ti_crowdstrike: fix mapping type for ioc.value field - Githubissues

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

41 stars 450 forks source link

ti_crowdstrike: fix mapping type for ioc.value field #11703

Closed efd6 closed 1 week ago

efd6 commented 2 weeks ago

Proposed commit message

The ingest pipeline handles both IP and hash IOCs, but the fields definitions state that the field is an ip type. This prevents users from being able to make use of this field for hash IOCs. So change the type to a keyword. This is a breaking change.

Checklist

[ ] I have reviewed tips for building integrations and this pull request is aligned with them.
[ ] I have verified that all data streams collect metrics or logs.
[ ] I have added an entry to my package's changelog.yml file.
[ ] I have verified that Kibana version constraints are current according to guidelines.
[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

[ ]

How to test this PR locally

Related issues

Fixes #11688

Screenshots

elastic-vault-github-plugin-prod[bot] commented 2 weeks ago

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine commented 2 weeks ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

elasticmachine commented 1 week ago

:green_heart: Build Succeeded

Buildkite Build
Commit: 0fa4cfdf6a40f253259a61443d833bf054e06107

History

:green_heart: Build #18186 succeeded 26c7fb55dbde7555c6e1f1f660761bc68f974d76

cc @efd6

elastic-sonarqube[bot] commented 1 week ago

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
40.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elastic-vault-github-plugin-prod[bot] commented 1 week ago

Package ti_crowdstrike - 2.0.0 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.0.0/