Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error" #12109

Merged
merged 1 commit into from
Dec 17, 2024
Merged

ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error" #12109

merged 1 commit into from
Dec 17, 2024
+863 −48

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Dec 16, 2024

Proposed commit message

See title.

Note

This was done semi-manually. But is equivalent to #12046, but for cases where there is a set processor for event.kind based on the existence of error.message.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] labels Dec 16, 2024
@efd6 efd6 self-assigned this Dec 16, 2024
@efd6 efd6 force-pushed the 12067-all branch 2 times, most recently from ef373ee to e1ce558 Compare December 16, 2024 02:42
@efd6 efd6 mentioned this pull request Dec 16, 2024
Closed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 16, 2024
edited
Loading

🚀 Benchmarks report

Package abnormal_security 👍(2) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
case 5813.95 3802.28 -2011.67 (-34.6%) 💔
threat 2386.63 1904.76 -481.87 (-20.19%) 💔

Package authentik 👍(0) 💚(0) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
event 2762.43 1529.05 -1233.38 (-44.65%) 💔
group 6849.32 3048.78 -3800.54 (-55.49%) 💔
user 11627.91 5988.02 -5639.89 (-48.5%) 💔

Package bitwarden 👍(2) 💚(2) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
policy 8928.57 6410.26 -2518.31 (-28.21%) 💔

Package claroty_ctd 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
asset 1084.6 767.46 -317.14 (-29.24%) 💔

Package crowdstrike 👍(3) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
falcon 16949.15 13888.89 -3060.26 (-18.06%) 💔

Package cybereason 👍(2) 💚(2) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
poll_malop 2739.73 2197.8 -541.93 (-19.78%) 💔
suspicions_process 1336.9 928.51 -408.39 (-30.55%) 💔

Package digital_guardian 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
arc 3663 3021.15 -641.85 (-17.52%) 💔

Package gitlab 👍(5) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 4926.11 4065.04 -861.07 (-17.48%) 💔
sidekiq 10309.28 7936.51 -2372.77 (-23.02%) 💔

Package google_workspace 👍(5) 💚(7) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
user_accounts 11235.96 9174.31 -2061.65 (-18.35%) 💔
access_transparency 1754.39 1420.45 -333.94 (-19.03%) 💔

Package menlo 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
dlp 3731.34 2227.17 -1504.17 (-40.31%) 💔

Package prisma_access 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
event 537.35 392.46 -144.89 (-26.96%) 💔

Package proofpoint_on_demand 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 1964.64 1569.86 -394.78 (-20.09%) 💔

Package qualys_vmdr 👍(0) 💚(2) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
knowledge_base 1760.56 1477.1 -283.46 (-16.1%) 💔

Package spycloud 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
breach_catalog 1117.32 927.64 -189.68 (-16.98%) 💔

Package sublime_security 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 1841.62 1512.86 -328.76 (-17.85%) 💔

Package tenable_io 👍(2) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
plugin 2967.36 1663.89 -1303.47 (-43.93%) 💔
vulnerability 1727.12 1438.85 -288.27 (-16.69%) 💔

Package ti_eset 👍(1) 💚(3) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
apt 1876.17 1196.17 -680 (-36.24%) 💔
botnet 7874.02 5291.01 -2583.01 (-32.8%) 💔
ip 8196.72 5952.38 -2244.34 (-27.38%) 💔

Package ti_rapid7_threat_command 👍(1) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alert 3663 2331 -1332 (-36.36%) 💔
ioc 2557.54 1773.05 -784.49 (-30.67%) 💔

Package trellix_edr_cloud 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
event 1187.65 993.05 -194.6 (-16.39%) 💔

Package trellix_epo_cloud 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
device 1893.94 1602.56 -291.38 (-15.38%) 💔

Package zscaler_zia 👍(5) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alerts 4048.58 3039.51 -1009.07 (-24.92%) 💔
audit 4016.06 3194.89 -821.17 (-20.45%) 💔

