Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include user_agent.version in dynamic_fields (pipeline tests) #12033

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Include user_agent.version in dynamic_fields (pipeline tests) #12033

wants to merge 6 commits into from
+118 −0

Conversation

mrodm
Copy link
Contributor

@mrodm mrodm commented Dec 9, 2024
edited
Loading

Proposed commit message

Include a new dynamic field for user_agent.version in order to accept versions with a trailing dot.

Related issue: elastic/elasticsearch#116950

This regex needs to accept values like these ones (examples from apache and iis package):

  • 15.0.a2
  • 50.0.
  • 50.0
  • 7.79.1
  • 54.0.2840.98
  • 2016

Builds failing:

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

How to test this PR locally

Related issues

@mrodm mrodm self-assigned this Dec 9, 2024
mrodm
mrodm commented Dec 9, 2024
View reviewed changes
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-config.yml
@@ -1,3 +1,5 @@
dynamic_fields:
"user_agent.version": '^(\d+\.\d+(\.|\..*)?|\d+)$'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is pipeline test where user_agent.version contains the value 2016 too.
Same happens in iis package.

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 9, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@mrodm
Copy link
Contributor Author

mrodm commented Dec 10, 2024

There is still some issue unrelated to this change in sophos.
Example of the failure:

test case failed: Expected results are different from actual ones: --- want
+++ got
@@ -4438,7 +4438,7 @@
                     "branch_name": "Gaurav Patel",
                     "device": "SFW",
                     "device_name": "XG125w",
-                    "eventtime": "2017-03-16T10:56:01.000Z",
+                    "eventtime": "2017-03-16T12:56:01.000Z",
                     "log_component": "RED",
                     "log_id": "066811618014",
                     "log_subtype": "System",

@mrodm mrodm marked this pull request as ready for review December 10, 2024 11:39
@mrodm mrodm requested review from a team as code owners December 10, 2024 11:39
@andrewkroh andrewkroh added Integration:proofpoint_tap Proofpoint TAP Integration:barracuda Barracuda Web Application Firewall Integration:apache Apache HTTP Server Integration:gcp Google Cloud Platform Integration:github GitHub Integration:trend_micro_vision_one Trend Micro Vision One Integration:modsecurity ModSecurity Audit Integration:netskope Netskope Integration:nginx Nginx Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Cloudnative-Monitoring Label for the Cloud Native Monitoring team [elastic/obs-cloudnative-monitoring] labels Dec 10, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@jsoriano
Copy link
Member

There is still some issue unrelated to this change in sophos.

We can investigate this as a separate issue.

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mrodm

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

@jsoriano jsoriano jsoriano approved these changes

@tetianakravchenko tetianakravchenko Awaiting requested review from tetianakravchenko tetianakravchenko is a code owner automatically assigned from elastic/obs-cloudnative-monitoring

@constanca-m constanca-m Awaiting requested review from constanca-m constanca-m is a code owner automatically assigned from elastic/obs-cloudnative-monitoring

At least 1 approving review is required to merge this pull request.

Assignees

@mrodm mrodm

Labels
Integration:apache Apache HTTP Server Integration:auth0 Auth0 Integration:aws AWS Integration:barracuda Barracuda Web Application Firewall Integration:cisco_meraki Cisco Meraki Integration:forcepoint_web Forcepoint Web Security Integration:forgerock ForgeRock Integration:fortinet_fortiproxy Fortinet FortiProxy Integration:gcp Google Cloud Platform Integration:github GitHub Integration:iis IIS Integration:imperva_cloud_waf Imperva Cloud WAF Integration:modsecurity ModSecurity Audit Integration:netskope Netskope Integration:nginx_ingress_controller Nginx Ingress Controller Logs Integration:nginx Nginx Integration:o365 Microsoft Office 365 Integration:okta Okta Integration:proofpoint_tap Proofpoint TAP Integration:slack Slack Logs Integration:sophos Sophos Integration:suricata Suricata Integration:trend_micro_vision_one Trend Micro Vision One Team:Cloudnative-Monitoring Label for the Cloud Native Monitoring team [elastic/obs-cloudnative-monitoring] Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failing pipeline tests due to user_agent.version values
5 participants
@mrodm @elasticmachine @jsoriano @kcreddy @andrewkroh