestone
No milestone
4 participants
@ashaka-elastic @elasticmachine @P1llus @vinit-chauhan