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review December 16, 2024 03:15
@efd6 efd6 requested a review from a team as a code owner December 16, 2024 03:15
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6 efd6 added Integration:crowdstrike CrowdStrike Integration:google_workspace Google Workspace Integration:f5 F5 Logs (Deprecated) Integration:zscaler_zia Zscaler Internet Access Integration:m365_defender Microsoft M365 Defender Integration:tenable_io Tenable Vulnerability Management Integration:trendmicro Trend Micro Deep Security Integration:vectra_detect Vectra Detect Integration:google_scc Google Security Command Center Integration:bitwarden Bitwarden Integration:ti_rapid7_threat_command Rapid7 Threat Command Integration:amazon_security_lake Amazon Security Lake Integration:wiz Wiz Integration:qualys_vmdr Qualys VMDR Integration:prisma_cloud Palo Alto Prisma Cloud Integration:entityanalytics_entra_id Microsoft Entra ID Entity Analytics Integration:ti_mandiant_advantage Mandiant Advantage Integration:rapid7_insightvm Rapid7 InsightVM Integration:eset_protect ESET PROTECT Integration:ti_crowdstrike CrowdStrike Falcon Intelligence labels Dec 16, 2024
@elastic-vault-github-plugin-prod
Copy link

Package gitlab - 1.4.0 containing this change is available at https://epr.elastic.co/package/gitlab/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package google_scc - 1.7.0 containing this change is available at https://epr.elastic.co/package/google_scc/1.7.0/

@elastic-vault-github-plugin-prod
Copy link

Package google_workspace - 2.28.0 containing this change is available at https://epr.elastic.co/package/google_workspace/2.28.0/

@elastic-vault-github-plugin-prod
Copy link

Package imperva_cloud_waf - 1.4.0 containing this change is available at https://epr.elastic.co/package/imperva_cloud_waf/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package m365_defender - 2.18.0 containing this change is available at https://epr.elastic.co/package/m365_defender/2.18.0/

@elastic-vault-github-plugin-prod
Copy link

Package menlo - 1.4.0 containing this change is available at https://epr.elastic.co/package/menlo/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_defender_cloud - 2.3.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_cloud/2.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_sentinel - 0.3.0 containing this change is available at https://epr.elastic.co/package/microsoft_sentinel/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package prisma_access - 1.3.0 containing this change is available at https://epr.elastic.co/package/prisma_access/1.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package prisma_cloud - 1.7.0 containing this change is available at https://epr.elastic.co/package/prisma_cloud/1.7.0/

@elastic-vault-github-plugin-prod
Copy link

Package proofpoint_on_demand - 1.3.0 containing this change is available at https://epr.elastic.co/package/proofpoint_on_demand/1.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package qualys_vmdr - 5.8.0 containing this change is available at https://epr.elastic.co/package/qualys_vmdr/5.8.0/

@elastic-vault-github-plugin-prod
Copy link

Package rapid7_insightvm - 1.15.0 containing this change is available at https://epr.elastic.co/package/rapid7_insightvm/1.15.0/

@elastic-vault-github-plugin-prod
Copy link

Package servicenow - 0.7.0 containing this change is available at https://epr.elastic.co/package/servicenow/0.7.0/

@elastic-vault-github-plugin-prod
Copy link

Package spycloud - 1.2.0 containing this change is available at https://epr.elastic.co/package/spycloud/1.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package sublime_security - 1.3.0 containing this change is available at https://epr.elastic.co/package/sublime_security/1.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package symantec_edr_cloud - 1.8.0 containing this change is available at https://epr.elastic.co/package/symantec_edr_cloud/1.8.0/

