Skip to content

Fix Windows event log set IP to correct address#1920

Merged
r00tu53r merged 4 commits intoelastic:masterfrom
r00tu53r:fix/winlog-mapping
Oct 14, 2021
Merged

Fix Windows event log set IP to correct address#1920
r00tu53r merged 4 commits intoelastic:masterfrom
r00tu53r:fix/winlog-mapping

Conversation

@r00tu53r
Copy link
Copy Markdown
Contributor

@r00tu53r r00tu53r commented Oct 14, 2021
edited
Loading

What does this PR do?

Fix Windows event log set IP to correct address

  • Add templating around _ingest._value so that the literal
    value of "_ingest._value" is not set to related.ip
  • Update tests

Closes #1728

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

How to test this PR locally

From package/windows -

elastic-package test pipeline

@r00tu53r
Fix Windows event log set IP to correct address
f87f7f9 
* Add templating around _ingest._value so that the literal
  value of "_ingest._value" is not set to related.ip
* Update tests

Closes elastic#1728
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Oct 14, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@r00tu53r r00tu53r requested a review from P1llus October 14, 2021 06:47
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Oct 14, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-10-14T07:12:10.072+0000

  • Duration: 17 min 37 sec

  • Commit: ddf9267

Test stats 🧪

Test Results
Failed 0
Passed 126
Skipped 0
Total 126

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

P1llus
P1llus approved these changes Oct 14, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! :)

@r00tu53r r00tu53r merged commit d1a255e into elastic:master Oct 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@P1llus P1llus P1llus approved these changes

Assignees

No one assigned

Labels

7.15-candidate 7.16-candidate bug Something isn't working, use only for issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Windows integration for event logs error - sysmon

3 participants

@r00tu53r @elasticmachine @P1llus