Skip to content

[system] Add support for more event-ids in the security data stream#13828

Merged
marc-gr merged 14 commits intoelastic:mainfrom
janvi-elastic:system_security_enhancement
Jul 24, 2025
Merged

[system] Add support for more event-ids in the security data stream#13828
marc-gr merged 14 commits intoelastic:mainfrom
janvi-elastic:system_security_enhancement

Conversation

@janvi-elastic
Copy link
Copy Markdown
Contributor

@janvi-elastic janvi-elastic commented May 7, 2025
edited
Loading

Proposed commit message

This PR adds support for more event-ids of Security Events to system.security. These events have an event.code as below:

  • 4627
  • 4662
  • 4663
  • 4675
  • 4793
  • 4800
  • 4931
  • 4932
  • 4933
  • 4945
  • 4946
  • 4948
  • 4953
  • 4957
  • 4962
  • 4963
  • 4965
  • 4985
  • 5038
  • 5058
  • 5059
  • 5061
  • 5136
  • 5142
  • 5441
  • 5446
  • 5447
  • 5449
  • 6144
  • 6145
  • 6416
  • 4658
  • 4659
  • 4660
  • 4664
  • 4690
  • 4691
  • 4692
  • 4695
  • 4704
  • 4705
  • 4801
  • 4802
  • 4803
  • 4868
  • 4869
  • 4876
  • 6419
  • 6420
  • 6421
  • 6422

System fields are mapped to their corresponding ECS fields where possible. And also added associated dashboards and visualizations.

Test samples were derived from live logs and documentation and subsequently sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/system directory.
  • Run the following command to run tests.

