Skip to content

auditd: relax field_split pattern and handle AVC header#8748

Merged
efd6 merged 1 commit intoelastic:mainfrom
efd6:auditd_kv_relax
Dec 19, 2023
Merged

auditd: relax field_split pattern and handle AVC header#8748
efd6 merged 1 commit intoelastic:mainfrom
efd6:auditd_kv_relax

Conversation

@efd6
Copy link
Copy Markdown
Contributor

@efd6 efd6 commented Dec 18, 2023

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Dec 18, 2023
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 18, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-12-18T21:13:57.990+0000

  • Duration: 16 min 36 sec

Test stats 🧪

Test Results
Failed 0
Passed 10
Skipped 0
Total 10

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 18, 2023

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 18, 2023

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 5.556
Classes 100.0% (1/1) 💚 5.556
Methods 100.0% (15/15) 💚 22.597
Lines 98.063% (2228/2272) 👍 11.98
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review December 18, 2023 21:33
@efd6 efd6 requested a review from a team as a code owner December 18, 2023 21:33
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 18, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

kcreddy
kcreddy approved these changes Dec 19, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏼
Just wanted to check if capability and permissive could be numbers only, and thus should be defined as non-keyword type?

@efd6
Copy link
Copy Markdown
Contributor Author

efd6 commented Dec 19, 2023
edited
Loading

AFAICS they are always numbers, but capability is a keyword elsewhere in our schema. Same with permissive.

@efd6 efd6 merged commit 4412955 into elastic:main Dec 19, 2023
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 19, 2023

Package auditd - 3.19.0 containing this change is available at https://epr.elastic.co/search?package=auditd

1 similar comment
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 19, 2023

Package auditd - 3.19.0 containing this change is available at https://epr.elastic.co/search?package=auditd

v1v added a commit that referenced this pull request Dec 21, 2023
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
3e599b5 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
qcorporation pushed a commit that referenced this pull request Feb 3, 2025
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
7a91099 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
qcorporation pushed a commit that referenced this pull request Feb 4, 2025
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
2b2dec7 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
@efd6 efd6 deleted the auditd_kv_relax branch February 5, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@efd6 efd6

Labels

enhancement New feature or request Integration:auditd Auditd Logs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @kcreddy