Skip to content

Commit

Permalink
Resolved timestamp for defender atp (#28272)
Browse files Browse the repository at this point in the history
* Resolved timestamp for defender atp
* Update Changelog for 28272
  • Loading branch information
r00tu53r authored Oct 7, 2021
1 parent 3c1731d commit 0786f89
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Update indentation for azure filebeat configuration. {pull}26604[26604]
- Update Sophos xg module pipeline to deal with missing `date` and `time` fields. {pull}27834[27834]
- sophos/xg fileset: Add missing pipeline for System Health logs. {pull}27827[27827] {issue}27826[27826]
- Resolve issue with @timestamp for defender_atp. {pull}28272[28272]
- Tolerate faults when Windows Event Log session is interrupted {issue}27947[27947] {pull}28191[28191]

*Heartbeat*
Expand Down
1 change: 0 additions & 1 deletion filebeat/tests/system/test_modules.py
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,6 @@ def clean_keys(obj):
"symantec.endpointprotection",
"system.auth",
"system.syslog",
"microsoft.defender_atp",
"crowdstrike.falcon_endpoint",
"crowdstrike.falcon_audit",
"zoom.webhook",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,11 @@ processors:
- set:
field: cloud.provider
value: azure
- set:
field: '@timestamp'
value: '{{json.alertUpdateTime}}'
if: ctx.json?.alertUpdateTime != null
- date:
field: json.lastUpdateTime
formats:
- ISO8601
if: ctx.json?.lastUpdateTime != null
- rename:
field: json.aadTenantId
target_field: cloud.account.id
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
[
{
"@timestamp": "2020-07-03T15:15:39.130Z",
"cloud.account.id": "123543-d66c-4c7e-9e30-40034eb7c6f3",
"cloud.instance.id": "c5a964f417c11f6277d5bf9489f0d",
"cloud.provider": "azure",
Expand Down Expand Up @@ -53,6 +54,7 @@
"threat.technique.name": "Malware"
},
{
"@timestamp": "2020-06-30T15:29:44.773Z",
"cloud.account.id": "123543-d66c-4c7e-9e30-40034eb7c6f3",
"cloud.instance.id": "543bc5a964f417c11f6277d5bf9489f0d",
"cloud.provider": "azure",
Expand Down Expand Up @@ -123,6 +125,7 @@
"user.name": "administrator1"
},
{
"@timestamp": "2020-06-30T15:29:44.773Z",
"cloud.account.id": "43521344-d66c-4c7e-9e30-40034eb7c6f3",
"cloud.instance.id": "53425a964f417c11f6277d5bf9489f0d",
"cloud.provider": "azure",
Expand Down Expand Up @@ -184,6 +187,7 @@
"user.name": "administrator1"
},
{
"@timestamp": "2020-06-30T11:13:12.900Z",
"cloud.account.id": "1234543-d66c-4c7e-9e30-40034eb7c6f3",
"cloud.instance.id": "t4563234bc5a964f417c11f6277d5bf9489f0d",
"cloud.provider": "azure",
Expand Down

0 comments on commit 0786f89

Please sign in to comment.