Skip to content

Clarify OS support for DED#14248

Merged
frozenmog merged 4 commits intomainfrom
ded-update-os-support
Jun 25, 2025
Merged

Clarify OS support for DED#14248
frozenmog merged 4 commits intomainfrom
ded-update-os-support

Conversation

@frozenmog
Copy link
Copy Markdown
Contributor

@frozenmog frozenmog commented Jun 18, 2025
edited
Loading

Proposed commit message

Clarify OS support for DED

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Tested the updated transform locally with elastic package:

Screenshot 2025-06-18 at 14 40 33

Related issues

Screenshots

@andrewkroh andrewkroh added the Integration:ded Data Exfiltration Detection label Jun 18, 2025
sodhikirti07
sodhikirti07 reviewed Jun 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@sodhikirti07 sodhikirti07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Added a few suggestions.

Comment thread packages/ded/docs/README.md Outdated
Comment thread packages/ded/docs/README.md Outdated
@jmcarlock
Copy link
Copy Markdown
Contributor

jmcarlock commented Jun 18, 2025

LGTM! Tested locally with the test pipeline/elastic-package.

@jmcarlock jmcarlock self-requested a review June 18, 2025 17:56
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 23, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube Bot commented Jun 23, 2025

Quality Gate failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@frozenmog
Copy link
Copy Markdown
Contributor Author

frozenmog commented Jun 23, 2025

I've update the datafeed for file based events to filter based on the supported OS type. Tested locally and all transforms and anomaly detection jobs are working
Screenshot 2025-06-23 at 14 10 51

@frozenmog frozenmog marked this pull request as ready for review June 23, 2025 12:18
@frozenmog frozenmog requested review from a team as code owners June 23, 2025 12:18
@frozenmog frozenmog requested a review from sodhikirti07 June 23, 2025 12:19
sodhikirti07
sodhikirti07 approved these changes Jun 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@sodhikirti07 sodhikirti07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@peteharverson peteharverson requested a review from qn895 June 23, 2025 13:45
@andrewkroh andrewkroh added the Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] label Jun 23, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 23, 2025

Pinging @elastic/sec-applied-ml (Team:Security-Applied ML)

qn895
qn895 approved these changes Jun 24, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@qn895 qn895 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Transform changes LGTM

@frozenmog frozenmog merged commit dbad0c6 into main Jun 25, 2025
6 of 7 checks passed
@frozenmog frozenmog deleted the ded-update-os-support branch June 25, 2025 14:37
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jun 25, 2025

Package ded - 2.3.2 containing this change is available at https://epr.elastic.co/package/ded/2.3.2/

shmsr pushed a commit to shmsr/integrations that referenced this pull request Jun 30, 2025
@frozenmog @shmsr
Clarify OS support for DED (elastic#14248)
0d6c992 
* Add filter on host.os.type for transform

* Update REAME with supported jobs for os type, update changelog

* remove os.type from transform fields

* Add filter on `host.os.type` to file based events
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jul 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmcarlock jmcarlock jmcarlock approved these changes

@susan-shu-c susan-shu-c susan-shu-c approved these changes

@qn895 qn895 qn895 approved these changes

@sodhikirti07 sodhikirti07 sodhikirti07 approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:ded Data Exfiltration Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@frozenmog @jmcarlock @elasticmachine @susan-shu-c @qn895 @sodhikirti07 @andrewkroh