Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[M365 Defender] Fix fingerprint processor fields for log datastream #7255

Merged
merged 3 commits into from
Aug 8, 2023
Merged

[M365 Defender] Fix fingerprint processor fields for log datastream #7255

merged 3 commits into from
Aug 8, 2023

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Aug 4, 2023

What does this PR do?

Current fingerprint processor fields are not enough to maintain uniqueness. Updated the fields inside the fingerprint processor.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@kcreddy kcreddy changed the title [M365 Defender] Fix fingerprint processor fields [M365 Defender] Fix fingerprint processor fields for log datastream Aug 4, 2023
@elasticmachine
Copy link

elasticmachine commented Aug 4, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-08T08:02:22.426+0000

  • Duration: 15 min 5 sec

Test stats 🧪

Test Results
Failed 0
Passed 26
Skipped 0
Total 26

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Aug 4, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (3/3) 💚
Files 100.0% (7/7) 💚 3.392
Classes 100.0% (7/7) 💚 3.392
Methods 87.952% (73/83) 👎 -3.865
Lines 90.774% (4713/5192) 👍 2.53
Conditionals 100.0% (0/0) 💚

@kcreddy kcreddy marked this pull request as ready for review August 4, 2023 11:56
@kcreddy kcreddy requested a review from a team as a code owner August 4, 2023 11:56
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

bhapas
bhapas reviewed Aug 7, 2023
View reviewed changes
Copy link
Contributor

@bhapas bhapas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add assert.hit_count in system tests to make sure the number of documents ingested is always the same and for some reason there are no duplicates ingested.

Also, if a log entry with duplicated fingerprint does not exist, Can we add one to make sure it is dropped.

@kcreddy kcreddy requested a review from bhapas August 8, 2023 08:20
bhapas
bhapas approved these changes Aug 8, 2023
View reviewed changes
Copy link
Contributor

@bhapas bhapas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kcreddy kcreddy merged commit f741250 into elastic:main Aug 8, 2023
4 checks passed
@kcreddy kcreddy deleted the m365_defender_logs_fingerprint branch August 8, 2023 09:34
@elasticmachine
Copy link

Package m365_defender - 1.17.1 containing this change is available at https://epr.elastic.co/search?package=m365_defender

gizas pushed a commit that referenced this pull request Sep 5, 2023
@kcreddy @gizas
[M365 Defender] Fix fingerprint processor fields for log datastream (#…
c940905 
…7255)

* update fingerprint processor

* update changelog entry

* Add test assertion
@elasticmachine
Copy link

Package m365_defender - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=m365_defender

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhapas bhapas bhapas approved these changes

Assignees
No one assigned
Labels
bug Something isn't working Integration: M365_Defender
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kcreddy @elasticmachine @bhapas