Skip to content

[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerability data-stream#13595

Merged
kcreddy merged 20 commits intoelastic:mainfrom
sharadcrest:package-m365_defender-vulnerability-datastream
May 28, 2025
Merged

[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerability data-stream#13595
kcreddy merged 20 commits intoelastic:mainfrom
sharadcrest:package-m365_defender-vulnerability-datastream

Conversation

@sharadcrest
Copy link
Copy Markdown
Contributor

@sharadcrest sharadcrest commented Apr 17, 2025
edited
Loading

Proposed commit message

This release introduces the vulnerability data stream,
along with its associated dashboard and visualizations.

Vulnerability fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the m365_defender package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/m365_defender directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: m365_defender - START ---
╭───────────────┬───────────────┬───────────┬────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                                                                  │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │               │ asset     │ dashboard m365_defender-2690a440-7235-11ed-8657-c59f6ece834c is loaded     │ PASS   │       3.33µs │
│ m365_defender │               │ asset     │ dashboard m365_defender-3caf3c00-7456-11ed-8657-c59f6ece834c is loaded     │ PASS   │        317ns │
│ m365_defender │               │ asset     │ dashboard m365_defender-ac54d310-44ab-11ed-8375-0168a9970c06 is loaded     │ PASS   │        213ns │
│ m365_defender │               │ asset     │ dashboard m365_defender-afb93ff7-9903-4d91-9028-9fe9c5a434f8 is loaded     │ PASS   │        272ns │
│ m365_defender │               │ asset     │ dashboard m365_defender-c0b796d0-720a-11ed-8657-c59f6ece834c is loaded     │ PASS   │        278ns │
│ m365_defender │               │ asset     │ dashboard m365_defender-d587df00-745f-11ed-8657-c59f6ece834c is loaded     │ PASS   │        282ns │
│ m365_defender │               │ asset     │ dashboard m365_defender-d80d7840-4366-11ed-b1f2-e917f608bd03 is loaded     │ PASS   │        309ns │
│ m365_defender │               │ asset     │ search m365_defender-4e5cb35c-7a18-4f29-bb69-7e30ab9bbdec is loaded        │ PASS   │        287ns │
│ m365_defender │               │ asset     │ search m365_defender-64a31410-722c-11ed-8657-c59f6ece834c is loaded        │ PASS   │        272ns │
│ m365_defender │               │ asset     │ search m365_defender-989afc60-44a5-11ed-8375-0168a9970c06 is loaded        │ PASS   │        348ns │
│ m365_defender │               │ asset     │ search m365_defender-fcf25960-44af-11ed-8375-0168a9970c06 is loaded        │ PASS   │        322ns │
│ m365_defender │               │ asset     │ visualization m365_defender-4f3a6702-9642-4392-9b34-ceb1447e09a7 is loaded │ PASS   │        252ns │
│ m365_defender │ alert         │ asset     │ index_template logs-m365_defender.alert is loaded                          │ PASS   │        355ns │
│ m365_defender │ alert         │ asset     │ ingest_pipeline logs-m365_defender.alert-3.4.0 is loaded                   │ PASS   │        258ns │
│ m365_defender │ event         │ asset     │ index_template logs-m365_defender.event is loaded                          │ PASS   │        336ns │
│ m365_defender │ event         │ asset     │ ingest_pipeline logs-m365_defender.event-3.4.0 is loaded                   │ PASS   │        177ns │
│ m365_defender │ incident      │ asset     │ index_template logs-m365_defender.incident is loaded                       │ PASS   │        337ns │
│ m365_defender │ incident      │ asset     │ ingest_pipeline logs-m365_defender.incident-3.4.0 is loaded                │ PASS   │        351ns │
│ m365_defender │ vulnerability │ asset     │ index_template logs-m365_defender.vulnerability is loaded                  │ PASS   │        255ns │
│ m365_defender │ vulnerability │ asset     │ ingest_pipeline logs-m365_defender.vulnerability-3.4.0 is loaded           │ PASS   │        275ns │
╰───────────────┴───────────────┴───────────┴────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run pipeline tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬───────────────┬───────────┬──────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                                            │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼──────────────────────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │ alert         │ pipeline  │ (ingest pipeline warnings test-alert.log)            │ PASS   │  365.02825ms │
│ m365_defender │ alert         │ pipeline  │ test-alert.log                                       │ PASS   │ 329.355521ms │
│ m365_defender │ event         │ pipeline  │ (ingest pipeline warnings test-alert.log)            │ PASS   │ 325.723501ms │
│ m365_defender │ event         │ pipeline  │ (ingest pipeline warnings test-app-and-identity.log) │ PASS   │ 329.886917ms │
│ m365_defender │ event         │ pipeline  │ (ingest pipeline warnings test-device.log)           │ PASS   │ 323.129431ms │
│ m365_defender │ event         │ pipeline  │ (ingest pipeline warnings test-email.log)            │ PASS   │ 347.739081ms │
│ m365_defender │ event         │ pipeline  │ test-alert.log                                       │ PASS   │ 322.623834ms │
│ m365_defender │ event         │ pipeline  │ test-app-and-identity.log                            │ PASS   │ 273.304941ms │
│ m365_defender │ event         │ pipeline  │ test-device.log                                      │ PASS   │ 2.439635591s │
│ m365_defender │ event         │ pipeline  │ test-email.log                                       │ PASS   │ 203.880514ms │
│ m365_defender │ incident      │ pipeline  │ (ingest pipeline warnings test-incident.log)         │ PASS   │ 313.016401ms │
│ m365_defender │ incident      │ pipeline  │ test-incident.log                                    │ PASS   │ 543.172674ms │
│ m365_defender │ vulnerability │ pipeline  │ (ingest pipeline warnings test-vulnerability.log)    │ PASS   │ 337.802308ms │
│ m365_defender │ vulnerability │ pipeline  │ test-vulnerability.log                               │ PASS   │ 189.414215ms │
╰───────────────┴───────────────┴───────────┴──────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run policy tests for the package
--- Test results for package: m365_defender - START ---
No test results
--- Test results for package: m365_defender - END   ---
Done
Run static tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬───────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ m365_defender │ alert         │ static    │ Verify sample_event.json │ PASS   │ 152.764815ms │
│ m365_defender │ incident      │ static    │ Verify sample_event.json │ PASS   │ 169.007534ms │
│ m365_defender │ vulnerability │ static    │ Verify sample_event.json │ PASS   │  138.15494ms │
╰───────────────┴───────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run system tests for the package
2025/05/08 16:36:59  INFO License text found in "/home/devuser/bitbucket/integrations/LICENSE.txt" will be included in package
2025/05/08 16:37:42  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-alert-http-1746702462307404984.log
2025/05/08 16:37:45  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702465654572433.log
2025/05/08 16:38:32  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-incident-http-1746702512389066487.log
2025/05/08 16:38:35  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702515713606288.log
2025/05/08 16:39:25  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-vulnerability-cel-1746702565577397215.log
2025/05/08 16:39:28  INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702568729477788.log
--- Test results for package: m365_defender - START ---
╭───────────────┬───────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├───────────────┼───────────────┼───────────┼───────────┼────────┼───────────────┤
│ m365_defender │ alert         │ system    │ default   │ PASS   │ 40.365741467s │
│ m365_defender │ incident      │ system    │ default   │ PASS   │ 35.381508727s │
│ m365_defender │ vulnerability │ system    │ default   │ PASS   │ 38.886765742s │
╰───────────────┴───────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: m365_defender - END   ---
Done

