Skip to content

[Windows] Sync with winlogbeat module changes #685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 17, 2021
Merged

[Windows] Sync with winlogbeat module changes #685

merged 2 commits into from
Feb 17, 2021

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Feb 15, 2021

What does this PR do?

Syncs the windows integration with the changes in winlogbeat modules from beats.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.

@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@marc-gr marc-gr mentioned this pull request Feb 15, 2021
Closed
89 tasks
@elasticmachine
Copy link

elasticmachine commented Feb 15, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #685 updated

  • Start Time: 2021-02-17T08:32:53.721+0000

  • Duration: 9 min 51 sec

  • Commit: 989e51a

Test stats 🧪

Test Results
Failed 0
Passed 38
Skipped 0
Total 38

Trends 🧪

Image of Build Times

Image of Tests

P1llus
P1llus approved these changes Feb 16, 2021
View reviewed changes
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from my side, some small comments just to make sure if its intended, I looked at the processors, config files and ECS mapping, though I am unable to 100% determine if we have all the ECS fields used by the integration in ecs.yml. Is there ways we test this today?

packages/windows/data_stream/forwarded/agent/stream/winlog.yml.hbs
@@ -1423,10 +1711,11 @@ processors:
var actionResults = [];
for (var j = 0; j < codedActions.length; j++) {
var actionCode = codedActions[j].replace("%%", '').replace(' ', '');
actionResults.push(auditActions[actionCode]);
actionResults.push(msobjsMessageTable[actionCode]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't find any refrence in the commit that the variable auditActions was changed to msobjMessageTable, is this resolving an earlier error?

@marc-gr marc-gr merged commit 8138abc into elastic:master Feb 17, 2021
@marc-gr marc-gr deleted the winlogbeat-ecs-1.8 branch February 17, 2021 08:48
@fearful-symmetry fearful-symmetry mentioned this pull request Feb 18, 2021
Merged
3 tasks
@ShourieG ShourieG mentioned this pull request Aug 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marc-gr @elasticmachine @P1llus