search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
34 stars 448 forks source link

[tanium] Fix handling of differently formatted data #11797

Closed chrisberkhout closed 4 days ago

chrisberkhout commented 5 days ago

Proposed commit message

[tanium] Fix handling of differently formatted data (#)

For the `threat_response` data stream:
- Handle `state` when it's parsed JSON (as well as when it's stringified
  JSON).
- Set `user.id` and `user.related` after processing 'User Id', so its
  value is used.
- Handle `Match Details` data in its own field (the same as when it's in
  an encoded payload).

For all data streams:
- Add processor tags and improve `on_failure` handling.

Discussion

This can be reviewed commit-by-commit.

Checklist

elasticmachine commented 5 days ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

elastic-vault-github-plugin-prod[bot] commented 5 days ago

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

chrisberkhout commented 4 days ago

Is there a test case that I'm missing that exercises the json.state instanceof String case?

@efd6 Yes, that's the existing case. There are 5 examples ("state":") in data_stream/threat_response/_dev/test/pipeline/test-threat-response.log.

elastic-sonarqube[bot] commented 4 days ago

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
88.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elasticmachine commented 4 days ago

:green_heart: Build Succeeded

History

cc @chrisberkhout

elastic-vault-github-plugin-prod[bot] commented 4 days ago

Package tanium - 1.10.2 containing this change is available at https://epr.elastic.co/package/tanium/1.10.2/