Skip to content

m365_defender: fix assignment of windows os identity and posix hosts #10953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 3 commits into from
Sep 16, 2024
Merged

m365_defender: fix assignment of windows os identity and posix hosts #10953

efd6 merged 3 commits into from
Sep 16, 2024

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Sep 1, 2024
edited
Loading

Proposed commit message

Ensure that windows hosts are not labelled as macos or linux by examining
POSIX details fields. Also label otherwise unknown host types as unix if they
do have a POSIX details on the basis that Windows hosts have already been
excluded and so all remaining POSIX host types are Unix.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added Integration:m365_defender Microsoft Defender XDR bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Sep 1, 2024
@efd6 efd6 self-assigned this Sep 1, 2024
@efd6 efd6 force-pushed the 10680-m365_defender branch from a5bd988 to 7d76f05 Compare September 1, 2024 22:50
@elasticmachine
Copy link

elasticmachine commented Sep 1, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review September 1, 2024 23:14
@efd6 efd6 requested a review from a team as a code owner September 1, 2024 23:14
@elasticmachine
Copy link

elasticmachine commented Sep 1, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

chemamartinez
chemamartinez approved these changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@efd6 efd6 force-pushed the 10680-m365_defender branch from 7d76f05 to 71473c5 Compare September 4, 2024 21:53
@efd6 efd6 marked this pull request as draft September 4, 2024 21:57
@efd6
Copy link
Contributor Author

efd6 commented Sep 4, 2024

Waiting for a bit to see about getting a WSL test case to include in testing.

@efd6 efd6 force-pushed the 10680-m365_defender branch from 71473c5 to 2de1bd9 Compare September 11, 2024 00:09
@efd6 efd6 changed the title m365_defender: fix assignment of windows os identity m365_defender: fix assignment of windows os identity and posix hosts Sep 11, 2024
@efd6 efd6 requested a review from chemamartinez September 11, 2024 00:15
@efd6
Copy link
Contributor Author

efd6 commented Sep 11, 2024

Note additional change here that affects POSIX hosts. See rationale in PR description. If this is too far, I'm happy to back out the second commit which makes this change.

@elasticmachine
Copy link

elasticmachine commented Sep 11, 2024

💚 Build Succeeded

History

  • 💚 Build #15491 succeeded 71473c575f88b2ac4aecfb7051137b0ebc67b496
  • 💚 Build #15277 succeeded 7d76f057e5ac560e299b70db57f9dc4217d757f7

cc @efd6

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Sep 11, 2024

Quality Gate failed Quality Gate failed

Failed conditions
34.1% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@efd6 efd6 marked this pull request as ready for review September 11, 2024 00:54
@efd6 efd6 merged commit 147932a into elastic:main Sep 16, 2024
@elasticmachine
Copy link

elasticmachine commented Sep 16, 2024

Package m365_defender - 2.15.0 containing this change is available at https://epr.elastic.co/search?package=m365_defender

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@efd6
m365_defender: fix assignment of windows os identity and posix hosts (e…
75956d7 
…lastic#10953)

Ensure that windows hosts are not labelled as macos or linux by examining
POSIX details fields. Also label otherwise unknown host types as unix if they
do have a POSIX details on the basis that Windows hosts have already been
excluded and so all remaining POSIX host types are Unix.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@efd6
m365_defender: fix assignment of windows os identity and posix hosts (e…
8de6e66 
…lastic#10953)

Ensure that windows hosts are not labelled as macos or linux by examining
POSIX details fields. Also label otherwise unknown host types as unix if they
do have a POSIX details on the basis that Windows hosts have already been
excluded and so all remaining POSIX host types are Unix.
@efd6 efd6 deleted the 10680-m365_defender branch February 5, 2025 22:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @chemamartinez