To test the microsoft_defender_endpoint package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/microsoft_defender_endpoint directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: microsoft_defender_endpoint - START ---
╭─────────────────────────────┬────────────────┬───────────┬──────────────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE                     │ DATA STREAM    │ TEST TYPE │ TEST NAME                                                                                │ RESULT │ TIME ELAPSED │
├─────────────────────────────┼────────────────┼───────────┼──────────────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ microsoft_defender_endpoint │                │ asset     │ dashboard microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55 is loaded     │ PASS   │      2.672µs │
│ microsoft_defender_endpoint │                │ asset     │ dashboard microsoft_defender_endpoint-6a043fee-1e3d-454b-96d1-159e6efce215 is loaded     │ PASS   │        232ns │
│ microsoft_defender_endpoint │                │ asset     │ dashboard microsoft_defender_endpoint-afb93ff7-9903-4d91-9028-9fe9c5a434f8 is loaded     │ PASS   │        197ns │
│ microsoft_defender_endpoint │                │ asset     │ dashboard microsoft_defender_endpoint-c89734ca-ab7f-419d-b665-50076cceee60 is loaded     │ PASS   │        214ns │
│ microsoft_defender_endpoint │                │ asset     │ search microsoft_defender_endpoint-4e5cb35c-7a18-4f29-bb69-7e30ab9bbdec is loaded        │ PASS   │        265ns │
│ microsoft_defender_endpoint │                │ asset     │ visualization microsoft_defender_endpoint-4f3a6702-9642-4392-9b34-ceb1447e09a7 is loaded │ PASS   │        163ns │
│ microsoft_defender_endpoint │ log            │ asset     │ index_template logs-microsoft_defender_endpoint.log is loaded                            │ PASS   │        253ns │
│ microsoft_defender_endpoint │ log            │ asset     │ ingest_pipeline logs-microsoft_defender_endpoint.log-2.34.0 is loaded                    │ PASS   │        173ns │
│ microsoft_defender_endpoint │ machine        │ asset     │ index_template logs-microsoft_defender_endpoint.machine is loaded                        │ PASS   │        268ns │
│ microsoft_defender_endpoint │ machine        │ asset     │ ingest_pipeline logs-microsoft_defender_endpoint.machine-2.34.0 is loaded                │ PASS   │        122ns │
│ microsoft_defender_endpoint │ machine_action │ asset     │ index_template logs-microsoft_defender_endpoint.machine_action is loaded                 │ PASS   │        219ns │
│ microsoft_defender_endpoint │ machine_action │ asset     │ ingest_pipeline logs-microsoft_defender_endpoint.machine_action-2.34.0 is loaded         │ PASS   │        466ns │
│ microsoft_defender_endpoint │ vulnerability  │ asset     │ index_template logs-microsoft_defender_endpoint.vulnerability is loaded                  │ PASS   │        238ns │
│ microsoft_defender_endpoint │ vulnerability  │ asset     │ ingest_pipeline logs-microsoft_defender_endpoint.vulnerability-2.34.0 is loaded          │ PASS   │        145ns │
╰─────────────────────────────┴────────────────┴───────────┴──────────────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: microsoft_defender_endpoint - END   ---
Done
Run pipeline tests for the package
--- Test results for package: microsoft_defender_endpoint - START ---
╭─────────────────────────────┬────────────────┬───────────┬────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE                     │ DATA STREAM    │ TEST TYPE │ TEST NAME                                          │ RESULT │ TIME ELAPSED │
├─────────────────────────────┼────────────────┼───────────┼────────────────────────────────────────────────────┼────────┼──────────────┤
│ microsoft_defender_endpoint │ log            │ pipeline  │ (ingest pipeline warnings test-defenderatp.log)    │ PASS   │ 342.749524ms │
│ microsoft_defender_endpoint │ log            │ pipeline  │ test-defenderatp.log                               │ PASS   │ 257.553143ms │
│ microsoft_defender_endpoint │ machine        │ pipeline  │ (ingest pipeline warnings test-machine.log)        │ PASS   │ 320.622759ms │
