Skip to content

[m365_defender] Add support for newer Oauth Token Endpoint and fixes in some ECS mappings. #7119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 5 commits into from
Aug 2, 2023
Merged

[m365_defender] Add support for newer Oauth Token Endpoint and fixes in some ECS mappings. #7119

efd6 merged 5 commits into from
Aug 2, 2023

Conversation

@mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Jul 24, 2023

Type of change

  • Enhancement

What does this PR do?

Add support for newer Oauth Token Endpoint and fixes in some ECS mappings.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Clone integrations repo.
Install elastic package locally.
Start elastic stack using elastic-package.
Move to integrations/packages/m365_defender directory.
Run the following command to run tests.

Automated Test

2023/07/21 18:13:42 DEBUG Enable verbose logging
2023/07/21 18:13:43  INFO New version is available - v0.84.0. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.84.0
Run pipeline tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬─────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME                           │ RESULT │ TIME ELAPSED │
├───────────────┼─────────────┼───────────┼─────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │ event       │ pipeline  │ test-alert.log                      │ PASS   │   3.458779ms │
│ m365_defender │ event       │ pipeline  │ test-app-and-identity.log           │ PASS   │   6.534596ms │
│ m365_defender │ event       │ pipeline  │ test-device.log                     │ PASS   │  12.895303ms │
│ m365_defender │ event       │ pipeline  │ test-email.log                      │ PASS   │   4.639984ms │
│ m365_defender │ incident    │ pipeline  │ test-incident.log                   │ PASS   │  24.286809ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-empty-ndjson.log │ PASS   │   1.529061ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-ndjson.log       │ PASS   │  12.339436ms │
╰───────────────┴─────────────┴───────────┴─────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
2023/07/21 18:14:13 DEBUG Enable verbose logging
2023/07/21 18:14:13  INFO New version is available - v0.84.0. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.84.0
Run pipeline tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬─────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME                           │ RESULT │ TIME ELAPSED │
├───────────────┼─────────────┼───────────┼─────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │ event       │ pipeline  │ test-alert.log                      │ PASS   │   3.158816ms │
│ m365_defender │ event       │ pipeline  │ test-app-and-identity.log           │ PASS   │   6.132246ms │
│ m365_defender │ event       │ pipeline  │ test-device.log                     │ PASS   │   11.81594ms │
│ m365_defender │ event       │ pipeline  │ test-email.log                      │ PASS   │   7.329899ms │
│ m365_defender │ incident    │ pipeline  │ test-incident.log                   │ PASS   │  36.583839ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-empty-ndjson.log │ PASS   │   1.633041ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-ndjson.log       │ PASS   │   8.066958ms │
╰───────────────┴─────────────┴───────────┴─────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
2023/07/21 18:15:01 DEBUG Enable verbose logging
2023/07/21 18:15:01  INFO New version is available - v0.84.0. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.84.0
Run test suite for the package
Run asset tests for the package
2023/07/21 18:15:01 DEBUG installing package...
2023/07/21 18:15:01 DEBUG GET https://127.0.0.1:5601/api/status
2023/07/21 18:15:02 DEBUG Build directory: /root/integration/integrations/build/packages/m365_defender/1.14.0
2023/07/21 18:15:02 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/m365_defender/1.14.0)
2023/07/21 18:15:02 DEBUG Copy package content (source: /root/integration/integrations/packages/m365_defender)
2023/07/21 18:15:02 DEBUG Copy license file if needed
2023/07/21 18:15:02  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/07/21 18:15:02 DEBUG Encode dashboards
2023/07/21 18:15:02 DEBUG Resolve external fields
2023/07/21 18:15:02 DEBUG Package has external dependencies defined
2023/07/21 18:15:02 DEBUG data_stream/event/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/event/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/event/fields/ecs.yml: source file has been changed
2023/07/21 18:15:02 DEBUG data_stream/event/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/incident/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/incident/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/incident/fields/ecs.yml: source file has been changed
2023/07/21 18:15:02 DEBUG data_stream/incident/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/log/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/log/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG data_stream/log/fields/ecs.yml: source file has been changed
2023/07/21 18:15:02 DEBUG data_stream/log/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:02 DEBUG Package doesn't have to import ECS mappings
2023/07/21 18:15:02 DEBUG Build zipped package
2023/07/21 18:15:02 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/m365_defender-1.14.0.zip)
2023/07/21 18:15:02 DEBUG Create work directory for archiving: /tmp/elastic-package-3529094121/m365_defender-1.14.0