elastic-package test

Run pipeline tests for the package
--- Test results for package: system - START ---
╭─────────┬─────────────┬───────────┬───────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME                                                                         │ RESULT │ TIME ELAPSED │
├─────────┼─────────────┼───────────┼───────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1100.json)                                         │ PASS   │ 410.867411ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1102.json)                                         │ PASS   │ 437.799532ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1104.json)                                         │ PASS   │ 357.900872ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1105.json)                                         │ PASS   │ 354.016433ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4627.json)                                         │ PASS   │ 399.712644ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4658.json)                                         │ PASS   │ 384.419067ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4659.json)                                         │ PASS   │ 396.432177ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4660.json)                                         │ PASS   │ 378.718763ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4662.json)                                         │ PASS   │ 375.322548ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4663.json)                                         │ PASS   │ 360.366752ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4664.json)                                         │ PASS   │ 351.527538ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4670-windowssrv2016.json)                          │ PASS   │ 339.045089ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4674.json)                                         │ PASS   │  344.67135ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4675.json)                                         │ PASS   │  369.28462ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4690.json)                                         │ PASS   │ 359.711271ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4691.json)                                         │ PASS   │ 347.088531ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4692.json)                                         │ PASS   │ 343.638886ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4695.json)                                         │ PASS   │ 416.919941ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4704.json)                                         │ PASS   │ 402.092418ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4705.json)                                         │ PASS   │ 388.236485ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4706-windowssrv2016.json)                          │ PASS   │ 427.154928ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4707-windowssrv2016.json)                          │ PASS   │ 379.463466ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4713-windowssrv2016.json)                          │ PASS   │ 368.470679ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4716-windowssrv2016.json)                          │ PASS   │ 419.854887ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4717-windowssrv2016.json)                          │ PASS   │ 359.192161ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4718-windowssrv2016.json)                          │ PASS   │ 340.217883ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4719-windowssrv2016.json)                          │ PASS   │ 355.411566ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4719.json)                                         │ PASS   │ 387.288819ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4738.json)                                         │ PASS   │ 327.573517ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4739-windowssrv2016.json)                          │ PASS   │ 335.215277ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4742.json)                                         │ PASS   │ 331.223163ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4743.json)                                         │ PASS   │ 340.470685ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4744.json)                                         │ PASS   │ 326.295445ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4745.json)                                         │ PASS   │ 345.405994ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4746.json)                                         │ PASS   │  330.01173ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4747.json)                                         │ PASS   │  365.22273ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4748.json)                                         │ PASS   │ 357.517103ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4749.json)                                         │ PASS   │ 371.620701ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4750.json)                                         │ PASS   │ 393.358833ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4751.json)                                         │ PASS   │ 347.304074ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4752.json)                                         │ PASS   │ 353.975975ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4753.json)                                         │ PASS   │  388.87294ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4759.json)                                         │ PASS   │  343.13919ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4760.json)                                         │ PASS   │ 365.720493ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4761.json)                                         │ PASS   │ 374.194274ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4762.json)                                         │ PASS   │  356.89705ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4763.json)                                         │ PASS   │ 370.165854ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4793.json)                                         │ PASS   │ 326.773419ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4797.json)                                         │ PASS   │  337.33458ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4800.json)                                         │ PASS   │ 325.144867ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4801.json)                                         │ PASS   │ 352.644659ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4802.json)                                         │ PASS   │ 379.032069ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4803.json)                                         │ PASS   │ 338.941249ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4817-windowssrv2016.json)                          │ PASS   │  387.92096ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4868.json)                                         │ PASS   │ 350.711856ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4869.json)                                         │ PASS   │ 380.650307ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4876.json)                                         │ PASS   │ 396.732305ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4902-windowssrv2016.json)                          │ PASS   │ 374.354668ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4904-windowssrv2016.json)                          │ PASS   │ 350.651675ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4905-windowssrv2016.json)                          │ PASS   │ 354.653063ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4906-windowssrv2016.json)                          │ PASS   │ 