Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[crowdstrike] Convert Win32 timestamps to unix millisecond timestamp #7734

Merged
merged 2 commits into from
Sep 11, 2023
Merged

[crowdstrike] Convert Win32 timestamps to unix millisecond timestamp #7734

merged 2 commits into from
Sep 11, 2023

Conversation

taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Sep 8, 2023
edited
Loading

What does this PR do?

  • Change the conversion function for Win32 timestamps to produce a millisecond result. A mapping error was occuring when trying to map certain fields, such as crowdstrike.event.PrecedingActivityTimeStamp, since (by default) the date field only handles string-based timestamps and millisecond-based unix timestamps.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • elastic-package test

Related

@taylor-swanson
[crowdstrike] Convert Win32 timestamps to unix millisecond timestamp
448b36c 
- Change the conversion function for Win32 timestamps to produce a
millisecond result. A mapping error was occuring when trying to map
certain fields, such as crowdstrike.event.PrecedingActivityTimeStamp,
since (by default) the date field only handles string-based timestamps
and millisecond-based unix timestamps.
@taylor-swanson taylor-swanson added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:crowdstrike CrowdStrike labels Sep 8, 2023
@taylor-swanson taylor-swanson self-assigned this Sep 8, 2023
@taylor-swanson
Copy link
Contributor Author

@ShourieG, as the PR mentions, I changed the unix timestamp format to milliseconds. It looks like the existing date processors handle either unix format (seconds or milliseconds), so I don't think there's anything more we need to do.

@elasticmachine
Copy link

elasticmachine commented Sep 8, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-09-08T20:13:42.664+0000

  • Duration: 15 min 26 sec

Test stats 🧪

Test Results
Failed 0
Passed 30
Skipped 0
Total 30

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (15/15) 💚
Classes 100.0% (15/15) 💚
Methods 95.876% (93/97) 👍 20.119
Lines 88.201% (3588/4068) 👎 -11.799
Conditionals 100.0% (0/0) 💚

@taylor-swanson taylor-swanson marked this pull request as ready for review September 8, 2023 20:31
@taylor-swanson taylor-swanson requested a review from a team as a code owner September 8, 2023 20:31
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

ShourieG
ShourieG approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Yea changing the value to millisec should do the trick.

@taylor-swanson taylor-swanson merged commit e49bc9e into elastic:main Sep 11, 2023
1 check passed
@taylor-swanson taylor-swanson deleted the sdh/3808-crowdstrike-timestamp branch September 11, 2023 12:45
@elasticmachine
Copy link

Package crowdstrike - 1.18.3 containing this change is available at https://epr.elastic.co/search?package=crowdstrike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels
bug Something isn't working, use only for issues Integration:crowdstrike CrowdStrike
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taylor-swanson @elasticmachine @ShourieG