2023/07/21 18:15:02 DEBUG Skip validation of the built .zip package
2023/07/21 18:15:02 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/07/21 18:15:04 DEBUG removing package...
2023/07/21 18:15:04 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/m365_defender-1.14.0
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME                                                              │ RESULT │ TIME ELAPSED │
├───────────────┼─────────────┼───────────┼────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │             │ asset     │ dashboard m365_defender-2690a440-7235-11ed-8657-c59f6ece834c is loaded │ PASS   │      6.581µs │
│ m365_defender │             │ asset     │ dashboard m365_defender-3caf3c00-7456-11ed-8657-c59f6ece834c is loaded │ PASS   │        130ns │
│ m365_defender │             │ asset     │ dashboard m365_defender-ac54d310-44ab-11ed-8375-0168a9970c06 is loaded │ PASS   │        113ns │
│ m365_defender │             │ asset     │ dashboard m365_defender-c0b796d0-720a-11ed-8657-c59f6ece834c is loaded │ PASS   │        126ns │
│ m365_defender │             │ asset     │ dashboard m365_defender-d587df00-745f-11ed-8657-c59f6ece834c is loaded │ PASS   │        120ns │
│ m365_defender │             │ asset     │ dashboard m365_defender-d80d7840-4366-11ed-b1f2-e917f608bd03 is loaded │ PASS   │        145ns │
│ m365_defender │             │ asset     │ search m365_defender-64a31410-722c-11ed-8657-c59f6ece834c is loaded    │ PASS   │        168ns │
│ m365_defender │             │ asset     │ search m365_defender-989afc60-44a5-11ed-8375-0168a9970c06 is loaded    │ PASS   │        139ns │
│ m365_defender │             │ asset     │ search m365_defender-fcf25960-44af-11ed-8375-0168a9970c06 is loaded    │ PASS   │        145ns │
│ m365_defender │ event       │ asset     │ index_template logs-m365_defender.event is loaded                      │ PASS   │        346ns │
│ m365_defender │ event       │ asset     │ ingest_pipeline logs-m365_defender.event-1.14.0 is loaded              │ PASS   │        383ns │
│ m365_defender │ incident    │ asset     │ index_template logs-m365_defender.incident is loaded                   │ PASS   │        305ns │
│ m365_defender │ incident    │ asset     │ ingest_pipeline logs-m365_defender.incident-1.14.0 is loaded           │ PASS   │        429ns │
│ m365_defender │ log         │ asset     │ index_template logs-m365_defender.log is loaded                        │ PASS   │        285ns │
│ m365_defender │ log         │ asset     │ ingest_pipeline logs-m365_defender.log-1.14.0 is loaded                │ PASS   │        252ns │
╰───────────────┴─────────────┴───────────┴────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run pipeline tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬─────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME                           │ RESULT │ TIME ELAPSED │
├───────────────┼─────────────┼───────────┼─────────────────────────────────────┼────────┼──────────────┤
│ m365_defender │ event       │ pipeline  │ test-alert.log                      │ PASS   │   3.298812ms │
│ m365_defender │ event       │ pipeline  │ test-app-and-identity.log           │ PASS   │   5.283824ms │
│ m365_defender │ event       │ pipeline  │ test-device.log                     │ PASS   │  11.676378ms │
│ m365_defender │ event       │ pipeline  │ test-email.log                      │ PASS   │   5.621797ms │
│ m365_defender │ incident    │ pipeline  │ test-incident.log                   │ PASS   │  23.640275ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-empty-ndjson.log │ PASS   │   1.321959ms │
│ m365_defender │ log         │ pipeline  │ test-m365-defender-ndjson.log       │ PASS   │   8.010833ms │
╰───────────────┴─────────────┴───────────┴─────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run static tests for the package
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├───────────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ m365_defender │ incident    │ static    │ Verify sample_event.json │ PASS   │ 118.440328ms │
│ m365_defender │ log         │ static    │ Verify sample_event.json │ PASS   │  87.793847ms │
╰───────────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: m365_defender - END   ---
Done
Run system tests for the package
2023/07/21 18:15:08 DEBUG Running system tests for data stream
2023/07/21 18:15:08 DEBUG running test with configuration 'default'
2023/07/21 18:15:08 DEBUG setting up service...
2023/07/21 18:15:08 DEBUG setting up service using Docker Compose service deployer
2023/07/21 18:15:08 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:09 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:09 DEBUG output command: /usr/bin/docker network inspect elastic-package-stack_default
2023/07/21 18:15:09 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service up --build -d
Creating network "elastic-package-service_default" with the default driver
Creating elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Creating elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1B2023/07/21 18:15:10 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service ps -q
2023/07/21 18:15:11 DEBUG Wait for healthy containers: 1f8f32d57928be32ed1ec1a54a6c176970a2c1729db1f87492850a1a4848ca89
2023/07/21 18:15:11 DEBUG output command: /usr/bin/docker inspect 1f8f32d57928be32ed1ec1a54a6c176970a2c1729db1f87492850a1a4848ca89
