Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error"#12109

Merged
efd6 merged 0 commit intoelastic:mainfrom
efd6:12067-all
Dec 17, 2024
Merged

ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error"#12109
efd6 merged 0 commit intoelastic:mainfrom
efd6:12067-all

Conversation

@efd6
Copy link
Contributor

Proposed commit message

See title.

Note

This was done semi-manually. But is equivalent to#12046, but for cases where there is a set processor forevent.kind based on the existence oferror.message.

Checklist

  • I have reviewedtips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package'schangelog.yml file.
  • I have verified that Kibana version constraints are current according toguidelines.
  • I have verified that any added dashboard complies with Kibana'sDashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6efd6 added enhancementNew feature or request Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations] labelsDec 16, 2024
@efd6efd6 self-assigned thisDec 16, 2024
@efd6efd6force-pushed the12067-all branch 2 times, most recently fromef373ee toe1ce558CompareDecember 16, 2024 02:42
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prodbot commentedDec 16, 2024
edited
Loading

🚀 Benchmarks report

Packageabnormal_security 👍(2) 💚(0) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
case5813.953802.28-2011.67 (-34.6%)💔
threat2386.631904.76-481.87 (-20.19%)💔

Packageauthentik 👍(0) 💚(0) 💔(3)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
event2762.431529.05-1233.38 (-44.65%)💔
group6849.323048.78-3800.54 (-55.49%)💔
user11627.915988.02-5639.89 (-48.5%)💔

Packagebitwarden 👍(2) 💚(2) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
policy8928.576410.26-2518.31 (-28.21%)💔

Packageclaroty_ctd 👍(1) 💚(1) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
asset1084.6767.46-317.14 (-29.24%)💔

Packagecrowdstrike 👍(3) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
falcon16949.1513888.89-3060.26 (-18.06%)💔

Packagecybereason 👍(2) 💚(2) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
poll_malop2739.732197.8-541.93 (-19.78%)💔
suspicions_process1336.9928.51-408.39 (-30.55%)💔

Packagedigital_guardian 👍(0) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
arc36633021.15-641.85 (-17.52%)💔

Packagegitlab 👍(5) 💚(0) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
audit4926.114065.04-861.07 (-17.48%)💔
sidekiq10309.287936.51-2372.77 (-23.02%)💔

Packagegoogle_workspace 👍(5) 💚(7) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
user_accounts11235.969174.31-2061.65 (-18.35%)💔
access_transparency1754.391420.45-333.94 (-19.03%)💔

Packagemenlo 👍(1) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
dlp3731.342227.17-1504.17 (-40.31%)💔

Packageprisma_access 👍(0) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
event537.35392.46-144.89 (-26.96%)💔

Packageproofpoint_on_demand 👍(2) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
audit1964.641569.86-394.78 (-20.09%)💔

Packagequalys_vmdr 👍(0) 💚(2) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
knowledge_base1760.561477.1-283.46 (-16.1%)💔

Packagespycloud 👍(1) 💚(1) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
breach_catalog1117.32927.64-189.68 (-16.98%)💔

Packagesublime_security 👍(2) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
audit1841.621512.86-328.76 (-17.85%)💔

Packagetenable_io 👍(2) 💚(0) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
plugin2967.361663.89-1303.47 (-43.93%)💔
vulnerability1727.121438.85-288.27 (-16.69%)💔

Packageti_eset 👍(1) 💚(3) 💔(3)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
apt1876.171196.17-680 (-36.24%)💔
botnet7874.025291.01-2583.01 (-32.8%)💔
ip8196.725952.38-2244.34 (-27.38%)💔

Packageti_rapid7_threat_command 👍(1) 💚(0) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
alert36632331-1332 (-36.36%)💔
ioc2557.541773.05-784.49 (-30.67%)💔

Packagetrellix_edr_cloud 👍(0) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
event1187.65993.05-194.6 (-16.39%)💔

Packagetrellix_epo_cloud 👍(2) 💚(0) 💔(1)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
device1893.941602.56-291.38 (-15.38%)💔

Packagezscaler_zia 👍(5) 💚(1) 💔(2)

Expand to view
Data streamPrevious EPSNew EPSDiff (%)Result
alerts4048.583039.51-1009.07 (-24.92%)💔
audit4016.063194.89-821.17 (-20.45%)💔

