Skip to content

[Cisco Secure Email Gateway] Fix pipeline errors for AMP and Consolidated Event logs #8932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jan 23, 2024
Merged

[Cisco Secure Email Gateway] Fix pipeline errors for AMP and Consolidated Event logs #8932

merged 6 commits into from
Jan 23, 2024

Conversation

@chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Jan 18, 2024

Proposed commit message

Fixed two pipeline errors in the Cisco Secure Email Gateway integration:

AMP logs

The kv processor splits key-value pairs by commas. However some fields could contain commas, such as a file name, making the processor to fail with:

field [_tmp.new_message] does not contain value_split [ = | =|: ]

This has been fixed by modifying the pattern of field_split. Now it looks for any comma which is not surrounded by quotes.

Also, a new field verdict_source has been added.

Consolidated Events

The grok processor in charge of parsing the CEF events fails if endTime or startTime are missing. These fields are also optional so the pattern has been modified to make them optional too.

More info at Cisco docs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
@chemamartinez chemamartinez added Team:Security-External Integrations Integration:cisco_secure_email_gateway Cisco Secure Email Gateway bugfix Pull request that fixes a bug issue labels Jan 18, 2024
@chemamartinez chemamartinez self-assigned this Jan 18, 2024
@chemamartinez chemamartinez marked this pull request as ready for review January 18, 2024 16:40
@chemamartinez chemamartinez requested a review from a team as a code owner January 18, 2024 16:40
@elasticmachine
Copy link

elasticmachine commented Jan 18, 2024

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
@chemamartinez chemamartinez requested a review from efd6 January 22, 2024 11:44
@elasticmachine
Copy link

elasticmachine commented Jan 22, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
bhapas
bhapas reviewed Jan 22, 2024
View reviewed changes
efd6
efd6 approved these changes Jan 22, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after @bhapas suggestion applied.
@chemamartinez chemamartinez requested a review from bhapas January 23, 2024 08:23
@elasticmachine
Copy link

elasticmachine commented Jan 23, 2024

💚 Build Succeeded

History

cc @chemamartinez
@chemamartinez chemamartinez merged commit 1ea9774 into elastic:main Jan 23, 2024
@elasticmachine
Copy link

elasticmachine commented Jan 23, 2024

Package cisco_secure_email_gateway - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=cisco_secure_email_gateway
2 similar comments
@elasticmachine
Copy link

elasticmachine commented Jan 23, 2024

Package cisco_secure_email_gateway - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=cisco_secure_email_gateway
@elasticmachine
Copy link

elasticmachine commented Jan 23, 2024

Package cisco_secure_email_gateway - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=cisco_secure_email_gateway
@narph narph added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jun 13, 2024
@elasticmachine
Copy link

elasticmachine commented Jun 13, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@chemamartinez chemamartinez deleted the fix-cisco_secure_email_gateway-pipelines branch February 6, 2025 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_secure_email_gateway Cisco Secure Email Gateway Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

5 participants

@chemamartinez @elasticmachine @efd6 @bhapas @narph