[dga] Ensure event.kind is correctly set for pipeline errors (#7053)

Author: MakoWish

packages/dga/changelog.yml

@@ -1,3 +1,9 @@
+# newer versions go on top
+- version: "1.1.0"
+ changes:
+ - description: Ensure event.kind is correctly set for pipeline errors.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/7053
 - version: "1.0.1"
  changes:
  - description: Add the Advanced Analytics (UEBA) subcategory

packages/dga/elasticsearch/ingest_pipeline/ml_dga_inference_pipeline.yml

@@ -99,3 +99,10 @@ processors:
  ctx['ml_is_dga'] = new HashMap();
  ctx['ml_is_dga']['malicious_prediction'] = malicious_prediction;
  ctx['ml_is_dga']['malicious_probability'] = malicious_probability;
+on_failure:
+ - set:
+ field: event.kind
+ value: pipeline_error
+ - append:
+ field: error.message
+ value: '{{{ _ingest.on_failure_message }}}'

packages/dga/elasticsearch/ingest_pipeline/ml_dga_ingest_pipeline.yml

@@ -7,5 +7,8 @@ processors:
 version: 1
 on_failure:
  - set:
+ field: event.kind
+ value: pipeline_error
+ - append:
  field: error.message
- value: '{{ _ingest.on_failure_message }}'
+ value: '{{{ _ingest.on_failure_message }}}'

packages/dga/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: dga
 title: "Domain Generation Algorithm Detection"
-version: 1.0.1
+version: 1.1.0
 license: basic
 description: "ML solution package to detect domain generation algorithm (DGA) activity in your network data. Requires a Platinum subscription."
 type: integration