│ microsoft_defender_endpoint │ machine        │ pipeline  │ test-machine.log                                   │ PASS   │ 197.426207ms │
│ microsoft_defender_endpoint │ machine_action │ pipeline  │ (ingest pipeline warnings test-machine-action.log) │ PASS   │ 354.554906ms │
│ microsoft_defender_endpoint │ machine_action │ pipeline  │ test-machine-action.log                            │ PASS   │ 144.256488ms │
│ microsoft_defender_endpoint │ vulnerability  │ pipeline  │ (ingest pipeline warnings test-vulnerability.log)  │ PASS   │ 322.998327ms │
│ microsoft_defender_endpoint │ vulnerability  │ pipeline  │ test-vulnerability.log                             │ PASS   │ 196.078817ms │
╰─────────────────────────────┴────────────────┴───────────┴────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: microsoft_defender_endpoint - END   ---
Done
Run policy tests for the package
--- Test results for package: microsoft_defender_endpoint - START ---
No test results
--- Test results for package: microsoft_defender_endpoint - END   ---
Done
Run static tests for the package
--- Test results for package: microsoft_defender_endpoint - START ---
╭─────────────────────────────┬────────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE                     │ DATA STREAM    │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────────────────────────┼────────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ microsoft_defender_endpoint │ log            │ static    │ Verify sample_event.json │ PASS   │ 128.181786ms │
│ microsoft_defender_endpoint │ machine        │ static    │ Verify sample_event.json │ PASS   │   117.3639ms │
│ microsoft_defender_endpoint │ machine_action │ static    │ Verify sample_event.json │ PASS   │ 105.938337ms │
│ microsoft_defender_endpoint │ vulnerability  │ static    │ Verify sample_event.json │ PASS   │ 130.235506ms │
╰─────────────────────────────┴────────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: microsoft_defender_endpoint - END   ---
Done
Run system tests for the package
2025/05/08 16:40:20  INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package
2025/05/08 16:41:07  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702667422402064.log
2025/05/08 16:41:10  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702670794093338.log
2025/05/08 16:41:57  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/defender-endpoint-logfile-1746702717282432654.log
2025/05/08 16:42:00  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702720771243800.log
2025/05/08 16:44:15  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702855623549748.log
2025/05/08 16:44:18  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702858881147228.log
2025/05/08 16:45:07  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702907765354126.log
2025/05/08 16:45:10  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702910885278156.log
2025/05/08 16:45:55  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-endpoint-vulnerability-cel-1746702955830120657.log
2025/05/08 16:45:58  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702958916044554.log
--- Test results for package: microsoft_defender_endpoint - START ---
╭─────────────────────────────┬────────────────┬───────────┬───────────┬────────┬────────────────╮
│ PACKAGE                     │ DATA STREAM    │ TEST TYPE │ TEST NAME │ RESULT │   TIME ELAPSED │
├─────────────────────────────┼────────────────┼───────────┼───────────┼────────┼────────────────┤
│ microsoft_defender_endpoint │ log            │ system    │ httpjson  │ PASS   │  33.801123757s │
│ microsoft_defender_endpoint │ log            │ system    │ logfile   │ PASS   │  35.911809956s │
│ microsoft_defender_endpoint │ machine        │ system    │ default   │ PASS   │ 2m5.921276064s │
│ microsoft_defender_endpoint │ machine_action │ system    │ default   │ PASS   │  39.345869313s │
│ microsoft_defender_endpoint │ vulnerability  │ system    │ default   │ PASS   │  35.807324568s │
╰─────────────────────────────┴────────────────┴───────────┴───────────┴────────┴────────────────╯
--- Test results for package: microsoft_defender_endpoint - END   ---
Done

