Skip to content

[EDR Workflows] Update Osquery and ECS fields schemas #193399

Merged
tomsonpl merged 7 commits intoelastic:mainfrom
tomsonpl:update-osquery
Sep 19, 2024
Merged

[EDR Workflows] Update Osquery and ECS fields schemas #193399
tomsonpl merged 7 commits intoelastic:mainfrom
tomsonpl:update-osquery

Conversation

@tomsonpl
Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl commented Sep 19, 2024
edited by kibanamachine
Loading

@tomsonpl tomsonpl added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Feature:Osquery Security Solution Osquery feature v8.16.0 labels Sep 19, 2024
@tomsonpl tomsonpl self-assigned this Sep 19, 2024
@tomsonpl
Copy link
Copy Markdown
Contributor Author

tomsonpl commented Sep 19, 2024

/ci

@tomsonpl tomsonpl marked this pull request as ready for review September 19, 2024 09:08
@tomsonpl tomsonpl requested a review from a team as a code owner September 19, 2024 09:08
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 19, 2024

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@tomsonpl tomsonpl added the backport:skip This PR does not require backporting label Sep 19, 2024
@tomsonpl tomsonpl marked this pull request as draft September 19, 2024 10:24
@tomsonpl tomsonpl marked this pull request as ready for review September 19, 2024 13:19
@tomsonpl tomsonpl enabled auto-merge (squash) September 19, 2024 13:45
@elastic-vault-github-plugin-prod elastic-vault-github-plugin-prod bot requested a review from a team as a code owner September 19, 2024 14:27
machadoum
machadoum approved these changes Sep 19, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@machadoum machadoum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EA team changes LGTM!

@tomsonpl tomsonpl merged commit f32ba5c into elastic:main Sep 19, 2024
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented Sep 19, 2024

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #84 / discover/esql discover esql view ES|QL in Discover should perform test query correctly

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
osquery 1.0MB 1.0MB +10.4KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @tomsonpl

@kibanamachine kibanamachine mentioned this pull request Sep 20, 2024
Merged
@delanni
Copy link
Copy Markdown
Member

delanni commented Sep 20, 2024

@tomsonpl - the PR has the v.8.16 label, yet it wasn't backported to 8.16 (8.x) - if this PR is not meant for 9.0 only, please remove the backport:skip label, and use backport:prev-minor or backport:version

@tomsonpl
Copy link
Copy Markdown
Contributor Author

tomsonpl commented Sep 20, 2024

Ouch! good call, thanks @delanni

@tomsonpl tomsonpl added backport:version Backport to applied version labels and removed backport:skip This PR does not require backporting labels Sep 20, 2024
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 20, 2024
@tomsonpl
[EDR Workflows] Update Osquery and ECS fields schemas (elastic#193399)
34e09b3 
(cherry picked from commit f32ba5c)
@kibanamachine kibanamachine mentioned this pull request Sep 20, 2024
Merged
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Sep 20, 2024

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Sep 20, 2024
@kibanamachine @tomsonpl
[8.x] [EDR Workflows] Update Osquery and ECS fields schemas (#193399) (
9abf5c2 
…#193576)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[EDR Workflows] Update Osquery and ECS fields schemas
(#193399)](#193399)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"tomasz.ciecierski@elastic.co"},"sourceCommit":{"committedDate":"2024-09-19T16:39:33Z","message":"[EDR
Workflows] Update Osquery and ECS fields schemas
(#193399)","sha":"f32ba5ce6cdcd82bd2de2d865d868c81d578b53a","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","Feature:Osquery","v8.16.0","backport:version"],"title":"[EDR
Workflows] Update Osquery and ECS fields schemas
","number":193399,"url":"https://github.com/elastic/kibana/pull/193399","mergeCommit":{"message":"[EDR
Workflows] Update Osquery and ECS fields schemas
(#193399)","sha":"f32ba5ce6cdcd82bd2de2d865d868c81d578b53a"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193399","number":193399,"mergeCommit":{"message":"[EDR
Workflows] Update Osquery and ECS fields schemas
(#193399)","sha":"f32ba5ce6cdcd82bd2de2d865d868c81d578b53a"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@machadoum machadoum machadoum approved these changes

@joeypoon joeypoon joeypoon approved these changes

@szwarckonrad szwarckonrad szwarckonrad approved these changes

Assignees

@tomsonpl tomsonpl

Labels

backport:version Backport to applied version labels Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.16.0 v9.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@tomsonpl @elasticmachine @kibana-ci @delanni @kibanamachine @machadoum @joeypoon @szwarckonrad