-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cisco_asa,cisco_ftd,microsoft_defender_endpoint,proofpoint_tap,slack: ensure event.type holds ECS-compliant values #7926
Conversation
… ensure event.type holds ECS-compliant values
d485a66
to
42ec521
Compare
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
What has me confused here is how we ended up with these in this state in the repo, unless it is because EP now tests this and previously (when they were last touched) did not. @jsoriano Does bumping the EP version not cause all packages to be tested? Oh, it seems it does, but failures are tolerated and no notification is sent to the package owners. |
Hey @efd6, sorry for the confusion. There was a regression in field values validation introduced in elastic-package 0.84.0, see elastic/elastic-package#1439. When fixing it in elastic-package 0.87.1, we decided to force merge the update in the integrations repository, even if it was failing for a number of packages, to avoid introducing the issue in more packages. See these comments elastic/elastic-package#1439 (comment) |
@@ -1,4 +1,9 @@ | |||
# newer versions go on top | |||
- version: "2.22.1" | |||
changes: | |||
- description: Ensure `event.type` is not set to ECS-noncompliant values. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- description: Ensure `event.type` is not set to ECS-noncompliant values. | |
- description: Ensure `event.type` is set to ECS-compliant values. |
🤷 wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking about that, to avoid the double negative, but they're semantically non-overlapping. It looks like the point is moot, since I think this was fixed in work by @kgeller.
Hey @efd6 I've been working through fixing these as I go through the ECS 8.10 updates, since they all cause the update tool to fail. I merged PRs for |
What does this PR do?
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots