Skip to content

m365_defender: improve user.name field handling #13554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 1 commit into from
Apr 30, 2025
Merged

m365_defender: improve user.name field handling #13554

efd6 merged 1 commit into from
Apr 30, 2025

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Apr 16, 2025

Proposed commit message

m365_defender: improve user.name field handling

The fields that contain the user name vary, so successively look in
known places until the value is found.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Apr 16, 2025
@efd6 efd6 self-assigned this Apr 16, 2025
@efd6
m365_defender: improve user.name field handling
248e2de 
The fields that contain the user name vary, so successively look in
known places until the value is found.
@efd6 efd6 force-pushed the 13514-m365_defender branch from a7ef269 to 248e2de Compare April 16, 2025 02:49
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Apr 16, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Apr 16, 2025

💚 Build Succeeded

cc @efd6

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Apr 16, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 marked this pull request as ready for review April 16, 2025 03:13
@efd6 efd6 requested a review from a team as a code owner April 16, 2025 03:13
@elasticmachine
Copy link

elasticmachine commented Apr 16, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6 efd6 merged commit e8220b4 into elastic:main Apr 30, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Apr 30, 2025

Package m365_defender - 3.3.0 containing this change is available at https://epr.elastic.co/package/m365_defender/3.3.0/

seanrathier pushed a commit to seanrathier/integrations that referenced this pull request May 1, 2025
@efd6 @seanrathier
m365_defender: improve user.name field handling (elastic#13554)
15aa7e3 
The fields that contain the user name vary, so successively look in
known places until the value is found.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels

enhancement New feature or request Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Microsoft M365 Defender]: ECS user.name field not always correctly populated

3 participants

@efd6 @elasticmachine @chrisberkhout