[sei] Add checks to avoid overriding event.original if present by marc-gr · Pull Request #8269 · elastic/integrations

marc-gr · 2023-10-23T10:31:39Z

Proposed commit message

Add checks to avoid overriding event.original if present.
On some setups (ie Logstash sends data to ES) event.original might be already present in the event body. Currently most of our integrations do not have a null check for it before trying to set it, leading to errors on these circumstances. By adding the required checks we improve handling in this setups.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

Related issues

Closes [SEI] Add check for event.original rename/set to avoid issues with Logstash events #8146

elasticmachine · 2023-10-24T19:37:45Z

Package sentinel_one_cloud_funnel - 0.7.0 containing this change is available at https://epr.elastic.co/search?package=sentinel_one_cloud_funnel

elasticmachine · 2023-10-24T19:42:44Z

Package slack - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=slack

elasticmachine · 2023-10-24T19:47:44Z

Package snort - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=snort

elasticmachine · 2023-10-24T19:55:50Z

Package snyk - 1.17.0 containing this change is available at https://epr.elastic.co/search?package=snyk

elasticmachine · 2023-10-24T19:55:51Z

Package sonicwall_firewall - 1.12.0 containing this change is available at https://epr.elastic.co/search?package=sonicwall_firewall

elasticmachine · 2023-10-24T20:00:31Z

Package sophos - 3.5.0 containing this change is available at https://epr.elastic.co/search?package=sophos

elasticmachine · 2023-10-24T20:10:29Z

Package sophos_central - 1.11.0 containing this change is available at https://epr.elastic.co/search?package=sophos_central

elasticmachine · 2023-10-24T20:10:30Z

Package suricata - 2.19.0 containing this change is available at https://epr.elastic.co/search?package=suricata

elasticmachine · 2023-10-24T20:30:31Z

Package tanium - 1.6.0 containing this change is available at https://epr.elastic.co/search?package=tanium

elasticmachine · 2023-10-24T20:30:33Z

Package tenable_io - 2.5.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io

elasticmachine · 2023-10-24T20:30:35Z

Package tenable_sc - 1.18.0 containing this change is available at https://epr.elastic.co/search?package=tenable_sc

elasticmachine · 2023-10-24T20:30:36Z

Package ti_abusech - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=ti_abusech

elasticmachine · 2023-10-24T20:35:37Z

Package ti_cybersixgill - 1.23.0 containing this change is available at https://epr.elastic.co/search?package=ti_cybersixgill

elasticmachine · 2023-10-24T20:40:40Z

Package ti_maltiverse - 0.6.0 containing this change is available at https://epr.elastic.co/search?package=ti_maltiverse

elasticmachine · 2023-10-24T20:45:36Z

Package ti_otx - 1.20.0 containing this change is available at https://epr.elastic.co/search?package=ti_otx

elasticmachine · 2023-10-24T20:50:47Z

Package ti_rapid7_threat_command - 1.12.0 containing this change is available at https://epr.elastic.co/search?package=ti_rapid7_threat_command

elasticmachine · 2023-10-24T20:55:43Z

Package ti_recordedfuture - 1.18.0 containing this change is available at https://epr.elastic.co/search?package=ti_recordedfuture

elasticmachine · 2023-10-24T21:05:16Z

Package ti_threatq - 1.21.0 containing this change is available at https://epr.elastic.co/search?package=ti_threatq

elasticmachine · 2023-10-24T21:10:43Z

Package tines - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=tines

elasticmachine · 2023-10-24T21:10:44Z

Package trellix_edr_cloud - 0.5.0 containing this change is available at https://epr.elastic.co/search?package=trellix_edr_cloud

elasticmachine · 2023-10-24T21:15:55Z

Package trellix_epo_cloud - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=trellix_epo_cloud

elasticmachine · 2023-10-24T21:20:59Z

Package trend_micro_vision_one - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=trend_micro_vision_one

elasticmachine · 2023-10-24T21:26:22Z

Package vectra_detect - 1.5.0 containing this change is available at https://epr.elastic.co/search?package=vectra_detect

elasticmachine · 2023-10-24T21:31:14Z

Package zeek - 2.20.0 containing this change is available at https://epr.elastic.co/search?package=zeek

elasticmachine · 2023-10-24T21:36:20Z

Package zerofox - 1.20.0 containing this change is available at https://epr.elastic.co/search?package=zerofox

elasticmachine · 2023-10-24T21:41:27Z

Package zeronetworks - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=zeronetworks

elasticmachine · 2023-10-24T21:46:15Z

Package zscaler_zia - 2.16.0 containing this change is available at https://epr.elastic.co/search?package=zscaler_zia

elasticmachine · 2023-10-24T21:50:58Z

Package zscaler_zpa - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=zscaler_zpa

marc-gr added enhancement New feature or request Team:Security-External Integrations labels Oct 23, 2023

marc-gr force-pushed the feat/event.original-check branch from b8528f5 to 5485e2c Compare October 23, 2023 10:55

janvi-elastic mentioned this pull request Oct 25, 2023

[symantec_edr_cloud] Initial release of the symantec edr cloud #8267

Merged

15 tasks

taylor-swanson mentioned this pull request Mar 4, 2024

[Cisco FTD] parsing issue with Logstash #7159

Closed

Conversation

marc-gr commented Oct 23, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

Related issues

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

elasticmachine commented Oct 24, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

marc-gr commented Oct 23, 2023 •

edited

Loading