Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update and Sync winlog input integrations #2542

Merged
merged 1 commit into from
Jan 25, 2022
Merged

Update and Sync winlog input integrations #2542

merged 1 commit into from
Jan 25, 2022

Conversation

leehinman
Copy link
Contributor

What does this PR do?

Update and syncs winlog input integrations: system, windows, winlog,
and microsoft_sqlserver.

  • expose ignore_older option
  • change "Preserve Original Eventoption to useinclude_xml`
  • make ordering of options the same for all winlog inputs
  • switch to processors.length check to handlebars templates
  • make including of tags the same in handlebars templates
  • for windows/forwarded remove requirement to specify event id, none
    means all, which should be default
  • for windows/sysmon_operational remove requirement to specify event id, none
    means all, which should be default
  • for winlog remove requirement to specify event id, none
    means all, which should be default

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

Screenshots

@leehinman leehinman force-pushed the ignore_older_for_winlog_inputs branch from b900e9d to 2a9a367 Compare January 19, 2022 01:56
@elasticmachine
Copy link

elasticmachine commented Jan 19, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-01-25T19:10:06.121+0000

  • Duration: 21 min 43 sec

  • Commit: b92df92

Test stats 🧪

Test Results
Failed 0
Passed 401
Skipped 0
Total 401

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@leehinman leehinman marked this pull request as ready for review January 20, 2022 04:35
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

efd6
efd6 approved these changes Jan 20, 2022
View reviewed changes
packages/windows/changelog.yml Outdated
@@ -1,4 +1,15 @@
# newer versions go on top
- version: "1.7.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bump for conflict.

@leehinman leehinman force-pushed the ignore_older_for_winlog_inputs branch 2 times, most recently from 1720159 to 621c001 Compare January 25, 2022 18:09
@leehinman
Update and Sync winlog input integrations
b92df92 
- expose `ignore_older` option
- change "Preserve Original Event` option to use `include_xml`
- remove check for preserve_original_event from ingest pipelines
- make ordering of options the same for all winlog inputs
- switch to `processors.length` check to handlebars templates
- make including of tags the same in handlebars templates
- for windows/forwarded remove requirement to specify event id, none
  means all, which should be default
- for windows/sysmon_operational remove requirement to specify event id, none
  means all, which should be default
- for winlog remove requirement to specify event id, none
  means all, which should be default

Closes elastic#2472
@leehinman leehinman force-pushed the ignore_older_for_winlog_inputs branch from 621c001 to b92df92 Compare January 25, 2022 19:09
@leehinman leehinman merged commit 3a6e380 into elastic:main Jan 25, 2022
@andrewkroh andrewkroh mentioned this pull request Feb 9, 2022
Merged
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@leehinman
Update and Sync winlog input integrations (elastic#2542)
ca92a4a 
- expose `ignore_older` option
- change "Preserve Original Event` option to use `include_xml`
- remove check for preserve_original_event from ingest pipelines
- make ordering of options the same for all winlog inputs
- switch to `processors.length` check to handlebars templates
- make including of tags the same in handlebars templates
- for windows/forwarded remove requirement to specify event id, none
  means all, which should be default
- for windows/sysmon_operational remove requirement to specify event id, none
  means all, which should be default
- for winlog remove requirement to specify event id, none
  means all, which should be default

Closes elastic#2472
@andrewkroh andrewkroh mentioned this pull request May 11, 2022
Merged
This was referenced Jun 21, 2022
Closed
Closed
@leehinman leehinman deleted the ignore_older_for_winlog_inputs branch July 18, 2022 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[system/windows] Make ignore_older configurable for winlog inputs
4 participants
@leehinman @elasticmachine @andrewkroh @efd6