elasticmachine
commented
1 month ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
Open chrisberkhout opened 1 month ago
elasticmachine
commented
1 month ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
The
zscale_ziaintegration requires the user to set up Zscaler Internet Access (ZIA) with response format definitions for each type of data requested by the integration.If a user upgrades the integration without updating their response format configuration in Zscaler, there can be a mismatch between the data in responses and what's expected by the ingest pipelines.
We could avoid such problems by having each format definition include a hard-coded version number, and having the ingest pipelines validate that they have received data with the expected version number.
When introducing this, it would be good to allow responses with the correct version number, or with no version number but the expected a set of field names (which could be validated by sorting, hashing and comparing to an expected value). That would avoid having a breaking change to introduce the version validation.