Skip to content

[7.x](backport #27638) Filebeat auditd: Fix Top Exec Commands dashboard visualization#27646

Merged
adriansr merged 1 commit intoelastic:7.xfrom
adriansr:fix_auditd_dashboard_7.x
Aug 30, 2021
Merged

[7.x](backport #27638) Filebeat auditd: Fix Top Exec Commands dashboard visualization#27646
adriansr merged 1 commit intoelastic:7.xfrom
adriansr:fix_auditd_dashboard_7.x

Conversation

@adriansr
Copy link
Copy Markdown
Contributor

@adriansr adriansr commented Aug 30, 2021
edited
Loading

This is a manual backport of pull request #27638 for the 7.x branch, as dashboards have changed name and format in master, it's easier to merge a custom fix.

@adriansr
Filebeat auditd: Fix Top Exec Commands dashboard visualization (elast…
40a9c7b 
…ic#27638)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.
@adriansr adriansr added bug Team:Security-External Integrations backport-v7.14.0 Automated backport with mergify backport-v7.15.0 Automated backport with mergify labels Aug 30, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 30, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Aug 30, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 30, 2021

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-08-30T14:16:19.768+0000

  • Duration: 104 min 21 sec

  • Commit: 40a9c7b

Test stats 🧪

Test Results
Failed 0
Passed 14563
Skipped 2327
Total 16890

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 14563
Skipped 2327
Total 16890

@adriansr adriansr merged commit 9b574ef into elastic:7.x Aug 30, 2021
mergify bot pushed a commit that referenced this pull request Aug 30, 2021
@adriansr
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)…
1b398b1 
… (#27646)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.

(cherry picked from commit 9b574ef)

# Conflicts:
#	filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.ndjson
@mergify mergify bot mentioned this pull request Aug 30, 2021
Merged
mergify bot pushed a commit that referenced this pull request Aug 30, 2021
@adriansr
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)…
1da6b71 
… (#27646)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.

(cherry picked from commit 9b574ef)
@mergify mergify bot mentioned this pull request Aug 30, 2021
Closed
@adriansr adriansr mentioned this pull request Aug 31, 2021
Merged
adriansr added a commit that referenced this pull request Aug 31, 2021
@adriansr
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)…
e3c9257 
… (#27646)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.

(cherry picked from commit 9b574ef)
adriansr added a commit that referenced this pull request Aug 31, 2021
@mergify @adriansr
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)…
f230b31 
… (#27646) (#27649)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.

(cherry picked from commit 9b574ef)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
adriansr added a commit that referenced this pull request Aug 31, 2021
@adriansr
Re-apply fix for auditd dashboard (#27672)
a389f38 
Re-applies the fix introduced by #27646, as it's been reverted in #27636.
This is caused by merging PRs in a different order than in master.
mergify bot pushed a commit that referenced this pull request Aug 31, 2021
@adriansr
Re-apply fix for auditd dashboard (#27672)
3653271 
Re-applies the fix introduced by #27646, as it's been reverted in #27636.
This is caused by merging PRs in a different order than in master.

(cherry picked from commit a389f38)
adriansr pushed a commit that referenced this pull request Aug 31, 2021
@mergify
[7.15](backport #27672) Re-apply fix for auditd dashboard (#27673)
c5df499 
Re-applies the fix introduced by #27646, as it's been reverted in #27636.
This is caused by merging PRs in a different order than in master.

(cherry picked from commit a389f38)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport-v7.14.0 Automated backport with mergify backport-v7.15.0 Automated backport with mergify bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adriansr @elasticmachine