[windows] Add filters to visuals for only AppLocker data to be displayed

[nicpenning]

• Bug

This fixes the visuals in the dashboard for AppLocker so only relevant data is displayed. See: #8969

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.

• I have verified that all data streams collect metrics or logs.

• I have added an entry to my package's changelog.yml file.

• I have verified that Kibana version constraints are current according to guidelines.

• Closes Dashboard issues with "[Windows AppLocker] Audited and Blocked Applications" dashboard as provided by "Windows" integration 1.44.1 #8969

[nicpenning]

This is ready to test.

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

waiting for ci

[belimawr]

/test

[marc-gr]

I think elastic-package check is required to run and commit the changes it does.

[nicpenning]

Okay - So I need to run that command and then push the changes up?

[nicpenning]

elastic-package check has been applied and committed. Please test again!

[marc-gr]

/test

[nicpenning]

I cannot see the build issues now that it's been moved to buildkite. Any chance this can be opened up to community members contributing?

[nicpenning]

Any updates on why this failed? I am kinda blind over here.

[strawgate]

I see a failure of:

Error: can't install the package: could not zip-install package; API status code = 500; response body = {"statusCode":500,"error":"Internal Server Error","message":"Migration function for version 7.11.0 threw an error"}

I'll see if we can get someone to comment about plans for access.

In the meantime please feel free to ping me with @strawgate and I'll grab the logs

[nicpenning]

Thank you. Any idea how that issue can be resolved?

[pierrehilbert]

/test

[nicpenning]

Is this issue sourced from using 8.12.0 when I checked the package?

@strawgate - is it still the same error?

[marc-gr]

Is this issue sourced from using 8.12.0 when I checked the package?

@strawgate - is it still the same error?

Could be, I checked and for 8.12 it passes alright, but CI uses the minimum supported version which is 8.8.0. If you used 8.12 to do the changes that might be the issue. I'd suggest doing them with an 8.8.0 stack (elastic-package stack up -v -d --version=8.8.0)

[nicpenning]

Bummer - Okay, I can do that. Perhaps it is a deeper issue, but it is concerning we must use such an older version of the stack. In an example of a visualization that only exists in the latest, this would likely then be a blocker and not something we can add until the elastic-package tool can keep up? I can reference this issue there if that will help with this side issue. Please let me know!

-Update - Nevermind, I misread your response. This is a CI limitation not an elastic-package one. Disregard! :)

[marc-gr]

I'll take care of fixing this one since not having access to CI complicates things for @nicpenning . Thanks for the work done @nicpenning will update this PR with the fix. 👍

[nicpenning]

👋
Any updates here?

[marc-gr]

/test

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 90505ae

History

• 💔 Build #8584 failed 90792ba
• 💔 Build #8509 failed 90792ba
• 💔 Build #8475 failed 0c73f7e

[elastic-sonarqube]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[nicpenning]

🎉

[elasticmachine]

Package windows - 1.44.3 containing this change is available at https://epr.elastic.co/search?package=windows