Skip to content

aws: fix handling of last response body in guardduty data stream#14525

Merged
efd6 merged 1 commit intoelastic:mainfrom
efd6:14491-aws
Jul 16, 2025
Merged

aws: fix handling of last response body in guardduty data stream#14525
efd6 merged 1 commit intoelastic:mainfrom
efd6:14491-aws

Conversation

@efd6
Copy link
Copy Markdown
Contributor

@efd6 efd6 commented Jul 14, 2025
edited
Loading

Proposed commit message

aws: fix handling of last response body in guardduty data stream

The previous code would access .last_response.body.findings and assess
its size. However, is the findings field is not present, which is
expected in the first part of the chain, the template fails with a map
look-up error. Instead, use the index helper to allow us to more gently
probe for the presence of the field, only preceeding if it is non-zero.
This does not fix the issue, but does allow us to handle it by logic
changes in the input.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jul 14, 2025
@efd6 efd6 added Integration:aws AWS bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 14, 2025
@efd6 efd6 force-pushed the 14491-aws branch 2 times, most recently from 11fe4a5 to d3967f7 Compare July 14, 2025 06:34
@efd6 efd6 mentioned this pull request Jul 14, 2025
Merged
6 tasks
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 14, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review July 14, 2025 21:53
@efd6 efd6 requested review from a team as code owners July 14, 2025 21:53
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 14, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

This was referenced Jul 15, 2025
Merged
Merged
Merged
@efd6
aws: fix handling of last response body in guardduty data stream
b810cb5 
The previous code would access .last_response.body.findings and assess
its size. However, is the findings field is not present, which is
expected in the first part of the chain, the template fails with a map
look-up error. Instead, use the index helper to allow us to more gently
probe for the presence of the field, only preceeding if it is non-zero.
This does not fix the issue, but does allow us to handle it by logic
changes in the input.
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 16, 2025

💚 Build Succeeded

History

cc @efd6

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Jul 16, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 merged commit fe60a72 into elastic:main Jul 16, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 16, 2025

Package aws - 3.13.1 containing this change is available at https://epr.elastic.co/package/aws/3.13.1/

@navnit-elastic navnit-elastic mentioned this pull request Jul 30, 2025
Merged
5 tasks
kcreddy added a commit that referenced this pull request Aug 19, 2025
@kcreddy
{m365_defender,microsoft_defender_endpoint}: Add mapping and transfor…
b40b443 
…m for CDR workflows (#14809)

Add support for CDR Cloud Native Vulnerability Management (CNVM)[1] workflow by 
adding necessary mappings and latest transform.

Also fixes agent degradation from httpjson's empty cursor happening in 
log data stream using "ignore_empty_value". Similar to [2].

[1] https://www.elastic.co/guide/en/security/current/vuln-management-overview.html
[2] #14525
@efd6 efd6 mentioned this pull request Oct 7, 2025
Closed
tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@kcreddy
{m365_defender,microsoft_defender_endpoint}: Add mapping and transfor…
a35a0de 
…m for CDR workflows (elastic#14809)

Add support for CDR Cloud Native Vulnerability Management (CNVM)[1] workflow by 
adding necessary mappings and latest transform.

Also fixes agent degradation from httpjson's empty cursor happening in 
log data stream using "ignore_empty_value". Similar to [2].

[1] https://www.elastic.co/guide/en/security/current/vuln-management-overview.html
[2] elastic#14525
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @chemamartinez