-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
microsoft_defender_endpoint: fix handling of empty array fields #9338
Conversation
4a2e904
to
ab343bd
Compare
When the evidence field in the input is a zero length array some processors fail due to direct access of subfields. It appears that sometimes this field is sent as an array rather than an object when empty, rather than as a null. So remove all empty arrays and objects at the beginning of the pipeline.
ab343bd
to
1d05cf5
Compare
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
cc @efd6 |
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Package microsoft_defender_endpoint - 2.24.1 containing this change is available at https://epr.elastic.co/search?package=microsoft_defender_endpoint |
When the evidence field in the input is a zero length array some processors fail due to direct access of subfields. It appears that sometimes this field is sent as an array rather than an object when empty, rather than as a null. So remove all empty arrays and objects at the beginning of the pipeline.
Proposed commit message
When the evidence field in the input is a zero length array some processors fail due to direct access of subfields. It appears that sometimes this field is sent as an array rather than an object when empty, rather than as a null. So remove all empty arrays and objects at the beginning of the pipeline.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots