Skip to content

[windows] Preserve original event when toggled on#10197

Merged
marc-gr merged 5 commits intoelastic:mainfrom
nicpenning:applocker_presere_original_event
Jun 25, 2024
Merged

[windows] Preserve original event when toggled on#10197
marc-gr merged 5 commits intoelastic:mainfrom
nicpenning:applocker_presere_original_event

Conversation

@nicpenning
Copy link
Copy Markdown
Contributor

@nicpenning nicpenning commented Jun 20, 2024
edited by jlind23
Loading

  • Bug

Proposed commit message

See title.

This should resolve some of the issues here: #9425

I didn't have Sysmon or Forwarded events for testing, but they all use nearly the same template files so they should work.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

Screenshots

After fix:
image
image
image
image

@nicpenning nicpenning requested review from a team as code owners June 20, 2024 02:22
@nicpenning
Copy link
Copy Markdown
Contributor Author

nicpenning commented Jun 20, 2024

Ready to test.

@AndersonQ
Copy link
Copy Markdown
Member

AndersonQ commented Jun 21, 2024

I'll be off on PTO the whole next week, so I'm removing myself from the reviewers.
cc: @fearful-symmetry

@AndersonQ AndersonQ removed their request for review June 21, 2024 12:14
@pierrehilbert pierrehilbert requested a review from belimawr June 21, 2024 12:58
@nicpenning nicpenning mentioned this pull request Jun 22, 2024
Merged
4 tasks
fearful-symmetry
fearful-symmetry approved these changes Jun 24, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@fearful-symmetry fearful-symmetry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't comment on the windows-specific parts, but the integration seems fine.

marc-gr
marc-gr approved these changes Jun 25, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@marc-gr
Copy link
Copy Markdown
Contributor

marc-gr commented Jun 25, 2024

/test

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 25, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Jun 25, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 25, 2024

💚 Build Succeeded

@marc-gr marc-gr merged commit d302d9d into elastic:main Jun 25, 2024
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 25, 2024

Package windows - 1.45.1 containing this change is available at https://epr.elastic.co/search?package=windows

@nicpenning nicpenning deleted the applocker_presere_original_event branch June 25, 2024 12:08
@nicpenning
Copy link
Copy Markdown
Contributor Author

nicpenning commented Jun 25, 2024

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@belimawr belimawr belimawr approved these changes

@fearful-symmetry fearful-symmetry fearful-symmetry approved these changes

@marc-gr marc-gr marc-gr approved these changes

Assignees

No one assigned

Labels

Integration:windows Windows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Windows Integrations don't render the preserve_original_event tag even when it's toggled on

7 participants

@nicpenning @AndersonQ @marc-gr @elasticmachine @belimawr @fearful-symmetry @andrewkroh