Skip to content

m365_defender,sentinel_one_cloud_funnel: improve command line split script performance #13335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 1 commit into from
Mar 30, 2025
Merged

m365_defender,sentinel_one_cloud_funnel: improve command line split script performance #13335

efd6 merged 1 commit into from
Mar 30, 2025

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Mar 27, 2025

Proposed commit message

m365_defender,sentinel_one_cloud_funnel: improve command line split script performance

Investigation in the crowdstrike fdr data stream has shown that this
processor can be significantly improved in terms of performance by
reducing string allocation while tokenising the command line. This
change replays the changes in that data stream in m365_defender and
sentinel_one_cloud_funnel.

ref: #13325

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 27, 2025
@efd6 efd6 self-assigned this Mar 27, 2025
@efd6
m365_defender,sentinel_one_cloud_funnel: improve command line split s…
6a5ec54 
…cript performance

Investigation in the crowdstrike fdr data stream has shown that this
processor can be significantly improved in terms of performance by
reducing string allocation while tokenising the command line. This
change replays the changes in that data stream in m365_defender and
sentinel_one_cloud_funnel.

ref: elastic#13325
@efd6 efd6 force-pushed the cmdline_perf-sentinel_one_cloud_funnel-m365_defender branch from 33b4a88 to 6a5ec54 Compare March 27, 2025 21:48
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 27, 2025
edited
Loading

🚀 Benchmarks report

Package m365_defender 👍(3) 💚(0) 💔(0)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alert 0 759.3 759.3 ( - %) 👍
event 0 612.37 612.37 ( - %) 👍
incident 0 893.66 893.66 ( - %) 👍

Package sentinel_one_cloud_funnel 👍(1) 💚(0) 💔(0)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
event 0 361.27 361.27 ( - %) 👍

@efd6 efd6 marked this pull request as ready for review March 27, 2025 22:23
@efd6 efd6 requested a review from a team as a code owner March 27, 2025 22:23
@elasticmachine
Copy link

elasticmachine commented Mar 27, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh
Copy link
Member

andrewkroh commented Mar 28, 2025

/test benchmark fullreport

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Mar 28, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Mar 28, 2025

💚 Build Succeeded

History

cc @efd6

@efd6 efd6 merged commit 16c5238 into elastic:main Mar 30, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 30, 2025

Package m365_defender - 3.1.0 containing this change is available at https://epr.elastic.co/package/m365_defender/3.1.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 30, 2025

Package sentinel_one_cloud_funnel - 1.11.0 containing this change is available at https://epr.elastic.co/package/sentinel_one_cloud_funnel/1.11.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

@efd6 efd6

Labels

enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@efd6 @elasticmachine @andrewkroh @kcreddy