Skip to content

Cherry-pick #21325 to 7.x: [Winlogbeat] Add IP validation to Security module #23364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 6, 2021
Merged

Cherry-pick #21325 to 7.x: [Winlogbeat] Add IP validation to Security module #23364

merged 1 commit into from
Jan 6, 2021

Conversation

@andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Jan 5, 2021
edited by zube bot
Loading

Cherry-pick of PR #21325 to 7.x branch. Original message:

What does this PR do?

For event 4778 (A session was reconnected to a Window Station) the winlog.event_data.ClientAddress
could be "LOCAL" which is obviosuly not a valid IP so we don't want to copy it into source.ip in that case.

Why is it important?

This bug can causes mapping exceptions.

Checklist

  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewkroh andrewkroh requested a review from a team as a code owner January 5, 2021 17:51
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 5, 2021

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jan 5, 2021
@andrewkroh
Add IP validation to Security module (elastic#21325)
06fca06 
For event 4778 (A session was reconnected to a Window Station) the `winlog.event_data.ClientAddress`
could be "LOCAL" which is obviosuly not a valid IP so we don't want to copy it into `source.ip` in that case.

Fixes elastic#19627

(cherry picked from commit 8c992c5)
@andrewkroh andrewkroh mentioned this pull request Jan 5, 2021
Merged
1 task
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 5, 2021

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #23364 updated

  • Start Time: 2021-01-05T17:56:06.399+0000

  • Duration: 22 min 52 sec

Test stats 🧪

Test Results
Failed 0
Passed 92
Skipped 0
Total 92

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 92
Skipped 0
Total 92

@andrewkroh andrewkroh merged commit 1c9f7f0 into elastic:7.x Jan 6, 2021
@zube zube bot removed the [zube]: Done label Apr 6, 2021
@andrewkroh andrewkroh deleted the backport_21325_7.x branch January 14, 2022 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andrewkroh @elasticmachine @kaiyan-sheng