Skip to content

[Jamf Protect 3.1.0] New pipelines added and enhancements#14750

Merged
efd6 merged 14 commits intoelastic:mainfrom
txhaflaire:jamfprotect_3.1.0
Jul 31, 2025
Merged

[Jamf Protect 3.1.0] New pipelines added and enhancements#14750
efd6 merged 14 commits intoelastic:mainfrom
txhaflaire:jamfprotect_3.1.0

Conversation

@txhaflaire
Copy link
Copy Markdown
Contributor

@txhaflaire txhaflaire commented Jul 30, 2025

Type of change:

  • enhancement

Proposed commit message

  • Added support for the following new and upcoming events
    • network_connect
    • tcc_modify
    • pty_grant
    • pty_close
  • Enhanced existing events (only added fields, no breaking changes)
    • mount
    • remount
    • unmount

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package test system

2025/07/30 15:29:35  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/integrations/build/container-logs/elastic-agent-1753882175573044000.log
--- Test results for package: jamf_protect - START ---
╭──────────────┬────────────────────┬───────────┬───────────────┬────────┬───────────────╮
│ PACKAGE      │ DATA STREAM        │ TEST TYPE │ TEST NAME     │ RESULT │  TIME ELAPSED │
├──────────────┼────────────────────┼───────────┼───────────────┼────────┼───────────────┤
│ jamf_protect │ alerts             │ system    │ http-endpoint │ PASS   │  51.10323675s │
│ jamf_protect │ telemetry          │ system    │ http-endpoint │ PASS   │ 56.589398333s │
│ jamf_protect │ telemetry_legacy   │ system    │ http-endpoint │ PASS   │ 46.623976125s │
│ jamf_protect │ web_threat_events  │ system    │ http-endpoint │ PASS   │ 53.981531042s │
│ jamf_protect │ web_traffic_events │ system    │ http-endpoint │ PASS   │    43.814586s │
╰──────────────┴────────────────────┴───────────┴───────────────┴────────┴───────────────╯
--- Test results for package: jamf_protect - END   ---
Done

@txhaflaire txhaflaire requested a review from a team as a code owner July 30, 2025 15:22
@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:jamf_protect Jamf Protect (Partner supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 30, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 30, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented Jul 30, 2025

/test

@ShourieG
Copy link
Copy Markdown
Contributor

ShourieG commented Jul 31, 2025

/test

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 31, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Jul 31, 2025
View reviewed changes
kcreddy
kcreddy reviewed Jul 31, 2025
View reviewed changes
txhaflaire and others added 7 commits July 31, 2025 07:23
@txhaflaire @kcreddy
Update packages/jamf_protect/changelog.yml
fb2f49b 
Co-authored-by: Krishna Chaitanya Reddy Burri <krish.reddy91@gmail.com>
@txhaflaire @efd6
Update packages/jamf_protect/data_stream/telemetry/elasticsearch/inge…
3a2e5e0 
…st_pipeline/pipeline_event_pty_grant.yml

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@txhaflaire @efd6
Update packages/jamf_protect/data_stream/telemetry/elasticsearch/inge…
18a85b8 
…st_pipeline/pipeline_event_pty_close.yml

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@txhaflaire @efd6
Update packages/jamf_protect/data_stream/telemetry/elasticsearch/inge…
e065d47 
…st_pipeline/pipeline_event_network_connect.yml

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@txhaflaire
Resolving feedback
06b781a
@txhaflaire
resolving ecs mapping for process signing flags
abf5001
@txhaflaire
Merge branch 'main' into jamfprotect_3.1.0
9b3742c
@txhaflaire txhaflaire requested a review from kcreddy July 31, 2025 06:27
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented Jul 31, 2025

/test

kcreddy
kcreddy approved these changes Jul 31, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please wait for @efd6

@efd6
Copy link
Copy Markdown
Contributor

efd6 commented Jul 31, 2025

/test

@efd6 efd6 force-pushed the jamfprotect_3.1.0 branch from a583559 to a46353d Compare July 31, 2025 07:16
@efd6
Copy link
Copy Markdown
Contributor

efd6 commented Jul 31, 2025

/test

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jul 31, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Jul 31, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
84.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 merged commit 1a9b422 into elastic:main Jul 31, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Jul 31, 2025

Package jamf_protect - 3.1.0 containing this change is available at https://epr.elastic.co/package/jamf_protect/3.1.0/

robester0403 pushed a commit to robester0403/integrations that referenced this pull request Jul 31, 2025
@txhaflaire @robester0403
[Jamf Protect 3.1.0] New pipelines added and enhancements (elastic#14750
445e274 
)

* Added support for the following new and upcoming events
  * network_connect
  * tcc_modify
  * pty_grant
  * pty_close
* Enhanced existing events (only added fields, no breaking changes)
  * mount
  * remount
  * unmount
robester0403 added a commit that referenced this pull request Jul 31, 2025
@robester0403 @muthu-mps
@txhaflaire @taylor-swanson
fix(cisco_ftd): handle optional spaces in message ID 113014 (#14757)
c29e040 
* FIX: changed grok processor to be able to handle any number of spaces between 'server =' and ip address

* FIX: Added change log pr link

* FIX: Added change log pr link

* [Azure AI Foundry] Rename billing dashboard (#14615)

* rename billing dashboard

* [Jamf Protect 3.1.0] New pipelines added and enhancements (#14750)

* Added support for the following new and upcoming events
  * network_connect
  * tcc_modify
  * pty_grant
  * pty_close
* Enhanced existing events (only added fields, no breaking changes)
  * mount
  * remount
  * unmount

* [cisco_ftd] Ensure observer zone fields are set (#14748)

- Ensure Ingress and Egress zone values are set to proper ECS fields
- This will also allow the network.direction logic to work as intended

---------

Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com>
Co-authored-by: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com>
Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
@andrewkroh andrewkroh added the enhancement New feature or request label Aug 7, 2025
robester0403 added a commit to robester0403/integrations that referenced this pull request Aug 14, 2025
@robester0403 @muthu-mps
@txhaflaire @taylor-swanson
fix(cisco_ftd): handle optional spaces in message ID 113014 (elastic#…
23f971c 
…14757)

* FIX: changed grok processor to be able to handle any number of spaces between 'server =' and ip address

* FIX: Added change log pr link

* FIX: Added change log pr link

* [Azure AI Foundry] Rename billing dashboard (elastic#14615)

* rename billing dashboard

* [Jamf Protect 3.1.0] New pipelines added and enhancements (elastic#14750)

* Added support for the following new and upcoming events
  * network_connect
  * tcc_modify
  * pty_grant
  * pty_close
* Enhanced existing events (only added fields, no breaking changes)
  * mount
  * remount
  * unmount

* [cisco_ftd] Ensure observer zone fields are set (elastic#14748)

- Ensure Ingress and Egress zone values are set to proper ECS fields
- This will also allow the network.direction logic to work as intended

---------

Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com>
Co-authored-by: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com>
Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
@github-actions github-actions bot mentioned this pull request Feb 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

@efd6 efd6 efd6 approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:jamf_protect Jamf Protect (Partner supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@txhaflaire @elasticmachine @kcreddy @ShourieG @efd6 @andrewkroh