2023/07/21 18:15:11 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.8.0","Labels":{"BRANCH_NAME":"v0.8.0","GIT_SHA":"3df2f6636c0b047f4e9903ff226dab5064da0ad4","GO_VERSION":"1.19.1","TIMESTAMP":"2022-09-15_16:29","com.docker.compose.config-hash":"b4e161b92b9bbc52baab31aa21b896603207ddd05b6cb9e8353a5397a8675599","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"m365-defender-http","com.docker.compose.version":"1.23.2"}},"ID":"1f8f32d57928be32ed1ec1a54a6c176970a2c1729db1f87492850a1a4848ca89","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/07/21 18:15:11 DEBUG run command: /usr/bin/docker network connect elastic-package-stack_default elastic-package-service_m365-defender-http_1
2023/07/21 18:15:11 DEBUG adding service container elastic-package-service_m365-defender-http_1 internal ports to context
2023/07/21 18:15:11 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service config
2023/07/21 18:15:11 DEBUG Installing package...
2023/07/21 18:15:11 DEBUG GET https://127.0.0.1:5601/api/status
2023/07/21 18:15:11 DEBUG Build directory: /root/integration/integrations/build/packages/m365_defender/1.14.0
2023/07/21 18:15:11 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/m365_defender/1.14.0)
2023/07/21 18:15:11 DEBUG Copy package content (source: /root/integration/integrations/packages/m365_defender)
2023/07/21 18:15:11 DEBUG Copy license file if needed
2023/07/21 18:15:11  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/07/21 18:15:11 DEBUG Encode dashboards
2023/07/21 18:15:11 DEBUG Resolve external fields
2023/07/21 18:15:11 DEBUG Package has external dependencies defined
2023/07/21 18:15:11 DEBUG data_stream/event/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/event/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/event/fields/ecs.yml: source file has been changed
2023/07/21 18:15:11 DEBUG data_stream/event/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/incident/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/incident/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/incident/fields/ecs.yml: source file has been changed
2023/07/21 18:15:11 DEBUG data_stream/incident/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/log/fields/agent.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/log/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG data_stream/log/fields/ecs.yml: source file has been changed
2023/07/21 18:15:11 DEBUG data_stream/log/fields/fields.yml: source file hasn't been changed
2023/07/21 18:15:11 DEBUG Package doesn't have to import ECS mappings
2023/07/21 18:15:11 DEBUG Build zipped package
2023/07/21 18:15:11 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/m365_defender-1.14.0.zip)
2023/07/21 18:15:11 DEBUG Create work directory for archiving: /tmp/elastic-package-3561182459/m365_defender-1.14.0
2023/07/21 18:15:11 DEBUG Skip validation of the built .zip package
2023/07/21 18:15:11 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/07/21 18:15:13 DEBUG creating test policy...
2023/07/21 18:15:13 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies
2023/07/21 18:15:17 DEBUG adding package data stream to test policy...
2023/07/21 18:15:17 DEBUG POST https://127.0.0.1:5601/api/fleet/package_policies
2023/07/21 18:15:20 DEBUG deleting old data in data stream...
2023/07/21 18:15:20 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:20 DEBUG GET https://127.0.0.1:5601/api/fleet/agents
2023/07/21 18:15:20 DEBUG filter agents using criteria: NamePrefix=docker-fleet-agent
2023/07/21 18:15:20 DEBUG found 1 enrolled agent(s)
2023/07/21 18:15:20 DEBUG GET https://127.0.0.1:5601/api/fleet/agent_policies/6f842ab0-27c4-11ee-bd09-ddd2dcc829d3
2023/07/21 18:15:20 DEBUG assigning package data stream to agent...
2023/07/21 18:15:20 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57/reassign
2023/07/21 18:15:21 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:22 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"6f842ab0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:22 DEBUG Wait until the policy (ID: 6f842ab0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:23 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:24 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"6f842ab0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:24 DEBUG Wait until the policy (ID: 6f842ab0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:25 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:26 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"6f842ab0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:26 DEBUG Wait until the policy (ID: 6f842ab0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:27 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:28 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"6f842ab0-27c4-11ee-bd09-ddd2dcc829d3","policy_revision":2,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:28 DEBUG Policy revision assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:28 DEBUG checking for expected data in data stream...
2023/07/21 18:15:28 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:29 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:30 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:31 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:32 DEBUG found 0 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:33 DEBUG found 1 hits in logs-m365_defender.incident-ep data stream
2023/07/21 18:15:33 DEBUG check whether or not synthetics is enabled (component template logs-m365_defender.incident@package)...
