Skip to content

aws.securityhub_findings: Add fields to _source as needed by CDR workflows #11607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

aws.securityhub_findings: Add fields to _source as needed by CDR workflows #11607

wants to merge 5 commits into from

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Oct 31, 2024
edited
Loading

Proposed commit message

Add cloud.provider, event.kind, and observer.vendor fields to
_source as needed by CDR workflows.

The commit here removed the fields from _source. But the fields are required to be
present in _source for Cloud Detection and Response (CDR) workflows. This PR reverts
the changes made in that commit and re-adds the fields into the ingest pipeline.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Related issues

Sample documents after the change:

  1. Source index: _source-updated-document-destination-index.json
  2. Destination index: _source-updated-document-source-index.json

@andrewkroh andrewkroh added Integration:aws AWS Integration:ti_crowdstrike CrowdStrike Falcon Intelligence labels Oct 31, 2024
@kcreddy
Copy link
Contributor Author

kcreddy commented Oct 31, 2024

Closing in favor of 11608

@kcreddy kcreddy closed this Oct 31, 2024
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
61.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

@kcreddy kcreddy deleted the aws-sechub-source-fields branch February 7, 2025 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Integration:aws AWS Integration:ti_crowdstrike CrowdStrike Falcon Intelligence
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kcreddy @elasticmachine @andrewkroh