Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

windows: add support for sysmon 15.0/event 29#6761

Merged
efd6 merged 1 commit intoelastic:mainfrom
efd6:6748-windows
Jul 9, 2023
Merged

windows: add support for sysmon 15.0/event 29#6761
efd6 merged 1 commit intoelastic:mainfrom
efd6:6748-windows

Conversation

@efd6
Copy link
Contributor

What does this PR do?

Adds a test case for sysmon 15.0/event 29.

Checklist

  • I have reviewedtips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package'schangelog.yml file.
  • I have verified that Kibana version constraints are current according toguidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commentedJun 30, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline ViewTest ViewChangesArtifactspreviewpreview

Expand to view the summary

Build stats

  • Start Time: 2023-07-09T21:52:27.751+0000

  • Duration: 15 min 22 sec

Test stats 🧪

TestResults
Failed0
Passed129
Skipped0
Total129

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commentedJun 30, 2023
edited
Loading

🌐 Coverage report

NameMetrics % (covered/total)Diff
Packages100.0% (4/4)💚
Files87.5% (7/8)👎 -9.635
Classes87.5% (7/8)👎 -9.635
Methods83.696% (77/92)👎 -8.459
Lines92.82% (5158/5557)👍 1.566
Conditionals100.0% (0/0)💚

@efd6efd6 marked this pull request as ready for reviewJune 30, 2023 02:48
@efd6efd6 requested review froma team ascode ownersJune 30, 2023 02:48
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6efd6force-pushed the6748-windows branch 2 times, most recently from8bac4e8 to3a25c7bCompareJune 30, 2023 08:15
@efd6efd6 changed the titlewindows: add test case for sysmon 15.0/event 29windows: add support for sysmon 15.0/event 29Jun 30, 2023
Copy link
Member

@ebeahanebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

LGTM

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I think it would be nice to have anevent.action populated with thesysmon event name likeFileExecutableDetected. But none of the other events have it at the moment either.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'll send another change for that.

Test case generated from XML document provided by user inelastic#6748.
@efd6efd6 merged commit623136c intoelastic:mainJul 9, 2023
@elasticmachine
Copy link

Package windows - 1.25.0 containing this change is available athttps://epr.elastic.co/search?package=windows

@efd6efd6 deleted the 6748-windows branchFebruary 5, 2025 22:05
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@andrewkrohandrewkrohandrewkroh approved these changes

@ebeahanebeahanebeahan approved these changes

@pierrehilbertpierrehilbertAwaiting requested review from pierrehilbertpierrehilbert is a code owner automatically assigned from elastic/elastic-agent-data-plane

@leehinmanleehinmanAwaiting requested review from leehinmanleehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@efd6efd6

Labels

enhancementNew feature or requestIntegration:windowsWindows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add coverage for sysmon 15.0/event 29

4 participants

@efd6@elasticmachine@andrewkroh@ebeahan

Comments

[8]ページ先頭
©2009-2026 Movatter.jp