Skip to content

Cherry-pick #16013 to 7.x: Add translate_sid processor to Winlogbeat#16941

Merged
andrewkroh merged 2 commits intoelastic:7.xfrom
andrewkroh:backport_16013_7.x
Mar 12, 2020
Merged

Cherry-pick #16013 to 7.x: Add translate_sid processor to Winlogbeat#16941
andrewkroh merged 2 commits intoelastic:7.xfrom
andrewkroh:backport_16013_7.x

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Mar 10, 2020
edited by andresrc
Loading

Cherry-pick of PR #16013 to 7.x branch. Original message:

The translate_sid processor translates a Windows security identifier (SID)
into an account name. It retrieves the name of the account associated with the
SID, the first domain on which the SID is found, and the type of account.

Closes #7451

@andrewkroh
Add translate_sid processor (elastic#16013)
a66e61a 
* Add translate_sid processor to Winlogbeat

The `translate_sid` processor translates a Windows security identifier (SID)
into an account name. It retrieves the name of the account associated with the
SID, the first domain on which the SID is found, and the type of account.

Closes elastic#7451

(cherry picked from commit 65b31bd)
@andresrc andresrc added [zube]: Inbox [zube]: In Review Team:Services (Deprecated) Label for the former Integrations-Services team and removed [zube]: Inbox labels Mar 11, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 11, 2020

Pinging @elastic/integrations-services (Team:Services)

@andrewkroh andrewkroh mentioned this pull request Mar 11, 2020
Closed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 11, 2020

Pinging @elastic/siem (Team:SIEM)

dedemorton
dedemorton reviewed Mar 11, 2020
View reviewed changes
Comment thread libbeat/docs/processors-list.asciidoc
ifndef::no_truncate_fields_processor[]
* <<truncate-fields, `truncate_fields`>>
endif::[]
ifdef::no_translate_sid_processor[]
Copy link
Copy Markdown
Contributor

@dedemorton dedemorton Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you meant ifndef here.

Copy link
Copy Markdown
Member Author

@andrewkroh andrewkroh Mar 11, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fixed in #16961 and I'll backport it too.

dedemorton
dedemorton reviewed Mar 11, 2020
View reviewed changes
Comment thread libbeat/docs/processors-list.asciidoc
ifndef::no_truncate_fields_processor[]
include::{libbeat-processors-dir}/actions/docs/truncate_fields.asciidoc[]
endif::[]
ifdef::no_translate_sid_processor[]
Copy link
Copy Markdown
Contributor

@dedemorton dedemorton Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as earlier about ifndef

andrewkroh
andrewkroh commented Mar 12, 2020
View reviewed changes
Comment thread libbeat/processors/translate_sid/translatesid.go Outdated
@andrewkroh andrewkroh merged commit d5b81b3 into elastic:7.x Mar 12, 2020
@andrewkroh andrewkroh deleted the backport_16013_7.x branch January 14, 2022 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dedemorton dedemorton dedemorton approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport review Team:Services (Deprecated) Label for the former Integrations-Services team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@andrewkroh @elasticmachine @dedemorton @andresrc