2023/07/21 18:15:33 DEBUG data stream logs-m365_defender.incident-ep has synthetics enabled: false
2023/07/21 18:15:33 DEBUG reassigning original policy back to agent...
2023/07/21 18:15:33 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57/reassign
2023/07/21 18:15:34 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:35 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:35 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:36 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:37 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:37 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:38 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:39 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:39 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:40 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:41 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:41 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:42 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:15:43 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","policy_revision":4,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:15:43 DEBUG Policy revision assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:15:43 DEBUG deleting test policy...
2023/07/21 18:15:43 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies/delete
2023/07/21 18:15:46 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/m365_defender-1.14.0
2023/07/21 18:15:47 DEBUG tearing down service...
2023/07/21 18:15:47 DEBUG tearing down service using Docker Compose runner
2023/07/21 18:15:47 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:47 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:47 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service logs
2023/07/21 18:15:48  INFO Write container logs to file: /root/integration/integrations/build/container-logs/m365-defender-http-1689943548567214320.log
2023/07/21 18:15:48 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service down --volumes
Stopping elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Stopping elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1BRemoving elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Removing elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1BRemoving network elastic-package-service_default
2023/07/21 18:15:49 DEBUG deleting data in data stream...
2023/07/21 18:15:49 DEBUG Dump Elastic stack data
2023/07/21 18:15:49 DEBUG Dump stack logs (location: /tmp/test-system-3450427923)
2023/07/21 18:15:49 DEBUG Dump stack logs for elasticsearch
2023/07/21 18:15:49 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:50 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:50 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
2023/07/21 18:15:50 DEBUG Dump stack logs for elastic-agent
2023/07/21 18:15:50 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:51 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:51 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
2023/07/21 18:15:52 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:52 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:52 DEBUG run command: /usr/bin/docker cp elastic-package-stack_elastic-agent_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-3450427923/logs/elastic-agent-internal
2023/07/21 18:15:52 DEBUG Dump stack logs for fleet-server
2023/07/21 18:15:52 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:53 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:53 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs fleet-server
2023/07/21 18:15:54 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:54 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:54 DEBUG run command: /usr/bin/docker cp elastic-package-stack_fleet-server_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-3450427923/logs/fleet-server-internal
2023/07/21 18:15:54 DEBUG Dump stack logs for kibana
2023/07/21 18:15:54 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:55 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:55 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs kibana
2023/07/21 18:15:56 DEBUG Dump stack logs for package-registry
2023/07/21 18:15:56 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:56 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:56 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs package-registry
2023/07/21 18:15:57 DEBUG skipped malformed docker-compose log line: Attaching to elastic-package-stack_elastic-agent_1
2023/07/21 18:15:57 DEBUG Running system tests for data stream
2023/07/21 18:15:57 DEBUG running test with configuration 'httpjson'
2023/07/21 18:15:57 DEBUG setting up service...
2023/07/21 18:15:57 DEBUG setting up service using Docker Compose service deployer
2023/07/21 18:15:57 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:15:58 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:15:58 DEBUG output command: /usr/bin/docker network inspect elastic-package-stack_default
2023/07/21 18:15:58 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service up --build -d
Creating network "elastic-package-service_default" with the default driver
Creating elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Creating elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1B2023/07/21 18:15:59 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service ps -q
2023/07/21 18:15:59 DEBUG Wait for healthy containers: 6d934e3a59189b1d33281db5b0ab0a247788f7453045c56fa3194b8c855eba5a
