sentinel_one_cloud_funnel: fix original data preservation for gcs (#9627

)
elastic · Apr 17, 2024 · 5631bff · 5631bff
1 parent 0284a6e
commit 5631bff
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/packages/sentinel_one_cloud_funnel/changelog.yml b/packages/sentinel_one_cloud_funnel/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.14.1"
+  changes:
+    - description: Add missing event preservation template expansions for GCS input.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/9627
 - version: "0.14.0"
   changes:
     - description: Improve `event.type` and `event.action` mappings, fix missing `preserve_original_event` setting for GCS input.

diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/agent/stream/gcs.yml.hbs b/packages/sentinel_one_cloud_funnel/data_stream/event/agent/stream/gcs.yml.hbs
@@ -32,6 +32,12 @@ timestamp_epoch: {{timestamp_epoch}}
 {{/if}}
 {{#if tags}}
 tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#if preserve_duplicate_custom_fields}}
+  - preserve_duplicate_custom_fields
+{{/if}}
 {{#each tags as |tag|}}
   - {{tag}}
 {{/each}}

diff --git a/...el_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml b/...el_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml
@@ -19,7 +19,7 @@ processors:
   - set:
       field: event.action
       value: [creation]
-      if: ctx.sentinel_one_cloud_funnel?.event?.type != null && 
+      if: ctx.sentinel_one_cloud_funnel?.event?.type != null &&
           (
             ctx.sentinel_one_cloud_funnel?.event?.meta_event_name.toLowerCase().contains('regvaluecreate') ||
             ctx.sentinel_one_cloud_funnel?.event?.meta_event_name.toLowerCase().contains('regkeycreate')
@@ -31,7 +31,7 @@ processors:
   - set:
       field: event.action
       value: [deletion]
-      if: ctx.sentinel_one_cloud_funnel?.event?.type != null && 
+      if: ctx.sentinel_one_cloud_funnel?.event?.type != null &&
           (
             ctx.sentinel_one_cloud_funnel?.event?.meta_event_name.toLowerCase().contains('regvaluedelete') ||
             ctx.sentinel_one_cloud_funnel?.event?.meta_event_name.toLowerCase().contains('regkeydelete')

diff --git a/packages/sentinel_one_cloud_funnel/manifest.yml b/packages/sentinel_one_cloud_funnel/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: sentinel_one_cloud_funnel
 title: SentinelOne Cloud Funnel
-version: "0.14.0"
+version: "0.14.1"
 description: Collect logs from SentinelOne Cloud Funnel with Elastic Agent.
 type: integration
 categories: ["security", "edr_xdr"]