Skip to content

[Digital Guardian]: Include export profile in events #12437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
andrewkroh opened this issue Jan 23, 2025 · 1 comment · Fixed by #12818
Closed

[Digital Guardian]: Include export profile in events #12437

andrewkroh opened this issue Jan 23, 2025 · 1 comment · Fixed by #12818
Assignees
@efd6
Labels
enhancement New feature or request Integration:digital_guardian Digital Guardian needs:triage Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Comments

@andrewkroh
Copy link
Member

andrewkroh commented Jan 23, 2025
edited
Loading

Integration Name

Digital Guardian [digital_guardian]

Dataset Name

digital_guardian.arc

Integration Version

1.3.1

Agent Version

8.16.1

OS Version and Architecture

Amazon Linux

User Goal

When running multiple instances of the integration, I want to be able to associate events back to the export profile that produced the event. As far as I can tell there is no way to associate the data to an export ID.

I would like to have a field such as digital_guardian.arc.export_profile that contains the profile UUID.

Existing Features

n/a

What did you see?

Events with no way to associate them with an export profile.

Anything else?

I noticed that the CEL program references a Handlebar variable directly. Programs should not do this. Instead configuration data should be passed through state. e.g.

state:
  export_profile: {{escape_string export_profile}}

integrations/packages/digital_guardian/data_stream/arc/agent/stream/cel.yml.hbs

Line 27 in ca5e7bf

state.url + "/rest/1.0/export_profiles/{{export_profile}}/export_and_ack"

@andrewkroh andrewkroh added enhancement New feature or request Integration:digital_guardian Digital Guardian needs:triage Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jan 23, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6 efd6 self-assigned this Feb 18, 2025
@efd6 efd6 mentioned this issue Feb 18, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:digital_guardian Digital Guardian needs:triage Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
3 participants
@andrewkroh @elasticmachine @efd6