Related Issues

Screenshots

Browse Integration M365 Defender
Integrations M365 Defender
Browse Integration Microsoft Defender for Endpoint
Integrations Microsoft Defender for Endpoint

@sharadcrest sharadcrest requested a review from a team as a code owner April 17, 2025 16:26
@andrewkroh andrewkroh added Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Apr 17, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 17, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@kcreddy kcreddy marked this pull request as draft April 21, 2025 11:07
@sharadcrest sharadcrest marked this pull request as ready for review April 24, 2025 04:48
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented May 5, 2025

/test

kcreddy
kcreddy reviewed May 5, 2025
View reviewed changes
packages/m365_defender/_dev/build/docs/README.md
The [Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender) integration allows you to monitor Alert, Incident (Microsoft Graph Security API), Event (Streaming API) Logs, and Vulnerability (Microsoft Defender for Endpoint API) Logs. Microsoft 365 Defender is a unified pre and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Use the Microsoft 365 Defender integration to collect and parse data from the Microsoft Azure Event Hub, and the Microsoft Graph Security v1.0 REST API. Then visualise that data in Kibana.
Use the Microsoft 365 Defender integration to collect and parse data from the Microsoft Azure Event Hub, Microsoft Graph Security v1.0 REST API, and the Micrsoft Defender Endpoint API. Then visualise that data in Kibana.
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a Microsoft Defender for Endpoint integration. I think this data_stream should be added there since we are using Micrsoft Defender Endpoint API to retrieve the vulnerabilities.

