diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 360d0b6aa13..a47019c5ec1 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add flattened `okta.request.ip_chain.*` fields + type: enhancement + link: https://github.com/elastic/integrations/pull/3326 - version: "1.6.0" changes: - description: Update to ECS 8.2 diff --git a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json index 83924e33871..138ee5d14d7 100644 --- a/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json +++ b/packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json @@ -70,6 +70,24 @@ "outcome": { "result": "SUCCESS" }, + "request": { + "ip_chain": [ + { + "geographical_context": { + "city": "Dublin", + "country": "United States", + "geolocation": { + "lat": 37.7201, + "lon": -121.919 + }, + "postal_code": "94568", + "state": "California" + }, + "ip": "175.16.199.1", + "version": "V4" + } + ] + }, "transaction": { "id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "type": "WEB" @@ -193,6 +211,24 @@ "outcome": { "result": "SUCCESS" }, + "request": { + "ip_chain": [ + { + "geographical_context": { + "city": "Dublin", + "country": "United States", + "geolocation": { + "lat": 37.7201, + "lon": -121.919 + }, + "postal_code": "94568", + "state": "California" + }, + "ip": "175.16.199.1", + "version": "V4" + } + ] + }, "transaction": { "id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "type": "WEB" @@ -316,6 +352,24 @@ "outcome": { "result": "SUCCESS" }, + "request": { + "ip_chain": [ + { + "geographical_context": { + "city": "Dublin", + "country": "United States", + "geolocation": { + "lat": 37.7201, + "lon": -121.919 + }, + "postal_code": "94568", + "state": "California" + }, + "ip": "175.16.199.1", + "version": "V4" + } + ] + }, "transaction": { "id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "type": "WEB" @@ -437,6 +491,24 @@ "outcome": { "result": "SUCCESS" }, + "request": { + "ip_chain": [ + { + "geographical_context": { + "city": "Dublin", + "country": "United States", + "geolocation": { + "lat": 37.7201, + "lon": -121.919 + }, + "postal_code": "94568", + "state": "California" + }, + "ip": "175.16.199.1", + "version": "V4" + } + ] + }, "transaction": { "id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "type": "WEB" diff --git a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml index 0083802dc04..8b308e6173e 100644 --- a/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml +++ b/packages/okta/data_stream/system/elasticsearch/ingest_pipeline/default.yml @@ -329,6 +329,29 @@ processors: target_field: okta.security_context.isp ignore_missing: true ignore_failure: true + - rename: + field: json.request.ipChain + target_field: okta.request.ip_chain + ignore_missing: true + ignore_failure: true + - foreach: + field: okta.request.ip_chain + processor: + rename: + field: _ingest._value.geographicalContext + target_field: _ingest._value.geographical_context + ignore_missing: true + ignore_failure: true + ignore_missing: true + - foreach: + field: okta.request.ip_chain + processor: + rename: + field: _ingest._value.geographical_context.postalCode + target_field: _ingest._value.geographical_context.postal_code + ignore_missing: true + ignore_failure: true + ignore_missing: true - convert: field: okta.client.user_agent.raw_user_agent target_field: user_agent.original diff --git a/packages/okta/data_stream/system/fields/fields.yml b/packages/okta/data_stream/system/fields/fields.yml index 7cafbcba896..4ec76b884fe 100644 --- a/packages/okta/data_stream/system/fields/fields.yml +++ b/packages/okta/data_stream/system/fields/fields.yml @@ -227,7 +227,7 @@ type: group fields: - name: ip_chain - type: group + type: flattened fields: - name: ip type: ip diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 837bf15e569..90fa9e27612 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta Logs -version: 1.6.0 +version: 1.7.0 release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration