Update Deployment and Devices integrations to ECS 8.17.0 (part 3) #12572
Conversation
taylor-swanson
added
enhancement
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
| @@ -406,14 +406,14 @@ | |||
| ] | |||
| }, | |||
| { | |||
| "@timestamp": "2024-06-13T20:53:49.000-04:00", | |||
| "@timestamp": "2025-06-13T20:53:49.000-04:00", | |||
There was a problem hiding this comment.
Curious why the date year is being updated here, but not in the file below (packages/pfsense/data_stream/log/_dev/test/pipeline/test-pfsense-ipsec.log-expected.json), even though they are both part of the pfsense package?
There was a problem hiding this comment.
@timestamp is a weird field when it comes to pipeline tests.
The main issue is that (most) of these logs don't contain a year, so when the expected file generates, it gets whatever year the current year is. This works fine until the new year comes, and then the test will fail, since the pipeline will generate a document with the new year, but this no longer matches what is in the expected file.
The "solution" is to mark the @timestamp as a dynamic field (see test-common-config.yml). That config takes a regex pattern. You could do .*, but to make it slightly more robust, some integrations do some form of regex against the RFC3339 format, although it tends to miss things like the time zone offset at the end. What this does it it will validate the value of @timestamp against the pattern, but not the value in the expected file. Why it updates some of the entries and not all of them, I'm not sure. Technically, it's not supposed to update any of the values if the field is marked as dynamic.
| type: keyword | ||
| - name: access_security_policy_reason | ||
| type: keyword | ||
| - name: appliance_name |
There was a problem hiding this comment.
Did these have negative effects being at the same level as fields: ?
There was a problem hiding this comment.
Functionally, they are the same thing, just a formatting change.
| @@ -204,7 +204,7 @@ | |||
| type: keyword | |||
| - name: icap_status | |||
| type: keyword | |||
| - name: certificate_hostname | |||
andrewkroh
removed
Integration:panw
taylor-swanson
added
Integration:panw
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/juniper_srx
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/modsecurity
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/netflow
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/osquery
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/panw
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/pfsense
ECS version in build manifest changed from [email protected] to [email protected]. The set ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline was setting version 8.11.0. The ecs.version in sample_event.json files was changed to 8.17.0. Previously sample_event.json files contained 8.11.0. [git-generate] go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 [email protected] -pr=1 packages/proxysg
taylor-swanson
force-pushed
the
ecs/8.17-part3
branch
from
f4a0665 to
916f610
Compare
💚 Build Succeeded
History
|
|
|
Package juniper_srx - 1.22.0 containing this change is available at https://epr.elastic.co/package/juniper_srx/1.22.0/ |
|
Package modsecurity - 1.19.0 containing this change is available at https://epr.elastic.co/package/modsecurity/1.19.0/ |
|
Package netflow - 2.21.0 containing this change is available at https://epr.elastic.co/package/netflow/2.21.0/ |
|
Package osquery - 1.20.0 containing this change is available at https://epr.elastic.co/package/osquery/1.20.0/ |
|
Package panw - 5.1.0 containing this change is available at https://epr.elastic.co/package/panw/5.1.0/ |
|
Package pfsense - 1.21.0 containing this change is available at https://epr.elastic.co/package/pfsense/1.21.0/ |
|
Package proxysg - 0.5.0 containing this change is available at https://epr.elastic.co/package/proxysg/0.5.0/ |
Proposed commit message
Updates the following integrations to ECS 8.17.0:
Checklist
changelog.ymlfile.[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practicesRelated issues