@elastic-vault-github-plugin-prod
Copy link

Package symantec_endpoint_security - 1.5.0 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_io - 3.5.0 containing this change is available at https://epr.elastic.co/package/tenable_io/3.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_crowdstrike - 2.3.0 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_eset - 1.5.0 containing this change is available at https://epr.elastic.co/package/ti_eset/1.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_mandiant_advantage - 1.8.0 containing this change is available at https://epr.elastic.co/package/ti_mandiant_advantage/1.8.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_rapid7_threat_command - 2.3.0 containing this change is available at https://epr.elastic.co/package/ti_rapid7_threat_command/2.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatconnect - 1.6.0 containing this change is available at https://epr.elastic.co/package/ti_threatconnect/1.6.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_edr_cloud - 1.5.0 containing this change is available at https://epr.elastic.co/package/trellix_edr_cloud/1.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_epo_cloud - 1.14.0 containing this change is available at https://epr.elastic.co/package/trellix_epo_cloud/1.14.0/

@elastic-vault-github-plugin-prod
Copy link

Package trendmicro - 2.6.0 containing this change is available at https://epr.elastic.co/package/trendmicro/2.6.0/

@elastic-vault-github-plugin-prod
Copy link

Package vectra_detect - 1.12.0 containing this change is available at https://epr.elastic.co/package/vectra_detect/1.12.0/

@elastic-vault-github-plugin-prod
Copy link

Package wiz - 2.7.0 containing this change is available at https://epr.elastic.co/package/wiz/2.7.0/

@elastic-vault-github-plugin-prod
Copy link

Package zscaler_zia - 3.6.0 containing this change is available at https://epr.elastic.co/package/zscaler_zia/3.6.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:abnormal_security Abnormal Security Integration:amazon_security_lake Amazon Security Lake Integration:authentik authentik Integration:azure_network_watcher_nsg Azure Network Watcher NSG Integration:azure_network_watcher_vnet Azure Network Watcher VNet Integration:bitwarden Bitwarden Integration:canva Canva Integration:checkpoint_email Check Point Harmony Email & Collaboration Integration:claroty_ctd Claroty CTD Integration:crowdstrike CrowdStrike Integration:cybereason Cybereason Integration:digital_guardian Digital Guardian Integration:entityanalytics_ad Active Directory Entity Analytics Integration:entityanalytics_entra_id Microsoft Entra ID Entity Analytics Integration:entityanalytics_okta Okta Entity Analytics Integration:eset_protect ESET PROTECT Integration:f5_bigip F5 BIG-IP Integration:gitlab GitLab Integration:google_scc Google Security Command Center Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:m365_defender Microsoft M365 Defender Integration:menlo Menlo Security Integration:microsoft_defender_cloud Microsoft Defender for Cloud Integration:microsoft_sentinel Microsoft Sentinel Integration:prisma_access Palo Alto Prisma Access Integration:prisma_cloud Palo Alto Prisma Cloud Integration:proofpoint_on_demand Proofpoint On Demand Integration:qualys_vmdr Qualys VMDR Integration:rapid7_insightvm Rapid7 InsightVM Integration:servicenow ServiceNow Integration:spycloud SpyCloud Enterprise Protection Integration:sublime_security Sublime Security Integration:symantec_edr_cloud Symantec EDR Cloud (Deprecated) Integration:symantec_endpoint_security Symantec Endpoint Security Integration:tenable_io Tenable Vulnerability Management Integration:ti_crowdstrike CrowdStrike Falcon Intelligence Integration:ti_eset ESET Threat Intelligence Integration:ti_mandiant_advantage Mandiant Advantage Integration:ti_rapid7_threat_command Rapid7 Threat Command Integration:ti_threatconnect ThreatConnect Integration:trellix_edr_cloud Trellix EDR Cloud Integration:trellix_epo_cloud Trellix ePO Cloud Integration:trendmicro Trend Micro Deep Security Integration:vectra_detect Vectra Detect Integration:wiz Wiz Integration:zscaler_zia Zscaler Internet Access Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@efd6 @elasticmachine @chrisberkhout @andrewkroh