Skip to content

[Checkpoint] Include sequencenum for checkpoint fingerprint #12439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Jan 29, 2025
Merged

[Checkpoint] Include sequencenum for checkpoint fingerprint #12439

merged 0 commits into from
Jan 29, 2025

Conversation

@gogochan
Copy link
Contributor

@gogochan gogochan commented Jan 23, 2025
edited
Loading

Proposed commit message

From Checkpoint admin guide

loguid - Some Check Point logs are updated over time. Updated logs have the same loguid value. Check Point SmartLog client correlates those updates into a single unified log. When the update logs are sent to 3rd party servers, they arrive as distinct logs.

It is possible for multiple log entries to share the existing attributes as it was shown in https://github.com/elastic/sdh-beats/issues/5556, hence adding sequencenum to calculate the fingerprint.

Also adding additional missing fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots
@gogochan gogochan requested a review from a team as a code owner January 23, 2025 14:40
@andrewkroh andrewkroh added Integration:checkpoint Check Point Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Jan 23, 2025
@elasticmachine
Copy link

elasticmachine commented Jan 23, 2025

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
@andrewkroh andrewkroh added the bugfix Pull request that fixes a bug issue label Jan 23, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jan 23, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
taylor-swanson
taylor-swanson approved these changes Jan 29, 2025
View reviewed changes
packages/checkpoint/data_stream/firewall/fields/fields.yml Outdated
Copy link
Contributor

@taylor-swanson taylor-swanson Jan 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo

Suggested change
User agenta kind
User agent kind
Copy link
Contributor Author

@gogochan gogochan Jan 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
@elasticmachine
Copy link

elasticmachine commented Jan 29, 2025

💚 Build Succeeded

History

  • 💔 Build #21227 failed 26739aacfd0f4046ef702515b20802719d0bacdf
  • 💚 Build #20858 succeeded 6a03d296a75a9f2985c219a888998ae1bcd1113b
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jan 29, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
96.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@gogochan gogochan merged this pull request into main Jan 29, 2025
5 checks passed
@gogochan gogochan deleted the sdh/beats5556 branch January 29, 2025 18:13
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jan 29, 2025

Package checkpoint - 1.34.6 containing this change is available at https://epr.elastic.co/package/checkpoint/1.34.6/
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@gogochan
[Checkpoint] Include sequencenum for checkpoint fingerprint (elastic#…
563decb 
…12439)
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@gogochan
[Checkpoint] Include sequencenum for checkpoint fingerprint (elastic#…
8fdbf30 
…12439)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:checkpoint Check Point Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

6 participants

@gogochan @elasticmachine @mjwolf @taylor-swanson @andrewkroh