Skip to content

[BugFix] Set event.kind to event on AWS WAF events#18128

Merged
w0rk3r merged 2 commits intomainfrom
sdh_aws_waf
Mar 31, 2026
Merged

[BugFix] Set event.kind to event on AWS WAF events#18128
w0rk3r merged 2 commits intomainfrom
sdh_aws_waf

Conversation

@w0rk3r
Copy link
Copy Markdown
Contributor

@w0rk3r w0rk3r commented Mar 30, 2026

Proposed commit message

Revert `event.kind` to `event` on AWS WAF events.

Summary

We modified the event.kind on #16515 to use the default promotion detection rule with these events, but the FP rate is causing problems to our customers. This PR reverts that change, we are going to revisit WAF events in the future with dedicated promotion rules that will not require the event.kind change.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@w0rk3r w0rk3r self-assigned this Mar 30, 2026
@w0rk3r w0rk3r requested review from a team as code owners March 30, 2026 16:27
@w0rk3r w0rk3r added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:aws AWS bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 30, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Mar 30, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026
edited
Loading

✅ Vale Linting Results

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

w0rk3r
w0rk3r commented Mar 30, 2026
View reviewed changes
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Mar 30, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Mar 30, 2026

💚 Build Succeeded

cc @w0rk3r

@w0rk3r w0rk3r merged commit b84b5fe into main Mar 31, 2026
12 checks passed
@w0rk3r w0rk3r deleted the sdh_aws_waf branch March 31, 2026 10:13
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Mar 31, 2026

Package aws - 6.4.2 containing this change is available at https://epr.elastic.co/package/aws/6.4.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@w0rk3r w0rk3r

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@w0rk3r @elasticmachine @andrewkroh