-
Notifications
You must be signed in to change notification settings - Fork 429
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fortigate] Fix startsWith for null value and add support for login events #8670
Conversation
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/event.yml
Outdated
Show resolved
Hide resolved
…st_pipeline/event.yml Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
/test |
@philippkahr can you add sample log to check if the problem is fixed? |
With the following addition of a log line and
Running without null check:
Running with null check:
So We are now keeping the I added this bit:
and we can actually remove the |
Hey @philippkahr,
and Since this fails when
|
Hi @kcreddy |
I was a bit unsure when the |
/test |
Can you also update version to |
🚀 Benchmarks reportTo see the full report comment with |
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/event.yml
Outdated
Show resolved
Hide resolved
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/login.yml
Outdated
Show resolved
Hide resolved
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/login.yml
Outdated
Show resolved
Hide resolved
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/login.yml
Show resolved
Hide resolved
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/login.yml
Show resolved
Hide resolved
…st_pipeline/event.yml Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
…grations into fortigate-fixes
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI failing on an older README file. Can you run below command and commit the updated README?
elastic-package build && elastic-package format && elastic-package lint && elastic-package check && elastic-package build
packages/fortinet_fortigate/data_stream/log/elasticsearch/ingest_pipeline/login.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍🏼
Package fortinet_fortigate - 1.23.0 containing this change is available at https://epr.elastic.co/search?package=fortinet_fortigate |
1 similar comment
Package fortinet_fortigate - 1.23.0 containing this change is available at https://epr.elastic.co/search?package=fortinet_fortigate |
Package fortinet_fortigate - 1.23.1 containing this change is available at https://epr.elastic.co/search?package=fortinet_fortigate |
Hi,
when running the event pipeline it could happen that the field is not populated and thus errors with a
null value does not have startsWith ...
therefore I added the null check using the Elvis operator as in:and support for login events.
Checklist
changelog.yml
file.