-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[M365 Defender] Fix fingerprint processor fields for log datastream #7255
Conversation
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add assert.hit_count
in system tests to make sure the number of documents ingested is always the same and for some reason there are no duplicates ingested.
Also, if a log entry with duplicated fingerprint does not exist, Can we add one to make sure it is dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Package m365_defender - 1.17.1 containing this change is available at https://epr.elastic.co/search?package=m365_defender |
…7255) * update fingerprint processor * update changelog entry * Add test assertion
Package m365_defender - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=m365_defender |
What does this PR do?
Current fingerprint processor fields are not enough to maintain uniqueness. Updated the fields inside the
fingerprint
processor.Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots