New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[checkpoint] Improve authentication logs normalization #8884
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
0c475e1
to
e245358
Compare
🚀 Benchmarks reportTo see the full report comment with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you flesh out the commit message, including noting the provenance of the test cases.
packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-r81x.log-expected.json
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
cc @bhapas |
Package checkpoint - 1.30.0 containing this change is available at https://epr.elastic.co/search?package=checkpoint |
Proposed commit message
Problem described in #8836
Authentication events (logon, logoff) to be categorised as authentication events [ Instead of Network events ]
Sample Authentication events are added in the pipeline tests for the following scenarios
Checklist
changelog.yml
file.How to test this PR locally
elastic-package stack up -d -v && elastic-package test -v
Related issues