Skip to content

ssi_all: do not remove event.original in main ingest pipeline #12076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Dec 13, 2024
Merged

ssi_all: do not remove event.original in main ingest pipeline #12076

merged 0 commits into from
Dec 13, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Dec 11, 2024
edited
Loading

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Dec 11, 2024
@efd6 efd6 self-assigned this Dec 11, 2024
@efd6 efd6 force-pushed the 12046-ssi-removes branch from 67a73eb to cbd28eb Compare December 11, 2024 23:34
@efd6 efd6 added Integration:symantec_endpoint Symantec Endpoint Protection Integration:ti_misp MISP Integration:snyk Snyk Integration:okta Okta Integration:o365 Microsoft Office 365 Integration:f5 F5 Logs (Deprecated) [Integration not found in source] Integration:proofpoint_tap Proofpoint TAP Integration:santa Google Santa Integration:Zscaler (Deprecated) Use ZIA or ZPA specific labels. [Integration not found in source] Integration:panw_cortex_xdr Palo Alto Cortex XDR Integration:ti_cybersixgill Cybersixgill Integration:ti_abusech AbuseCH Integration:ti_otx AlienVault OTX Integration:tenable_sc Tenable Security Center Integration:github GitHub Integration:netskope Netskope Integration:mimecast Mimecast (Partner supported) Integration:cisco_meraki Cisco Meraki Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:jamf_compliance_reporter Jamf Compliance Reporter Integration:sentinel_one SentinelOne Integration:slack Slack Logs (Community supported) Integration:m365_defender Microsoft Defender XDR Integration:pulse_connect_secure Pulse Connect Secure (Community supported) Integration:keycloak Keycloak (Community supported) Integration:mattermost Mattermost (Community supported) labels Dec 11, 2024
@elastic-vault-github-plugin-prod
Copy link

Package tenable_sc - 1.27.0 containing this change is available at https://epr.elastic.co/package/tenable_sc/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package thycotic_ss - 1.10.0 containing this change is available at https://epr.elastic.co/package/thycotic_ss/1.10.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_abusech - 2.5.0 containing this change is available at https://epr.elastic.co/package/ti_abusech/2.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_anomali - 1.25.0 containing this change is available at https://epr.elastic.co/package/ti_anomali/1.25.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_cif3 - 1.16.0 containing this change is available at https://epr.elastic.co/package/ti_cif3/1.16.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_crowdstrike - 2.2.0 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_cybersixgill - 1.32.0 containing this change is available at https://epr.elastic.co/package/ti_cybersixgill/1.32.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_eset - 1.4.0 containing this change is available at https://epr.elastic.co/package/ti_eset/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_maltiverse - 1.4.0 containing this change is available at https://epr.elastic.co/package/ti_maltiverse/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_misp - 1.37.0 containing this change is available at https://epr.elastic.co/package/ti_misp/1.37.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_otx - 1.27.0 containing this change is available at https://epr.elastic.co/package/ti_otx/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_rapid7_threat_command - 2.2.0 containing this change is available at https://epr.elastic.co/package/ti_rapid7_threat_command/2.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_recordedfuture - 1.28.0 containing this change is available at https://epr.elastic.co/package/ti_recordedfuture/1.28.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatconnect - 1.5.0 containing this change is available at https://epr.elastic.co/package/ti_threatconnect/1.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatq - 1.30.0 containing this change is available at https://epr.elastic.co/package/ti_threatq/1.30.0/

@elastic-vault-github-plugin-prod
Copy link

Package tines - 1.14.0 containing this change is available at https://epr.elastic.co/package/tines/1.14.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_edr_cloud - 1.4.0 containing this change is available at https://epr.elastic.co/package/trellix_edr_cloud/1.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package trellix_epo_cloud - 1.13.0 containing this change is available at https://epr.elastic.co/package/trellix_epo_cloud/1.13.0/

@elastic-vault-github-plugin-prod
Copy link

Package trend_micro_vision_one - 1.23.0 containing this change is available at https://epr.elastic.co/package/trend_micro_vision_one/1.23.0/

@elastic-vault-github-plugin-prod
Copy link

Package trendmicro - 2.5.0 containing this change is available at https://epr.elastic.co/package/trendmicro/2.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package vectra_detect - 1.11.0 containing this change is available at https://epr.elastic.co/package/vectra_detect/1.11.0/

@elastic-vault-github-plugin-prod
Copy link

Package wiz - 2.6.0 containing this change is available at https://epr.elastic.co/package/wiz/2.6.0/

@elastic-vault-github-plugin-prod
Copy link

Package zerofox - 1.27.0 containing this change is available at https://epr.elastic.co/package/zerofox/1.27.0/

