Skip to content

Remove default_pipeline change from Readmes for DGA, PAD, and LotL#15229

Merged
jmcarlock merged 3 commits intomainfrom
fix-ueba-pacakges-default-pipeline-instructions
Sep 8, 2025
Merged

Remove default_pipeline change from Readmes for DGA, PAD, and LotL#15229
jmcarlock merged 3 commits intomainfrom
fix-ueba-pacakges-default-pipeline-instructions

Conversation

@jmcarlock
Copy link
Contributor

@jmcarlock jmcarlock commented Sep 8, 2025
edited
Loading

Proposed commit message

Removes an unnecessary step from dga, pad, and problemchild packages that breaks upstream data streams default_pipeline assignments.

Tested with a Windows VM running Elastic Defend to an Elastic Cloud cluster.

Verified the new installation instructions work, and enrich the data stream indices properly including mappings using LotL. It will work identically with DGA and PAD.

Screenshot 2025-09-08 at 11 54 21 AM Screenshot 2025-09-08 at 11 54 03 AM

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • [ ] I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Tested documentation builds locally with elastic-package.

Related issues

@jmcarlock jmcarlock changed the title remove default_pipeline readme instruction Remove default_pipeline change from Readmes for DGA, PAD, and LotL Sep 8, 2025
@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:pad Privileged Access Detection Integration:problemchild Living off the Land Attack Detection Integration:dga Domain Generation Algorithm Detection labels Sep 8, 2025
@jmcarlock jmcarlock mentioned this pull request Sep 8, 2025
Closed
@jmcarlock jmcarlock marked this pull request as ready for review September 8, 2025 17:10
@jmcarlock jmcarlock requested review from a team as code owners September 8, 2025 17:10
sodhikirti07
sodhikirti07 approved these changes Sep 8, 2025
View reviewed changes
Copy link
Contributor

@sodhikirti07 sodhikirti07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@elasticmachine
Copy link

elasticmachine commented Sep 8, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Sep 8, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@jmcarlock jmcarlock merged commit b745a7e into main Sep 8, 2025
9 checks passed
@jmcarlock jmcarlock deleted the fix-ueba-pacakges-default-pipeline-instructions branch September 8, 2025 17:52
@jmcarlock jmcarlock mentioned this pull request Sep 8, 2025
Closed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Sep 8, 2025

Package dga - 2.3.3 containing this change is available at https://epr.elastic.co/package/dga/2.3.3/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Sep 8, 2025

Package pad - 0.6.3 containing this change is available at https://epr.elastic.co/package/pad/0.6.3/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Sep 8, 2025

Package problemchild - 2.4.2 containing this change is available at https://epr.elastic.co/package/problemchild/2.4.2/

tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@jmcarlock
Remove default_pipeline change from Readmes for DGA, PAD, and LotL (e…
14602e5 
…lastic#15229)

* remove default_pipeline readme instruction

* remove more default_pipeline references

* update PR link
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susan-shu-c susan-shu-c susan-shu-c approved these changes

@sodhikirti07 sodhikirti07 sodhikirti07 approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:dga Domain Generation Algorithm Detection Integration:pad Privileged Access Detection Integration:problemchild Living off the Land Attack Detection

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jmcarlock @elasticmachine @susan-shu-c @sodhikirti07 @andrewkroh