Skip to content

[suricata] Handle empty tls data #10756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 10, 2024
Merged

[suricata] Handle empty tls data #10756

merged 4 commits into from
Aug 10, 2024

Conversation

mjwolf
Copy link
Contributor

@mjwolf mjwolf commented Aug 9, 2024

Proposed commit message

It's possible for Suricata logs to have app_proto=tls, but not provide a tls object. This will handle this case by checking for the existing of the tls object before running the tls pipeline that parses this object.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@mjwolf
[suricata] Handle empty tls data
559e55a 
It's possible for Suricata logs to have app_proto=tls, but not provide a tls
object. This will handle this case by checking for the existing of the tls object before running
the tls pipeline that parses this object.
@mjwolf mjwolf added the bugfix Pull request that fixes a bug issue label Aug 9, 2024
@mjwolf mjwolf self-assigned this Aug 9, 2024
@mjwolf mjwolf requested a review from a team as a code owner August 9, 2024 22:23
@andrewkroh andrewkroh added Integration:suricata Suricata Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Aug 9, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

andrewkroh
andrewkroh approved these changes Aug 9, 2024
View reviewed changes
mjwolf and others added 2 commits August 9, 2024 16:52
@mjwolf @andrewkroh
Update packages/suricata/data_stream/eve/elasticsearch/ingest_pipelin…
96c3b2c 
…e/default.yml

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@mjwolf
fix changelog formatting
c246f33
@mjwolf mjwolf enabled auto-merge (squash) August 9, 2024 23:57
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mjwolf

@mjwolf mjwolf merged commit 7e635a4 into elastic:main Aug 10, 2024
3 checks passed
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

Package suricata - 2.21.2 containing this change is available at https://epr.elastic.co/search?package=suricata

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@mjwolf @andrewkroh
[suricata] Handle empty tls data (elastic#10756)
c757c6e 
It's possible for Suricata logs to have app_proto=tls, but not provide a tls
object. This will handle this case by checking for the existing of the tls object before running
the tls pipeline that parses this object.

---------

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@mjwolf @andrewkroh
[suricata] Handle empty tls data (elastic#10756)
cfb10b1 
It's possible for Suricata logs to have app_proto=tls, but not provide a tls
object. This will handle this case by checking for the existing of the tls object before running
the tls pipeline that parses this object.

---------

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@mjwolf mjwolf deleted the suricata_tls_fix branch February 5, 2025 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@mjwolf mjwolf

Labels
bugfix Pull request that fixes a bug issue Integration:suricata Suricata Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mjwolf @elasticmachine @andrewkroh