Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Parse additonal debug data fields for Okta module #25818

Merged
merged 8 commits into from
Jun 24, 2021
Merged

[Filebeat] Parse additonal debug data fields for Okta module #25818

merged 8 commits into from
Jun 24, 2021

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented May 21, 2021
edited
Loading

What does this PR do?

Parses the Suspicious Activity fields for the Okta module from the okta.debug_context.debug_data field.

Why is it important?

The module currently deletes the Suspicious Activity fields from the events, losing vital infmormation.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

cd beats/x-pack/filebeat
TESTING_FILEBEAT_MODULES=okta TESTING_FILEBEAT_FILESETS=system mage -v pythonIntegTest

Related issues

Use cases

Screenshots

Logs

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 21, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented May 21, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: P1llus commented: run tests

  • Start Time: 2021-06-24T14:11:52.089+0000

  • Duration: 112 min 23 sec

  • Commit: d69a251

Test stats 🧪

Test Results
Failed 0
Passed 14224
Skipped 2311
Total 16535

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 14224
Skipped 2311
Total 16535

@legoguy1000 legoguy1000 marked this pull request as ready for review May 23, 2021 22:21
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 24, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@mergify
Copy link
Contributor

mergify bot commented May 25, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Contributor

mergify bot commented May 26, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus
Copy link
Member

P1llus commented May 27, 2021

run tests

@mergify
Copy link
Contributor

mergify bot commented Jun 2, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Contributor

mergify bot commented Jun 7, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@legoguy1000 legoguy1000 force-pushed the 25689-okta-fields branch 3 times, most recently from 4ff6fda to 4d4e03f Compare June 7, 2021 16:28
@mergify
Copy link
Contributor

mergify bot commented Jun 8, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus P1llus added the needs_integration_sync Changes in this PR need synced to elastic/integrations. label Jun 15, 2021
@P1llus
Copy link
Member

P1llus commented Jun 15, 2021

/test

P1llus
P1llus reviewed Jun 16, 2021
View reviewed changes
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one comment first

x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json Show resolved Hide resolved
@mergify
Copy link
Contributor

mergify bot commented Jun 16, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@mergify
Copy link
Contributor

mergify bot commented Jun 24, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25689-okta-fields upstream/25689-okta-fields
git merge upstream/master
git push upstream 25689-okta-fields

@P1llus
Copy link
Member

P1llus commented Jun 24, 2021

run tests

@P1llus P1llus merged commit 4aff295 into elastic:master Jun 24, 2021
@P1llus P1llus added the backport-v7.14.0 Automated backport with mergify label Jun 24, 2021
mergify bot pushed a commit that referenced this pull request Jun 24, 2021
@legoguy1000
[Filebeat] Parse additonal debug data fields for Okta module (#25818)
fdc4d3e 
* #25689: Parse additonal debug data fields for Okta module

* update generated data

* update changelog

* added additional test data & `uri_parts` processor

* update fields

* fix changelog

* update fields

Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
(cherry picked from commit 4aff295)
@mergify mergify bot mentioned this pull request Jun 24, 2021
Merged
P1llus pushed a commit that referenced this pull request Jun 24, 2021
@mergify @legoguy1000
[Filebeat] Parse additonal debug data fields for Okta module (#25818) (
74e273a 
…#26487)

* #25689: Parse additonal debug data fields for Okta module

* update generated data

* update changelog

* added additional test data & `uri_parts` processor

* update fields

* fix changelog

* update fields

Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
(cherry picked from commit 4aff295)

Co-authored-by: Alex Resnick <adr8292@gmail.com>
mdelapenya added a commit to mdelapenya/beats that referenced this pull request Jun 28, 2021
@mdelapenya
Merge branch 'master' into archive-system-tests
b6dbec3 
* master: (32 commits)
  [Metricbeat] Change Account ID to Project ID in `gcp.billing` module (elastic#26412)
  update libbeat fields.ecs.yml file and ecsVersion to 1.10.0 (elastic#26121)
  [Filebeat] Update AWS ELB ingest pipeline (elastic#26441)
  [FIlebeat] add strict_date_optional_time_nanos date format to PanOS module (elastic#26158)
  Fix the irregular and typo on prometheus module. (elastic#25726)
  [Filebeat] Parse additonal debug data fields for Okta module (elastic#25818)
  fix: update MSSQL Server linux image's Docker registry (elastic#26440)
  Update indexing.go godocs (elastic#26408)
  Do not close filestream harvester if an unexpected error is returned when close.on_state_change.* is enabled (elastic#26411)
  Add support for copytruncate method when rotating input logs with an external tool in `filestream` input (elastic#23457)
  Allow fields with ip_range datatype (elastic#26444)
  Add Anomali ThreatStream support to threatintel module (elastic#26350)
  fix: use the right param type (elastic#26469)
  [Automation] Update elastic stack version to 8.0.0-7640093f for testing (elastic#26460)
  Set SM Filebeat modules as GA (elastic#26226)
  Fix rfc5464 date parsing in the syslog input (elastic#26419)
  Add linked account information into billing metricset (elastic#26285)
  [Filebeat] Update HA Proxy log grok patterns (elastic#25835)
  disable metricbeat logstash test_node_stats (elastic#26436)
  chore: pass BEAT_VERSION when running E2E tests (elastic#26291)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenB196 BenB196 BenB196 left review comments

@P1llus P1llus P1llus approved these changes

Assignees
No one assigned
Labels
backport-v7.14.0 Automated backport with mergify enhancement needs_integration_sync Changes in this PR need synced to elastic/integrations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat][Okta] Ingest Pipeline for Okta Module drops debug_context fields
5 participants
@legoguy1000 @elasticmachine @P1llus @BenB196 @jamiehynds