379.671235ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4907-windowssrv2016.json)                          │ PASS   │ 372.887496ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4931.json)                                         │ PASS   │ 383.065977ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4932.json)                                         │ PASS   │ 409.130124ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4933.json)                                         │ PASS   │  375.30185ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4945.json)                                         │ PASS   │ 367.159414ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4946.json)                                         │ PASS   │ 369.451576ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4948.json)                                         │ PASS   │ 352.728204ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4953.json)                                         │ PASS   │ 351.276692ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4957.json)                                         │ PASS   │ 363.768227ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4962.json)                                         │ PASS   │ 369.478795ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4963.json)                                         │ PASS   │ 388.483002ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4965.json)                                         │ PASS   │ 412.263844ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4985.json)                                         │ PASS   │ 400.992491ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5038.json)                                         │ PASS   │ 324.867521ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5058.json)                                         │ PASS   │ 343.309089ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5059.json)                                         │ PASS   │ 336.765347ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5061.json)                                         │ PASS   │ 395.220601ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5136.json)                                         │ PASS   │ 340.513671ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5142.json)                                         │ PASS   │ 330.814503ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5152.json)                                         │ PASS   │ 334.981694ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5156.json)                                         │ PASS   │ 335.589718ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5157.json)                                         │ PASS   │ 338.930762ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5158.json)                                         │ PASS   │ 346.277289ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5379.json)                                         │ PASS   │ 385.463126ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5380.json)                                         │ PASS   │ 339.235861ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5381.json)                                         │ PASS   │ 354.602502ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5382.json)                                         │ PASS   │ 354.434192ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5441.json)                                         │ PASS   │ 370.920596ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5446.json)                                         │ PASS   │ 379.039962ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5447.json)                                         │ PASS   │ 355.190387ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5449.json)                                         │ PASS   │ 350.306161ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6144.json)                                         │ PASS   │ 326.305545ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6145.json)                                         │ PASS   │ 322.508459ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6416.json)                                         │ PASS   │ 339.412818ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6419.json)                                         │ PASS   │ 315.610327ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6420.json)                                         │ PASS   │ 317.642058ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6421.json)                                         │ PASS   │  332.25461ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6422.json)                                         │ PASS   │ 339.248999ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-log-5136.json)                                     │ PASS   │  433.67658ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-5140-5145.json)                           │ PASS   │ 333.320341ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4673.json)                    │ PASS   │ 329.861211ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4697.json)                    │ PASS   │ 323.156863ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4768.json)                    │ PASS   │ 330.730465ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4769.json)                    │ PASS   │ 409.095077ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4770.json)                    │ PASS   │ 327.679078ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4771.json)                    │ PASS   │  416.75056ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4776.json)                    │ PASS   │ 393.449269ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4778.json)                    │ PASS   │ 407.094233ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4779.json)                    │ PASS   │ 378.796502ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012r2-logon.json)                 │ PASS   │ 398.915453ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4722-account-enabled.json)    │ PASS   │ 363.249489ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4723-password-change.json)    │ PASS   │ 345.107381ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4724-password-reset.json)     │ PASS   │ 370.075833ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4725-account-disabled.json)   │ PASS   │ 354.111046ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4726-account-deleted.json)    │ PASS   │ 333.259372ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4727.json)                    │ PASS   │  349.81742ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4728.json)                    │ PASS   │  330.86591ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4729.json)                    │ PASS   │ 338.928932ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4730.json)                    │ PASS   │ 335.662342ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4731.json)                    │ PASS   │ 397.492128ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4732.json)                    │ PASS   │ 335.055207ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4733.json)                    │ PASS   │ 338.547918ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4734.json)                    │ PASS   │ 396.355012ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4735.json)                    │ PASS   │ 388.116607ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4737.json)                    │ PASS   │ 359.097633ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4738-account-changed.json)    │ PASS   │ 378.222351ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4740-account-locked-out.json) │ PASS   │ 362.422266ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4754.json)                    │ PASS   │ 345.425197ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4755.json)                    │ PASS   │ 361.882157ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4756.json)                    │ PASS   │ 338.304455ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4757.json)                    │ PASS   │ 372.646466ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4758.json)                    │ PASS   │ 351.540639ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4764.json)                    │ PASS   │ 350.355422ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4767-account-unlocked.json)   │ PASS   │ 365.998817ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4781-account-renamed.json)    │ PASS   │ 351.479113ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4798.json)                    │ PASS   │ 331.474515ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4799.json)                    │ PASS   │ 373.533162ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-logoff.json)                  │ PASS   │  362.28205ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2019-4688-process-created.json)    │ PASS   │ 348.589852ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2019-4689-process-exited.json)     │ PASS   │ 374.024201ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-unknown.json)                                      │ PASS   │ 416.306958ms │
│ system  │ security    │ pipeline  │ test-1100.json                                                                    │ PASS   │ 144.865146ms │
│ system  │ security    │ pipeline  │ test-1102.json                                                                    │ PASS   │ 163.908987ms │
│ system  │ security    │ pipeline  │ test-1104.json                                                                    │ PASS   │ 130.204283ms │
│ system  │ security    │ pipeline  │ test-1105.json                                                                    │ PASS   │ 120.582431ms │
│ system  │ security    │ pipeline  │ test-4627.json                                                                    │ PASS   │ 139.352493ms │
│ system  │ security    │ pipeline  │ test-4658.json                                                                    │ PASS   │ 154.194848ms │
│ system  │ security    │ pipeline  │ test-4659.json                                                                    │ PASS   │ 139.136331ms │
│ system  │ security    │ pipeline  │ test-4660.json                                                                    │ PASS   │ 145.298621ms │
│ system  │ security    │ pipeline  │ test-4662.json                                                                    │ PASS   │ 137.476949ms │
│ system  │ security    │ pipeline  │ test-4663.json                                                                    │ PASS   │ 145.099873ms │
│ system  │ security    │ pipeline  │ test-4664.json                                                                    │ PASS   │  140.01738ms │
│ system  │ security    │ pipeline  │ test-4670-windowssrv2016.json                                                     │ PASS   │ 122.798857ms │
│ system  │ security    │ pipeline  │ test-4674.json                                                                    │ PASS   │ 148.451949ms │
│ system  │ security    │ pipeline  │ test-4675.json                                                                    │ PASS   │ 170.315506ms │
│ system  │ security    │ pipeline  │ test-4690.json                                                                    │ PASS   │ 128.669705ms │
│ system  │ security    │ pipeline  │ test-4691.json                                                                    │ PASS   │ 131.949675ms │
│ system  │ security    │ pipeline  │ test-4692.json                                                                    │ PASS   │ 131.005184ms │
│ system  │ security    │ pipeline  │ test-4695.json                                                                    │ PASS   │ 140.694668ms │
│ system  │ security    │ pipeline  │ test-4704.json                                                                    │ PASS   │ 128.211076ms │
│ system  │ security    │ pipeline  │ test-4705.json                                                                    │ PASS   │ 153.544065ms │
│ system  │ security    │ pipeline  │ test-4706-windowssrv2016.json                                                     │ PASS   │ 159.841634ms │
│ system  │ security    │ pipeline  │ test-4707-windowssrv2016.json                                                     │ PASS   │ 136.137037ms │
│ system  │ security    │ pipeline  │ test-4713-windowssrv2016.json                                                     │ PASS   │ 138.188401ms │
│ system  │ security    │ pipeline  │ test-4716-windowssrv2016.json                                                     │ PASS   │ 119.298948ms │
│ system  │ security    │ pipeline  │ test-4717-windowssrv2016.json                                                     │ PASS   │ 121.564557ms │
│ system  │ security    │ pipeline  │ test-4718-windowssrv2016.json                                                     │ PASS   │ 144.347527ms │
│ system  │ security    │ pipeline  │ test-4719-windowssrv2016.json                                                     │ PASS   │ 118.197697ms │
│ system  │ security    │ pipeline  │ test-4719.json                                                                    │ PASS   │ 121.795641ms │
│ system  │ security    │ pipeline  │ test-4738.json                                                                    │ PASS   │ 138.682057ms │
│ system  │ security    │ pipeline  │ test-4739-windowssrv2016.json                                                     │ PASS   │ 127.872662ms │
│ system  │ security    │ pipeline  │ test-4742.json                                                                    │ PASS   │  126.31418ms │
│ system  │ security    │ pipeline  │ test-4743.json                                                                    │ PASS   │ 119.528632ms │
│ system  │ security    │ pipeline  │ test-4744.json                                                                    │ PASS   │ 125.886969ms │
│ system  │ security    │ pipeline  │ test-4745.json                                                                    │ PASS   │ 128.868055ms │
│ system  │ security    │ pipeline  │ test-4746.json                                                                    │ PASS   │ 141.606657ms │
│ system  │ security    │ pipeline  │ test-4747.json                                                                    │ PASS   │ 129.163303ms │
│ system  │ security    │ pipeline  │ test-4748.json                                                                    │ PASS   │  135.24812ms │
│ system  │ security    │ pipeline  │ test-4749.json                                                                    │ PASS   │ 139.523016ms │
│ system  │ security    │ pipeline  │ test-4750.json                                                                    │ PASS   │ 132.430186ms │
│ system  │ security    │ pipeline  │ test-4751.json                                                                    │ PASS   │ 133.562656ms │
│ system  │ security    │ pipeline  │ test-4752.json                                                                    │ PASS   │  170.72144ms │
│ system  │ security    │ pipeline  │ test-4753.json                                                                    │ PASS   │ 124.047611ms │
│ system  │ security    │ pipeline  │ test-4759.json                                                                    │ PASS   │ 120.648221ms │
│ system  │ security    │ pipeline  │ test-4760.json                                                                    │ PASS   │ 114.380998ms │
│ system  │ security    │ pipeline  │ test-4761.json                                                                    │ PASS   │ 133.795443ms │
