Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Winlogbeat] Update sysmon pipeline with latest changes from integration #31556

Merged
merged 3 commits into from
May 10, 2022
Merged

[Winlogbeat] Update sysmon pipeline with latest changes from integration #31556

merged 3 commits into from
May 10, 2022

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented May 9, 2022
edited
Loading

What does this PR do?

Updates Winlogbeat's sysmon ingest pipeline with changes from the integrations package:

Why is it important?

Keeps Beats & integrations in sync.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Note that there's currently no automated test in place for the ingest pipelines in Winlogbeat, but the pipeline is tested in the integrations repo. See #30406

Related issues

@adriansr adriansr requested a review from a team as a code owner May 9, 2022 13:25
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2022
@adriansr adriansr changed the title Wb sysmon slash eventdata [Winlogbeat] Update sysmon pipeline with latest changes from integration May 9, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2022
@adriansr adriansr added review needs_team Indicates that the issue/PR needs a Team:* label labels May 9, 2022
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2022
@elasticmachine
Copy link
Collaborator

elasticmachine commented May 9, 2022
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-10T10:12:29.354+0000

  • Duration: 42 min 38 sec

Test stats 🧪

Test Results
Failed 0
Passed 336
Skipped 0
Total 336

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@mergify
Copy link
Contributor

mergify bot commented May 9, 2022

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b wb_sysmon_slash_eventdata upstream/wb_sysmon_slash_eventdata
git merge upstream/main
git push upstream wb_sysmon_slash_eventdata

@adriansr adriansr merged commit 0c20dbb into elastic:main May 10, 2022
@adriansr adriansr deleted the wb_sysmon_slash_eventdata branch May 10, 2022 15:01
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@adriansr @chrisberkhout
[Winlogbeat] Update sysmon pipeline with latest changes from integrat…
7e984e6 
…ion (#31556)

Updates Winlogbeat's sysmon ingest pipeline with changes from the integrations package:

- Support for Sysmon Registry non-QWORD/DWORD events integrations#2962 (enhancement)
- Drop unset fields in sysmon_operational data stream integrations#3283 (bug)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@adriansr adriansr

Labels
bug enhancement review Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sysmon events have their parent process ingested as "-" when this information is missing
3 participants
@adriansr @elasticmachine @efd6