Skip to content

SSI Integration: Use terminate processor instead of fail #14393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 7, 2025
Merged

SSI Integration: Use terminate processor instead of fail #14393

merged 5 commits into from
Jul 7, 2025

Conversation

brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Jul 2, 2025
edited
Loading

Proposed commit message

SSI Integration: Use terminate processor instead of fail

This will utilize the `terminate` processor instead of the `fail` processor, as the `fail` processor
introduces an unwanted side effect by creating an additional `error.message` value.
Upgrade the `format_version` to latest 3.4.0

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@brijesh-elastic brijesh-elastic self-assigned this Jul 2, 2025
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner July 2, 2025 07:09
@brijesh-elastic brijesh-elastic added enhancement New feature or request Integration:crowdstrike CrowdStrike Integration:google_workspace Google Workspace Integration:panw_cortex_xdr Palo Alto Cortex XDR Integration:zscaler_zia Zscaler Internet Access Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:m365_defender Microsoft Defender XDR Integration:ti_recordedfuture Recorded Future Integration:tenable_io Tenable Vulnerability Management Integration:wiz Wiz Integration:qualys_vmdr Qualys VMDR Integration:rapid7_insightvm Rapid7 InsightVM Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:imperva_cloud_waf Imperva Cloud WAF Integration:symantec_endpoint_security Symantec Endpoint Security mapping/pipeline issue Integration:abnormal_security Abnormal AI Integration:sublime_security Sublime Security Integration:servicenow ServiceNow labels Jul 2, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@brijesh-elastic brijesh-elastic added Integration:microsoft_sentinel Microsoft Sentinel Integration:cyberark_epm CyberArk EPM Integration:qualys_was Qualys Web Application Scanning (WAS) Integration:proofpoint_itm Proofpoint ITM Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] Integration:google_secops Google SecOps Integration:beyondtrust_pra BeyondTrust PRA labels Jul 2, 2025
@elastic-vault-github-plugin-prod
Copy link

Package abnormal_security - 1.10.0 containing this change is available at https://epr.elastic.co/package/abnormal_security/1.10.0/

@elastic-vault-github-plugin-prod
Copy link

Package beyondtrust_pra - 0.3.0 containing this change is available at https://epr.elastic.co/package/beyondtrust_pra/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package claroty_xdome - 0.3.0 containing this change is available at https://epr.elastic.co/package/claroty_xdome/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package crowdstrike - 1.77.0 containing this change is available at https://epr.elastic.co/package/crowdstrike/1.77.0/

@elastic-vault-github-plugin-prod
Copy link

Package cyberark_epm - 1.2.0 containing this change is available at https://epr.elastic.co/package/cyberark_epm/1.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package google_secops - 1.2.0 containing this change is available at https://epr.elastic.co/package/google_secops/1.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package google_workspace - 2.42.0 containing this change is available at https://epr.elastic.co/package/google_workspace/2.42.0/

@elastic-vault-github-plugin-prod
Copy link

Package imperva_cloud_waf - 1.13.0 containing this change is available at https://epr.elastic.co/package/imperva_cloud_waf/1.13.0/

@elastic-vault-github-plugin-prod
Copy link

Package m365_defender - 3.12.0 containing this change is available at https://epr.elastic.co/package/m365_defender/3.12.0/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_defender_endpoint - 2.41.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.41.0/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_sentinel - 1.2.0 containing this change is available at https://epr.elastic.co/package/microsoft_sentinel/1.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package miniflux - 0.3.0 containing this change is available at https://epr.elastic.co/package/miniflux/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package nozomi_networks - 0.2.0 containing this change is available at https://epr.elastic.co/package/nozomi_networks/0.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package panw_cortex_xdr - 2.4.0 containing this change is available at https://epr.elastic.co/package/panw_cortex_xdr/2.4.0/

@elastic-vault-github-plugin-prod
Copy link

Package proofpoint_itm - 0.3.0 containing this change is available at https://epr.elastic.co/package/proofpoint_itm/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package qualys_vmdr - 6.8.0 containing this change is available at https://epr.elastic.co/package/qualys_vmdr/6.8.0/

