Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added field winlog.event_data.EnabledPrivilegeList to windows and system integration #8230

Merged
merged 1 commit into from Oct 19, 2023
Merged

Added field winlog.event_data.EnabledPrivilegeList to windows and system integration #8230

merged 1 commit into from Oct 19, 2023

Conversation

leehinman
Copy link
Contributor

Proposed commit message

Added winlog.event_data.EnabledPrivilegeList field as type "keyword" in the following integrations:

  • windows integration, forward data stream
  • system integration, security data stream

This is needed for rule verification in the "security_detection_engine" integration and the "SeDebugPrivilege Enabled by a Suspicious Process" rule.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@leehinman leehinman added enhancement New feature or request Team:Security-External Integrations Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team labels Oct 17, 2023
@leehinman leehinman force-pushed the windows_enabled_privilige_list branch from 1ec2fe7 to f913d03 Compare October 17, 2023 16:12
@elasticmachine
Copy link

elasticmachine commented Oct 17, 2023
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-10-19T18:52:03.116+0000

  • Duration: 19 min 26 sec

Test stats 🧪

Test Results
Failed 0
Passed 301
Skipped 0
Total 301

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Oct 17, 2023
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (11/11) 💚
Files 93.75% (15/16) 👎 -2.385
Classes 93.75% (15/16) 👎 -2.385
Methods 76.667% (161/210) 👎 -15.378
Lines 94.166% (8764/9307) 👍 5.789
Conditionals 100.0% (0/0) 💚

@leehinman leehinman marked this pull request as ready for review October 17, 2023 16:42
@leehinman leehinman requested review from a team as code owners October 17, 2023 16:42
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

ishleenk17
ishleenk17 approved these changes Oct 19, 2023
View reviewed changes
Copy link
Contributor

@ishleenk17 ishleenk17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@leehinman
Added field winlog.event_data.EnabledPrivilegeList
ad80177 
- windows integration, forward data stream
- system integration, security data stream

Closes elastic/kibana#169077
@leehinman leehinman force-pushed the windows_enabled_privilige_list branch from f913d03 to ad80177 Compare October 19, 2023 18:51
@leehinman leehinman merged commit 2586079 into elastic:main Oct 19, 2023
4 checks passed
@elasticmachine
Copy link

Package system - 1.46.0 containing this change is available at https://epr.elastic.co/search?package=system

@elasticmachine
Copy link

Package windows - 1.39.0 containing this change is available at https://epr.elastic.co/search?package=windows

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmacknz cmacknz cmacknz approved these changes

@marc-gr marc-gr marc-gr approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

@belimawr belimawr Awaiting requested review from belimawr belimawr is a code owner automatically assigned from elastic/elastic-agent-data-plane

@fearful-symmetry fearful-symmetry Awaiting requested review from fearful-symmetry fearful-symmetry is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees
No one assigned
Labels
enhancement New feature or request Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
5 participants
@leehinman @elasticmachine @cmacknz @marc-gr @ishleenk17