Skip to content

[Filebeat] Parse additonal debug data fields for Okta module#25818

Merged
P1llus merged 8 commits intoelastic:masterfrom
legoguy1000:25689-okta-fields
Jun 24, 2021
Merged

[Filebeat] Parse additonal debug data fields for Okta module#25818
P1llus merged 8 commits intoelastic:masterfrom
legoguy1000:25689-okta-fields

Conversation

@legoguy1000
Copy link
Copy Markdown
Contributor

@legoguy1000 legoguy1000 commented May 21, 2021
edited
Loading

What does this PR do?

Parses the Suspicious Activity fields for the Okta module from the okta.debug_context.debug_data field.

Why is it important?

The module currently deletes the Suspicious Activity fields from the events, losing vital infmormation.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

cd beats/x-pack/filebeat
TESTING_FILEBEAT_MODULES=okta TESTING_FILEBEAT_FILESETS=system mage -v pythonIntegTest

Related issues

Use cases

Screenshots

Logs

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 21, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 21, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: P1llus commented: run tests

  • Start Time: 2021-06-24T14:11:52.089+0000

  • Duration: 112 min 23 sec

  • Commit: d69a251

Test stats 🧪

Test Results
Failed 0
Passed 14224
Skipped 2311
Total 16535

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 14224
Skipped 2311
Total 16535

@legoguy1000 legoguy1000 marked this pull request as ready for review May 23, 2021 22:21
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 24, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 24, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented May 25, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented May 26, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus
Copy link
Copy Markdown
Member

P1llus commented May 27, 2021

run tests

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 2, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 7, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@legoguy1000 legoguy1000 force-pushed the 25689-okta-fields branch 3 times, most recently from 4ff6fda to 4d4e03f Compare June 7, 2021 16:28
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 8, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus P1llus added the needs_integration_sync Changes in this PR need synced to elastic/integrations. label Jun 15, 2021
@P1llus
Copy link
Copy Markdown
Member

P1llus commented Jun 15, 2021

/test

P1llus
P1llus reviewed Jun 16, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one comment first

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 16, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 24, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus
Copy link
Copy Markdown
Member

P1llus commented Jun 24, 2021

run tests

@P1llus P1llus merged commit 4aff295 into elastic:master Jun 24, 2021
@P1llus P1llus added the backport-v7.14.0 Automated backport with mergify label Jun 24, 2021
mergify bot pushed a commit that referenced this pull request Jun 24, 2021
@legoguy1000 @P1llus
[Filebeat] Parse additonal debug data fields for Okta module (#25818)
fdc4d3e 
* #25689: Parse additonal debug data fields for Okta module

* update generated data

* update changelog

* added additional test data & `uri_parts` processor

* update fields

* fix changelog

* update fields

Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
(cherry picked from commit 4aff295)
@mergify mergify bot mentioned this pull request Jun 24, 2021
Merged
P1llus pushed a commit that referenced this pull request Jun 24, 2021
@mergify @legoguy1000
[Filebeat] Parse additonal debug data fields for Okta module (#25818) (
74e273a 
…#26487)

* #25689: Parse additonal debug data fields for Okta module

* update generated data

* update changelog

* added additional test data & `uri_parts` processor

* update fields

* fix changelog

* update fields

Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
(cherry picked from commit 4aff295)

Co-authored-by: Alex Resnick <adr8292@gmail.com>
mdelapenya added a commit to mdelapenya/beats that referenced this pull request Jun 28, 2021
@mdelapenya
Merge branch 'master' into archive-system-tests
b6dbec3 
* master: (32 commits)
  [Metricbeat] Change Account ID to Project ID in `gcp.billing` module (elastic#26412)
  update libbeat fields.ecs.yml file and ecsVersion to 1.10.0 (elastic#26121)
  [Filebeat] Update AWS ELB ingest pipeline (elastic#26441)
  [FIlebeat] add strict_date_optional_time_nanos date format to PanOS module (elastic#26158)
  Fix the irregular and typo on prometheus module. (elastic#25726)
  [Filebeat] Parse additonal debug data fields for Okta module (elastic#25818)
  fix: update MSSQL Server linux image's Docker registry (elastic#26440)
  Update indexing.go godocs (elastic#26408)
  Do not close filestream harvester if an unexpected error is returned when close.on_state_change.* is enabled (elastic#26411)
  Add support for copytruncate method when rotating input logs with an external tool in `filestream` input (elastic#23457)
  Allow fields with ip_range datatype (elastic#26444)
  Add Anomali ThreatStream support to threatintel module (elastic#26350)
  fix: use the right param type (elastic#26469)
  [Automation] Update elastic stack version to 8.0.0-7640093f for testing (elastic#26460)
  Set SM Filebeat modules as GA (elastic#26226)
  Fix rfc5464 date parsing in the syslog input (elastic#26419)
  Add linked account information into billing metricset (elastic#26285)
  [Filebeat] Update HA Proxy log grok patterns (elastic#25835)
  disable metricbeat logstash test_node_stats (elastic#26436)
  chore: pass BEAT_VERSION when running E2E tests (elastic#26291)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@P1llus P1llus P1llus approved these changes

+1 more reviewer

@BenB196 BenB196 BenB196 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport-v7.14.0 Automated backport with mergify enhancement needs_integration_sync Changes in this PR need synced to elastic/integrations.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Filebeat][Okta] Ingest Pipeline for Okta Module drops debug_context fields

5 participants

@legoguy1000 @elasticmachine @P1llus @BenB196 @jamiehynds