- Notifications
You must be signed in to change notification settings - Fork545
{microsoft_defender_endpoint, m365_defender}.vulnerability: New API implementation#15603
Merged
efd6 merged 15 commits intoelastic:mainfromOct 12, 2025
Merged
{microsoft_defender_endpoint, m365_defender}.vulnerability: New API implementation#15603efd6 merged 15 commits intoelastic:mainfrom
efd6 merged 15 commits intoelastic:mainfrom
Conversation
elasticmachine commentedOct 9, 2025
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
efd6 reviewedOct 9, 2025
...s/m365_defender/kibana/visualization/m365_defender-4f3a6702-9642-4392-9b34-ceb1447e09a7.jsonShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
packages/m365_defender/data_stream/vulnerability/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/microsoft_defender_endpoint/_dev/deploy/docker/vulnerability-http-mock-config.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
...endpoint/kibana/search/microsoft_defender_endpoint-89e2c263-f9c2-4f34-85d2-86b1d1b9106b.json OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
...t/kibana/visualization/microsoft_defender_endpoint-4f3a6702-9642-4392-9b34-ceb1447e09a7.jsonShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/m365_defender/data_stream/vulnerability/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/m365_defender/data_stream/vulnerability/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/microsoft_defender_endpoint/data_stream/vulnerability/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
packages/m365_defender/data_stream/vulnerability/_dev/test/system/test-default-config.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
...crosoft_defender_endpoint/data_stream/vulnerability/_dev/test/system/test-default-config.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
elastic-vault-github-plugin-prodbot commentedOct 10, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
🚀 Benchmarks reportPackage |
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
machine | 3086.42 | 2392.34 | -694.08 (-22.49%) | 💔 |
To see the full report comment with/test benchmark fullreport
packages/m365_defender/data_stream/vulnerability/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Collaborator
brijesh-elastic commentedOct 11, 2025
Since there is a change in the transform schema, the |
elasticmachine commentedOct 12, 2025
💚 Build Succeeded
History
cc@kcreddy |
efd6 approved these changesOct 12, 2025
7c2d2ef intoelastic:main 7 checks passed
Uh oh!
There was an error while loading.Please reload this page.
Package m365_defender - 5.0.0 containing this change is available athttps://epr.elastic.co/package/m365_defender/5.0.0/ |
Package microsoft_defender_endpoint - 4.0.0 containing this change is available athttps://epr.elastic.co/package/microsoft_defender_endpoint/4.0.0/ |
agithomas pushed a commit to agithomas/integrations that referenced this pull requestOct 30, 2025
…plementation (elastic#15603)Existing CEL program uses 3 API endpoints to fetch vulnerabilitydata. Although we fetch more fields using this approach, it doesn't scale well and hence is unusable even for few hundred machines.This PR updates the vulnerability data stream with new SoftwareVulnerabilitiesExport API[1], which is recommended for larger workloads. While there are few data points missed in this new implementation[2], we maintain all the required fields for 3rd party vulnerability workflow[3].Other changes:- Updates microsoft_defender_endpoint min stack version to "8.19.3" as the permissions for the transform were actually applied in "8.19.3" version, and not in "8.19.2"[4].- Add dataset filter to all visualisations of vulnerability dashboards.[1]:https://learn.microsoft.com/en-us/defender-endpoint/api/get-assessment-software-vulnerabilities#2-export-software-vulnerabilities-assessment-via-files[2]:elastic#15521 (comment)[3]:https://docs.elastic.dev/security-solution/cloud-security/cdr/3p-dev-guide[4]:elastic/elasticsearch#132629
tehbooom pushed a commit to tehbooom/integrations that referenced this pull requestNov 19, 2025
…plementation (elastic#15603)Existing CEL program uses 3 API endpoints to fetch vulnerabilitydata. Although we fetch more fields using this approach, it doesn't scale well and hence is unusable even for few hundred machines.This PR updates the vulnerability data stream with new SoftwareVulnerabilitiesExport API[1], which is recommended for larger workloads. While there are few data points missed in this new implementation[2], we maintain all the required fields for 3rd party vulnerability workflow[3].Other changes:- Updates microsoft_defender_endpoint min stack version to "8.19.3" as the permissions for the transform were actually applied in "8.19.3" version, and not in "8.19.2"[4].- Add dataset filter to all visualisations of vulnerability dashboards.[1]:https://learn.microsoft.com/en-us/defender-endpoint/api/get-assessment-software-vulnerabilities#2-export-software-vulnerabilities-assessment-via-files[2]:elastic#15521 (comment)[3]:https://docs.elastic.dev/security-solution/cloud-security/cdr/3p-dev-guide[4]:elastic/elasticsearch#132629
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
breaking changedashboardRelates to a Kibana dashboard bug, enhancement, or modification. documentationImprovements or additions to documentation. Applied to PRs that modify *.md files. Integration:m365_defenderMicrosoft Defender XDR Integration:microsoft_defender_endpointMicrosoft Defender for Endpoint Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Proposed commit message
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Pipeline tests and System tests pass.
Related issues
Screenshots
Updated dashboards:
Upgrade Flow
mde-vulnerability-3.1-to-3.2-upgrade-flow.mp4