From 6511315e636606ba12a2f87e89266b741e6a4f19 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Mon, 16 Dec 2024 11:52:23 +1030 Subject: [PATCH] google_workspace,jamf_protect,ti_mandiant: add "preserve_original_event" tag to documents with event.kind set to "pipeline_error" This manually replays the changes in #12046. --- packages/google_workspace/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../admin/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../device/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../drive/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../gcp/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../groups/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../login/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../rules/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../saml/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../token/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../user_accounts/elasticsearch/ingest_pipeline/default.yml | 4 ++++ packages/google_workspace/manifest.yml | 2 +- packages/jamf_protect/changelog.yml | 5 +++++ .../alerts/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../telemetry/elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ packages/jamf_protect/manifest.yml | 2 +- packages/ti_mandiant_advantage/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 4 ++++ packages/ti_mandiant_advantage/manifest.yml | 2 +- 25 files changed, 94 insertions(+), 3 deletions(-) diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 59dfa1eabcd..035754b382f 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.27.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12108 - version: "2.26.1" changes: - description: Fix string literals in painless scripts. diff --git a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml index a2369232412..9710228d8bc 100644 --- a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml @@ -382,3 +382,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index c9fe671e569..ca63f9e29cf 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -823,6 +823,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 6e73d4c9882..a93c02820ad 100644 --- a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -1056,6 +1056,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml index d7e67ada403..7372dd87d42 100644 --- a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml @@ -357,3 +357,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml index eb6c0df14d1..bf7b46f3028 100644 --- a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml @@ -554,3 +554,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml index 8b456bed270..3fbfb4a9f21 100644 --- a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml @@ -276,6 +276,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml index 355d7196d99..b57c2f2e89e 100644 --- a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml @@ -337,3 +337,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml index e730c0fdc95..5cad289d9fe 100644 --- a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml @@ -377,3 +377,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml index 441a9e1c1c2..8e150c0dc2c 100644 --- a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml @@ -307,6 +307,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml index 0cad83fcd33..25c0e6d0ab4 100644 --- a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml @@ -265,6 +265,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml index 82c211e0d08..5a1f642c74c 100644 --- a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml @@ -527,6 +527,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml index eec7f20e0d7..b623ad32b6a 100644 --- a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml @@ -188,6 +188,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml index 8eeac10c3f8..8b0a17949bf 100644 --- a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml @@ -371,3 +371,7 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml index 53be87e4c0f..2d3a816c8e4 100644 --- a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml @@ -183,6 +183,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index fd9c25e95b5..7619ba7bef4 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace -version: "2.26.1" +version: "2.27.0" source: license: Elastic-2.0 description: Collect logs from Google Workspace with Elastic Agent. diff --git a/packages/jamf_protect/changelog.yml b/packages/jamf_protect/changelog.yml index af6f33840b5..4db6e72a7ef 100644 --- a/packages/jamf_protect/changelog.yml +++ b/packages/jamf_protect/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.8.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12108 - version: "2.7.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/jamf_protect/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_protect/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index f84c31f3f1b..45ddd3fb61e 100644 --- a/packages/jamf_protect/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_protect/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -486,6 +486,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml index 973cb18fc71..7217aed0f37 100644 --- a/packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml @@ -353,6 +353,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: >- diff --git a/packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml index 41a9fe8aa92..90fa70a0512 100644 --- a/packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml @@ -241,6 +241,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/jamf_protect/data_stream/web_traffic_events/elasticsearch/ingest_pipeline/default.yml b/packages/jamf_protect/data_stream/web_traffic_events/elasticsearch/ingest_pipeline/default.yml index ee81fc07a9d..9204cdef5da 100644 --- a/packages/jamf_protect/data_stream/web_traffic_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/jamf_protect/data_stream/web_traffic_events/elasticsearch/ingest_pipeline/default.yml @@ -265,6 +265,10 @@ on_failure: - set: field: event.kind value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/jamf_protect/manifest.yml b/packages/jamf_protect/manifest.yml index 7b307f93817..f6b794db30d 100644 --- a/packages/jamf_protect/manifest.yml +++ b/packages/jamf_protect/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: jamf_protect title: Jamf Protect -version: "2.7.0" +version: "2.8.0" description: Receives events from Jamf Protect with Elastic Agent. type: integration categories: diff --git a/packages/ti_mandiant_advantage/changelog.yml b/packages/ti_mandiant_advantage/changelog.yml index fdca51f9810..4a6bdad30d2 100644 --- a/packages/ti_mandiant_advantage/changelog.yml +++ b/packages/ti_mandiant_advantage/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12108 - version: "1.6.0" changes: - description: Add support for proxy configuration. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml index b5994b671cc..0e82c52ba31 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml @@ -415,3 +415,7 @@ on_failure: field: event.kind value: pipeline_error allow_duplicates: false + - append: + field: tags + value: preserve_original_event + allow_duplicates: false diff --git a/packages/ti_mandiant_advantage/manifest.yml b/packages/ti_mandiant_advantage/manifest.yml index d542ffd4595..8dfd9488fdd 100644 --- a/packages/ti_mandiant_advantage/manifest.yml +++ b/packages/ti_mandiant_advantage/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: ti_mandiant_advantage title: "Mandiant Advantage" -version: "1.6.0" +version: "1.7.0" source: license: "Elastic-2.0" description: "Collect Threat Intelligence from products within the Mandiant Advantage platform."