Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-pack/winlogbeat: add parent process ID to new process creation events #31102

Merged
merged 3 commits into from
Apr 6, 2022
Merged

x-pack/winlogbeat: add parent process ID to new process creation events #31102

merged 3 commits into from
Apr 6, 2022

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Apr 1, 2022

What does this PR do?

Add parent process ID to new process creation events.

Why is it important?

Parent process ID is important information for security/threat detection.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added enhancement Team:Security-External Integrations backport-skip Skip notification from the automated backport with mergify 8.3-candidate labels Apr 1, 2022
@efd6 efd6 self-assigned this Apr 1, 2022
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Apr 1, 2022
@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 1, 2022
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-04-06T02:08:44.033+0000

  • Duration: 38 min 59 sec

Test stats 🧪

Test Results
Failed 0
Passed 12
Skipped 0
Total 12

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6 efd6 marked this pull request as ready for review April 1, 2022 07:26
@efd6 efd6 requested review from a team as code owners April 1, 2022 07:26
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@cmacknz cmacknz removed the request for review from a team April 1, 2022 14:33
@efd6
Copy link
Contributor Author

efd6 commented Apr 5, 2022

@Mergifyio update

@mergify
Copy link
Contributor

mergify bot commented Apr 5, 2022

update

✅ Branch has been successfully updated

@andrewkroh
Copy link
Member

andrewkroh commented Apr 5, 2022
edited
Loading

Is this a sync of the pipeline from elastic/integrations#2966? Given this is without tests for the moment I wanted to make sure this is the same such that we know it was tested.

@efd6
Copy link
Contributor Author

efd6 commented Apr 6, 2022

Yes, this is the sync. I'll also do the change mentioned here for this, but it's not without tests. There is a 4688 evtx that is ingested and tested.

@andrewkroh
Copy link
Member

but it's not without tests.

What's running that test (if you didn't update that golden file what would fail)? I thought these were without tests due to #30406.

@efd6
Copy link
Contributor Author

efd6 commented Apr 6, 2022
edited
Loading

No, you are right. I have copied over the expectation from the integrations package, so when there are test this will be checked. Apologies.

@efd6 efd6 merged commit 6c32e78 into elastic:main Apr 6, 2022
@efd6 efd6 deleted the winlogbeatppid branch April 6, 2022 03:00
emilioalvap pushed a commit to emilioalvap/beats that referenced this pull request Apr 6, 2022
@efd6 @mergify @emilioalvap
x-pack/winlogbeat: add parent process ID to new process creation even…
ff14cf2 
…ts (elastic#31102)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
kush-elastic pushed a commit to kush-elastic/beats that referenced this pull request May 2, 2022
@efd6 @mergify @kush-elastic
x-pack/winlogbeat: add parent process ID to new process creation even…
e7df293 
…ts (elastic#31102)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
@efd6 efd6 mentioned this pull request May 5, 2022
Closed
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@efd6 @mergify @chrisberkhout
x-pack/winlogbeat: add parent process ID to new process creation even…
58e9520 
…ts (#31102)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@efd6 efd6

Labels
8.3-candidate backport-skip Skip notification from the automated backport with mergify enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@efd6 @elasticmachine @andrewkroh