Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECURITY-ENDPOINT: add fields for events to metadata document #70491

Merged
merged 2 commits into from
Jul 2, 2020
Merged

SECURITY-ENDPOINT: add fields for events to metadata document #70491

merged 2 commits into from
Jul 2, 2020

Conversation

nnamdifrankie
Copy link
Contributor

Summary

Issue:
https://github.com/elastic/endpoint-app-team/issues/492

  • add event fields to metadata type
  • update generator

Checklist

@nnamdifrankie nnamdifrankie requested review from a team as code owners July 1, 2020 18:21
@nnamdifrankie nnamdifrankie added release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0 labels Jul 1, 2020
jonathan-buttner
jonathan-buttner reviewed Jul 1, 2020
View reviewed changes
x-pack/plugins/security_solution/common/endpoint/types.ts Outdated
@@ -399,6 +399,13 @@ export type HostMetadata = Immutable<{
'@timestamp': number;
event: {
created: number;
kind: string;
id: string;
category: string;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

x-pack/plugins/security_solution/common/endpoint/generate_data.ts Outdated
@@ -363,6 +363,13 @@ export class EndpointDocGenerator {
'@timestamp': ts,
event: {
created: ts,
id: this.seededUUIDv4(),
kind: 'metric',
category: 'host',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

My suggestion would be to mimic that and do category: ['host'] type: ['info']

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nnamdifrankie nnamdifrankie merged commit e9b81f7 into elastic:master Jul 2, 2020
@nnamdifrankie nnamdifrankie deleted the EMT-492_add_event_fields branch July 2, 2020 02:50
nnamdifrankie added a commit to nnamdifrankie/kibana that referenced this pull request Jul 2, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add fields for events to metadata document (elasti…
6fb5283 
…c#70491)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
@nnamdifrankie nnamdifrankie mentioned this pull request Jul 2, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 2, 2020
@gmmorris
Merge branch 'master' into alerting/built-in-alerts-feature
0e001e6 
* master: (46 commits)
  [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688)
  Use dynamic: false for config saved object mappings (elastic#70436)
  [Ingest Pipelines] Error messages (elastic#70167)
  [APM] Show transaction rate per minute on Observability Overview page (elastic#70336)
  Filter out error when calculating a label (elastic#69934)
  [Visualizations] Each visType returns its supported triggers (elastic#70177)
  [Telemetry] Report data shippers (elastic#64935)
  Reduce SavedObjects mappings for Application Usage (elastic#70475)
  [Lens] fix dimension label performance issues (elastic#69978)
  Skip failing endgame tests (elastic#70548)
  [SIEM] Reenabling Cypress tests (elastic#70397)
  [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707)
  [Security] Adds field mapping support to rule creation (elastic#70288)
  SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491)
  Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130)
  [SIEM][Exceptions] - Exception builder component (elastic#67013)
  [Ingest Manager] Rename data sources to package configs (elastic#70259)
  skip suites blocking es snapshot promomotion (elastic#70532)
  [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503)
  fix export response (elastic#70473)
  ...
nnamdifrankie added a commit that referenced this pull request Jul 2, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add fields for events to metadata document (#70491) (
719814f 
#70547)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathan-buttner jonathan-buttner jonathan-buttner approved these changes

@kevinlog kevinlog kevinlog approved these changes

Assignees
No one assigned
Labels
release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@nnamdifrankie @kibanamachine @elasticmachine @jonathan-buttner @kevinlog @MindyRS @LeeDr