Skip to content

[Enhancement] Update winlog.event_data.AttributeValue mappings #9515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 15, 2024
Merged

[Enhancement] Update winlog.event_data.AttributeValue mappings #9515

merged 5 commits into from
May 15, 2024

Conversation

@w0rk3r
Copy link
Contributor

@w0rk3r w0rk3r commented Apr 3, 2024

Summary

Attempts to resolve #7381

Proposed commit message

Adjusts the ignore_above parameter to make Active Directory DACLs searchable, adds a wildcard multi-field to winlog.event_data.AttributeValue.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

#7381
@w0rk3r w0rk3r added the enhancement New feature or request label Apr 3, 2024
@w0rk3r w0rk3r requested a review from andrewkroh April 3, 2024 20:58
@w0rk3r w0rk3r self-assigned this Apr 3, 2024
@w0rk3r w0rk3r requested review from a team as code owners April 3, 2024 20:58
@w0rk3r w0rk3r marked this pull request as draft April 3, 2024 20:58
@terrancedejesus terrancedejesus marked this pull request as ready for review April 3, 2024 21:26
@terrancedejesus
Copy link
Contributor

terrancedejesus commented Apr 3, 2024

/test
@w0rk3r
Copy link
Contributor Author

w0rk3r commented Apr 9, 2024

cc @jamiehynds
@jamiehynds jamiehynds added the Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] label Apr 9, 2024
@elasticmachine
Copy link

elasticmachine commented Apr 9, 2024

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)
@jamiehynds
Copy link

jamiehynds commented Apr 9, 2024

@marc-gr would you mind helping with the review for this enhancement to unblock the TRADE team from building some new detection rules?
@marc-gr
Copy link
Contributor

marc-gr commented Apr 15, 2024

/test
@marc-gr
Copy link
Contributor

marc-gr commented Apr 15, 2024

@w0rk3r the README needs to be updated. It should be alright after commiting the changes after elastic-package check
@elasticmachine
Copy link

elasticmachine commented May 9, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@w0rk3r w0rk3r enabled auto-merge (squash) May 9, 2024 22:38
@w0rk3r w0rk3r requested a review from ishleenk17 May 9, 2024 22:48
@w0rk3r w0rk3r disabled auto-merge May 12, 2024 16:11
@w0rk3r w0rk3r removed the request for review from ishleenk17 May 12, 2024 16:12
@elasticmachine
Copy link

elasticmachine commented May 12, 2024

💚 Build Succeeded

History

cc @w0rk3r
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented May 12, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube
@w0rk3r w0rk3r enabled auto-merge (squash) May 12, 2024 16:31
@w0rk3r w0rk3r requested review from a team and ishleenk17 May 12, 2024 16:31
ishleenk17
ishleenk17 approved these changes May 15, 2024
View reviewed changes
Copy link
Member

@ishleenk17 ishleenk17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing the build error.
Looks good!
@w0rk3r w0rk3r merged commit 568fe69 into main May 15, 2024
@elasticmachine
Copy link

elasticmachine commented May 15, 2024

Package system - 1.57.0 containing this change is available at https://epr.elastic.co/search?package=system
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Area: RAD enhancement New feature or request Integration:system System Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

8 participants

@w0rk3r @terrancedejesus @elasticmachine @jamiehynds @marc-gr @andrewkroh @ishleenk17