Address PR comments

moxarth-rathod · moxarth-rathod · commit 8accc1c5bc67 · 2025-12-12T10:49:42.000+05:30
diff --git a/packages/azure/changelog.yml b/packages/azure/changelog.yml
@@ -1,11 +1,14 @@
 - version: "1.31.0"
   changes:
+    - description: |
+        Remove `destination.ip` and `destination.port` mapping of `TranslatedIp` and `TranslatedPort`.
+      type: breaking-change
+      link: https://github.com/elastic/integrations/pull/16395
     - description: |
         Add `destination.ip` to `destination.address` and `source.ip` to `source.address`.
         Add `TranslatedIp` and `TranslatedPort` to `destination.nat.ip` and `destination.nat.port`.
         Update event type mappings for AZFWNetworkRule and AZFWApplicationRule categories in firewall_logs data stream.
-        Remove `destination.ip` and `destination.port` mapping of `TranslatedIp` and `TranslatedPort`.
-      type: breaking-change
+      type: enhancement
       link: https://github.com/elastic/integrations/pull/16395
 - version: "1.30.0"
   changes:
diff --git a/packages/azure/data_stream/firewall_logs/elasticsearch/ingest_pipeline/default.yml b/packages/azure/data_stream/firewall_logs/elasticsearch/ingest_pipeline/default.yml
@@ -233,13 +233,13 @@ processors:
       field: event.type
       tag: append_allowed_into_event_type
       value: allowed
-      if: ctx.event?.action != null && ctx.event.action.equalsIgnoreCase("Allow")
+      if: ctx.event?.action?.equalsIgnoreCase('Allow') == true
       allow_duplicates: false
   - append:
       field: event.type
       tag: append_denied_into_event_type
       value: denied
-      if: ctx.event?.action != null && ctx.event.action.equalsIgnoreCase("Deny")
+      if: ctx.event?.action?.equalsIgnoreCase('Deny') == true
       allow_duplicates: false
   - grok:
       field: source.address
