Skip to content

[Windows] Fix mapping for powershell.command.invocation_details field #12277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Jan 9, 2025
Merged

[Windows] Fix mapping for powershell.command.invocation_details field #12277

merged 0 commits into from
Jan 9, 2025

Conversation

jen-huang
Copy link
Contributor

Proposed commit message

Windows package is still failing to install on daily CI jobs.

This removes the invalid object_type: object mapping and replaces it with type: group for the powershell.command.invocation_details field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@jen-huang jen-huang added bug Something isn't working, use only for issues Integration:windows Windows labels Jan 8, 2025
@jen-huang jen-huang self-assigned this Jan 8, 2025
@jen-huang jen-huang requested review from a team as code owners January 8, 2025 23:54
@jen-huang jen-huang requested review from faec and leehinman January 8, 2025 23:54
@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

Package windows 👍(5) 💚(2) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
applocker_packaged_app_execution 12820.51 7299.27 -5521.24 (-43.07%) 💔
forwarded 1414.43 1025.64 -388.79 (-27.49%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @jen-huang

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@andrewkroh andrewkroh added bugfix Pull request that fixes a bug issue Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] and removed bug Something isn't working, use only for issues labels Jan 9, 2025
@elasticmachine
Copy link

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@marc-gr marc-gr merged commit ba43242 into main Jan 9, 2025
5 checks passed
@marc-gr marc-gr deleted the jh/windows-mappings-2 branch January 9, 2025 11:30
@elastic-vault-github-plugin-prod
Copy link

Package windows - 2.3.5 containing this change is available at https://epr.elastic.co/package/windows/2.3.5/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@jen-huang
Fix mapping for powershell.command.invocation_details field (elastic#…
758e687 
…12277)
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@jen-huang
Fix mapping for powershell.command.invocation_details field (elastic#…
cfdcfd9 
…12277)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-gr marc-gr marc-gr approved these changes

@faec faec Awaiting requested review from faec faec was automatically assigned from elastic/elastic-agent-data-plane

@leehinman leehinman Awaiting requested review from leehinman leehinman was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@jen-huang jen-huang

Labels
bugfix Pull request that fixes a bug issue Integration:windows Windows Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jen-huang @elasticmachine @marc-gr @andrewkroh