Jamf Protect 3.0.0 by txhaflaire · Pull Request #12871 · elastic/integrations

txhaflaire · 2025-02-24T08:03:47Z

Type of change:

Enhancement

Proposed commit message

Adding new event gatkeeper_user_override
Mapping existing fields from Jamf Protect to newly added ECS fields from PR

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package test system

2025/02/24 08:36:03  INFO New version is available - v0.109.1. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.109.1
Run system tests for the package
2025/02/24 08:36:04  INFO License text found in "/Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/LICENSE.txt" will be included in package
2025/02/24 08:37:02  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/jamf-protect-alerts-http-endpoint-1740382622787625000.log
2025/02/24 08:37:14  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/elastic-agent-1740382634369614000.log
2025/02/24 08:38:30  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/jamf-protect-telemetry-http-endpoint-1740382710792397000.log
2025/02/24 08:38:40  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/elastic-agent-1740382720664742000.log
2025/02/24 08:39:57  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/jamf-protect-telemetry-legacy-http-endpoint-1740382797925113000.log
2025/02/24 08:40:07  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/elastic-agent-1740382807818148000.log
2025/02/24 08:41:22  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/jamf-protect-webthreats-http-endpoint-1740382882594229000.log
2025/02/24 08:41:33  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/elastic-agent-1740382893991909000.log
2025/02/24 08:42:40  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/jamf-protect-webtraffic-http-endpoint-1740382960636946000.log
2025/02/24 08:42:49  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/_integrations/build/container-logs/elastic-agent-1740382969904975000.log
--- Test results for package: jamf_protect - START ---
╭──────────────┬────────────────────┬───────────┬───────────────┬────────┬───────────────╮
│ PACKAGE      │ DATA STREAM        │ TEST TYPE │ TEST NAME     │ RESULT │  TIME ELAPSED │
├──────────────┼────────────────────┼───────────┼───────────────┼────────┼───────────────┤
│ jamf_protect │ alerts             │ system    │ http-endpoint │ PASS   │ 51.972795625s │
│ jamf_protect │ telemetry          │ system    │ http-endpoint │ PASS   │    50.326152s │
│ jamf_protect │ telemetry_legacy   │ system    │ http-endpoint │ PASS   │   51.4097865s │
│ jamf_protect │ web_threat_events  │ system    │ http-endpoint │ PASS   │ 49.647127166s │
│ jamf_protect │ web_traffic_events │ system    │ http-endpoint │ PASS   │ 43.261170042s │
╰──────────────┴────────────────────┴───────────┴───────────────┴────────┴───────────────╯
--- Test results for package: jamf_protect - END   ---
Done```

kcreddy · 2025-02-24T08:55:46Z

/test

elastic-vault-github-plugin-prod · 2025-02-24T09:16:22Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine · 2025-02-25T07:10:34Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

packages/jamf_protect/changelog.yml

packages/jamf_protect/data_stream/telemetry/fields/ecs.yml

...a_stream/telemetry/elasticsearch/ingest_pipeline/pipeline_event_gatekeeper_user_override.yml

...tect/data_stream/telemetry/elasticsearch/ingest_pipeline/pipeline_event_od_attribute_set.yml

packages/jamf_protect/manifest.yml

packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml

txhaflaire · 2025-02-27T17:27:53Z

@kcreddy can you review?

packages/jamf_protect/changelog.yml

packages/jamf_protect/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml

...protect/data_stream/telemetry/_dev/test/pipeline/test-jamf-protect-telemetry-sample-logs.log

packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml

...t/data_stream/telemetry/elasticsearch/ingest_pipeline/pipeline_event_btm_launch_item_add.yml

efd6 · 2025-02-27T22:29:15Z

packages/jamf_protect/data_stream/telemetry_legacy/elasticsearch/ingest_pipeline/default.yml

  - set:
      field: ecs.version
-      value: '8.11.0'
+      value: '8.16.0''


packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml

efd6 · 2025-02-27T22:29:59Z

/test

efd6 · 2025-02-27T22:43:02Z

Test failures:

Error: checking package failed: linting package failed: found 3 validation errors:
   1. file "/opt/buildkite-agent/builds/bk-agent-prod-gcp-1740695740402832303/elastic/integrations/packages/jamf_protect/data_stream/telemetry_legacy/elasticsearch/ingest_pipeline/default.yml" is invalid: unmarshalling YAML file failed: yaml: line 4: did not find expected key
   2. file "/opt/buildkite-agent/builds/bk-agent-prod-gcp-1740695740402832303/elastic/integrations/packages/jamf_protect/data_stream/web_threat_events/elasticsearch/ingest_pipeline/default.yml" is invalid: unmarshalling YAML file failed: yaml: line 4: did not find expected key
   3. file "/opt/buildkite-agent/builds/bk-agent-prod-gcp-1740695740402832303/elastic/integrations/packages/jamf_protect/data_stream/web_traffic_events/elasticsearch/ingest_pipeline/default.yml" is invalid: unmarshalling YAML file failed: yaml: line 4: did not find expected key

kcreddy

LGTM for my comments.
Can be merged after @efd6 comments are addressed.

txhaflaire · 2025-02-28T08:40:08Z

@efd6 @kcreddy thanks for all the reviews - sorry that's its been messy.
I've pushed commits with the feedback implemented - can we rerun a test here? the errors should not exist anymore.

kcreddy · 2025-02-28T08:59:42Z

/test

txhaflaire · 2025-02-28T09:20:37Z

@kcreddy It seems kite is failing due the fact we added the yaml file.

Error: checking package failed: linting package failed: found 1 validation error:
--
  | 1. item [test-common-config.yaml] is not allowed in folder [/opt/buildkite-agent/builds/bk-agent-prod-gcp-1740733516311924255/elastic/integrations/packages/jamf_protect/data_stream/telemetry/_dev/test/pipeline]

kcreddy · 2025-02-28T09:44:28Z

@kcreddy It seems kite is failing due the fact we added the yaml file.

@txhaflaire, the file extension should be yml instead of yaml.

txhaflaire · 2025-02-28T09:46:59Z

@kcreddy good catch - pushed it.

kcreddy · 2025-02-28T09:47:14Z

/test

txhaflaire · 2025-03-03T18:20:53Z

@kcreddy any tweaks from my side pending?

efd6

Also #12871 (comment) and related comments are unaddressed.

packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml

packages/jamf_protect/data_stream/telemetry/_dev/test/pipeline/test-common-config.yml

kcreddy

@kcreddy any tweaks from my side pending?

LGTM for my comments.

efd6 · 2025-03-05T08:33:00Z

/test

efd6

Thanks

elasticmachine · 2025-03-05T08:59:29Z

💚 Build Succeeded

Buildkite Build
Commit: 40d1f1b

History

💚 Build #22839 succeeded 3d685d9
💔 Build #22837 failed cf7b75c
💔 Build #22828 failed 33f605d
💚 Build #22687 succeeded ef3bcf7

elastic-sonarqube · 2025-03-05T08:59:35Z

Quality Gate failed

Failed conditions
79.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

txhaflaire · 2025-03-05T09:43:09Z

@efd6 @kcreddy Thanks again for the team work and help here - please merge once thumbs are up!

elastic-vault-github-plugin-prod · 2025-03-05T10:23:59Z

Package jamf_protect - 3.0.0 containing this change is available at https://epr.elastic.co/package/jamf_protect/3.0.0/

- Adding new event `gatkeeper_user_override` - Mapping existing fields from Jamf Protect to newly added ECS fields from [PR](elastic/ecs#2370)

Jamf Protect 3.0.0

355f2fc

txhaflaire requested a review from a team as a code owner February 24, 2025 08:03

Update changelog.yml

ef3bcf7

kcreddy added enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:jamf_protect Jamf Protect (Partner supported) labels Feb 25, 2025

kcreddy reviewed Feb 25, 2025

View reviewed changes

Implementing feedback

1e6cbbc

txhaflaire requested a review from kcreddy February 27, 2025 17:27

Update default.yml

33f605d

efd6 reviewed Feb 27, 2025

View reviewed changes

kcreddy approved these changes Feb 28, 2025

View reviewed changes

implementing feedback

cf7b75c

change file extension format.

3d685d9

efd6 reviewed Mar 3, 2025

View reviewed changes

packages/jamf_protect/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved

packages/jamf_protect/data_stream/telemetry/_dev/test/pipeline/test-common-config.yml Outdated Show resolved Hide resolved

kcreddy approved these changes Mar 4, 2025

View reviewed changes

Resolving latest feedback

848644f

resolving merge issues

ea933cc

txhaflaire requested a review from efd6 March 5, 2025 08:15

Merge branch 'main' into jamfprotect_3.0.0

40d1f1b

efd6 approved these changes Mar 5, 2025

View reviewed changes

kcreddy merged commit 1277269 into elastic:main Mar 5, 2025
6 of 7 checks passed

flexitrev pushed a commit that referenced this pull request Mar 20, 2025

Jamf Protect 3.0.0 (#12871)

0b27d2e

- Adding new event `gatkeeper_user_override` - Mapping existing fields from Jamf Protect to newly added ECS fields from [PR](elastic/ecs#2370)

Conversation

txhaflaire commented Feb 24, 2025

Proposed commit message

Checklist

How to test this PR locally

Uh oh!

kcreddy commented Feb 24, 2025

Uh oh!

elastic-vault-github-plugin-prod bot commented Feb 24, 2025

🚀 Benchmarks report

Uh oh!

elasticmachine commented Feb 25, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

txhaflaire commented Feb 27, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

efd6 Feb 27, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

efd6 commented Feb 27, 2025

Uh oh!

efd6 commented Feb 27, 2025

Uh oh!

kcreddy left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

txhaflaire commented Feb 28, 2025

Uh oh!

kcreddy commented Feb 28, 2025

Uh oh!

txhaflaire commented Feb 28, 2025

Uh oh!

kcreddy commented Feb 28, 2025

Uh oh!

txhaflaire commented Feb 28, 2025

Uh oh!

kcreddy commented Feb 28, 2025

Uh oh!

txhaflaire commented Mar 3, 2025

Uh oh!

efd6 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

efd6 commented Mar 5, 2025

Uh oh!

efd6 left a comment

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented Mar 5, 2025

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented Mar 5, 2025

Quality Gate failed

Uh oh!

txhaflaire commented Mar 5, 2025

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented Mar 5, 2025

Uh oh!

kcreddy left a comment •

edited

Loading