│ system  │ security    │ pipeline  │ test-4762.json                                                                    │ PASS   │ 133.929951ms │
│ system  │ security    │ pipeline  │ test-4763.json                                                                    │ PASS   │ 120.613403ms │
│ system  │ security    │ pipeline  │ test-4793.json                                                                    │ PASS   │ 117.587409ms │
│ system  │ security    │ pipeline  │ test-4797.json                                                                    │ PASS   │ 182.083222ms │
│ system  │ security    │ pipeline  │ test-4800.json                                                                    │ PASS   │ 122.302221ms │
│ system  │ security    │ pipeline  │ test-4801.json                                                                    │ PASS   │ 130.169195ms │
│ system  │ security    │ pipeline  │ test-4802.json                                                                    │ PASS   │  129.22898ms │
│ system  │ security    │ pipeline  │ test-4803.json                                                                    │ PASS   │ 118.087932ms │
│ system  │ security    │ pipeline  │ test-4817-windowssrv2016.json                                                     │ PASS   │ 116.885044ms │
│ system  │ security    │ pipeline  │ test-4868.json                                                                    │ PASS   │ 116.495734ms │
│ system  │ security    │ pipeline  │ test-4869.json                                                                    │ PASS   │ 159.882769ms │
│ system  │ security    │ pipeline  │ test-4876.json                                                                    │ PASS   │ 131.577194ms │
│ system  │ security    │ pipeline  │ test-4902-windowssrv2016.json                                                     │ PASS   │ 140.066177ms │
│ system  │ security    │ pipeline  │ test-4904-windowssrv2016.json                                                     │ PASS   │ 112.920818ms │
│ system  │ security    │ pipeline  │ test-4905-windowssrv2016.json                                                     │ PASS   │ 143.430854ms │
│ system  │ security    │ pipeline  │ test-4906-windowssrv2016.json                                                     │ PASS   │ 115.512978ms │
│ system  │ security    │ pipeline  │ test-4907-windowssrv2016.json                                                     │ PASS   │ 118.929654ms │
│ system  │ security    │ pipeline  │ test-4931.json                                                                    │ PASS   │ 117.765396ms │
│ system  │ security    │ pipeline  │ test-4932.json                                                                    │ PASS   │  133.84725ms │
│ system  │ security    │ pipeline  │ test-4933.json                                                                    │ PASS   │ 112.295928ms │
│ system  │ security    │ pipeline  │ test-4945.json                                                                    │ PASS   │ 131.440501ms │
│ system  │ security    │ pipeline  │ test-4946.json                                                                    │ PASS   │ 118.010061ms │
│ system  │ security    │ pipeline  │ test-4948.json                                                                    │ PASS   │ 134.005416ms │
│ system  │ security    │ pipeline  │ test-4953.json                                                                    │ PASS   │ 124.707757ms │
│ system  │ security    │ pipeline  │ test-4957.json                                                                    │ PASS   │ 107.902427ms │
│ system  │ security    │ pipeline  │ test-4962.json                                                                    │ PASS   │ 126.570565ms │
│ system  │ security    │ pipeline  │ test-4963.json                                                                    │ PASS   │ 113.940348ms │
│ system  │ security    │ pipeline  │ test-4965.json                                                                    │ PASS   │ 143.943282ms │
│ system  │ security    │ pipeline  │ test-4985.json                                                                    │ PASS   │ 128.269814ms │
│ system  │ security    │ pipeline  │ test-5038.json                                                                    │ PASS   │ 117.594026ms │
│ system  │ security    │ pipeline  │ test-5058.json                                                                    │ PASS   │ 112.081266ms │
│ system  │ security    │ pipeline  │ test-5059.json                                                                    │ PASS   │ 111.442985ms │
│ system  │ security    │ pipeline  │ test-5061.json                                                                    │ PASS   │  116.08419ms │
│ system  │ security    │ pipeline  │ test-5136.json                                                                    │ PASS   │  113.70797ms │
│ system  │ security    │ pipeline  │ test-5142.json                                                                    │ PASS   │ 122.249329ms │
│ system  │ security    │ pipeline  │ test-5152.json                                                                    │ PASS   │ 116.198913ms │
│ system  │ security    │ pipeline  │ test-5156.json                                                                    │ PASS   │ 116.160425ms │
│ system  │ security    │ pipeline  │ test-5157.json                                                                    │ PASS   │ 116.204109ms │
│ system  │ security    │ pipeline  │ test-5158.json                                                                    │ PASS   │ 113.426762ms │
│ system  │ security    │ pipeline  │ test-5379.json                                                                    │ PASS   │ 176.370623ms │
│ system  │ security    │ pipeline  │ test-5380.json                                                                    │ PASS   │ 186.831431ms │
│ system  │ security    │ pipeline  │ test-5381.json                                                                    │ PASS   │ 167.574121ms │
│ system  │ security    │ pipeline  │ test-5382.json                                                                    │ PASS   │  174.59591ms │
│ system  │ security    │ pipeline  │ test-5441.json                                                                    │ PASS   │ 113.732287ms │
│ system  │ security    │ pipeline  │ test-5446.json                                                                    │ PASS   │ 114.947879ms │
│ system  │ security    │ pipeline  │ test-5447.json                                                                    │ PASS   │  122.72096ms │
│ system  │ security    │ pipeline  │ test-5449.json                                                                    │ PASS   │ 132.388307ms │
│ system  │ security    │ pipeline  │ test-6144.json                                                                    │ PASS   │ 121.583202ms │
│ system  │ security    │ pipeline  │ test-6145.json                                                                    │ PASS   │ 108.400762ms │
│ system  │ security    │ pipeline  │ test-6416.json                                                                    │ PASS   │ 113.403474ms │
│ system  │ security    │ pipeline  │ test-6419.json                                                                    │ PASS   │ 125.674499ms │
│ system  │ security    │ pipeline  │ test-6420.json                                                                    │ PASS   │ 123.288114ms │
│ system  │ security    │ pipeline  │ test-6421.json                                                                    │ PASS   │ 122.581059ms │
│ system  │ security    │ pipeline  │ test-6422.json                                                                    │ PASS   │ 117.144163ms │
│ system  │ security    │ pipeline  │ test-log-5136.json                                                                │ PASS   │ 123.842372ms │
