Skip to content

[7.x](backport #28511) [azure] signinlogs - support additional category types#28544

Merged
andrewkroh merged 1 commit into7.xfrom
mergify/bp/7.x/pr-28511
Oct 19, 2021
Merged

[7.x](backport #28511) [azure] signinlogs - support additional category types#28544
andrewkroh merged 1 commit into7.xfrom
mergify/bp/7.x/pr-28511

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify bot commented Oct 19, 2021
edited by zube bot
Loading

This is an automatic backport of pull request #28511 done by Mergify.
Cherry-pick of 45cea45 has failed:

On branch mergify/bp/7.x/pr-28511
Your branch is up to date with 'origin/7.x'.

You are currently cherry-picking commit 45cea4588d.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   CHANGELOG.next.asciidoc
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-managed-identity.log
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-managed-identity.log-expected.json
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-non-interactive-user.log
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-non-interactive-user.log-expected.json
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-service-principal.log
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-service-principal.log-expected.json
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-signinlogs-raw.log
	new file:   x-pack/filebeat/module/azure/signinlogs/test/test-signinlogs-raw.log-expected.json

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   filebeat/docs/fields.asciidoc
	both modified:   x-pack/filebeat/module/azure/fields.go
	both modified:   x-pack/filebeat/module/azure/signinlogs/_meta/fields.yml
	both modified:   x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml
	both modified:   x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.io/

@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Oct 19, 2021
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 19, 2021
@andrewkroh
[azure] signinlogs - support additional category types (#28511)
8198ba7 
Add support and tests for ManagedIdentitySignInLogs, NonInteractiveUserSignInLogs, and ServicePrincipalSignInLogs.
The pipeline will process any logs that have category of /.*SignInLogs$/. It previously only processed logs that matched
a category of /^SignInLogs$/.

Changes

- Convert azure field names from camel case to snake case to be consistent with our other fields. Previous this
  was done on field by field basis with rename processors. Now a script processor does it recursively on all fields.
- Populate user_agent fields.
- Flatten the key/value objects under azure.signinlogs.properties.authentication_processing_details.
- Populate event.id with azure.signinlogs.properties.id.
- Set source.address.

Syncs changes from elastic/integrations#1721 to Beats.

Relates #23653
@andrewkroh andrewkroh force-pushed the mergify/bp/7.x/pr-28511 branch from 26a9c74 to 8198ba7 Compare October 19, 2021 20:14
@andrewkroh andrewkroh added Team:Security-External Integrations and removed conflicts There is a conflict in the backported pull request labels Oct 19, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 19, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 19, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 19, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-10-19T20:15:16.498+0000

  • Duration: 119 min 40 sec

  • Commit: 8198ba7

Test stats 🧪

Test Results
Failed 0
Passed 15391
Skipped 2333
Total 17724

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

@andrewkroh andrewkroh merged commit 7dd8c55 into 7.x Oct 19, 2021
@mergify mergify bot deleted the mergify/bp/7.x/pr-28511 branch October 19, 2021 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@andrewkroh andrewkroh

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@elasticmachine @andrewkroh