Skip to content

darktrace: fix handling of acknowledgement in model_breach_alert#11517

Merged
efd6 merged 2 commits intoelastic:mainfrom
efd6:11505-darktrace
Oct 31, 2024
Merged

darktrace: fix handling of acknowledgement in model_breach_alert#11517
efd6 merged 2 commits intoelastic:mainfrom
efd6:11505-darktrace

Conversation

@efd6
Copy link
Copy Markdown
Contributor

@efd6 efd6 commented Oct 25, 2024

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Integration:darktrace Darktrace bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 25, 2024
@efd6 efd6 self-assigned this Oct 25, 2024
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Oct 25, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review October 25, 2024 04:34
@efd6 efd6 requested a review from a team as a code owner October 25, 2024 04:34
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Oct 25, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

kcreddy
kcreddy approved these changes Oct 31, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor clarifications.
LGTM

Comment thread packages/darktrace/data_stream/model_breach_alert/elasticsearch/ingest_pipeline/default.yml Outdated
ctx.darktrace.model_breach_alert.is_acknowledged = false;
return;
}
if (ctx.darktrace?.model_breach_alert?.acknowledged.time == null) {
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy Oct 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point, we know that ctx.darktrace.model_breach_alert.acknowledged is not null, because it didn't return.
So, no need for having null checks in subsequent steps for darktrace?.model_breach_alert?

Comment thread packages/darktrace/data_stream/model_breach_alert/fields/fields.yml
fields:
- name: time
type: date
- name: username
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy Oct 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

username could be added to related.users

@efd6 efd6 enabled auto-merge (squash) October 31, 2024 07:49
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Oct 31, 2024

💚 Build Succeeded

History

cc @efd6

@efd6 efd6 merged commit 40593b2 into elastic:main Oct 31, 2024
@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube Bot commented Oct 31, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Oct 31, 2024

Package darktrace - 1.19.0 containing this change is available at https://epr.elastic.co/search?package=darktrace

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@efd6
darktrace: fix handling of acknowledgement in model_breach_alert (ela…
8920981 
…stic#11517)
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@efd6
darktrace: fix handling of acknowledgement in model_breach_alert (ela…
a840e46 
…stic#11517)
@efd6 efd6 deleted the 11505-darktrace branch February 5, 2025 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue enhancement New feature or request Integration:darktrace Darktrace Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Error in parsing of acknowledged field for Darktrace integration

3 participants

@efd6 @elasticmachine @kcreddy