2023/07/21 18:15:59 DEBUG output command: /usr/bin/docker inspect 6d934e3a59189b1d33281db5b0ab0a247788f7453045c56fa3194b8c855eba5a
2023/07/21 18:16:00 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.8.0","Labels":{"BRANCH_NAME":"v0.8.0","GIT_SHA":"3df2f6636c0b047f4e9903ff226dab5064da0ad4","GO_VERSION":"1.19.1","TIMESTAMP":"2022-09-15_16:29","com.docker.compose.config-hash":"b4e161b92b9bbc52baab31aa21b896603207ddd05b6cb9e8353a5397a8675599","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"m365-defender-http","com.docker.compose.version":"1.23.2"}},"ID":"6d934e3a59189b1d33281db5b0ab0a247788f7453045c56fa3194b8c855eba5a","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/07/21 18:16:00 DEBUG run command: /usr/bin/docker network connect elastic-package-stack_default elastic-package-service_m365-defender-http_1
2023/07/21 18:16:00 DEBUG adding service container elastic-package-service_m365-defender-http_1 internal ports to context
2023/07/21 18:16:00 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service config
2023/07/21 18:16:00 DEBUG Installing package...
2023/07/21 18:16:00 DEBUG GET https://127.0.0.1:5601/api/status
2023/07/21 18:16:00 DEBUG Build directory: /root/integration/integrations/build/packages/m365_defender/1.14.0
2023/07/21 18:16:00 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/m365_defender/1.14.0)
2023/07/21 18:16:00 DEBUG Copy package content (source: /root/integration/integrations/packages/m365_defender)
2023/07/21 18:16:00 DEBUG Copy license file if needed
2023/07/21 18:16:00  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/07/21 18:16:00 DEBUG Encode dashboards
2023/07/21 18:16:00 DEBUG Resolve external fields
2023/07/21 18:16:00 DEBUG Package has external dependencies defined
2023/07/21 18:16:00 DEBUG data_stream/event/fields/agent.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/event/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/event/fields/ecs.yml: source file has been changed
2023/07/21 18:16:00 DEBUG data_stream/event/fields/fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/incident/fields/agent.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/incident/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/incident/fields/ecs.yml: source file has been changed
2023/07/21 18:16:00 DEBUG data_stream/incident/fields/fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/log/fields/agent.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/log/fields/base-fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG data_stream/log/fields/ecs.yml: source file has been changed
2023/07/21 18:16:00 DEBUG data_stream/log/fields/fields.yml: source file hasn't been changed
2023/07/21 18:16:00 DEBUG Package doesn't have to import ECS mappings
2023/07/21 18:16:00 DEBUG Build zipped package
2023/07/21 18:16:00 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/m365_defender-1.14.0.zip)
2023/07/21 18:16:00 DEBUG Create work directory for archiving: /tmp/elastic-package-2119261919/m365_defender-1.14.0
2023/07/21 18:16:00 DEBUG Skip validation of the built .zip package
2023/07/21 18:16:00 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/07/21 18:16:02 DEBUG creating test policy...
2023/07/21 18:16:02 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies
2023/07/21 18:16:07 DEBUG adding package data stream to test policy...
2023/07/21 18:16:07 DEBUG POST https://127.0.0.1:5601/api/fleet/package_policies
2023/07/21 18:16:10 DEBUG deleting old data in data stream...
2023/07/21 18:16:10 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:10 DEBUG GET https://127.0.0.1:5601/api/fleet/agents
2023/07/21 18:16:10 DEBUG filter agents using criteria: NamePrefix=docker-fleet-agent
2023/07/21 18:16:10 DEBUG found 1 enrolled agent(s)
2023/07/21 18:16:10 DEBUG GET https://127.0.0.1:5601/api/fleet/agent_policies/8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3
2023/07/21 18:16:10 DEBUG assigning package data stream to agent...
2023/07/21 18:16:10 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57/reassign
2023/07/21 18:16:12 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:12 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:12 DEBUG Wait until the policy (ID: 8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:14 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:14 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:14 DEBUG Wait until the policy (ID: 8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:16 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:16 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:16 DEBUG Wait until the policy (ID: 8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3, revision: 2) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:18 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:18 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"8ccb6fc0-27c4-11ee-bd09-ddd2dcc829d3","policy_revision":2,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:18 DEBUG Policy revision assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:18 DEBUG checking for expected data in data stream...
2023/07/21 18:16:18 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:19 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:20 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:21 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:22 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:23 DEBUG found 0 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:24 DEBUG found 3 hits in logs-m365_defender.log-ep data stream
