Skip to content

[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo events #13185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ShourieG merged 4 commits into from
Mar 25, 2025
Merged

[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo events #13185

ShourieG merged 4 commits into from
Mar 25, 2025

Conversation

@brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Mar 20, 2025

Proposed commit message

Remove the threat value from event.category for AdvancedHunting-AlertInfo events because we are not populating any threat.* ECS fields.
See schema documentation.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/m365_defender directory.
  • Run the following command to run tests.

elastic-package test

Related issues

@brijesh-elastic brijesh-elastic added Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] mapping/pipeline issue Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Mar 20, 2025
@brijesh-elastic brijesh-elastic self-assigned this Mar 20, 2025
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner March 20, 2025 10:30
@elasticmachine
Copy link

elasticmachine commented Mar 20, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 20, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Mar 25, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
50.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Mar 25, 2025

💚 Build Succeeded

History

cc @brijesh-elastic

@ShourieG ShourieG merged commit abc99e4 into elastic:main Mar 25, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 25, 2025

Package m365_defender - 3.0.1 containing this change is available at https://epr.elastic.co/package/m365_defender/3.0.1/

flexitrev pushed a commit that referenced this pull request Mar 25, 2025
@brijesh-elastic @flexitrev
[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo …
0066bcc 
…events (#13185)

* Fix  value for the AdvancedHunting-AlertInfo event

* Update changelog entry
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@brijesh-elastic @flexitrev
[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo …
c455d9f 
…events (#13185)

* Fix  value for the AdvancedHunting-AlertInfo event

* Update changelog entry
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@brijesh-elastic @flexitrev
[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo …
d28764c 
…events (#13185)

* Fix  value for the AdvancedHunting-AlertInfo event

* Update changelog entry
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@brijesh-elastic @flexitrev
[m365_defender] Fix event.category for the AdvancedHunting-AlertInfo …
39f32a7 
…events (#13185)

* Fix  value for the AdvancedHunting-AlertInfo event

* Update changelog entry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels

Integration:m365_defender Microsoft Defender XDR mapping/pipeline issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[M365 Defender] Change event.type of AlertInfo

4 participants

@brijesh-elastic @elasticmachine @kcreddy @ShourieG