-
Notifications
You must be signed in to change notification settings - Fork 429
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ti_misp - Fix duplicate requests for page 1 #6495
ti_misp - Fix duplicate requests for page 1 #6495
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
@@ -9,70 +9,77 @@ rules: | |||
- status_code: 200 | |||
body: |- | |||
{ | |||
"response": [{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NOTE: I formatted this JSON body and then split the existing events across page 1 and page 2.
e855605
to
94d908f
Compare
94d908f
to
7a3309a
Compare
Avoid requesting page 1 more than once. The page counter within httpjson begins at 0 and the page parameter within MISP starts at 1. The results were verified using this against the request tracer log from the system test. jq -c '{"http.request.body.content":.["http.request.body.content"], "transaction.id":.["transaction.id"]}' tracer.ndjson | grep -v null {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"1\",\"returnFormat\":\"json\",\"timestamp\":\"1686065582\"}","transaction.id":"L1FFIRQ23HJ1E-1"} {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"2\",\"returnFormat\":\"json\",\"timestamp\":\"1686065582\"}","transaction.id":"L1FFIRQ23HJ1E-2"} {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"3\",\"returnFormat\":\"json\",\"timestamp\":\"1686065584\"}","transaction.id":"L1FFIRQ23HJ1E-3"} Relates elastic#6479
7a3309a
to
e7d0645
Compare
🌐 Coverage report
|
"Galaxy": [], | ||
"ShadowAttribute": [], | ||
"category": "Payload delivery", | ||
"comment": "", | ||
"comment": "filename contect for test event 3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"context"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That diff is a bit misleading in that I did not add this string. Viewing without whitespace is better for this file.
But my guess would be "content". 🤷
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to "content".
packages/ti_misp/data_stream/threat/_dev/test/system/test-default-config.yml
Outdated
Show resolved
Hide resolved
packages/ti_misp/data_stream/threat_attributes/_dev/test/system/test-default-config.yml
Outdated
Show resolved
Hide resolved
packages/ti_misp/data_stream/threat_attributes/agent/stream/httpjson.yml.hbs
Show resolved
Hide resolved
Package ti_misp - 1.15.2 containing this change is available at https://epr.elastic.co/search?package=ti_misp |
Avoid requesting page 1 more than once. The page counter within httpjson begins at 0 and the page parameter within MISP starts at 1. The results were verified using this against the request tracer log from the system test. jq -c '{"http.request.body.content":.["http.request.body.content"], "transaction.id":.["transaction.id"]}' tracer.ndjson | grep -v null {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"1\",\"returnFormat\":\"json\",\"timestamp\":\"1686065582\"}","transaction.id":"L1FFIRQ23HJ1E-1"} {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"2\",\"returnFormat\":\"json\",\"timestamp\":\"1686065582\"}","transaction.id":"L1FFIRQ23HJ1E-2"} {"http.request.body.content":"{\"limit\":\"10\",\"page\":\"3\",\"returnFormat\":\"json\",\"timestamp\":\"1686065584\"}","transaction.id":"L1FFIRQ23HJ1E-3"} Relates #6479
Update the HTTP JSON input configuration for the Threat Intel module's misp fileset with pagination fixes that were done earlier in the Agent-based MISP integration, in these PRs: - Fix timestamp format sent to API elastic/integrations#6482 - Fix duplicate requests for page 1 elastic/integrations#6495 - Keep the same timestamp for later pages elastic/integrations#6649 - Pagination fixes elastic/integrations#9073
Update the HTTP JSON input configuration for the Threat Intel module's misp fileset with pagination fixes that were done earlier in the Agent-based MISP integration, in these PRs: - Fix timestamp format sent to API elastic/integrations#6482 - Fix duplicate requests for page 1 elastic/integrations#6495 - Keep the same timestamp for later pages elastic/integrations#6649 - Pagination fixes elastic/integrations#9073 (cherry picked from commit b7fc69a)
Update the HTTP JSON input configuration for the Threat Intel module's misp fileset with pagination fixes that were done earlier in the Agent-based MISP integration, in these PRs: - Fix timestamp format sent to API elastic/integrations#6482 - Fix duplicate requests for page 1 elastic/integrations#6495 - Keep the same timestamp for later pages elastic/integrations#6649 - Pagination fixes elastic/integrations#9073 (cherry picked from commit b7fc69a)
…#37923) [filebeat][threatintel] MISP pagination fixes (#37898) Update the HTTP JSON input configuration for the Threat Intel module's misp fileset with pagination fixes that were done earlier in the Agent-based MISP integration, in these PRs: - Fix timestamp format sent to API elastic/integrations#6482 - Fix duplicate requests for page 1 elastic/integrations#6495 - Keep the same timestamp for later pages elastic/integrations#6649 - Pagination fixes elastic/integrations#9073
…#37924) [filebeat][threatintel] MISP pagination fixes (#37898) Update the HTTP JSON input configuration for the Threat Intel module's misp fileset with pagination fixes that were done earlier in the Agent-based MISP integration, in these PRs: - Fix timestamp format sent to API elastic/integrations#6482 - Fix duplicate requests for page 1 elastic/integrations#6495 - Keep the same timestamp for later pages elastic/integrations#6649 - Pagination fixes elastic/integrations#9073
Avoid requesting page 1 more than once. The page counter within httpjson begins at 0 and the page parameter within MISP starts at 1.
The results were verified using this against the request tracer log from the system test.
Relates #6479
What does this PR do?
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots