[symantec_endpoint_security] Fix null check conditions (#11029)

A number of field references unsafely included access through potentially null objects, so add null-safe operators.

Author: janvi-elastic

packages/symantec_endpoint_security/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.3.2"
+ changes:
+ - description: Handle null values scenario.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/11029
 - version: "0.3.1"
  changes:
  - description: Improve handling of scalar `raw_data` field values.

packages/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-diagnostic.log

@@ -9,7 +9,7 @@ processors:
  field: event.category
  tag: append_event_category_file
  value: file
- if: ctx.ses.type_id == '5'
+ if: ctx.ses?.type_id == '5'
  - append:
  field: event.category
  tag: append_event_category_configuration
@@ -19,7 +19,7 @@ processors:
  field: event.type
  tag: append_event_type_change
  value: change
- if: ctx.ses.type_id == '4'
+ if: ctx.ses?.type_id == '4'
  - append:
  field: event.type
  tag: append_event_type_info

packages/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-diagnostic.log-expected.json

@@ -9,12 +9,12 @@ processors:
  field: event.category
  tag: append_event_category_session
  value: session
- if: ctx.ses.type_id == '20'
+ if: ctx.ses?.type_id == '20'
  - append:
  field: event.category
  tag: append_event_category_configuration
  value: configuration
- if: ctx.ses.type_id == '22'
+ if: ctx.ses?.type_id == '22'
  - append:
  field: event.type
  tag: append_event_type_info

packages/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-security.log

@@ -9,27 +9,27 @@ processors:
  field: event.category
  tag: append_event_category_session
  value: session
- if: ctx.ses.type_id == '8026'
+ if: ctx.ses?.type_id == '8026'
  - append:
  field: event.category
  tag: append_event_category_process
  value: process
- if: ctx.ses.type_id == '8027'
+ if: ctx.ses?.type_id == '8027'
  - append:
  field: event.category
  tag: append_event_category_driver
  value: driver
- if: ctx.ses.type_id == '8030'
+ if: ctx.ses?.type_id == '8030'
  - append:
  field: event.category
  tag: append_event_category_file
  value: file
- if: ctx.ses.type_id == '8031'
+ if: ctx.ses?.type_id == '8031'
  - append:
  field: event.category
  tag: append_event_category_network
  value: network
- if: ctx.ses.type_id == '8040'
+ if: ctx.ses?.type_id == '8040'
  - append:
  field: event.category
  tag: append_event_category_registry

packages/symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-category-security.log-expected.json

@@ -9,7 +9,7 @@ processors:
  field: event.category
  tag: append_event_category_session
  value: session
- if: ctx.ses.type_id == '8000'
+ if: ctx.ses?.type_id == '8000'
  - append:
  field: event.category
  tag: append_event_category_process

packages/symantec_endpoint_security/data_stream/event/elasticsearch/ingest_pipeline/pipeline_category_application.yml

@@ -295,7 +295,7 @@ processors:
  field: ses.actor.file.rep_score_band
  tag: convert_actor_file_rep_score_band_to_long
  type: long
- if: ctx.ses.actor.file.rep_score_band != ''
+ if: ctx.ses?.actor?.file?.rep_score_band != ''
  ignore_missing: true
  on_failure:
  - append:
@@ -353,7 +353,7 @@ processors:
  field: ses.actor.file.signature_level_id
  tag: convert_actor_file_signature_level_id_to_string
  type: string
- if: ctx.ses.actor.file.signature_level_id != ''
+ if: ctx.ses?.actor?.file?.signature_level_id != ''
  ignore_missing: true
  on_failure:
  - append:
@@ -372,7 +372,7 @@ processors:
  field: ses.actor.file.signature_value
  tag: convert_actor_file_signature_value_to_long
  type: long
- if: ctx.ses.actor.file.signature_value != ''
+ if: ctx.ses?.actor?.file?.signature_value != ''
  ignore_missing: true
  on_failure:
  - append:
@@ -402,7 +402,7 @@ processors:
  field: ses.actor.file.size
  tag: convert_actor_file_size_to_long
  type: long
- if: ctx.ses?.actor?.file.size != ''
+ if: ctx.ses?.actor?.file?.size != ''
  ignore_missing: true
  on_failure:
  - append:
@@ -1046,7 +1046,7 @@ processors:
  field: ses.actor.session.id
  tag: convert_actor_session_id_to_string
  type: string
- if: ctx.ses?.actor?.session.id != ''
+ if: ctx.ses?.actor?.session?.id != ''
  ignore_missing: true
  on_failure:
  - append: