reposition drop processor

Author: niraj-crest

packages/ti_google_threat_intelligence/_dev/build/docs/README.md

@@ -120,7 +120,7 @@ Detection Rules match the user's Elastic environment data with GTI data, generat
 2. Search for **Google Threat Intelligence** to find prebuilt Elastic detection rules.
 3. Four detection rules are available for **IP, URL, File, and Domain**. Users can install one or more rules as needed.
 
-To tailor a rule based on elastic Environment:
+To tailor a rule based on Elastic environment:
 
 1. Click the three dots on the right side of any detection rule.
 2. Select **Duplicate Rule**.

packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Cryptominer events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing First Stage Delivery Vectors events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Infostealer events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/ioc_stream/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing ioc_stream logs.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing IOT events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/linux/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Linux events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Malicious Network Infrastructure events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/malware/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Malware events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization

packages/ti_google_threat_intelligence/data_stream/mobile/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for processing Mobile events.
 processors:
+ - drop:
+ if: ctx.message == 'retry'
+ tag: drop_retry_events
  - set:
  field: ecs.version
  tag: set_ecs_version
@@ -9,9 +12,6 @@ processors:
  tag: data_collection_error
  if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
  description: error message set and no data to process.
- - drop:
- if: ctx.message == 'retry'
- tag: drop_retry_events
  - remove:
  field:
  - organization