Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doc: Add docs for Auditbeat add_session_metadata processor #40252

Merged
merged 17 commits into from
Aug 13, 2024
Merged

Doc: Add docs for Auditbeat add_session_metadata processor #40252

merged 17 commits into from
Aug 13, 2024

Conversation

karenzone
Copy link
Contributor

@karenzone karenzone commented Jul 15, 2024
edited
Loading

Relates #40186

PREVIEW: https://beats_bk_40252.docs-preview.app.elstc.co/guide/en/beats/auditbeat/master/add-session-metadata.html

Proposed commit message

Adds docs for configuring and enabling add_session_metadata processor for Auditbeat. This processor powers the Session View tool in the Elastic Security Platform.

ToDo: Find out how (if at all) the different doc location impacts our docs tooling. DONE

Most processors and docs live in https://github.com/elastic/beats/tree/main/libbeat/processors
The add_session_metadata processor lives in https://github.com/elastic/beats/tree/main/x-pack/auditbeat/processors/sessionmd`.

Partner PR required to get docs building (conf.yaml)

Dependency to break free of gridlock created by changes in two repos:

@karenzone karenzone added the docs label Jul 15, 2024
@karenzone karenzone self-assigned this Jul 15, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 15, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 15, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @karenzone? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@karenzone karenzone force-pushed the 40186-session-view branch from 8111746 to a074116 Compare July 23, 2024 20:40
@karenzone karenzone mentioned this pull request Jul 23, 2024
Merged
@karenzone karenzone changed the title Doc: Add docs for add_session_metadata processor Doc: Add docs for Auditbeat add_session_metadata processor Jul 24, 2024
@karenzone karenzone added backport-v8.5.0 Automated backport with mergify backport-8.15 Automated backport to the 8.15 branch with mergify and removed backport-v8.5.0 Automated backport with mergify labels Jul 24, 2024
@karenzone karenzone marked this pull request as ready for review July 24, 2024 21:06
@karenzone karenzone requested review from a team as code owners July 24, 2024 21:06
@karenzone karenzone requested review from rdner and VihasMakwana July 24, 2024 21:06
@karenzone karenzone mentioned this pull request Jul 24, 2024
Closed
@karenzone
Copy link
Contributor Author

Please review and comment so that we can nail down the content.

@karenzone
Copy link
Contributor Author

karenzone commented Aug 1, 2024
edited
Loading

Builds locally, but fails PR checks.

buildkite/docs-build-pr — Failed

INFO:build_docs:asciidoctor: ERROR: ../../libbeat/docs/processors-list.asciidoc: line 187: include file not found: /tmp/docsbuild/h360rSjkek/beats/x-pack/auditbeat/processors/sessionmd/docs/add_session_metadata.asciidoc
  | INFO:build_docs:asciidoctor: WARNING: invalid reference: add-session-metadata

Notes to self @karenzone:

  • New x-pack docs location is present in conf.yaml: https://github.com/elastic/docs/blob/master/conf.yaml#L1676-L1678
  • Placeholder PR passed CI and merged without error.
    Nothing is building yet because we haven't merged any includes.
  • This seems to point to an error in the include statement in libbeat/docs/processors-list.asciidoc in this PR. But then why would this work when I build locally???

Update - What's going on?

(Updated 2024-0805, M)
The conditional setting ifndef::no_add_session_metadata_processor[] should be set in the index.asciidoc file for Beats in which the new add_session_metadata_processor setting should NOT appear. (Think exclusion, not inclusion!) That's all Beats with the exception of Auditbeat.

Thank you @dedemorton, for the brilliant troubleshooting help. ❤️

@karenzone karenzone mentioned this pull request Aug 5, 2024
Closed
@karenzone karenzone requested review from a team as code owners August 5, 2024 22:57
@karenzone
Copy link
Contributor Author

karenzone commented Aug 8, 2024
edited
Loading

Update: After recent changes, this PR is passing docs-ci. New add_session_metadata processor content is added to Auditbeat Ref, and is excluded for all other Beats references as intended.

PREVIEW: https://beats_bk_40252.docs-preview.app.elstc.co/guide/en/beats/auditbeat/master/add-session-metadata.html

@karenzone karenzone requested a review from mjwolf August 8, 2024 21:26
@karenzone
Copy link
Contributor Author

@mjwolf, thank you so much for answering remaining questions and suggesting some text. I have committed your work with only minor edits.

Please review and let's get this one published.

@karenzone karenzone requested a review from andrewkroh August 8, 2024 21:49
mjwolf
mjwolf approved these changes Aug 8, 2024
View reviewed changes
Copy link
Contributor

@mjwolf mjwolf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@mjwolf mjwolf requested a review from nick-alayil August 8, 2024 21:57
nick-alayil
nick-alayil approved these changes Aug 8, 2024
View reviewed changes
Copy link
Contributor

@nick-alayil nick-alayil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @karenzone and @mjwolf !!

kilfoyle
kilfoyle approved these changes Aug 9, 2024
View reviewed changes
Copy link
Contributor

@kilfoyle kilfoyle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🎸

@karenzone
Copy link
Contributor Author

karenzone commented Aug 13, 2024
edited
Loading

Status

This PR touches every Beat, and requires approval from all Beats code owners. We're missing approvals from obs-ds-hosted-services and @VihasMakwana. Please review so that we can get these docs published.

@pierrehilbert
Copy link
Collaborator

@karenzone Vihas is in PTOs until end of the week

@karenzone karenzone merged commit 57ff337 into elastic:main Aug 13, 2024
123 checks passed
@karenzone karenzone deleted the 40186-session-view branch August 13, 2024 19:20
mergify bot pushed a commit that referenced this pull request Aug 13, 2024
@karenzone @mergify
Doc: Add docs for Auditbeat add_session_metadata processor (#40252)
6b8cf86 
Co-authored-by: Michael Wolf <[email protected]>
Co-authored-by: Nick Alayil <[email protected]>
Co-authored-by: DeDe Morton <[email protected]>
(cherry picked from commit 57ff337)
@mergify mergify bot mentioned this pull request Aug 13, 2024
Merged
@karenzone
Copy link
Contributor Author

12686

@karenzone
Copy link
Contributor Author

Link: https://www.elastic.co/guide/en/beats/auditbeat/master/add-session-metadata.html

Screen Shot 2024-08-13 at 4 16 07 PM

karenzone added a commit that referenced this pull request Aug 13, 2024
@mergify @karenzone
Doc: Add docs for Auditbeat add_session_metadata processor (#40252) (#…
9721f20 
…40511)

Co-authored-by: Michael Wolf <[email protected]>
Co-authored-by: Nick Alayil <[email protected]>
Co-authored-by: DeDe Morton <[email protected]>
(cherry picked from commit 57ff337)

Co-authored-by: Karen Metts <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dedemorton dedemorton dedemorton left review comments

@benironside benironside benironside approved these changes

@nick-alayil nick-alayil nick-alayil approved these changes

@kilfoyle kilfoyle kilfoyle approved these changes

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

@mjwolf mjwolf mjwolf approved these changes

@rdner rdner rdner approved these changes

@VihasMakwana VihasMakwana Awaiting requested review from VihasMakwana VihasMakwana is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@karenzone karenzone

Labels
backport-8.15 Automated backport to the 8.15 branch with mergify docs Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:Security-Linux Platform Linux Platform Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.