[Azure] Application Gateway WAF: add event.reason#10007
[Azure] Application Gateway WAF: add event.reason#10007andrewkroh merged 12 commits intoelastic:mainfrom
Conversation
(original)properties.details.data as rule.matched_data
|
💚 CLA has been signed |
This comment was marked as resolved.
This comment was marked as resolved.
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
/test |
🚀 Benchmarks reportPackage
|
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
springcloudlogs |
4098.36 | 3115.26 | -983.1 (-23.99%) | 💔 |
application_gateway |
2967.36 | 1733.1 | -1234.26 (-41.59%) | 💔 |
auditlogs |
1945.53 | 1526.72 | -418.81 (-21.53%) | 💔 |
eventhub |
333333.33 | 250000 | -83333.33 (-25%) | 💔 |
firewall_logs |
1420.45 | 1113.59 | -306.86 (-21.6%) | 💔 |
graphactivitylogs |
1834.86 | 1451.38 | -383.48 (-20.9%) | 💔 |
identity_protection |
4608.29 | 2724.8 | -1883.49 (-40.87%) | 💔 |
platformlogs |
4950.5 | 2849 | -2101.5 (-42.45%) | 💔 |
provisioning |
2898.55 | 2288.33 | -610.22 (-21.05%) | 💔 |
To see the full report comment with /test benchmark fullreport
|
...stream/application_gateway/_dev/test/pipeline/test-application-gateway-raw.log-expected.json
Outdated
Show resolved
Hide resolved
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
|
/test |
|
@jH- could you please fix the merge conflicts? |
|
/test |
andrewkroh
left a comment
There was a problem hiding this comment.
There are a bunch of changes outside of the packages/azure directory that need to undone. I think they were the result of merge issue.
|
a2b7ebb to
af7f7f8
Compare
[git-generate] elastic-package -C packages/azure test pipeline -g -d application_gateway
Merge issues were corrected. Changeset looks fine now.
|
/test |
💚 Build Succeeded
History
|
|
|
Package azure - 1.17.0 containing this change is available at https://epr.elastic.co/search?package=azure |
Update the Azure Application Gateway pipeline to parse and include values from `json.properties.details.data` into the ECS `event.reason` field. This field provides action context by logging the specific data found in requests that matched a rule. It excludes the field if `json.properties.details.message` contains values indicating missing headers or content were the reason to avoid unnecessary duplicate data. --------- Co-authored-by: Johan H <johan@horde.no> Co-authored-by: Maurizio Branca <maurizio.branca@elastic.co> Co-authored-by: Krishna Chaitanya Reddy Burri <krish.reddy91@gmail.com> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Update the Azure Application Gateway pipeline to parse and include values from `json.properties.details.data` into the ECS `event.reason` field. This field provides action context by logging the specific data found in requests that matched a rule. It excludes the field if `json.properties.details.message` contains values indicating missing headers or content were the reason to avoid unnecessary duplicate data. --------- Co-authored-by: Johan H <johan@horde.no> Co-authored-by: Maurizio Branca <maurizio.branca@elastic.co> Co-authored-by: Krishna Chaitanya Reddy Burri <krish.reddy91@gmail.com> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Proposed commit message
Checklist
changelog.ymlfile.How to test this PR locally