Skip to content

santa: add process.entity_id constructed from agent.id, pid and pidversion#3373

Merged
efd6 merged 3 commits intoelastic:mainfrom
efd6:3347-santa-pidversion
May 18, 2022
Merged

santa: add process.entity_id constructed from agent.id, pid and pidversion#3373
efd6 merged 3 commits intoelastic:mainfrom
efd6:3347-santa-pidversion

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented May 18, 2022

What does this PR do?

This adds a process.entity_id from the agent.id, the process.pid and the process.pidversion (stored in santa.pidversion).

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 requested a review from a team as a code owner May 18, 2022 03:56
@efd6 efd6 self-assigned this May 18, 2022
@elasticmachine
Copy link

elasticmachine commented May 18, 2022

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

efd6
efd6 commented May 18, 2022
View reviewed changes
@elasticmachine
Copy link

elasticmachine commented May 18, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-18T06:18:32.801+0000

  • Duration: 13 min 55 sec

Test stats 🧪

Test Results
Failed 0
Passed 13
Skipped 0
Total 13

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

r00tu53r
r00tu53r reviewed May 18, 2022
View reviewed changes
packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Comment on lines +23 to +26
- set:
field: process.entity_id
value: "{{{agent.id}}}-{{{process.entity_id}}}"
if: "ctx.agent?.id != null && ctx.process?.entity_id != null"
Copy link
Contributor

@r00tu53r r00tu53r May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure who would set process.entity_id before ? Would this condition ever be true ?

Copy link
Contributor Author

@efd6 efd6 May 18, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous set processor may have. This part prepends the agent.id if it's available and needed (the null check is for the "if needed" part of that).

Copy link
Contributor

@r00tu53r r00tu53r May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eeks missed it :) This enriches the existing field.

Isn't it worth having agent.id which I presume is almost always available for cases where process.pid and santa.pidversion are unavailable. That way there is at least one other identifying factor ? But none the less the user could always user agent.id directly I suppose. 👍

Copy link
Contributor Author

@efd6 efd6 May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that will be available independently.

r00tu53r
r00tu53r reviewed May 18, 2022
View reviewed changes
Copy link
Contributor

@r00tu53r r00tu53r left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just a minor comment/question + rebuild required to regenerate README.

@r00tu53r
Copy link
Contributor

r00tu53r commented May 18, 2022

/test

@elasticmachine
Copy link

elasticmachine commented May 18, 2022

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 3.659
Classes 100.0% (1/1) 💚 3.659
Methods 100.0% (12/12) 💚 11.036
Lines 87.963% (95/108) 👎 -2.126
Conditionals 100.0% (0/0) 💚

@efd6 efd6 requested a review from r00tu53r May 18, 2022 06:32
@efd6 efd6 merged commit ebf6e4e into elastic:main May 18, 2022
This was referenced May 22, 2022
Closed
Merged
@efd6 efd6 deleted the 3347-santa-pidversion branch February 5, 2025 22:13
@teresaromero teresaromero mentioned this pull request Mar 18, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@r00tu53r r00tu53r r00tu53r approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@efd6 efd6

Labels

enhancement New feature or request Integration:santa Google Santa

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @r00tu53r