Skip to content

[sei] Add checks to avoid overriding event.original if present #8269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 103 commits into from
Oct 24, 2023
Merged

[sei] Add checks to avoid overriding event.original if present #8269

merged 103 commits into from
Oct 24, 2023

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Oct 23, 2023
edited
Loading

Proposed commit message

Add checks to avoid overriding event.original if present.
On some setups (ie Logstash sends data to ES) event.original might be already present in the event body. Currently most of our integrations do not have a null check for it before trying to set it, leading to errors on these circumstances. By adding the required checks we improve handling in this setups.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@marc-gr marc-gr force-pushed the feat/event.original-check branch from b8528f5 to 5485e2c Compare October 23, 2023 10:55
@elasticmachine
Copy link

Package vectra_detect - 1.5.0 containing this change is available at https://epr.elastic.co/search?package=vectra_detect

@elasticmachine
Copy link

Package zeek - 2.20.0 containing this change is available at https://epr.elastic.co/search?package=zeek

@elasticmachine
Copy link

Package zerofox - 1.20.0 containing this change is available at https://epr.elastic.co/search?package=zerofox

@elasticmachine
Copy link

Package zeronetworks - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=zeronetworks

@elasticmachine
Copy link

Package zscaler_zia - 2.16.0 containing this change is available at https://epr.elastic.co/search?package=zscaler_zia

@elasticmachine
Copy link

Package zscaler_zpa - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=zscaler_zpa

@janvi-elastic janvi-elastic mentioned this pull request Oct 25, 2023
Merged
15 tasks
@taylor-swanson taylor-swanson mentioned this pull request Mar 4, 2024
Closed
@andrewkroh andrewkroh added Integration:akamai Akamai (Community supported) Integration:arista_ngfw Arista NG Firewall (Community supported) Integration:atlassian_bitbucket Atlassian Bitbucket (Community supported) Integration:bitdefender BitDefender (Community supported) Integration:bitwarden Bitwarden Integration:box_events Box Events Integration:cisco_nexus Cisco Nexus Integration:1password 1Password (Partner supported) Integration:cisco_aironet Cisco Aironet (Community supported) Integration:cisco_ftd Cisco FTD Integration:cisco_meraki Cisco Meraki Integration:amazon_security_lake Amazon Security Lake Integration:atlassian_confluence Atlassian Confluence (Community supported) Integration:auditd Auditd Logs Integration:carbon_black_cloud VMware Carbon Black Cloud Integration:cisco_asa Cisco ASA Integration:cisco_duo Cisco Duo Integration:cisco_ise Cisco ISE Integration:atlassian_jira Atlassian Jira (Community supported) Integration:barracuda Barracuda Web Application Firewall Integration:barracuda_cloudgen_firewall Barracuda CloudGen Firewall Logs Integration:checkpoint Check Point labels Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:akamai Akamai (Community supported) Integration:amazon_security_lake Amazon Security Lake Integration:arista_ngfw Arista NG Firewall (Community supported) Integration:atlassian_bitbucket Atlassian Bitbucket (Community supported) Integration:atlassian_confluence Atlassian Confluence (Community supported) Integration:atlassian_jira Atlassian Jira (Community supported) Integration:auditd Auditd Logs Integration:barracuda_cloudgen_firewall Barracuda CloudGen Firewall Logs Integration:barracuda Barracuda Web Application Firewall Integration:bitdefender BitDefender (Community supported) Integration:bitwarden Bitwarden Integration:box_events Box Events Integration:carbon_black_cloud VMware Carbon Black Cloud Integration:checkpoint Check Point Integration:cisco_aironet Cisco Aironet (Community supported) Integration:cisco_asa Cisco ASA Integration:cisco_duo Cisco Duo Integration:cisco_ftd Cisco FTD Integration:cisco_ise Cisco ISE Integration:cisco_meraki Cisco Meraki Integration:cisco_nexus Cisco Nexus Integration:1password 1Password (Partner supported)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SEI] Add check for event.original rename/set to avoid issues with Logstash events
5 participants
@marc-gr @elasticmachine @efd6 @kcreddy @andrewkroh