2023/07/21 18:16:24 DEBUG check whether or not synthetics is enabled (component template logs-m365_defender.log@package)...
2023/07/21 18:16:24 DEBUG data stream logs-m365_defender.log-ep has synthetics enabled: false
2023/07/21 18:16:24 DEBUG reassigning original policy back to agent...
2023/07/21 18:16:24 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57/reassign
2023/07/21 18:16:26 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:26 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:26 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:28 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:28 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:28 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:30 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:30 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:30 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:32 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:32 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:32 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 4) is assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:34 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/b749ee7f-378d-45d8-8151-975dfa11ce57
2023/07/21 18:16:34 DEBUG Agent data: {"id":"b749ee7f-378d-45d8-8151-975dfa11ce57","policy_id":"elastic-agent-managed-ep","policy_revision":4,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/07/21 18:16:34 DEBUG Policy revision assigned to the agent (ID: b749ee7f-378d-45d8-8151-975dfa11ce57)...
2023/07/21 18:16:34 DEBUG deleting test policy...
2023/07/21 18:16:34 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies/delete
2023/07/21 18:16:37 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/m365_defender-1.14.0
2023/07/21 18:16:38 DEBUG tearing down service...
2023/07/21 18:16:38 DEBUG tearing down service using Docker Compose runner
2023/07/21 18:16:38 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:39 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:39 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service logs
2023/07/21 18:16:39  INFO Write container logs to file: /root/integration/integrations/build/container-logs/m365-defender-http-1689943599675764034.log
2023/07/21 18:16:39 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/m365_defender/_dev/deploy/docker/docker-compose.yml -p elastic-package-service down --volumes
Stopping elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Stopping elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1BRemoving elastic-package-service_m365-defender-http_1 ... 
�[1A�[2K
Removing elastic-package-service_m365-defender-http_1 ... �[32mdone�[0m
�[1BRemoving network elastic-package-service_default
2023/07/21 18:16:40 DEBUG deleting data in data stream...
2023/07/21 18:16:40 DEBUG Dump Elastic stack data
2023/07/21 18:16:40 DEBUG Dump stack logs (location: /tmp/test-system-570996096)
2023/07/21 18:16:40 DEBUG Dump stack logs for elasticsearch
2023/07/21 18:16:40 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:41 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:41 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
2023/07/21 18:16:42 DEBUG Dump stack logs for elastic-agent
2023/07/21 18:16:42 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:42 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:42 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
2023/07/21 18:16:43 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:44 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:44 DEBUG run command: /usr/bin/docker cp elastic-package-stack_elastic-agent_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-570996096/logs/elastic-agent-internal
2023/07/21 18:16:44 DEBUG Dump stack logs for fleet-server
2023/07/21 18:16:44 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:44 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:44 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs fleet-server
2023/07/21 18:16:45 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:45 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:45 DEBUG run command: /usr/bin/docker cp elastic-package-stack_fleet-server_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-570996096/logs/fleet-server-internal
2023/07/21 18:16:46 DEBUG Dump stack logs for kibana
2023/07/21 18:16:46 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:46 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:46 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs kibana
2023/07/21 18:16:47 DEBUG Dump stack logs for package-registry
2023/07/21 18:16:47 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/07/21 18:16:47 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/07/21 18:16:47 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs package-registry
2023/07/21 18:16:48 DEBUG skipped malformed docker-compose log line: Attaching to elastic-package-stack_elastic-agent_1
--- Test results for package: m365_defender - START ---
╭───────────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE       │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├───────────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤
│ m365_defender │ incident    │ system    │ default   │ PASS   │ 24.607556054s │
│ m365_defender │ log         │ system    │ httpjson  │ PASS   │ 26.593193265s │
╰───────────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: m365_defender - END   ---
Done

