Skip to content

m365_defender,microsoft_defender_endpoint: gracefully handle empty nested IP values #14857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 1 commit into from
Aug 8, 2025
Merged

m365_defender,microsoft_defender_endpoint: gracefully handle empty nested IP values #14857

efd6 merged 1 commit into from
Aug 8, 2025

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Aug 7, 2025

Proposed commit message

m365_defender,microsoft_defender_endpoint: gracefully handle empty nested IP values

It seems that the endpoint will send IP values that are an empty string.
To work around the absence of a condition on processors in a foreach
processors, just remove all empty strings under the affected fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Aug 7, 2025
@efd6 efd6 added Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:m365_defender Microsoft Defender XDR bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Aug 7, 2025
@efd6
m365_defender,microsoft_defender_endpoint: gracefully handle empty ne…
1773e34 
…sted IP values

It seems that the endpoint will send IP values that are an empty string.
To work around the absence of a condition on processors in a foreach
processors, just remove all empty strings under the affected fields.
@efd6 efd6 force-pushed the s6275-m365_defender-defender_for_endpoint branch from 8593425 to 1773e34 Compare August 7, 2025 21:28
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Aug 7, 2025

💚 Build Succeeded

cc @efd6

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 7, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 marked this pull request as ready for review August 7, 2025 22:23
@efd6 efd6 requested a review from a team as a code owner August 7, 2025 22:23
@elasticmachine
Copy link

elasticmachine commented Aug 7, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6 efd6 changed the title m365_defender,microsoft_defender_endpoint: gracefully handle empty ne… m365_defender,microsoft_defender_endpoint: gracefully handle empty nested IP values Aug 8, 2025
@efd6 efd6 merged commit 80066f5 into elastic:main Aug 8, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 8, 2025

Package m365_defender - 3.14.2 containing this change is available at https://epr.elastic.co/package/m365_defender/3.14.2/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 8, 2025

Package microsoft_defender_endpoint - 2.42.2 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.42.2/

robester0403 pushed a commit to robester0403/integrations that referenced this pull request Aug 14, 2025
@efd6 @robester0403
m365_defender,microsoft_defender_endpoint: gracefully handle empty ne…
c6e593c 
…sted IP values (elastic#14857)

It seems that the endpoint will send IP values that are an empty string.
To work around the absence of a condition on processors in a foreach
processors, just remove all empty strings under the affected fields.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue Integration:m365_defender Microsoft Defender XDR Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @chrisberkhout