@elastic-vault-github-plugin-prod
Copy link

Package qualys_was - 0.3.0 containing this change is available at https://epr.elastic.co/package/qualys_was/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package rapid7_insightvm - 2.1.0 containing this change is available at https://epr.elastic.co/package/rapid7_insightvm/2.1.0/

@elastic-vault-github-plugin-prod
Copy link

Package servicenow - 1.1.0 containing this change is available at https://epr.elastic.co/package/servicenow/1.1.0/

@elastic-vault-github-plugin-prod
Copy link

Package splunk - 0.5.0 containing this change is available at https://epr.elastic.co/package/splunk/0.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package sublime_security - 1.11.0 containing this change is available at https://epr.elastic.co/package/sublime_security/1.11.0/

@elastic-vault-github-plugin-prod
Copy link

Package symantec_endpoint_security - 1.14.0 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.14.0/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_io - 4.2.0 containing this change is available at https://epr.elastic.co/package/tenable_io/4.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_google_threat_intelligence - 0.2.0 containing this change is available at https://epr.elastic.co/package/ti_google_threat_intelligence/0.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_greynoise - 0.2.0 containing this change is available at https://epr.elastic.co/package/ti_greynoise/0.2.0/

@elastic-vault-github-plugin-prod
Copy link

Package ti_recordedfuture - 2.3.0 containing this change is available at https://epr.elastic.co/package/ti_recordedfuture/2.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package vectra_rux - 0.3.0 containing this change is available at https://epr.elastic.co/package/vectra_rux/0.3.0/

@elastic-vault-github-plugin-prod
Copy link

Package wiz - 3.5.0 containing this change is available at https://epr.elastic.co/package/wiz/3.5.0/

@elastic-vault-github-plugin-prod
Copy link

Package zscaler_zia - 3.14.0 containing this change is available at https://epr.elastic.co/package/zscaler_zia/3.14.0/

robester0403 pushed a commit to robester0403/integrations that referenced this pull request Jul 8, 2025
@brijesh-elastic @robester0403
SSI Integration: Use terminate processor instead of fail (elastic#14393)
25155bf 
This will utilize the `terminate` processor instead of the `fail` processor, as the `fail` processor
introduces an unwanted side effect by creating an additional `error.message` value.
Upgrade the `format_version` to latest 8.4.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels
enhancement New feature or request Integration:abnormal_security Abnormal AI Integration:beyondtrust_pra BeyondTrust PRA Integration:claroty_xdome Claroty xDome Integration:crowdstrike CrowdStrike Integration:cyberark_epm CyberArk EPM Integration:google_secops Google SecOps Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:m365_defender Microsoft Defender XDR Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:microsoft_sentinel Microsoft Sentinel Integration:miniflux Miniflux RSS reader Integration:nozomi_networks Nozomi Networks Integration:panw_cortex_xdr Palo Alto Cortex XDR Integration:proofpoint_itm Proofpoint ITM Integration:qualys_vmdr Qualys VMDR Integration:qualys_was Qualys Web Application Scanning (WAS) Integration:rapid7_insightvm Rapid7 InsightVM Integration:servicenow ServiceNow Integration:splunk Splunk Integration:sublime_security Sublime Security Integration:symantec_endpoint_security Symantec Endpoint Security Integration:tenable_io Tenable Vulnerability Management Integration:ti_google_threat_intelligence Google Threat Intelligence (Partner supported) Integration:ti_greynoise GreyNoise (Community supported) Integration:ti_recordedfuture Recorded Future Integration:vectra_rux Vectra RUX Integration:wiz Wiz Integration:zscaler_zia Zscaler Internet Access mapping/pipeline issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSI Integration: Use 'terminate' processor instead of 'fail' for integrations with stack version 8.16 or higher
3 participants
@brijesh-elastic @elasticmachine @efd6