Skip to content

SECURITY-ENDPOINT: add fields for events to metadata document#70491

Merged
nnamdifrankie merged 2 commits intoelastic:masterfrom
nnamdifrankie:EMT-492_add_event_fields
Jul 2, 2020
Merged

SECURITY-ENDPOINT: add fields for events to metadata document#70491
nnamdifrankie merged 2 commits intoelastic:masterfrom
nnamdifrankie:EMT-492_add_event_fields

Conversation

@nnamdifrankie
Copy link
Copy Markdown
Contributor

@nnamdifrankie nnamdifrankie commented Jul 1, 2020

Summary

Issue:
https://github.com/elastic/endpoint-app-team/issues/492

  • add event fields to metadata type
  • update generator

Checklist

@nnamdifrankie nnamdifrankie requested review from a team as code owners July 1, 2020 18:21
@nnamdifrankie nnamdifrankie added release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0 labels Jul 1, 2020
jonathan-buttner
jonathan-buttner reviewed Jul 1, 2020
View reviewed changes
x-pack/plugins/security_solution/common/endpoint/types.ts Outdated
created: number;
kind: string;
id: string;
category: string;
Copy link
Copy Markdown
Contributor

@jonathan-buttner jonathan-buttner Jul 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

x-pack/plugins/security_solution/common/endpoint/generate_data.ts Outdated
created: ts,
id: this.seededUUIDv4(),
kind: 'metric',
category: 'host',
Copy link
Copy Markdown
Contributor

@jonathan-buttner jonathan-buttner Jul 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

category and type can be an array per the ecs spec. I believe the endpoint will actually send these values as an array of a single value for metadata.

My suggestion would be to mimic that and do category: ['host'] type: ['info']

Copy link
Copy Markdown
Contributor Author

@nnamdifrankie nnamdifrankie Jul 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Jul 1, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nnamdifrankie nnamdifrankie merged commit e9b81f7 into elastic:master Jul 2, 2020
@nnamdifrankie nnamdifrankie deleted the EMT-492_add_event_fields branch July 2, 2020 02:50
nnamdifrankie added a commit to nnamdifrankie/kibana that referenced this pull request Jul 2, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add fields for events to metadata document (elasti…
6fb5283 
…c#70491)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
@nnamdifrankie nnamdifrankie mentioned this pull request Jul 2, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 2, 2020
@gmmorris
Merge branch 'master' into alerting/built-in-alerts-feature
0e001e6 
* master: (46 commits)
  [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688)
  Use dynamic: false for config saved object mappings (elastic#70436)
  [Ingest Pipelines] Error messages (elastic#70167)
  [APM] Show transaction rate per minute on Observability Overview page (elastic#70336)
  Filter out error when calculating a label (elastic#69934)
  [Visualizations] Each visType returns its supported triggers (elastic#70177)
  [Telemetry] Report data shippers (elastic#64935)
  Reduce SavedObjects mappings for Application Usage (elastic#70475)
  [Lens] fix dimension label performance issues (elastic#69978)
  Skip failing endgame tests (elastic#70548)
  [SIEM] Reenabling Cypress tests (elastic#70397)
  [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707)
  [Security] Adds field mapping support to rule creation (elastic#70288)
  SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491)
  Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130)
  [SIEM][Exceptions] - Exception builder component (elastic#67013)
  [Ingest Manager] Rename data sources to package configs (elastic#70259)
  skip suites blocking es snapshot promomotion (elastic#70532)
  [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503)
  fix export response (elastic#70473)
  ...
nnamdifrankie added a commit that referenced this pull request Jul 2, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add fields for events to metadata document (#70491) (
719814f 
#70547)

SECURITY-ENDPOINT: EMT-492 add fields for events to metadata document
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonathan-buttner jonathan-buttner jonathan-buttner approved these changes

+1 more reviewer

@kevinlog kevinlog kevinlog approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@nnamdifrankie @kibanamachine @elasticmachine @jonathan-buttner @kevinlog @MindyRS @LeeDr