@jamiehynds / @cpascale43 please kindly clarify which integration does this datastream need to go into?

Copy link
Copy Markdown

@cpascale43 cpascale43 May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes logical sense to me @kcreddy, we can go ahead and add this to Defender for Endpoint

Copy link
Copy Markdown
Contributor

@kcreddy kcreddy May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest, can you please change the integration?
cc: @piyush-elastic

Copy link
Copy Markdown

@jamiehynds jamiehynds May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to have the vuln data added to both the M365D and Defender for Endpoint integration? Reason being, the vulnerability data is exposed in both the M365D UI, as well as Defender for Endpoint customers running standalone, i.e. without M365D. If we add it to both integrations, we at least cover all bases, although I'd expect the M365D integration to be the more popular route.

Copy link
Copy Markdown
Contributor

@piyush-elastic piyush-elastic May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, will replicate same in Defender for Endpoint integration also.

kcreddy
kcreddy reviewed May 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest can you please fix the CI error?

@sharadcrest sharadcrest requested review from a team as code owners May 8, 2025 05:57
@sharadcrest sharadcrest requested review from AndersonQ and mauri870 May 8, 2025 05:57
@efd6
Copy link
Copy Markdown
Contributor

efd6 commented May 8, 2025

It looks like something has gone terribly wrong with this PR. Why are so many files involved? This has happened due to the back merge of main into this branch, but something went wrong.

@sharadcrest sharadcrest requested a review from kcreddy May 14, 2025 05:41
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented May 15, 2025

/test

kcreddy
kcreddy reviewed May 15, 2025
View reviewed changes
@sharadcrest sharadcrest requested a review from kcreddy May 15, 2025 05:19
kcreddy
kcreddy reviewed May 15, 2025
View reviewed changes
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented May 15, 2025

/test

@kcreddy kcreddy mentioned this pull request May 15, 2025
Merged
5 tasks
@sharadcrest sharadcrest requested a review from kcreddy May 16, 2025 11:58
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented May 19, 2025

/test

kcreddy
kcreddy reviewed May 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only pending comment: #13595 (comment)

kcreddy
kcreddy reviewed May 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest can you update this PR by removing vulnerability.package fields, but populating package fields at root instead?
Please refer to latest Tenable IO PR: #13636
CDR guide is/will be updated accordingly.

cc: @maxcold

@sharadcrest sharadcrest requested a review from kcreddy May 28, 2025 06:31
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented May 28, 2025

/test

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented May 28, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 28, 2025

💚 Build Succeeded

History

@kcreddy kcreddy merged commit 1d0007a into elastic:main May 28, 2025
8 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented May 28, 2025

Package m365_defender - 3.8.0 containing this change is available at https://epr.elastic.co/package/m365_defender/3.8.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented May 28, 2025

Package microsoft_defender_endpoint - 2.38.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.38.0/

anupratharamachandran pushed a commit to anupratharamachandran/integrations that referenced this pull request Jun 2, 2025
@sharadcrest @anupratharamachandran
[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerabi…
96474bb 
…lity data-stream (elastic#13595)

This release introduces the vulnerability data stream,
along with its associated dashboard and visualizations.

Vulnerability fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxcold maxcold maxcold left review comments

@cpascale43 cpascale43 cpascale43 left review comments

@nick-alayil nick-alayil nick-alayil left review comments

@jamiehynds jamiehynds jamiehynds left review comments

@piyush-elastic piyush-elastic piyush-elastic left review comments

@kcreddy kcreddy kcreddy approved these changes

Assignees

No one assigned

Labels

Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:m365_defender Microsoft Defender XDR Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[M365 Defender] - Add a new data stream to support vulnerability logs

10 participants

@sharadcrest @elasticmachine @kcreddy @efd6 @maxcold @cpascale43 @nick-alayil @jamiehynds @piyush-elastic @andrewkroh