Skip to content

Allow empty fields in the exchange integration redux #12846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Feb 25, 2025
Merged

Allow empty fields in the exchange integration redux #12846

merged 8 commits into from
Feb 25, 2025

Conversation

matthewscherer
Copy link
Contributor

@matthewscherer matthewscherer commented Feb 19, 2025
edited
Loading

Proposed commit message

A customer came across a couple log lines with missing networkmessageid and senderaddress fields. This in turn rejected the logs messages. Allowing these two fields to be empty or otherwise missing will allow them to pass the ingest function.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

@matthewscherer matthewscherer added New Integration Issue or pull request for creating a new integration package. bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] Integration:microsoft_exchange_server Microsoft Exchange Server (Community supported) labels Feb 19, 2025
@matthewscherer matthewscherer requested a review from a team as a code owner February 19, 2025 20:19
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

andrewkroh
andrewkroh reviewed Feb 19, 2025
View reviewed changes
...server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json Outdated
"email": {
"from": {
"address": [
""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want the empty string being added to the array.

matthewscherer and others added 3 commits February 19, 2025 15:00
@matthewscherer @andrewkroh
Update packages/microsoft_exchange_server/data_stream/messagetracking…
48e0640 
…/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@matthewscherer @andrewkroh
Update packages/microsoft_exchange_server/data_stream/messagetracking…
4b09dd4 
…/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@matthewscherer
Updated the expected data.
a3ec75c
matthewscherer
matthewscherer commented Feb 19, 2025
View reviewed changes
...server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json Outdated
"address": [
"support@example.com"
]
"address": "support@example.com"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to be a list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed this back to a list, let me know if that is wrong.

matthewscherer
matthewscherer commented Feb 19, 2025
View reviewed changes
...server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json Outdated
"address": [
"root@pve-vhost01.my.domain.com"
]
"address": "root@pve-vhost01.my.domain.com"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to be a list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed this back to a list, let me know if that is wrong.

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

@matthewscherer matthewscherer mentioned this pull request Feb 20, 2025
Closed
5 tasks
@matthewscherer matthewscherer enabled auto-merge (squash) February 20, 2025 20:31
@matthewscherer matthewscherer merged commit 01ffd84 into main Feb 25, 2025
6 checks passed
@matthewscherer matthewscherer deleted the allow_empty_fields_in_the_exchange_integration_redux branch February 25, 2025 14:43
@elastic-vault-github-plugin-prod
Copy link

Package microsoft_exchange_server - 1.3.1 containing this change is available at https://epr.elastic.co/package/microsoft_exchange_server/1.3.1/

@andrewkroh andrewkroh removed the New Integration Issue or pull request for creating a new integration package. label Mar 13, 2025
flexitrev pushed a commit that referenced this pull request Mar 20, 2025
@matthewscherer @andrewkroh @flexitrev
Allow empty fields in the exchange integration redux (#12846)
091275d 
* Updated the yaml and the test log file. The expected output still needs to be generated.

* Added ignore field and added new expected output.

* Used elastic-package to generate a new changelog entry and manifest file.

* Update packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>

* Update packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>

* Updated the expected data.

* Changed the sender address back to a list append.

* Added a test for missing networkmessageid.

---------

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
bugfix Pull request that fixes a bug issue Integration:microsoft_exchange_server Microsoft Exchange Server (Community supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matthewscherer @elasticmachine @andrewkroh