Closed kubasobon closed 4 days ago
mergify[bot]
commented
1 week ago This pull request does not have a backport label. Could you fix it @kubasobon? 🙏 To fixup this pull request, you need to add the backport labels for the needed branches, such as:
backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
NOTE: backport-skip has been added to this pull request.
github-actions[bot]
commented
1 week ago | Result | Count |
|---|---|
| 🟥 Failed | 0 |
| 🟩 Passed | 359 |
| ⬜ Skipped | 33 |
kfirpeled
commented
4 days ago It would be best to approach #fleet or find some documentation regardless beats and how send events to datastreams and reading the agent policy. I'm not familiar with the best practices
Summary of your changes
This pull request allows Cloudbeat to publish events to non-default namespaces. For example, findings are sent to the
logs-cloud_security_posture.findings-{namespace}Data Stream. Until now, the{namespace}always defaulted todefault, regardless of Agent Policy. After merging this change, Cloudbeat will respect the Agent Policy and set publish events to the appropriate stream.Screenshot/Data
CSPM using non-default namespace
Non-default Data Streams present when running modified cloudbeat
Findings published to the new Data Stream successfully
EDIT:
Vulnerabilities published to the new Data Stream successfully
Related Issues
Closes https://github.com/elastic/cloudbeat/issues/2289
Checklist
I have added the necessary README/documentation (if appropriate)