│ system  │ security    │ pipeline  │ test-security-5140-5145.json                                                      │ PASS   │ 133.416621ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4673.json                                               │ PASS   │ 111.171548ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4697.json                                               │ PASS   │ 113.884045ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4768.json                                               │ PASS   │ 116.106871ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4769.json                                               │ PASS   │ 119.628022ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4770.json                                               │ PASS   │ 115.062614ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4771.json                                               │ PASS   │ 127.007468ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4776.json                                               │ PASS   │ 135.331923ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4778.json                                               │ PASS   │   127.2871ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4779.json                                               │ PASS   │ 161.812698ms │
│ system  │ security    │ pipeline  │ test-security-windows2012r2-logon.json                                            │ PASS   │ 498.862726ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4722-account-enabled.json                               │ PASS   │ 142.769715ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4723-password-change.json                               │ PASS   │ 140.807484ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4724-password-reset.json                                │ PASS   │ 138.874605ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4725-account-disabled.json                              │ PASS   │ 136.537791ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4726-account-deleted.json                               │ PASS   │ 149.073184ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4727.json                                               │ PASS   │ 114.201637ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4728.json                                               │ PASS   │  134.24107ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4729.json                                               │ PASS   │ 126.734054ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4730.json                                               │ PASS   │ 113.646138ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4731.json                                               │ PASS   │ 125.681525ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4732.json                                               │ PASS   │ 125.630896ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4733.json                                               │ PASS   │ 123.401608ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4734.json                                               │ PASS   │ 114.543806ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4735.json                                               │ PASS   │ 116.334753ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4737.json                                               │ PASS   │ 120.521978ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4738-account-changed.json                               │ PASS   │ 120.925239ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4740-account-locked-out.json                            │ PASS   │ 117.717933ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4754.json                                               │ PASS   │ 113.694344ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4755.json                                               │ PASS   │ 127.490969ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4756.json                                               │ PASS   │ 127.913031ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4757.json                                               │ PASS   │ 155.826038ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4758.json                                               │ PASS   │ 115.568818ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4764.json                                               │ PASS   │ 114.157787ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4767-account-unlocked.json                              │ PASS   │ 122.034409ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4781-account-renamed.json                               │ PASS   │ 144.833984ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4798.json                                               │ PASS   │ 138.159885ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4799.json                                               │ PASS   │ 118.244244ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-logoff.json                                             │ PASS   │ 136.381927ms │
│ system  │ security    │ pipeline  │ test-security-windows2019-4688-process-created.json                               │ PASS   │  126.67986ms │
│ system  │ security    │ pipeline  │ test-security-windows2019-4689-process-exited.json                                │ PASS   │ 210.088354ms │
│ system  │ security    │ pipeline  │ test-unknown.json                                                                 │ PASS   │ 100.588171ms │
╰─────────┴─────────────┴───────────┴───────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done
Run asset tests for the package
2025/05/13 18:56:45  INFO License text found in "/home/devuser/janvi-bitbucket/integrations/LICENSE.txt" will be included in package
--- Test results for package: system - START ---
╭─────────┬─────────────────┬───────────┬─────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM     │ TEST TYPE │ TEST NAME                                                       │ RESULT │ TIME ELAPSED │
├─────────┼─────────────────┼───────────┼─────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ system  │                 │ asset     │ dashboard system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab is loaded │ PASS   │      1.952µs │
│ system  │                 │ asset     │ dashboard system-0e70e1bd-9a57-4f17-9d96-cc97e3d3a4f9 is loaded │ PASS   │        591ns │
│ system  │                 │ asset     │ dashboard system-277876d0-fa2c-11e6-bbd3-29c986c96e5a is loaded │ PASS   │        554ns │
│ system  │                 │ asset     │ dashboard system-2c4debf0-ef4f-4379-99a1-c57c307f23af is loaded │ PASS   │        735ns │
│ system  │                 │ asset     │ dashboard system-3c46ecdb-0a41-4be3-907e-722de8edac12 is loaded │ PASS   │        608ns │
│ system  │                 │ asset     │ dashboard system-5517a150-f9ce-11e6-8115-a7c18106d86a is loaded │ PASS   │        826ns │
│ system  │                 │ asset     │ dashboard system-71f720f0-ff18-11e9-8405-516218e3d268 is loaded │ PASS   │        593ns │
│ system  │                 │ asset     │ dashboard system-79ffd6e0-faa0-11e6-947f-177f697178b8 is loaded │ PASS   │        677ns │
│ system  │                 │ asset     │ dashboard system-Logs-syslog-dashboard is loaded                │ PASS   │        749ns │
│ system  │                 │ asset     │ dashboard system-Metrics-system-overview is loaded              │ PASS   │        614ns │
│ system  │                 │ asset     │ dashboard system-Windows-Dashboard is loaded                    │ PASS   │        623ns │
│ system  │                 │ asset     │ dashboard system-bae11b00-9bfc-11ea-87e4-49f31ec44891 is loaded │ PASS   │        734ns │
│ system  │                 │ asset     │ dashboard system-bb858830-f412-11e9-8405-516218e3d268 is loaded │ PASS   │        738ns │
│ system  │                 │ asset     │ dashboard system-d401ef40-a7d5-11e9-a422-d144027429da is loaded │ PASS   │        714ns │
