Skip to content

[cisco_meraki] Fix handling of security events without dhost and with action. #8384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 3, 2023
Merged

[cisco_meraki] Fix handling of security events without dhost and with action. #8384

merged 3 commits into from
Nov 3, 2023

Conversation

@marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Nov 2, 2023

Proposed commit message

Pipeline assumed a closed set of fields for security events. This fixes that since some events have different field sets than previously expected.

It does so by simplifying the pipeline logic from several dissect steps to a single grok+kv one.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
@marc-gr marc-gr added bug Something isn't working, use only for issues Team:Security-External Integrations labels Nov 2, 2023
@marc-gr marc-gr requested a review from a team as a code owner November 2, 2023 11:32
@elasticmachine
Copy link

elasticmachine commented Nov 2, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
@elasticmachine
Copy link

elasticmachine commented Nov 2, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-11-02T11:39:33.774+0000

  • Duration: 19 min 45 sec

Test stats 🧪

Test Results
Failed 0
Passed 19
Skipped 0
Total 19

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
@elasticmachine
Copy link

elasticmachine commented Nov 2, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (9/9) 💚
Classes 100.0% (9/9) 💚
Methods 100.0% (68/68) 💚 2.632
Lines 98.478% (1165/1183) 👍 3.051
Conditionals 100.0% (0/0) 💚
@marc-gr marc-gr merged commit 0517543 into elastic:main Nov 3, 2023
@marc-gr marc-gr deleted the fix-meraki-secevents branch November 3, 2023 07:23
@elasticmachine
Copy link

elasticmachine commented Nov 3, 2023

Package cisco_meraki - 1.18.1 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working, use only for issues Integration:cisco_meraki Cisco Meraki

4 participants

@marc-gr @elasticmachine @efd6 @andrewkroh