Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssi_all: do not remove event.original in main ingest pipeline #12076

Merged
merged 4 commits into from
Dec 13, 2024
Merged

ssi_all: do not remove event.original in main ingest pipeline #12076

merged 4 commits into from
Dec 13, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Dec 11, 2024
edited
Loading

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] labels Dec 11, 2024
@efd6 efd6 self-assigned this Dec 11, 2024
@efd6 efd6 force-pushed the 12046-ssi-removes branch from 67a73eb to cbd28eb Compare December 11, 2024 23:34
@elastic-vault-github-plugin-prod
Copy link

Package symantec_endpoint - 2.18.0 containing this change is available at https://epr.elastic.co/package/symantec_endpoint/2.18.0/

@elastic-vault-github-plugin-prod
Copy link

Package symantec_endpoint_security - 1.4.0 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package tanium - 1.13.0 containing this change is available at https://epr.elastic.co/package/tanium/1.13.0/

@elastic-vault-github-plugin-prod
Copy link

Package teleport - 1.2.0 containing this change is available at https://epr.elastic.co/package/teleport/1.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_io - 3.4.0 containing this change is available at https://epr.elastic.co/package/tenable_io/3.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_sc - 1.27.0 containing this change is available at https://epr.elastic.co/package/tenable_sc/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package thycotic_ss - 1.10.0 containing this change is available at https://epr.elastic.co/package/thycotic_ss/1.10.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_abusech - 2.5.0 containing this change is available at https://epr.elastic.co/package/ti_abusech/2.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_anomali - 1.25.0 containing this change is available at https://epr.elastic.co/package/ti_anomali/1.25.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_cif3 - 1.16.0 containing this change is available at https://epr.elastic.co/package/ti_cif3/1.16.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_crowdstrike - 2.2.0 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_cybersixgill - 1.32.0 containing this change is available at https://epr.elastic.co/package/ti_cybersixgill/1.32.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_eset - 1.4.0 containing this change is available at https://epr.elastic.co/package/ti_eset/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_maltiverse - 1.4.0 containing this change is available at https://epr.elastic.co/package/ti_maltiverse/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_misp - 1.37.0 containing this change is available at https://epr.elastic.co/package/ti_misp/1.37.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_otx - 1.27.0 containing this change is available at https://epr.elastic.co/package/ti_otx/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_rapid7_threat_command - 2.2.0 containing this change is available at https://epr.elastic.co/package/ti_rapid7_threat_command/2.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_recordedfuture - 1.28.0 containing this change is available at https://epr.elastic.co/package/ti_recordedfuture/1.28.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatconnect - 1.5.0 containing this change is available at https://epr.elastic.co/package/ti_threatconnect/1.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatq - 1.30.0 containing this change is available at https://epr.elastic.co/package/ti_threatq/1.30.0/

@elastic-vault-github-plugin-prod
Copy link

Package tines - 1.14.0 containing this change is available at https://epr.elastic.co/package/tines/1.14.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_edr_cloud - 1.4.0 containing this change is available at https://epr.elastic.co/package/trellix_edr_cloud/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_epo_cloud - 1.13.0 containing this change is available at https://epr.elastic.co/package/trellix_epo_cloud/1.13.0/

@elastic-vault-github-plugin-prod
Copy link

Package trend_micro_vision_one - 1.23.0 containing this change is available at https://epr.elastic.co/package/trend_micro_vision_one/1.23.0/

@elastic-vault-github-plugin-prod
Copy link

Package trendmicro - 2.5.0 containing this change is available at https://epr.elastic.co/package/trendmicro/2.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package vectra_detect - 1.11.0 containing this change is available at https://epr.elastic.co/package/vectra_detect/1.11.0/

@elastic-vault-github-plugin-prod
Copy link

Package wiz - 2.6.0 containing this change is available at https://epr.elastic.co/package/wiz/2.6.0/

@elastic-vault-github-plugin-prod
Copy link

Package zerofox - 1.27.0 containing this change is available at https://epr.elastic.co/package/zerofox/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package zeronetworks - 1.17.0 containing this change is available at https://epr.elastic.co/package/zeronetworks/1.17.0/

@elastic-vault-github-plugin-prod
Copy link

Package zscaler_zpa - 1.20.0 containing this change is available at https://epr.elastic.co/package/zscaler_zpa/1.20.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:bitdefender BitDefender Integration:bitwarden Bitwarden Integration:cisco_meraki Cisco Meraki Integration:darktrace Darktrace Integration:eset_protect ESET PROTECT Integration:f5 F5 Logs (Deprecated) Integration:falco Falco Integration:forcepoint_web Forcepoint Web Security Integration:forgerock ForgeRock Integration:github GitHub Integration:gitlab GitLab Integration:google_scc Google Security Command Center Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:infoblox_bloxone_ddi Infoblox BloxOne DDI Integration:infoblox_nios Infoblox NIOS Integration:jamf_compliance_reporter Jamf Compliance Reporter Integration:jamf_protect Jamf Protect Integration:jumpcloud JumpCloud Integration:keycloak Keycloak Integration:lastpass LastPass Integration:lyve_cloud Lyve Cloud Integration:m365_defender Microsoft M365 Defender Integration:mattermost Mattermost Integration:menlo Menlo Security Integration:microsoft_defender_cloud Microsoft Defender for Cloud Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:microsoft_exchange_online_message_trac Microsoft Exchange Online Message Trace Integration:mimecast Mimecast Integration:netskope Netskope Integration:o365 Microsoft Office 365 Integration:opencanary OpenCanary Integration:panw_cortex_xdr Palo Alto Cortex XDR Integration:ping_one PingOne Integration:pps Pleasant Password Server Integration:prisma_access Palo Alto Prisma Access Integration:prisma_cloud Palo Alto Prisma Cloud Integration:proofpoint_tap Proofpoint TAP Integration:pulse_connect_secure Pulse Connect Secure Integration:qualys_vmdr Qualys VMDR Integration:rapid7_insightvm Rapid7 InsightVM Integration:santa Google Santa Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Integration:sentinel_one SentinelOne Integration:slack Slack Logs Integration:snyk Snyk Integration:sophos_central Sophos Central Integration:symantec_edr_cloud Symantec EDR Cloud (Deprecated) Integration:symantec_endpoint_security Symantec Endpoint Security Integration:symantec_endpoint Symantec Endpoint Protection Integration:tanium Tanium Integration:teleport Teleport Integration:tenable_io Tenable Vulnerability Management Integration:tenable_sc Tenable Security Center Integration:thycotic_ss Thycotic Secret Server Integration:ti_abusech AbuseCH Integration:ti_anomali Anomali Integration:ti_cif3 Collective Intelligence Framework v3 Integration:ti_crowdstrike CrowdStrike Falcon Intelligence Integration:ti_cybersixgill Cybersixgill Integration:ti_eset ESET Threat Intelligence Integration:ti_maltiverse Maltiverse Integration:ti_misp MISP Integration:ti_otx AlienVault OTX Integration:ti_rapid7_threat_command Rapid7 Threat Command Integration:ti_recordedfuture Recorded Future Integration:ti_threatconnect ThreatConnect Integration:ti_threatq ThreatQuotient Integration:tines Tines Integration:trellix_edr_cloud Trellix EDR Cloud Integration:trellix_epo_cloud Trellix ePO Cloud Integration:trendmicro Trend Micro Deep Security Integration:vectra_detect Vectra Detect Integration:wiz Wiz Integration:zerofox ZeroFox Integration:zeronetworks Zero Networks Integration:zscaler_zpa Zscaler Private Access Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@efd6 @elasticmachine @chrisberkhout @andrewkroh