[crowdstrike] Extract user and host names from the name field - Githubissues

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

30 stars 447 forks source link

[crowdstrike] Extract user and host names from the name field #11804

Closed chrisberkhout closed 1 day ago

chrisberkhout commented 1 day ago

Proposed commit message

[crowdstrike] Extract user and host names from the name field (#)

Some alerts data from Crowdstrike has a `name` field of the form
`USERNAME on HOSTNAME`. Extract those values when present, add them to
`related.user` and `related.hosts`, and use them for `user.name` and
`host.name` if those fields aren't already populated.

Also corrects one use of `related.hash` to be `related.hosts`.

Checklist

[ ] I have reviewed tips for building integrations and this pull request is aligned with them.
[ ] I have verified that all data streams collect metrics or logs.
[x] I have added an entry to my package's changelog.yml file.
[ ] I have verified that Kibana version constraints are current according to guidelines.
[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

elasticmachine commented 1 day ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

elastic-sonarqube[bot] commented 1 day ago

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elastic-vault-github-plugin-prod[bot] commented 1 day ago

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine commented 1 day ago

:green_heart: Build Succeeded

Buildkite Build
Commit: f40e0d06fa8dce8f2ad67cb5d2c78ac30adab74a

cc @chrisberkhout

elastic-vault-github-plugin-prod[bot] commented 1 day ago

Package crowdstrike - 1.46.0 containing this change is available at https://epr.elastic.co/package/crowdstrike/1.46.0/