Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ti_misp] Fix parsing of threat event publish_timestamp #6575

Merged
merged 3 commits into from Jun 15, 2023
Merged

[ti_misp] Fix parsing of threat event publish_timestamp #6575

merged 3 commits into from Jun 15, 2023

Conversation

chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Jun 14, 2023
edited

What does this PR do?

This fixes parsing of the threat event publish_timestamp field by adding a date step in the ingest pipeline that interprets the incoming value as a second-resolution UNIX timestamp, rather than letting Kibana later misinterpret it as a millisecond-resolution timestamp. This matches what is done for the threat data stream to what was already done for the publish_timestamp field in the threat_attributes data stream.

I updated the corresponding pipeline tests.

I manually verified that that the values come out as expected in the Kibana UI.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@chrisberkhout chrisberkhout requested a review from a team as a code owner June 14, 2023 13:18
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

💚 Build Succeeded

@elasticmachine
Copy link

elasticmachine commented Jun 14, 2023
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-06-14T13:19:42.837+0000

  • Duration: 15 min 34 sec

Test stats 🧪

Test Results
Failed 0
Passed 15
Skipped 0
Total 15

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 100.0% (30/30) 💚 27.273
Lines 86.536% (617/713) 👎 -13.464
Conditionals 100.0% (0/0) 💚

taylor-swanson
taylor-swanson approved these changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chrisberkhout chrisberkhout merged commit e57c1ef into main Jun 15, 2023
4 checks passed
@chrisberkhout chrisberkhout deleted the ti-misp-threat-event-publish-timestamp-fix branch June 15, 2023 10:35
@elasticmachine
Copy link

Package ti_misp - 1.15.4 containing this change is available at https://epr.elastic.co/search?package=ti_misp

sodhikirti07 pushed a commit that referenced this pull request Jun 15, 2023
@chrisberkhout @sodhikirti07
[ti_misp] Fix parsing of threat event publish_timestamp (#6575)
284f4d5 
* Fix values in the pipeline.
* Update the pipeline tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees
No one assigned
Labels
bugfix Integration:MISP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ti_misp] Incorrect misp.event.publish_date
3 participants
@chrisberkhout @elasticmachine @taylor-swanson