Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BREAKING] Add ECS user namespace #731

Merged
merged 39 commits into from
May 28, 2024
Merged

Conversation

trisch-me
Copy link
Contributor

Changes

Added a user namespace from ECS. We in security using almost all fields for security detection rules. But this namespace might be useful for other events as well to define the user of the event

Merge requirement checklist

@trisch-me trisch-me requested review from a team February 9, 2024 16:24
@trisch-me
Copy link
Contributor Author

Addition about enduser namespace.

I'm wondering where term enduser came from and should we update it to more generic user?
For example in security we also operate with user, real user, saved user, effective user etc. All these users are having the same fields because they are represented using nested namespaces.

Also I have checked existing fields for the enduser:

  • id, has double meaning, it can represent both id and username. I propose to split it into id and name as in this PR
  • role -> change to the array of roles to align with ECS but also because one user could have multiple roles assigned.
  • scope, stays the same, there is no conflicts with ECS fields

please let me know about your thoughts.

Copy link

This PR was marked stale due to lack of activity. It will be closed in 7 days.

@github-actions github-actions bot added the Stale label Feb 29, 2024
@trisch-me trisch-me removed the Stale label Feb 29, 2024
Copy link

This PR was marked stale due to lack of activity. It will be closed in 7 days.

@github-actions github-actions bot added the Stale label Mar 30, 2024
@trisch-me trisch-me removed the Stale label Apr 3, 2024
@trask trask mentioned this pull request Apr 5, 2024
@trisch-me
Copy link
Contributor Author

I would like to get attention to this PR.

How should we resolve conflict with existing naming for user? I have proposed my idea above in the first comment.

@trisch-me trisch-me changed the title Add ECS user namespace [BREAKING] Add ECS user namespace Apr 23, 2024
@alexvanboxel
Copy link

We do have sensitive tags but we don't use them in the registry. I think we should define and use them directly in registry. I can't think of a use case where the same field might be used as sensitive in one place and not sensitive in another place. WDYT?

I think marking them only in the registry certainly makes sense, otherwise, you need to mark them in a combination of. I can't imagine scenarios where the context is important for the sensitivity.

@mjwolf mjwolf mentioned this pull request May 8, 2024
2 tasks
model/registry/deprecated/enduser.yaml Outdated Show resolved Hide resolved
model/registry/deprecated/enduser.yaml Outdated Show resolved Hide resolved
model/registry/deprecated/enduser.yaml Outdated Show resolved Hide resolved
model/registry/user.yaml Outdated Show resolved Hide resolved
model/registry/user.yaml Outdated Show resolved Hide resolved
model/registry/user.yaml Show resolved Hide resolved
model/registry/user.yaml Outdated Show resolved Hide resolved
@trisch-me
Copy link
Contributor Author

@alexvanboxel could you re-check your review? thanks

@trisch-me trisch-me requested a review from lmolkova May 24, 2024 16:08
schema-next.yaml Outdated Show resolved Hide resolved
schema-next.yaml Outdated Show resolved Hide resolved
.chloggen/user_ns.yaml Outdated Show resolved Hide resolved
trisch-me and others added 2 commits May 26, 2024 22:31
Co-authored-by: Liudmila Molkova <limolkova@microsoft.com>
@trisch-me trisch-me dismissed alexvanboxel’s stale review May 26, 2024 20:37

Requested changes are addressed

@lmolkova lmolkova enabled auto-merge (squash) May 28, 2024 20:32
@lmolkova lmolkova merged commit 7da6842 into open-telemetry:main May 28, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

7 participants