bitdefender: ensure remediation actions are correlated with their file paths (#11013)

The .filePaths, .fileSizes and .remediationActions are correlated arrays, so ensure that empty actions are not removed from the array to maintain their cardinality relationships.

Author: efd6

packages/bitdefender/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.1.1"
+ changes:
+ - description: Ensure remediation actions are correlated with their file paths.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/11013
 - version: "2.1.0"
  changes:
  - description: "Allow @custom pipeline access to event.original without setting preserve_original_event."

packages/bitdefender/data_stream/push_notifications/_dev/test/pipeline/test-push-notification-jsonrpc.json-expected.json

@@ -1612,6 +1612,7 @@
  "module": "network-sandboxing",
  "remediationActions": [
  "1",
+ "-",
  "1"
  ],
  "threatType": "RANSOMWARE"

packages/bitdefender/data_stream/push_notifications/_dev/test/pipeline/test-push-notification.json-expected.json

@@ -953,6 +953,7 @@
  "module": "network-sandboxing",
  "remediationActions": [
  "1",
+ "-",
  "1"
  ],
  "threatType": "RANSOMWARE"

packages/bitdefender/data_stream/push_notifications/elasticsearch/ingest_pipeline/default.yml

@@ -1537,6 +1537,13 @@ processors:
  }
  return false;
  }
+ // Prevent empty fields in correlated arrays from being removed.
+ // The first two cases should never happen, but are included
+ // defensively. The remediationActions elements may be validly
+ // empty.
+ ctx.bitdefender?.event?.filePath?.replaceAll(e -> e == "" ? "-" : e);
+ ctx.bitdefender?.event?.fileSizes?.replaceAll(e -> e == "" ? "-" : e);
+ ctx.bitdefender?.event?.remediationActions?.replaceAll(e -> e == "" ? "-" : e);
  dropEmptyFields(ctx);
 
 - remove:

packages/bitdefender/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: bitdefender
 title: "BitDefender"
-version: "2.1.0"
+version: "2.1.1"
 source:
  license: "Elastic-2.0"
 description: "Ingest BitDefender GravityZone logs and data"