[Azure] Add Microsoft Graph Activity Logs datastream by kcreddy · Pull Request #9314 · elastic/integrations

kcreddy · 2024-03-08T14:02:52Z

Proposed commit message

Add Microsoft Graph Activity Logs datastream.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package build && elastic-package stack up -d -v && eval "$(elastic-package stack shellinit)" && elastic-package test pipeline --generate -v

Related issues

Closes [New Data] Azure Graph Activity Logs #8555

Screenshots

elasticmachine · 2024-03-08T14:16:07Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine · 2024-03-08T14:16:57Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

jamiehynds · 2024-03-08T18:21:16Z

fyi @aarju - any feedback you have around dashboards, docs, mappings, etc very welcome :)

aarju · 2024-03-13T09:14:22Z

fyi @aarju - any feedback you have around dashboards, docs, mappings, etc very welcome :)

@jamiehynds I don't have any feedback at this time, but I'm looking forward to testing out this integration and I may have some feedback after using it with some live data.

packages/azure/data_stream/graphactivitylogs/agent/stream/azure-eventhub.yml.hbs

packages/azure/data_stream/graphactivitylogs/agent/stream/log.yml.hbs

packages/azure/data_stream/graphactivitylogs/fields/fields.yml

.../azure/data_stream/graphactivitylogs/elasticsearch/ingest_pipeline/azure-shared-pipeline.yml

packages/azure/data_stream/graphactivitylogs/elasticsearch/ingest_pipeline/default.yml

efd6 · 2024-03-14T02:27:05Z

packages/azure/data_stream/graphactivitylogs/elasticsearch/ingest_pipeline/default.yml

+      source: ctx.message = ctx.message.replace(params.empty_field_name, '')
+      params:
+        empty_field_name: '"":"",'
+      ignore_failure: true
+      tag: script-message-emptyfields


This is a surprising order of fields.

It is. I took a base ingest pipeline template and modified for this usecase.
This processor is present in most of the package's datastreams. I wonder if its even required here. Might as well remove it.

Removed this processor in the new commit.

packages/azure/data_stream/graphactivitylogs/elasticsearch/ingest_pipeline/default.yml

elasticmachine · 2024-03-14T07:40:27Z

💚 Build Succeeded

Buildkite Build
Commit: 208825c

History

💚 Build #9566 succeeded 616e021
💚 Build #9454 succeeded b15ba45

cc @kcreddy

elastic-sonarqube · 2024-03-14T07:40:28Z

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
89.0% 89.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

elasticmachine · 2024-03-15T08:52:56Z

Package azure - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=azure

kcreddy · 2024-03-15T08:54:36Z

@jamiehynds I don't have any feedback at this time, but I'm looking forward to testing out this integration and I may have some feedback after using it with some live data.

@aarju This feature is now available. Please feel free to test and provide feedback. Thanks 😄

kcreddy added 30 commits June 7, 2022 19:47

auth0: updated title

ff492e4

Merge branch 'main' of https://github.com/kcreddy/integrations

17e28c9

cisco_merki: updated title

0e9e1a9

azure: updated title

0ef03b1

cef: updated title

8718cc0

cisco_secure_endpoint: updated title

36bf06d

crowdStrike: updated title

67ca3a3

httpjson: updated title

414262b

cyberarkpas: updated title

a519be2

Fireeye: updated title

7bc4125

Fortinet: updated title

179b373

santa: updated title

ceae4c3

google_workspace: updated title

7261205

iptables: updated title

b45b6f9

m365_defender: updated title

47259a8

o365: updated title

73a1d9c

okta: updated title

9be35b3

panw_cortex_xdr: updated title

104cd81

panw: updated title

2dc7e3e

pfSense: updated title

7ca05cd

sophos: updated title

62918d1

suricata: updated title

446b2e9

zeek: updated title

78e4c1e

Merge remote-tracking branch 'upstream/main'

130713a

update description to align with standard wording

051e840

Merge remote-tracking branch 'upstream/main'

392e0c0

change version

6367d9e

change from minor to patch

e13887f

Merge remote-tracking branch 'upstream/main'

686cb32

fix version

9864132

kcreddy added 6 commits February 14, 2024 17:19

Merge remote-tracking branch 'upstream/main'

e816174

Remove ignore failure from web ingest pipeline

1c2fcea

Merge remote-tracking branch 'upstream/main'

7c0c20c

Merge remote-tracking branch 'upstream/main'

1d73ba1

Add new datastream GraphActivityLogs

087f6f5

Update PR number

b15ba45

kcreddy self-assigned this Mar 8, 2024

kcreddy added Integration:azure Azure Logs enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 8, 2024

kcreddy marked this pull request as ready for review March 8, 2024 14:16

kcreddy requested review from a team as code owners March 8, 2024 14:16

update logo

616e021

efd6 reviewed Mar 14, 2024

View reviewed changes

address PR comments

208825c

kcreddy requested a review from efd6 March 14, 2024 07:57

efd6 approved these changes Mar 14, 2024

View reviewed changes

kcreddy merged commit 6d5ef11 into elastic:main Mar 15, 2024

kcreddy deleted the azure-graphactivity branch February 7, 2025 08:39

github-actions bot mentioned this pull request Apr 8, 2026

[Spike] Entra ID: Evaluate Graph API as alternative to Azure Event Hubs #18289

Open

Conversation

kcreddy commented Mar 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

How to test this PR locally

Related issues

Screenshots

Uh oh!

elasticmachine commented Mar 8, 2024

🚀 Benchmarks report

Uh oh!

elasticmachine commented Mar 8, 2024

Uh oh!

jamiehynds commented Mar 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

aarju commented Mar 13, 2024

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

efd6 Mar 14, 2024

Choose a reason for hiding this comment

Uh oh!

kcreddy Mar 14, 2024

Choose a reason for hiding this comment

Uh oh!

kcreddy Mar 14, 2024

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

elasticmachine commented Mar 14, 2024

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented Mar 14, 2024

Quality Gate passed

Uh oh!

elasticmachine commented Mar 15, 2024

Uh oh!

kcreddy commented Mar 15, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

kcreddy commented Mar 8, 2024 •

edited

Loading

jamiehynds commented Mar 8, 2024 •

edited

Loading