Closed aleksmaus closed 2 hours ago
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
To see the full report comment with /test benchmark fullreport
cc @aleksmaus
Issues
0 New issues
0 Fixed issues
0 Accepted issues
Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code
Package cisco_ise - 1.24.2 containing this change is available at https://epr.elastic.co/package/cisco_ise/1.24.2/
Proposed commit message
[cisco_ise] Revert mapping change for cisco_av_pair that was introduced with 1.24.1 https://github.com/elastic/integrations/pull/11619/files#diff-ce8c42e24fb4e94c7fb135eed466345a68c36cb91a247069fb9ea88312f97bbbL228
The mapping change in 1.24.1 causes the error, when the user tries to use to update to this version of integration
Similar issue with Okta integration that happened earlier was mentioned here https://support.elastic.dev/knowledge/view/1a2f83e7 and the kibana ticket https://github.com/elastic/kibana/issues/193044
The discussed and accepted solution is:
In addition, added a filtering code that ensures that only known mapped fields for
cisco_av_pair
namely:are indexed. All the other fields are discarded. The tests were failing otherwise for the new logs with the new key/values.
Checklist
changelog.yml
file.