Skip to content

[Enhancement] Add ".caseless" fields to MDE process events #11020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
w0rk3r merged 6 commits into from
Oct 23, 2024
Merged

[Enhancement] Add ".caseless" fields to MDE process events #11020

w0rk3r merged 6 commits into from
Oct 23, 2024

Conversation

@w0rk3r
Copy link
Contributor

@w0rk3r w0rk3r commented Sep 5, 2024

Proposed commit message

Add caseless fields to MDE process events.

Summary

Adds caseless versions of process.name and process.executable as done in #10533.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

Related issues

https://github.com/elastic/ia-trade-team/issues/407

@w0rk3r w0rk3r added enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Sep 5, 2024
@w0rk3r w0rk3r requested a review from kcreddy September 5, 2024 19:17
@w0rk3r w0rk3r self-assigned this Sep 5, 2024
@w0rk3r w0rk3r requested a review from a team as a code owner September 5, 2024 19:17
@elasticmachine
Copy link

elasticmachine commented Sep 5, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

elasticmachine commented Sep 5, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

kcreddy
kcreddy approved these changes Sep 6, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor suggestion. LGTM 👍🏼

w0rk3r and others added 2 commits September 6, 2024 07:44
@w0rk3r @kcreddy
Update packages/m365_defender/changelog.yml
9516975 
Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
@w0rk3r @kcreddy
Update packages/m365_defender/manifest.yml
5f79062 
Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Sep 6, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
5.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@botelastic
Copy link

botelastic bot commented Oct 6, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Oct 6, 2024
@botelastic botelastic bot removed the Stalled label Oct 23, 2024
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Oct 23, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
5.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Oct 23, 2024

💚 Build Succeeded

History

cc @w0rk3r

@w0rk3r w0rk3r merged commit 313b143 into main Oct 23, 2024
@w0rk3r w0rk3r deleted the fr-mde-caseless branch October 23, 2024 20:24
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 23, 2024

Package m365_defender - 2.15.1 containing this change is available at https://epr.elastic.co/search?package=m365_defender

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@w0rk3r @kcreddy
[Enhancement] Add ".caseless" fields to MDE process events (elastic#1…
b6d8001 
…1020)

* [Enhancement] Add ".caseless" fields to MDE process events

* Update packages/m365_defender/changelog.yml

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>

* Update packages/m365_defender/manifest.yml

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>

* Update manifest.yml

---------

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@w0rk3r @kcreddy
[Enhancement] Add ".caseless" fields to MDE process events (elastic#1…
a4851e7 
…1020)

* [Enhancement] Add ".caseless" fields to MDE process events

* Update packages/m365_defender/changelog.yml

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>

* Update packages/m365_defender/manifest.yml

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>

* Update manifest.yml

---------

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@w0rk3r w0rk3r

Labels

enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@w0rk3r @elasticmachine @kcreddy