Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zscaler_zia: fix mapping of user identities #9041

Merged
merged 1 commit into from
Feb 9, 2024
Merged

zscaler_zia: fix mapping of user identities #9041

merged 1 commit into from
Feb 9, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Feb 1, 2024

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Feb 1, 2024
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 force-pushed the 9040-zscaler_zia branch 3 times, most recently from 219ed16 to 7d5a2ba Compare February 2, 2024 01:15
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @efd6

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
84.8% 84.8% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 marked this pull request as ready for review February 2, 2024 01:35
@efd6 efd6 requested a review from a team as a code owner February 2, 2024 01:35
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

chrisberkhout
chrisberkhout approved these changes Feb 9, 2024
View reviewed changes
packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml
field: related.user
value: '{{{user.name}}}'
allow_duplicates: false
if: ctx.user?.name != null && !(ctx.user.name instanceof List)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's a list you could do foreach to append each one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually had that code in, but never saw a case in any of the samples I could find. So I removed it. The type check here is fossilised paranoia.

packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json
@@ -1,7 +1,7 @@
{
"expected": [
{
"@timestamp": "2023-12-31T12:01:04.000Z",
"@timestamp": "2024-12-31T12:01:04.000Z",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't know about the yearless BSD syslog format until I saw this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One year should be enough for anyone.

@efd6 efd6 merged commit d103bec into elastic:main Feb 9, 2024
5 checks passed
@elasticmachine
Copy link

Package zscaler_zia - 2.18.2 containing this change is available at https://epr.elastic.co/search?package=zscaler_zia

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels
bugfix Integration:ZscalerZIA Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

zscaler_zia: user identitiies are not properly mapped
3 participants
@efd6 @elasticmachine @chrisberkhout