-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat][Azure Module] Fixing event.outcome from result_type issue #20998
[Filebeat][Azure Module] Fixing event.outcome from result_type issue #20998
Conversation
Pinging @elastic/siem (Team:SIEM) |
Pinging @elastic/integrations-platforms (Team:Platforms) |
@threat-punter If you could share a example doc before it was parsed as well that would be great, then I can add it as part of our test data :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Unfortunately not. My Azure subscription expired and it looks like I don't have access to the raw event anymore. |
@@ -555,6 +555,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
- Convert httpjson to v2 input {pull}20226[20226] | |||
- Improve Zeek x509 module with `x509` ECS mappings {pull}20867[20867] | |||
- Improve Zeek SSL module with `x509` ECS mappings {pull}20927[20927] | |||
- Added new properties field support for event.outcome in azure module {pull}20998[20998] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs to be reordered
@P1llus do you know if this one will get merged before the 7.10 feature freeze? Once it's merged, I can go ahead and merge these detection rules ready for 7.10 too elastic/detection-rules#143 and elastic/detection-rules#129 |
@threat-punter @leehinman anything else needed before a merge? |
looks good. I'm merge & open backport PR. |
…lastic#20998) * fixing a small typo in result type and adding more event.outcome possibilities * Updating changelog (cherry picked from commit 578a0f9)
…ne-2.0-arm * upstream/master: (29 commits) Fix librpm installation in auditbeat build (elastic#21239) Fix prometheus default config (elastic#21253) Fix dev guide test command (elastic#21254) Move aws lambda metricset to GA (elastic#21255) [Docs] Typo in table syntax (elastic#20227) [ECS] Adds related.hosts to capture all hostnames and host identifiers on an event. (elastic#21160) Add recursive split to httpjson (elastic#21214) [DOCS] Add beat specific start widgets (elastic#21217) Fix timestamp handling in remote_write (elastic#21166) Fix aws, azure and googlecloud compute dashboards (elastic#21098) Add acceptable event log keys to winlog (elastic#21205) Add elastic-agent to gitignore (elastic#21219) Add cloudfoundry tags to events (elastic#21177) [Ingest Manager] Agent includes pgp file (elastic#19480) Add compatibility note about ingress-controller-v0.34.1 (elastic#21209) [Ingest Manager] Support for UPGRADE_ACTION (elastic#21002) Fix libbeat.output.*.bytes metrics of Elasticsearch output (elastic#21197) [packaging] use docker.elastic.co/ubi8/ubi-minimal (elastic#21154) Add host inventory metrics to system module (elastic#20415) [Filebeat][Azure Module] Fixing event.outcome from result_type issue (elastic#20998) ...
What does this PR do?
Adding a small fix to event.outcome from resulttype and adding a second property to event.outcome if result_type does not exist
Why is it important?
Fixes small issues for event.outcome parsing
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Related issues