To see the full report comment with/test benchmark fullreport

@efd6efd6 marked this pull request as ready for reviewDecember 16, 2024 03:15
@efd6efd6 requested a review froma team as acode ownerDecember 16, 2024 03:15
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6efd6 added Integration:crowdstrikeCrowdStrike Integration:google_workspaceGoogle Workspace Integration:f5F5 Logs (Deprecated) [Integration not found in source] Integration:zscaler_ziaZscaler Internet Access Integration:m365_defenderMicrosoft Defender XDR Integration:tenable_ioTenable Vulnerability Management Integration:trendmicroTrend Micro Deep Security Integration:vectra_detectVectra Detect Integration:google_sccGoogle Security Command Center Integration:bitwardenBitwarden Integration:ti_rapid7_threat_commandRapid7 Threat Command (Partner supported) Integration:amazon_security_lakeAmazon Security Lake Integration:wizWiz Integration:qualys_vmdrQualys VMDR Integration:prisma_cloudPalo Alto Prisma Cloud Integration:entityanalytics_entra_idMicrosoft Entra ID Entity Analytics Integration:ti_mandiant_advantageMandiant Advantage (Partner supported) Integration:rapid7_insightvmRapid7 InsightVM Integration:eset_protectESET PROTECT Integration:ti_crowdstrikeCrowdStrike Falcon Intelligence labelsDec 16, 2024
@elastic-vault-github-plugin-prod

Package m365_defender - 2.18.0 containing this change is available athttps://epr.elastic.co/package/m365_defender/2.18.0/

@elastic-vault-github-plugin-prod

Package menlo - 1.4.0 containing this change is available athttps://epr.elastic.co/package/menlo/1.4.0/

@elastic-vault-github-plugin-prod

Package microsoft_defender_cloud - 2.3.0 containing this change is available athttps://epr.elastic.co/package/microsoft_defender_cloud/2.3.0/

@elastic-vault-github-plugin-prod

Package microsoft_sentinel - 0.3.0 containing this change is available athttps://epr.elastic.co/package/microsoft_sentinel/0.3.0/

@elastic-vault-github-plugin-prod

Package prisma_access - 1.3.0 containing this change is available athttps://epr.elastic.co/package/prisma_access/1.3.0/

@elastic-vault-github-plugin-prod

Package prisma_cloud - 1.7.0 containing this change is available athttps://epr.elastic.co/package/prisma_cloud/1.7.0/

@elastic-vault-github-plugin-prod

Package proofpoint_on_demand - 1.3.0 containing this change is available athttps://epr.elastic.co/package/proofpoint_on_demand/1.3.0/

@elastic-vault-github-plugin-prod

Package qualys_vmdr - 5.8.0 containing this change is available athttps://epr.elastic.co/package/qualys_vmdr/5.8.0/

@elastic-vault-github-plugin-prod

Package rapid7_insightvm - 1.15.0 containing this change is available athttps://epr.elastic.co/package/rapid7_insightvm/1.15.0/

@elastic-vault-github-plugin-prod

Package servicenow - 0.7.0 containing this change is available athttps://epr.elastic.co/package/servicenow/0.7.0/

@elastic-vault-github-plugin-prod

Package spycloud - 1.2.0 containing this change is available athttps://epr.elastic.co/package/spycloud/1.2.0/

@elastic-vault-github-plugin-prod

Package sublime_security - 1.3.0 containing this change is available athttps://epr.elastic.co/package/sublime_security/1.3.0/

@elastic-vault-github-plugin-prod

Package symantec_edr_cloud - 1.8.0 containing this change is available athttps://epr.elastic.co/package/symantec_edr_cloud/1.8.0/

@elastic-vault-github-plugin-prod

Package symantec_endpoint_security - 1.5.0 containing this change is available athttps://epr.elastic.co/package/symantec_endpoint_security/1.5.0/

@elastic-vault-github-plugin-prod

Package tenable_io - 3.5.0 containing this change is available athttps://epr.elastic.co/package/tenable_io/3.5.0/

@elastic-vault-github-plugin-prod

Package ti_crowdstrike - 2.3.0 containing this change is available athttps://epr.elastic.co/package/ti_crowdstrike/2.3.0/

@elastic-vault-github-plugin-prod

Package ti_eset - 1.5.0 containing this change is available athttps://epr.elastic.co/package/ti_eset/1.5.0/

@elastic-vault-github-plugin-prod

Package ti_mandiant_advantage - 1.8.0 containing this change is available athttps://epr.elastic.co/package/ti_mandiant_advantage/1.8.0/

@elastic-vault-github-plugin-prod

Package ti_rapid7_threat_command - 2.3.0 containing this change is available athttps://epr.elastic.co/package/ti_rapid7_threat_command/2.3.0/

@elastic-vault-github-plugin-prod

Package ti_threatconnect - 1.6.0 containing this change is available athttps://epr.elastic.co/package/ti_threatconnect/1.6.0/

@elastic-vault-github-plugin-prod

Package trellix_edr_cloud - 1.5.0 containing this change is available athttps://epr.elastic.co/package/trellix_edr_cloud/1.5.0/

@elastic-vault-github-plugin-prod

Package trellix_epo_cloud - 1.14.0 containing this change is available athttps://epr.elastic.co/package/trellix_epo_cloud/1.14.0/

@elastic-vault-github-plugin-prod

Package trendmicro - 2.6.0 containing this change is available athttps://epr.elastic.co/package/trendmicro/2.6.0/

@elastic-vault-github-plugin-prod

Package vectra_detect - 1.12.0 containing this change is available athttps://epr.elastic.co/package/vectra_detect/1.12.0/

@elastic-vault-github-plugin-prod

Package wiz - 2.7.0 containing this change is available athttps://epr.elastic.co/package/wiz/2.7.0/

@elastic-vault-github-plugin-prod

Package zscaler_zia - 3.6.0 containing this change is available athttps://epr.elastic.co/package/zscaler_zia/3.6.0/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 4, 2025
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 5, 2025
@efd6efd6 deleted the 12067-all branchFebruary 5, 2025 21:58
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@chrisberkhoutchrisberkhoutchrisberkhout approved these changes

Assignees

@efd6efd6

Labels

enhancementNew feature or requestIntegration:abnormal_securityAbnormal AIIntegration:amazon_security_lakeAmazon Security LakeIntegration:authentikauthentikIntegration:azure_network_watcher_nsgAzure Network Watcher NSGIntegration:azure_network_watcher_vnetAzure Network Watcher VNetIntegration:bitwardenBitwardenIntegration:canvaCanvaIntegration:checkpoint_emailCheck Point Harmony Email & CollaborationIntegration:claroty_ctdClaroty CTDIntegration:crowdstrikeCrowdStrikeIntegration:cybereasonCybereasonIntegration:digital_guardianDigital GuardianIntegration:entityanalytics_adActive Directory Entity AnalyticsIntegration:entityanalytics_entra_idMicrosoft Entra ID Entity AnalyticsIntegration:entityanalytics_oktaOkta Entity AnalyticsIntegration:eset_protectESET PROTECTIntegration:f5_bigipF5 BIG-IPIntegration:gitlabGitLabIntegration:google_sccGoogle Security Command CenterIntegration:google_workspaceGoogle WorkspaceIntegration:imperva_cloud_wafImperva Cloud WAFIntegration:m365_defenderMicrosoft Defender XDRIntegration:menloMenlo SecurityIntegration:microsoft_defender_cloudMicrosoft Defender for CloudIntegration:microsoft_sentinelMicrosoft SentinelIntegration:prisma_accessPalo Alto Prisma AccessIntegration:prisma_cloudPalo Alto Prisma CloudIntegration:proofpoint_on_demandProofpoint On DemandIntegration:qualys_vmdrQualys VMDRIntegration:rapid7_insightvmRapid7 InsightVMIntegration:servicenowServiceNowIntegration:spycloudSpyCloud Enterprise Protection (Partner supported)Integration:sublime_securitySublime SecurityIntegration:symantec_edr_cloudSymantec EDR Cloud (Deprecated) [Integration not found in source]Integration:symantec_endpoint_securitySymantec Endpoint SecurityIntegration:tenable_ioTenable Vulnerability ManagementIntegration:ti_crowdstrikeCrowdStrike Falcon IntelligenceIntegration:ti_esetESET Threat Intelligence (Partner supported)Integration:ti_mandiant_advantageMandiant Advantage (Partner supported)Integration:ti_rapid7_threat_commandRapid7 Threat Command (Partner supported)Integration:ti_threatconnectThreatConnect (Partner supported)Integration:trellix_edr_cloudTrellix EDR CloudIntegration:trellix_epo_cloudTrellix ePO CloudIntegration:trendmicroTrend Micro Deep SecurityIntegration:vectra_detectVectra DetectIntegration:wizWizIntegration:zscaler_ziaZscaler Internet AccessTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@efd6@elasticmachine@chrisberkhout@andrewkroh

Comments

[8]ページ先頭
©2009-2026 Movatter.jp