Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY-ENDPOINT: add fields for events to metadata document #70491

Merged

Conversation

nnamdifrankie
Copy link
Contributor

Summary

Issue:
https://github.com/elastic/endpoint-app-team/issues/492

  • add event fields to metadata type
  • update generator

Checklist

@nnamdifrankie nnamdifrankie requested review from a team as code owners July 1, 2020 18:21
@nnamdifrankie nnamdifrankie added release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0 labels Jul 1, 2020
@@ -399,6 +399,13 @@ export type HostMetadata = Immutable<{
'@timestamp': number;
event: {
created: number;
kind: string;
id: string;
category: string;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

@@ -363,6 +363,13 @@ export class EndpointDocGenerator {
'@timestamp': ts,
event: {
created: ts,
id: this.seededUUIDv4(),
kind: 'metric',
category: 'host',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

My suggestion would be to mimic that and do category: ['host'] type: ['info']

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nnamdifrankie nnamdifrankie merged commit e9b81f7 into elastic:master Jul 2, 2020
@nnamdifrankie nnamdifrankie deleted the EMT-492_add_event_fields branch July 2, 2020 02:50
nnamdifrankie added a commit to nnamdifrankie/kibana that referenced this pull request Jul 2, 2020
…c#70491)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 2, 2020
* master: (46 commits)
  [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688)
  Use dynamic: false for config saved object mappings (elastic#70436)
  [Ingest Pipelines] Error messages (elastic#70167)
  [APM] Show transaction rate per minute on Observability Overview page (elastic#70336)
  Filter out error when calculating a label (elastic#69934)
  [Visualizations] Each visType returns its supported triggers (elastic#70177)
  [Telemetry] Report data shippers (elastic#64935)
  Reduce SavedObjects mappings for Application Usage (elastic#70475)
  [Lens] fix dimension label performance issues (elastic#69978)
  Skip failing endgame tests (elastic#70548)
  [SIEM] Reenabling Cypress tests (elastic#70397)
  [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707)
  [Security] Adds field mapping support to rule creation (elastic#70288)
  SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491)
  Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130)
  [SIEM][Exceptions] - Exception builder component (elastic#67013)
  [Ingest Manager] Rename data sources to package configs (elastic#70259)
  skip suites blocking es snapshot promomotion (elastic#70532)
  [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503)
  fix export response (elastic#70473)
  ...
nnamdifrankie added a commit that referenced this pull request Jul 2, 2020
#70547)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants