Skip to content

x-pack/filebeat/input/entityanalytics/{okta,azuread/fetcher/graph}: add ability to remove request trace logs#40004

Merged
efd6 merged 1 commit intoelastic:mainfrom
efd6:39969-entityanalytics
Jun 28, 2024
Merged

x-pack/filebeat/input/entityanalytics/{okta,azuread/fetcher/graph}: add ability to remove request trace logs#40004
efd6 merged 1 commit intoelastic:mainfrom
efd6:39969-entityanalytics

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Jun 25, 2024

Proposed commit message

This is essentially a replay of #39969, but for the entity analytics providers.

The previous configuration system did not allow users to remove trace logs from agents after they are no longer needed. This is potential security risk as it leaves potentially sensitive information on the file system beyond its required lifetime. The mechanism for communicating to the input whether to write logs is not currently powerful enough to indicate that existing logs should be removed without deleting logs from other instances. So add an enabled configuration option to allow the target name to be sent independently of whether the files should be written or removed.

The new option is optional, defaulting to the previous behaviour so that it can be opted into via progressive repair in the client integrations.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added enhancement Filebeat Filebeat backport-skip Skip notification from the automated backport with mergify Team:Security-Service Integrations Security Service Integrations Team labels Jun 25, 2024
@efd6 efd6 self-assigned this Jun 25, 2024
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 25, 2024
@efd6 efd6 force-pushed the 39969-entityanalytics branch from b3a9ccf to 00582ec Compare June 25, 2024 01:03
@efd6 efd6 marked this pull request as ready for review June 25, 2024 02:54
@efd6 efd6 requested a review from a team as a code owner June 25, 2024 02:54
@elasticmachine
Copy link
Contributor

elasticmachine commented Jun 25, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@mergify
Copy link
Contributor

mergify bot commented Jun 25, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 39969-entityanalytics upstream/39969-entityanalytics
git merge upstream/main
git push upstream 39969-entityanalytics

@efd6 efd6 force-pushed the 39969-entityanalytics branch from 00582ec to 0526260 Compare June 25, 2024 21:40
@mergify
Copy link
Contributor

mergify bot commented Jun 27, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 39969-entityanalytics upstream/39969-entityanalytics
git merge upstream/main
git push upstream 39969-entityanalytics

@efd6 efd6 force-pushed the 39969-entityanalytics branch from 0526260 to 73ff70b Compare June 27, 2024 20:54
@mergify
Copy link
Contributor

mergify bot commented Jun 28, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 39969-entityanalytics upstream/39969-entityanalytics
git merge upstream/main
git push upstream 39969-entityanalytics

@efd6 efd6 force-pushed the 39969-entityanalytics branch from 73ff70b to da71774 Compare June 28, 2024 03:14
@efd6
x-pack/filebeat/input/entityanalytics/{okta,azuread/fetcher/graph}: a…
01b288a 
…dd ability to remove request trace logs

This is essentially a replay of elastic#39969, but for the entity analytics
providers.

The previous configuration system did not allow users to remove trace
logs from agents after they are no longer needed. This is potential
security risk as it leaves potentially sensitive information on the file
system beyond its required lifetime. The mechanism for communicating to
the input whether to write logs is not currently powerful enough to
indicate that existing logs should be removed without deleting logs from
other instances. So add an enabled configuration option to allow the
target name to be sent independently of whether the files should be
written or removed.

The new option is optional, defaulting to the previous behaviour so
that it can be opted into via progressive repair in the client
integrations.
@efd6 efd6 force-pushed the 39969-entityanalytics branch from da71774 to 01b288a Compare June 28, 2024 11:17
@efd6 efd6 enabled auto-merge (squash) June 28, 2024 12:00
@efd6 efd6 merged commit 5323dc6 into elastic:main Jun 28, 2024
@efd6 efd6 mentioned this pull request Dec 2, 2024
Merged
5 tasks
@efd6 efd6 mentioned this pull request Mar 6, 2025
Open
33 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@efd6 efd6

Labels

backport-skip Skip notification from the automated backport with mergify enhancement Filebeat Filebeat Team:Security-Service Integrations Security Service Integrations Team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @chemamartinez