Open Flo451 opened 1 year ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Do u get any data in elasticsearch. I think I know where the issue is but it should only affect the 2nd request and after. I think the first request using the initial interval should work but not 100%.
I didn't have any luck so far extracting events from the JIRA audit API with this integration. If you have any suggestion / hotfix I'm happy to try that out.
Hi, I think the issue might be here as it takes timestamp from event
cursor: last_timestamp: value: "[[.first_event.created]]"
Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
. Thank you for your contribution!
Hi there,
@andrewkroh @legoguy1000
Trying to fetch audit logs from Atlassian Jira cloud fails because the API doesn't like the date format that Elastic is sending.
As this is apparently related to date format conversions I tried various things in the integration settings, e.g. interval / initial interval left blank or set to 5m vs. 300s. All that was to no avail and the Atlassian API simply doesn't like the date that the integration is sending.
As an example, JIRA cloud will reject
"2022-10-05T13:38:24.262 0000"
as can be seen in the log entry below. When I curl the API it will accept the same date if formatted like this"2022-10-05T13:38:24.262"
.I'm not sure which date conversion goes wrong in the integration or how I could influence it.
default/filebeat-20221005-3.ndjson:{"log.level":"error","@timestamp":"2022-10-05T13:46:00.034Z","log.logger":"input.httpjson-cursor","log.origin":{"file.name":"httpjson/request.go","file.line":188},"message":"error processing response: server responded with status code 400: Invalid date \"2022-10-05T13:38:24.262 0000\"","service.name":"filebeat","id":"httpjson-atlassian_jira.audit-e7e17a7d-e9e9-4531-9ced-8878b0a863f5","input_source":"https://acme.atlassian.net/rest/api/3/auditing/record","input_url":"https://acme.atlassian.net/rest/api/3/auditing/record","ecs.version":"1.6.0"}