Skip to content

[github] Update audit ingest pipeline to cover all fields #13092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 18, 2025
Merged

[github] Update audit ingest pipeline to cover all fields #13092

merged 3 commits into from
Mar 18, 2025

Conversation

brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Mar 13, 2025
edited
Loading

Proposed commit message

Handle all the new fields appearing in raw audit logs and api documentation and put them under github.*

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/github directory.
  • Run the following command to run tests.

elastic-package test

Related issues

@brijesh-elastic brijesh-elastic added Integration:github GitHub Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] mapping/pipeline issue Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Mar 13, 2025
@brijesh-elastic brijesh-elastic self-assigned this Mar 13, 2025
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner March 13, 2025 04:02
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 13, 2025
edited
Loading

🚀 Benchmarks report

Package github 👍(2) 💚(0) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 9009.01 5882.35 -3126.66 (-34.71%) 💔
dependabot 6756.76 3891.05 -2865.71 (-42.41%) 💔
issues 5617.98 4761.9 -856.08 (-15.24%) 💔

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the Crest Contributions from Crest developement team. label Mar 13, 2025
kcreddy
kcreddy reviewed Mar 14, 2025
View reviewed changes
@brijesh-elastic brijesh-elastic requested a review from kcreddy March 18, 2025 07:40
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @brijesh-elastic

@kcreddy kcreddy merged commit f83fd3c into elastic:main Mar 18, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package github - 2.6.0 containing this change is available at https://epr.elastic.co/package/github/2.6.0/

flexitrev pushed a commit that referenced this pull request Mar 20, 2025
@brijesh-elastic @flexitrev
[github] Update audit ingest pipeline to cover all fields (#13092)
ce34972 
Handle all the new fields appearing in raw audit logs and [api documentation](https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/audit-log?apiVersion=2022-11-28#get-the-audit-log-for-an-enterprise) and put them under `github.*`
@andrewkroh andrewkroh removed the Crest Contributions from Crest developement team. label Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels
Integration:github GitHub mapping/pipeline issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[GitHub] How to get topic field value for repo.add_topic events
4 participants
@brijesh-elastic @elasticmachine @kcreddy @andrewkroh