Skip to content

[sophos] Allow user-defined timezone override mappings#11873

Merged
mjwolf merged 0 commit intoelastic:mainfrom
mjwolf:sophos-timezones
Jan 15, 2025
Merged

[sophos] Allow user-defined timezone override mappings#11873
mjwolf merged 0 commit intoelastic:mainfrom
mjwolf:sophos-timezones

Conversation

@mjwolf
Copy link
Copy Markdown
Contributor

@mjwolf mjwolf commented Nov 25, 2024
edited
Loading

Proposed commit message

Add a user option to set time zone mappings to standard IANA time zone IDs.

Sophos XG can use non-standard, potentially ambiguous, time zones which are not supported by Java timezone handling. To resolve this problem, this adds a "Timezone Map" option which users can use to map a Sophos time zone to a standard IANA time zone supported by Java.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@mjwolf mjwolf added enhancement New feature or request Integration:sophos Sophos Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Nov 25, 2024
@mjwolf mjwolf self-assigned this Nov 25, 2024
@mjwolf mjwolf requested a review from a team as a code owner November 25, 2024 23:36
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Nov 25, 2024

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

andrewkroh
andrewkroh reviewed Dec 6, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any precedence in other integrations for this type of time zone lookup table?

In examining the pipeline and input config, it is very difficult to understand which TZ will be used given all the different places where the time zone info can originate (add_locale process, the user configurable tz_offset, the event's timezone attribute, the event's timestamp).

packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml Outdated
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Dec 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add this info the processor's description attribute. It's useful info to anyone reading the pipeline and by putting it into the description it will be visible in more places.

packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml Outdated
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Dec 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://en.wikipedia.org/wiki/Central_European_Summer_Time is UTC+02:00.

taylor-swanson
taylor-swanson reviewed Dec 9, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we do something similar to what was done for Cisco IOS: #6356

Considering that short IDs suffer from ambiguity, it's important that we provide the option for the user to override them with their preferred time zone. I still think there's value in doing the lookup (in the event that a custom mapping isn't provided), but the custom mapping should get priority.

@mjwolf mjwolf mentioned this pull request Dec 12, 2024
Merged
7 tasks
@mjwolf
Copy link
Copy Markdown
Contributor Author

mjwolf commented Dec 12, 2024

I suggest we do something similar to what was done for Cisco IOS: #6356

Considering that short IDs suffer from ambiguity, it's important that we provide the option for the user to override them with their preferred time zone. I still think there's value in doing the lookup (in the event that a custom mapping isn't provided), but the custom mapping should get priority.

Thanks for pointing that out, I'll switch to use this idea of user-defined timezones or timezone maps. I think it's the better approach

@mjwolf mjwolf changed the title [sophos] Support short time zone IDs [sophos] Allow user-defined timezone override mappings Dec 13, 2024
mjwolf
mjwolf commented Dec 13, 2024
View reviewed changes
packages/sophos/data_stream/xg/_dev/test/pipeline/test-common-config.yml Outdated
Copy link
Copy Markdown
Contributor Author

@mjwolf mjwolf Dec 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: Etc zone IDs have reversed sign for some reason. So these are in fact the correct zone IDs for BST and CEST

@mjwolf
Copy link
Copy Markdown
Contributor Author

mjwolf commented Dec 13, 2024

I've reworked the PR to have user-defined timezone mapping options instead of the fixed lookup list it had previously

@mjwolf
Copy link
Copy Markdown
Contributor Author

mjwolf commented Dec 13, 2024

Is there any precedence in other integrations for this type of time zone lookup table?

In examining the pipeline and input config, it is very difficult to understand which TZ will be used given all the different places where the time zone info can originate (add_locale process, the user configurable tz_offset, the event's timezone attribute, the event's timestamp).

I agree it's pretty confusing. I've added descriptions to some processors and tried to clean it up a bit to make it more clear what it's doing

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Dec 14, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

taylor-swanson
taylor-swanson reviewed Jan 9, 2025
View reviewed changes
@taylor-swanson taylor-swanson mentioned this pull request Jan 9, 2025
Closed
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jan 14, 2025

💚 Build Succeeded

History

  • 💚 Build #20196 succeeded d970a95ca60d4bdeeff034a68c3f3cddb89dec3d
  • 💚 Build #19497 succeeded 7775344c21b660c44f67d28d81df775f35e7d3f4
  • 💔 Build #19495 failed 281396010987d92fa862562b950369a789bd5f26
  • 💔 Build #19442 failed 9491b69936ba2c44de1ecfec7c8691340aa74993
  • 💔 Build #19436 failed 721f29587180ea77b8e26bd9c0f98b8f19b3c28d
  • 💚 Build #18688 succeeded 4b672ac675fbc73f43bc98156c0afd8f659bc807

cc @mjwolf

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Jan 14, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@mjwolf mjwolf requested a review from taylor-swanson January 14, 2025 21:55
taylor-swanson
taylor-swanson approved these changes Jan 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mjwolf mjwolf merged commit 637a8c3 into elastic:main Jan 15, 2025
@mjwolf mjwolf deleted the sophos-timezones branch January 15, 2025 17:16
This was referenced Jan 15, 2025
Closed
Closed
Closed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jan 15, 2025

Package sophos - 3.10.0 containing this change is available at https://epr.elastic.co/package/sophos/3.10.0/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@mjwolf
[sophos] Allow user-defined timezone override mappings (elastic#11873)
0c9e788 
Add a user option to set time zone mappings to standard IANA time zone IDs.

Sophos XG can use non-standard, potentially ambiguous, time zones which are not supported by Java timezone handling. To resolve this problem, this adds a "Timezone Map" option which users can use to map a Sophos time zone to a standard IANA time zone supported by Java.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@mjwolf
[sophos] Allow user-defined timezone override mappings (elastic#11873)
8ba1803 
Add a user option to set time zone mappings to standard IANA time zone IDs.

Sophos XG can use non-standard, potentially ambiguous, time zones which are not supported by Java timezone handling. To resolve this problem, this adds a "Timezone Map" option which users can use to map a Sophos time zone to a standard IANA time zone supported by Java.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

Assignees

@mjwolf mjwolf

Labels

enhancement New feature or request Integration:sophos Sophos Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

Projects

None yet

Milestone

No milestone

4 participants

@mjwolf @elasticmachine @andrewkroh @taylor-swanson