Skip to content

[Filebeat][Azure Module] Fixing event.outcome from result_type issue#20998

Merged
leehinman merged 3 commits intoelastic:masterfrom
P1llus:filebeat_azuremodule_outcomefix
Sep 21, 2020
Merged

[Filebeat][Azure Module] Fixing event.outcome from result_type issue#20998
leehinman merged 3 commits intoelastic:masterfrom
P1llus:filebeat_azuremodule_outcomefix

Conversation

@P1llus
Copy link
Copy Markdown
Member

@P1llus P1llus commented Sep 6, 2020
edited
Loading

What does this PR do?

Adding a small fix to event.outcome from resulttype and adding a second property to event.outcome if result_type does not exist

Why is it important?

Fixes small issues for event.outcome parsing

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@P1llus P1llus requested a review from leehinman September 6, 2020 09:28
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 6, 2020

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Sep 6, 2020
@P1llus P1llus changed the title fixing a small typo in result type and adding more event.outcome poss… [Filebeat][Azure Module] Fixing event.outcome from result_type issue Sep 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 6, 2020
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20998 event]

  • Start Time: 2020-09-06T09:31:50.184+0000

  • Duration: 51 min 6 sec

Test stats 🧪

Test Results
Failed 0
Passed 2474
Skipped 388
Total 2862

@andresrc andresrc added the Team:Platforms Label for the Integrations - Platforms team label Sep 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 6, 2020

Pinging @elastic/integrations-platforms (Team:Platforms)

@P1llus
Copy link
Copy Markdown
Member Author

P1llus commented Sep 6, 2020

@threat-punter If you could share a example doc before it was parsed as well that would be great, then I can add it as part of our test data :)

leehinman
leehinman approved these changes Sep 6, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@threat-punter
Copy link
Copy Markdown

threat-punter commented Sep 8, 2020
edited
Loading

@threat-punter If you could share a example doc before it was parsed as well that would be great, then I can add it as part of our test data :)

Unfortunately not. My Azure subscription expired and it looks like I don't have access to the raw event anymore.

marc-gr
marc-gr reviewed Sep 9, 2020
View reviewed changes
CHANGELOG.next.asciidoc
- Convert httpjson to v2 input {pull}20226[20226]
- Improve Zeek x509 module with `x509` ECS mappings {pull}20867[20867]
- Improve Zeek SSL module with `x509` ECS mappings {pull}20927[20927]
- Added new properties field support for event.outcome in azure module {pull}20998[20998]
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to be reordered

@threat-punter
Copy link
Copy Markdown

threat-punter commented Sep 21, 2020

@P1llus do you know if this one will get merged before the 7.10 feature freeze?

Once it's merged, I can go ahead and merge these detection rules ready for 7.10 too elastic/detection-rules#143 and elastic/detection-rules#129

@P1llus
Copy link
Copy Markdown
Member Author

P1llus commented Sep 21, 2020
edited
Loading

@P1llus do you know if this one will get merged before the 7.10 feature freeze?

Once it's merged, I can go ahead and merge these detection rules ready for 7.10 too elastic/detection-rules#143 and elastic/detection-rules#129

@threat-punter
This will be in 7.10 indeed, have just not had time to look at getting the merge.

@leehinman anything else needed before a merge?

@leehinman
Copy link
Copy Markdown
Contributor

leehinman commented Sep 21, 2020

looks good. I'm merge & open backport PR.

@leehinman leehinman merged commit 578a0f9 into elastic:master Sep 21, 2020
leehinman pushed a commit to leehinman/beats that referenced this pull request Sep 21, 2020
@P1llus @leehinman
[Filebeat][Azure Module] Fixing event.outcome from result_type issue (e…
71122ff 
…lastic#20998)

* fixing a small typo in result type and adding more event.outcome possibilities

* Updating changelog

(cherry picked from commit 578a0f9)
@leehinman leehinman mentioned this pull request Sep 21, 2020
Merged
6 tasks
leehinman added a commit that referenced this pull request Sep 21, 2020
@leehinman @P1llus
[Filebeat][Azure Module] Fixing event.outcome from result_type issue (#…
227210c 
…20998) (#21203)

* fixing a small typo in result type and adding more event.outcome possibilities

* Updating changelog

(cherry picked from commit 578a0f9)

Co-authored-by: Marius Iversen <pillus@chasenet.org>
This was referenced Sep 22, 2020
Merged
Merged
v1v added a commit to v1v/beats that referenced this pull request Sep 24, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-pipeli…
c59bffe 
…ne-2.0-arm

* upstream/master: (29 commits)
  Fix librpm installation in auditbeat build (elastic#21239)
  Fix prometheus default config (elastic#21253)
  Fix dev guide test command (elastic#21254)
  Move aws lambda metricset to GA (elastic#21255)
  [Docs] Typo in table syntax (elastic#20227)
  [ECS] Adds related.hosts to capture all hostnames and host identifiers on an event. (elastic#21160)
  Add recursive split to httpjson (elastic#21214)
  [DOCS] Add beat specific start widgets (elastic#21217)
  Fix timestamp handling in remote_write (elastic#21166)
  Fix aws, azure and googlecloud compute dashboards (elastic#21098)
  Add acceptable event log keys to winlog (elastic#21205)
  Add elastic-agent to gitignore (elastic#21219)
  Add cloudfoundry tags to events (elastic#21177)
  [Ingest Manager] Agent includes pgp file (elastic#19480)
  Add compatibility note about ingress-controller-v0.34.1 (elastic#21209)
  [Ingest Manager] Support for UPGRADE_ACTION (elastic#21002)
  Fix libbeat.output.*.bytes metrics of Elasticsearch output (elastic#21197)
  [packaging] use docker.elastic.co/ubi8/ubi-minimal (elastic#21154)
  Add host inventory metrics to system module (elastic#20415)
  [Filebeat][Azure Module] Fixing event.outcome from result_type issue (elastic#20998)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marc-gr marc-gr marc-gr left review comments

@leehinman leehinman leehinman approved these changes

Assignees

No one assigned

Labels

enhancement Filebeat Filebeat Team:Platforms Label for the Integrations - Platforms team v7.10.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Request to update the Azure Filebeat module pipeline for parsing Azure activity logs

6 participants

@P1llus @elasticmachine @threat-punter @leehinman @marc-gr @andresrc