@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner July 24, 2023 12:31
@cla-checker-service
Copy link

cla-checker-service bot commented Jul 24, 2023
edited
Loading

💚 CLA has been signed

@elasticmachine
Copy link

elasticmachine commented Jul 24, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-02T07:19:29.637+0000

  • Duration: 17 min 32 sec

Test stats 🧪

Test Results
Failed 0
Passed 26
Skipped 0
Total 26

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jul 25, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added the Integration:m365_defender Microsoft Defender XDR label Jul 25, 2023
@efd6
Copy link
Contributor

efd6 commented Jul 25, 2023

@mohitjha-elastic Can you please sign the CLA so that we can take a look at this? If you have signed, please check that the email address that you used to sign the CLA agrees with the email address used in the commit.

@mohitjha-elastic
Copy link
Collaborator Author

mohitjha-elastic commented Jul 25, 2023 via email

@mohitjha-elastic mohitjha-elastic requested review from a team as code owners July 25, 2023 09:46
@efd6
Copy link
Contributor

efd6 commented Jul 25, 2023

/test

@elasticmachine
Copy link

elasticmachine commented Jul 25, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (3/3) 💚
Files 100.0% (7/7) 💚
Classes 100.0% (7/7) 💚
Methods 87.952% (73/83) 👍 54.618
Lines 90.774% (4713/5192) 👎 -9.226
Conditionals 100.0% (0/0) 💚

efd6
efd6 reviewed Jul 26, 2023
View reviewed changes
packages/m365_defender/data_stream/incident/elasticsearch/ingest_pipeline/default.yml Outdated
Copy link
Contributor

@efd6 efd6 Jul 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an issue describing the things being fixed in this file?

Copy link
Collaborator Author

@mohitjha-elastic mohitjha-elastic Jul 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope. The issue is not raised but these changes are being raised and discussed in the slack.
Attaching the conversation link -https://elastic.slack.com/archives/C05BFTCELUR/p1689232086966929

Copy link
Contributor

@efd6 efd6 Jul 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I'll summarise that when I merge.

@oren-zohar oren-zohar removed the request for review from a team July 26, 2023 23:21
@mohitjha-elastic
m365_defender: add support for generalised oauth token and fix host m…
029b2b3 
…appings.

The m365 ipAddress field was being used to populate the host.ip field, but
this field defined in the API as the IP address of the alert entity[1], so
this is changed to reflect that it is the source IP.
The UPN (as user.email) is used as the user.id to conform with the situation
in o365.
[1]https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-list-incidents?view=o365-worldwide
@mohitjha-elastic
Resolved merge conflicts
1896255
@mohitjha-elastic
Removed the mapping of UPN with user.email because they have the same…
0a6d48c 
… syntax, but it is not necessarily the case that the UPN is always an email address.
@mohitjha-elastic
Updated changelog version to resolve merge conflicts
eb5fd61
@mohitjha-elastic
Resolved merge conflicts hence updated the changelog version.
ca2837b
@mohitjha-elastic mohitjha-elastic requested a review from efd6 August 2, 2023 07:07
@efd6
Copy link
Contributor

efd6 commented Aug 2, 2023

/test

@efd6 efd6 merged commit 3807243 into elastic:main Aug 2, 2023
@elasticmachine
Copy link

elasticmachine commented Aug 2, 2023

Package m365_defender - 1.17.0 containing this change is available at https://epr.elastic.co/search?package=m365_defender

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

No one assigned

Labels

Integration:m365_defender Microsoft Defender XDR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mohitjha-elastic @elasticmachine @efd6 @jamiehynds