│ system  │                 │ asset     │ dashboard system-db94459a-7232-4d1b-aa0c-b80dece8bc3a is loaded │ PASS   │        713ns │
│ system  │                 │ asset     │ search system-00025874-1cfb-47f8-a766-6af263f47fab is loaded    │ PASS   │        603ns │
│ system  │                 │ asset     │ search system-00757d92-6a5f-48d9-b9a9-37dcee0389e2 is loaded    │ PASS   │        630ns │
│ system  │                 │ asset     │ search system-135250ac-861d-43cf-9bfb-ce04a39c2ed9 is loaded    │ PASS   │        644ns │
│ system  │                 │ asset     │ search system-1b9117c8-e5a6-44ec-a237-2dbbdde131ea is loaded    │ PASS   │        705ns │
│ system  │                 │ asset     │ search system-1e5f6375-b6ac-4bab-a495-4c97c316bbfc is loaded    │ PASS   │        636ns │
│ system  │                 │ asset     │ search system-2b944fd9-7be6-4128-951b-a023df492fa6 is loaded    │ PASS   │        664ns │
│ system  │                 │ asset     │ search system-2d98c0f5-b501-4581-bc34-e90e82ef6295 is loaded    │ PASS   │        677ns │
│ system  │                 │ asset     │ search system-31950df9-7171-4672-87e4-36cd20decb6d is loaded    │ PASS   │        730ns │
│ system  │                 │ asset     │ search system-3f35f4fe-f01a-44a7-8892-cd64f88d0a61 is loaded    │ PASS   │        717ns │
│ system  │                 │ asset     │ search system-4c34518b-de35-4ffb-a11f-2da89fb028d7 is loaded    │ PASS   │        703ns │
│ system  │                 │ asset     │ search system-5d27d5fd-8fd3-4954-83ee-9c89862bcadf is loaded    │ PASS   │        722ns │
│ system  │                 │ asset     │ search system-5dd71405-86d2-4eab-a3d5-088f71889e94 is loaded    │ PASS   │        815ns │
│ system  │                 │ asset     │ search system-67574c86-e986-4efa-bd94-e052e7510475 is loaded    │ PASS   │        750ns │
│ system  │                 │ asset     │ search system-71c28785-7ab7-4210-833b-6d65de60940a is loaded    │ PASS   │        738ns │
│ system  │                 │ asset     │ search system-72966c9a-d594-48f4-9838-aac38d5d4bee is loaded    │ PASS   │        801ns │
│ system  │                 │ asset     │ search system-7af1e82c-155c-4f5b-813e-a2b6c3e5bc75 is loaded    │ PASS   │        815ns │
│ system  │                 │ asset     │ search system-8947d1c6-6a3a-4b5d-890e-6f59d3d8f1e9 is loaded    │ PASS   │        829ns │
│ system  │                 │ asset     │ search system-906dc8d0-0330-46c1-831c-beda2868b383 is loaded    │ PASS   │        806ns │
│ system  │                 │ asset     │ search system-94378112-04db-4813-a95f-2b157d6d4bb7 is loaded    │ PASS   │        836ns │
│ system  │                 │ asset     │ search system-99f8b490-4f75-418e-bd91-4ef4bb7851de is loaded    │ PASS   │        947ns │
│ system  │                 │ asset     │ search system-9efb946b-528d-4cd9-b3ef-4040859570ba is loaded    │ PASS   │        890ns │
│ system  │                 │ asset     │ search system-a9c32a08-b008-463a-800a-f46730fed42b is loaded    │ PASS   │        861ns │
│ system  │                 │ asset     │ search system-ac59de7d-ca7d-4182-a3ec-d9a4ab69713d is loaded    │ PASS   │       1.07µs │
│ system  │                 │ asset     │ search system-b624ecd1-b43d-4ab1-829c-b22f2fcb5662 is loaded    │ PASS   │        897ns │
│ system  │                 │ asset     │ search system-b6ff5e31-6c94-479a-b567-729def3b6b5b is loaded    │ PASS   │        931ns │
│ system  │                 │ asset     │ search system-b856c615-5136-4e02-9c3b-14c6576e16e1 is loaded    │ PASS   │      1.068µs │
│ system  │                 │ asset     │ search system-ba83542b-5838-41ce-a569-bc7b9c8c0a87 is loaded    │ PASS   │        935ns │
│ system  │                 │ asset     │ search system-cc7c88b4-22c4-4f42-8b5b-3466000a3b32 is loaded    │ PASS   │        938ns │
│ system  │                 │ asset     │ search system-cd3d5a1b-aeb6-4bf0-b45e-adf7837b3fa1 is loaded    │ PASS   │      1.037µs │
│ system  │                 │ asset     │ search system-dd3e3d90-8f72-4f04-ba7d-de0051bc1749 is loaded    │ PASS   │        979ns │
│ system  │                 │ asset     │ search system-e629186d-6a2a-4469-a060-bac42926f5d3 is loaded    │ PASS   │       1.07µs │
│ system  │                 │ asset     │ search system-f21d4873-7987-480e-8110-1fda397c3e0d is loaded    │ PASS   │      1.046µs │
│ system  │                 │ asset     │ search system-f6a50ac5-d9cd-469c-8169-0d4fc5c0bef5 is loaded    │ PASS   │      1.068µs │
│ system  │                 │ asset     │ search system-f6dbb7a7-25a5-4d42-9e64-8cb6cd9e173c is loaded    │ PASS   │      1.058µs │
│ system  │ application     │ asset     │ index_template logs-system.application is loaded                │ PASS   │        395ns │
│ system  │ application     │ asset     │ ingest_pipeline logs-system.application-2.1.0 is loaded         │ PASS   │        227ns │
│ system  │ auth            │ asset     │ index_template logs-system.auth is loaded                       │ PASS   │        354ns │
│ system  │ auth            │ asset     │ ingest_pipeline logs-system.auth-2.1.0 is loaded                │ PASS   │        199ns │
│ system  │ core            │ asset     │ index_template metrics-system.core is loaded                    │ PASS   │        417ns │
│ system  │ cpu             │ asset     │ index_template metrics-system.cpu is loaded                     │ PASS   │        467ns │
│ system  │ diskio          │ asset     │ index_template metrics-system.diskio is loaded                  │ PASS   │        412ns │
│ system  │ filesystem      │ asset     │ index_template metrics-system.filesystem is loaded              │ PASS   │        430ns │
│ system  │ fsstat          │ asset     │ index_template metrics-system.fsstat is loaded                  │ PASS   │        504ns │
│ system  │ load            │ asset     │ index_template metrics-system.load is loaded                    │ PASS   │        921ns │
│ system  │ memory          │ asset     │ index_template metrics-system.memory is loaded                  │ PASS   │      1.053µs │
│ system  │ network         │ asset     │ index_template metrics-system.network is loaded                 │ PASS   │        478ns │
│ system  │ process         │ asset     │ index_template metrics-system.process is loaded                 │ PASS   │        573ns │
│ system  │ process_summary │ asset     │ index_template metrics-system.process.summary is loaded         │ PASS   │        540ns │
│ system  │ security        │ asset     │ index_template logs-system.security is loaded                   │ PASS   │        566ns │
│ system  │ security        │ asset     │ ingest_pipeline logs-system.security-2.1.0 is loaded            │ PASS   │        471ns │
│ system  │ socket_summary  │ asset     │ index_template metrics-system.socket_summary is loaded          │ PASS   │        559ns │
│ system  │ syslog          │ asset     │ index_template logs-system.syslog is loaded                     │ PASS   │        748ns │
│ system  │ syslog          │ asset     │ ingest_pipeline logs-system.syslog-2.1.0 is loaded              │ PASS   │        425ns │
│ system  │ system          │ asset     │ index_template logs-system.system is loaded                     │ PASS   │        615ns │
│ system  │ system          │ asset     │ ingest_pipeline logs-system.system-2.1.0 is loaded              │ PASS   │        451ns │
│ system  │ uptime          │ asset     │ index_template metrics-system.uptime is loaded                  │ PASS   │        726ns │
╰─────────┴─────────────────┴───────────┴─────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done
Run static tests for the package
--- Test results for package: system - START ---
╭─────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ system  │ security    │ static    │ Verify sample_event.json │ PASS   │ 146.062149ms │
╰─────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done

