[Carbon Black Cloud] - Fix @timestamp value by changing source to device_timestamp

[ShourieG]

Type of change

• Bug

Proposed commit message

Till now the @timestamp value was created with the create_time value. But after some discussions internally it was found that this was incorrect as this is the time at which the event gets ingested into carbon black cloud. The correct source for the timestamp value is device_timestamp which is the time at which the event is detected by the device and reported. Changes have made to reflect this, and at the same time a new field has been introduced called create_time which mirrors the original create_time value so that data integrity is maintained with the original event.

NOTE

Please ignore the older commit history, as the branch was already existing locally without any changes from before but had merge commits as a result of merging upstream/main multiple times. Only the last few commits matter.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Closes Carbon Black Cloud - Fix timestamp value #9381

Screenshots

Test Results

--- Test results for package: carbon_black_cloud - START --- ╭────────────────────┬─────────────────────────────┬───────────┬──────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├────────────────────┼─────────────────────────────┼───────────┼──────────────────────────────────────┼────────┼──────────────┤ │ carbon_black_cloud │ alert │ pipeline │ test-alert.log │ PASS │ 5.53725ms │ │ carbon_black_cloud │ asset_vulnerability_summary │ pipeline │ test-asset-vulnerability-summary.log │ PASS │ 3.936875ms │ │ carbon_black_cloud │ audit │ pipeline │ test-audit.log │ PASS │ 2.873917ms │ │ carbon_black_cloud │ endpoint_event │ pipeline │ test-endpoint-event.log │ PASS │ 9.628666ms │ │ carbon_black_cloud │ watchlist_hit │ pipeline │ test-watchlist-hit.log │ PASS │ 7.502125ms │ ╰────────────────────┴─────────────────────────────┴───────────┴──────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: carbon_black_cloud - END ---

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 8300373

cc @ShourieG

[elastic-sonarqube]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[chemamartinez]

LGTM

[elasticmachine]

Package carbon_black_cloud - 1.21.2 containing this change is available at https://epr.elastic.co/search?package=carbon_black_cloud