@elastic-vault-github-plugin-prod
Copy link

Package zeronetworks - 1.17.0 containing this change is available at https://epr.elastic.co/package/zeronetworks/1.17.0/

@elastic-vault-github-plugin-prod
Copy link

Package zscaler_zpa - 1.20.0 containing this change is available at https://epr.elastic.co/package/zscaler_zpa/1.20.0/

@kcreddy kcreddy mentioned this pull request Jan 24, 2025
Merged
7 tasks
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@efd6
ssi_all: do not remove event.original in main ingest pipeline (elasti…
5f56057 
…c#12076)
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@efd6
ssi_all: do not remove event.original in main ingest pipeline (elasti…
13cfe34 
…c#12076)
@efd6 efd6 deleted the 12046-ssi-removes branch February 5, 2025 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:bitdefender BitDefender (Community supported) Integration:bitwarden Bitwarden Integration:cisco_meraki Cisco Meraki Integration:darktrace Darktrace Integration:eset_protect ESET PROTECT Integration:f5 F5 Logs (Deprecated) [Integration not found in source] Integration:falco Falco Integration:forcepoint_web Forcepoint Web Security (Community supported) Integration:forgerock ForgeRock Integration:github GitHub Integration:gitlab GitLab Integration:google_scc Google Security Command Center Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:infoblox_bloxone_ddi Infoblox BloxOne DDI Integration:infoblox_nios Infoblox NIOS Integration:jamf_compliance_reporter Jamf Compliance Reporter Integration:jamf_protect Jamf Protect (Partner supported) Integration:jumpcloud JumpCloud (Community supported) Integration:keycloak Keycloak (Community supported) Integration:lastpass LastPass Integration:lyve_cloud Lyve Cloud (Partner supported) Integration:m365_defender Microsoft Defender XDR Integration:mattermost Mattermost (Community supported) Integration:menlo Menlo Security Integration:microsoft_defender_cloud Microsoft Defender for Cloud Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:microsoft_exchange_online_message_trac Microsoft Exchange Online Message Trace Integration:mimecast Mimecast (Partner supported) Integration:netskope Netskope Integration:o365 Microsoft Office 365 Integration:opencanary OpenCanary (Community supported) Integration:panw_cortex_xdr Palo Alto Cortex XDR Integration:ping_one PingOne Integration:pps Pleasant Password Server (Community supported) Integration:prisma_access Palo Alto Prisma Access Integration:prisma_cloud Palo Alto Prisma Cloud Integration:proofpoint_tap Proofpoint TAP Integration:pulse_connect_secure Pulse Connect Secure (Community supported) Integration:qualys_vmdr Qualys VMDR Integration:rapid7_insightvm Rapid7 InsightVM Integration:santa Google Santa Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Integration:sentinel_one SentinelOne Integration:slack Slack Logs (Community supported) Integration:snyk Snyk Integration:sophos_central Sophos Central Integration:symantec_edr_cloud Symantec EDR Cloud (Deprecated) [Integration not found in source] Integration:symantec_endpoint_security Symantec Endpoint Security Integration:symantec_endpoint Symantec Endpoint Protection Integration:tanium Tanium Integration:teleport Teleport Integration:tenable_io Tenable Vulnerability Management Integration:tenable_sc Tenable Security Center Integration:thycotic_ss Thycotic Secret Server (Community supported) Integration:ti_abusech AbuseCH Integration:ti_anomali Anomali Integration:ti_cif3 Collective Intelligence Framework v3 (Community supported) Integration:ti_crowdstrike CrowdStrike Falcon Intelligence Integration:ti_cybersixgill Cybersixgill Integration:ti_eset ESET Threat Intelligence (Partner supported) Integration:ti_maltiverse Maltiverse (Partner supported) Integration:ti_misp MISP Integration:ti_otx AlienVault OTX Integration:ti_rapid7_threat_command Rapid7 Threat Command (Partner supported) Integration:ti_recordedfuture Recorded Future Integration:ti_threatconnect ThreatConnect (Partner supported) Integration:ti_threatq ThreatQuotient (Partner supported) Integration:tines Tines (Community supported) Integration:trellix_edr_cloud Trellix EDR Cloud Integration:trellix_epo_cloud Trellix ePO Cloud Integration:trendmicro Trend Micro Deep Security Integration:vectra_detect Vectra Detect Integration:wiz Wiz Integration:zerofox ZeroFox (Partner supported) Integration:zeronetworks Zero Networks (Partner supported) Integration:zscaler_zpa Zscaler Private Access Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@efd6 @elasticmachine @chrisberkhout @andrewkroh