Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

box_events: fingerprint the box.event_id field for doc deduplication #9498

Merged
merged 3 commits into from Apr 10, 2024
Merged

box_events: fingerprint the box.event_id field for doc deduplication #9498

merged 3 commits into from Apr 10, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Apr 3, 2024

Proposed commit message

See https://developer.box.com/reference/resources/event/#param-event_id for field semantics.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Integration:Box box.com Team:Security-Service Integrations Security Service Integrations Team labels Apr 3, 2024
@efd6 efd6 self-assigned this Apr 3, 2024
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review April 3, 2024 05:20
@efd6 efd6 requested a review from a team as a code owner April 3, 2024 05:20
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

andrewkroh
andrewkroh approved these changes Apr 3, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I assume this ID is unique across Box accounts (in case users are running multiple instances of the integration).

@efd6
Copy link
Contributor Author

efd6 commented Apr 3, 2024

The text in the docs could be interpreted that way, "The ID of the event object. You can use this to detect duplicate events". The language is not quite strong enough for me to be completely happy. We could inject the client ID into the ingest pipeline for inclusion in the fingerprint set and then remove it. I think this would make me happier, though this value is per application, not per owner, so it may move.

The Client ID of the application that is requesting to authenticate the user. To get the Client ID for your application, log in to your Box developer console and click the Edit Application link for the application you're working with. In the OAuth 2.0 Parameters section of the configuration page, find the item labelled client_id. The text of that item is your application's Client ID.

I am unable to find a definitively documented identifier that we could use, so this is probably the best we have.

@efd6 efd6 requested a review from andrewkroh April 4, 2024 04:31
kcreddy
kcreddy approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would make me happier, though this value is per application, not per owner, so it may move.

LGTM after adding client_id 👍🏼 although a test could be nice to have.

packages/box_events/data_stream/events/elasticsearch/ingest_pipeline/default.yml Outdated
Comment on lines 21 to 23
- remove:
field: _conf.client_id
ignore_missing: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this required since there is a remove on _conf field later in the pipeline?

@efd6 efd6 enabled auto-merge (squash) April 10, 2024 20:44
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 merged commit 6146d87 into elastic:main Apr 10, 2024
5 checks passed
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @efd6

@elasticmachine
Copy link

Package box_events - 2.8.0 containing this change is available at https://epr.elastic.co/search?package=box_events

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@kcreddy kcreddy kcreddy approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:Box box.com Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@efd6 @elasticmachine @andrewkroh @kcreddy