Related issues

Screenshot

image
image

@janvi-elastic janvi-elastic requested review from a team as code owners May 7, 2025 15:31
@andrewkroh andrewkroh added Integration:system System Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels May 7, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 7, 2025

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@janvi-elastic
Copy link
Copy Markdown
Contributor Author

janvi-elastic commented May 8, 2025

Hi @jamiehynds ,@kcreddy , @efd6,
In this PR, the system test for the auth data stream is failing. We have identified that this is a known issue, which is being tracked here: elastic/integrations#12610.

@marc-gr
Copy link
Copy Markdown
Contributor

marc-gr commented May 19, 2025

LGMT in general, just a couple of things:

@janvi-elastic
Copy link
Copy Markdown
Contributor Author

janvi-elastic commented May 20, 2025

@marc-gr

  • We already have this script of removing empty values in default.yml:

    integrations/packages/system/data_stream/security/elasticsearch/ingest_pipeline/default.yml

    Lines 8 to 13 in 967f515

    - script:
    tag: remove_empty_values_from_event_data
    description: Remove all empty values from event_data.
    lang: painless
    source: ctx.winlog?.event_data?.entrySet().removeIf(entry -> [null, "", "-", "{00000000-0000-0000-0000-000000000000}"].contains(entry.getValue()))
    if: ctx.winlog?.event_data instanceof Map
  • We will update the forwarded data stream and raise a new PR for windows, once this PR will get merged.

@botelastic
Copy link
Copy Markdown

botelastic bot commented Jun 19, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jun 19, 2025
@botelastic botelastic bot removed the Stalled label Jun 30, 2025
@piyush-elastic
Copy link
Copy Markdown
Contributor

piyush-elastic commented Jun 30, 2025

@marc-gr - If you are done with review, can you help me with your approval please?

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jul 1, 2025
marc-gr
marc-gr approved these changes Jul 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM just needs to fix the changelog/manifest

nfritts
nfritts approved these changes Jul 7, 2025
View reviewed changes
Copy link
Copy Markdown

@nfritts nfritts left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving for the linux team... I'm not sure they really have anything to contribute to this PR even though they own a couple of the files.

@janvi-elastic
Copy link
Copy Markdown
Contributor Author

janvi-elastic commented Jul 7, 2025

LGTM just needs to fix the changelog/manifest

@marc-gr I have fixed the changelog and manifest.

@andrewkroh andrewkroh added the enhancement New feature or request label Jul 14, 2025
@jamiehynds
Copy link
Copy Markdown

jamiehynds commented Jul 16, 2025

@marc-gr @janvi-elastic is this PR ready for merge yet or still waiting on CI to pass?

@piyush-elastic
Copy link
Copy Markdown
Contributor

piyush-elastic commented Jul 17, 2025

@marc-gr @janvi-elastic is this PR ready for merge yet or still waiting on CI to pass?

@jamiehynds – Everything is done from our side, except for the CI issue, which we aren’t able to fix from our end. @marc-gr Let me know if there’s anything else you’re expecting from us.

@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented Jul 18, 2025

Everything is done from our side, except for the CI issue, which we aren’t able to fix from our end.

@piyush-elastic, as per the CI error:

test case failed: one or more errors found in documents stored in logs-system.auth-68388 data stream: [0] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1710)
[1] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1721)
[2] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1723)
[3] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1743)
[4] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 26538)

You could ignore numeric fields using numeric_keyword_fields option inside system test config for the failing data stream.
Example.

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 18, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] label Jul 18, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 18, 2025

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 24, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Jul 24, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
98.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@janvi-elastic
Copy link
Copy Markdown
Contributor Author

janvi-elastic commented Jul 24, 2025

@kcreddy - We have followed your comment and could see CI ran successfully. Kindly have a look and help with your approval please.

@marc-gr marc-gr merged commit 7180742 into elastic:main Jul 24, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 24, 2025

Package system - 2.5.0 containing this change is available at https://epr.elastic.co/package/system/2.5.0/

@mrodm
Copy link
Copy Markdown
Collaborator

mrodm commented Jul 24, 2025
edited
Loading

Hi @janvi-elastic
when trying to install this version in a local Elastic cluster (via elastic-package) via UI, it gives me this error:

Error while compiling agent template: Parse error on line 26: ...}include_xml: true{{/if}}{{#if proces ---------------------^ Expecting 'EOF', got 'OPEN_ENDBLOCK'

Could it be related to this PR ?

Looking at one of the Agent configurations updated here, probably there is an extra {{/if}}

integrations/packages/system/data_stream/security/agent/stream/winlog.yml.hbs

Line 26 in a9951ab

{{/if}}

cc @marc-gr

@janvi-elastic
Copy link
Copy Markdown
Contributor Author

janvi-elastic commented Jul 24, 2025

Hey @mrodm ,
I have raised PR for the fix.

@andrewkroh
Copy link
Copy Markdown
Member

andrewkroh commented Jul 30, 2025

We are reverting the preserve_duplicate_custom_fields change in #14756 because it causes unintended breaking changes to existing installations by removing fields that previously existed by default. As a secondary effect, this leads to false positives in some detection rules that use those fields as exclusions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kfirpeled kfirpeled kfirpeled left review comments

@marc-gr marc-gr marc-gr approved these changes

@nfritts nfritts nfritts approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

Assignees

No one assigned

Labels

Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:system System Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.