Skip to content

Fix network.transport and network.protocol issues in m365_defender #10418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 3 commits into from
Jul 22, 2024
Merged

Fix network.transport and network.protocol issues in m365_defender #10418

efd6 merged 3 commits into from
Jul 22, 2024

Conversation

@peterydzynski
Copy link
Contributor

@peterydzynski peterydzynski commented Jul 8, 2024

Proposed commit message

The network.transport and network.protocol fields are not being set properly. Often the transport value (udp/tcp) is getting set to the protocol field and the protocol is never set at all. The changes I made to the test-device.log-expected.json file should demonstrate these issues.

I also added handling for missing protocols and added example logs for the ones I had the ability to produce.

As a side note, I am happy to convert the entire logic for handling transport/protocol to a single script processor but I figured using the built in processors is easier for maintainability.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@peterydzynski
Updated pipeines to properly set network.protocol and network.transpo…
8be81c8 
…rt according to ECS. Added test logs to cover missing protocols and updated expected logs.
@peterydzynski peterydzynski requested a review from a team as a code owner July 8, 2024 20:57
efd6
efd6 reviewed Jul 9, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a changelog entry and bump the patch version in manifest.yml.

@peterydzynski
Copy link
Contributor Author

peterydzynski commented Jul 9, 2024

Whoops forgot to do those. Should be updated @efd6!

@efd6
Copy link
Contributor

efd6 commented Jul 10, 2024

/test

@elasticmachine
Copy link

elasticmachine commented Jul 10, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Jul 10, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit then LGTM

@peterydzynski @efd6
Formatting fix
82c412e 
Co-authored-by: Dan Kortschak <[email protected]>
@peterydzynski
Copy link
Contributor Author

peterydzynski commented Jul 16, 2024

Hey @efd6, is this good to go?

@andrewkroh andrewkroh added Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 19, 2024
@elasticmachine
Copy link

elasticmachine commented Jul 19, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6
Copy link
Contributor

efd6 commented Jul 21, 2024

/test

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jul 21, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
80.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Jul 21, 2024

💚 Build Succeeded

History

efd6
efd6 approved these changes Jul 22, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@efd6 efd6 merged commit eff2b24 into elastic:main Jul 22, 2024
@elasticmachine
Copy link

elasticmachine commented Jul 22, 2024

Package m365_defender - 2.14.2 containing this change is available at https://epr.elastic.co/search?package=m365_defender

@peterydzynski peterydzynski deleted the network-transport-bug branch July 22, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

No one assigned

Labels

Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@peterydzynski @efd6 @elasticmachine @andrewkroh