Skip to content

o365: Ignore failures in rename processors for organization fields #13983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 23, 2025
Merged

o365: Ignore failures in rename processors for organization fields #13983

merged 2 commits into from
May 23, 2025

Conversation

chemamartinez
Copy link
Contributor

Proposed commit message

This is a temporary workaround to avoid this error that happens when the integration runs in Agentless.

Processor 'rename' with tag '' failed with message 'cannot set [id] with parent object of type [java.lang.String] as part of path [organization.id]'

Final solution will be addressed on the Agentless side (elastic/kibana#221312).

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chemamartinez chemamartinez self-assigned this May 23, 2025
@chemamartinez chemamartinez added Integration:o365 Microsoft Office 365 bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels May 23, 2025
@chemamartinez chemamartinez marked this pull request as ready for review May 23, 2025 11:38
@chemamartinez chemamartinez requested a review from a team as a code owner May 23, 2025 11:38
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

cc @chemamartinez

@chemamartinez chemamartinez merged commit 611bb61 into elastic:main May 23, 2025
8 checks passed
@chemamartinez chemamartinez deleted the o365-rename-ignore-failure branch May 23, 2025 12:00
@elastic-vault-github-plugin-prod
Copy link

Package o365 - 2.16.1 containing this change is available at https://epr.elastic.co/package/o365/2.16.1/

v1v added a commit to v1v/integrations that referenced this pull request May 26, 2025
@v1v
Merge branch 'main' into feature/use-google-secrets
52daeaf 
* main: (42 commits)
  [jamf_pro] Fix `flattened` field types for non-object values (elastic#13985)
  [Netskope Alerts] Add text multi-field to netskope.alerts.breach.description field (elastic#13977)
  zscaler_zia: add strict field template mode for tcp and http_endpoint input data streams (elastic#13904)
  apm: Add config for tail-based sampling discard on write (elastic#13950)
  [CI] Add dev/coverage into backport script (elastic#13987)
  Update configuration updatecli for 8.x snapshot (elastic#13981)
  [Prometheus] Add username, password, and SSL related fields for query dataset (elastic#13969)
  o365: Ignore failures in rename processors for organization fields (elastic#13983)
  aws.firewall: Document ingested log types of AWS Network Firewall (elastic#13978)
  mimecast: resolve field data type conflicts between data streams (elastic#13825)
  [Infoblox NIOS] Handle the parsing of IPv6 address (elastic#13947)
  [Cribl] Fix handling of metric event type (elastic#13930)
  zscaler_zpa: fix handling of multiple remote IPs, and event categorisation (elastic#13755)
  Adding agentless deployment to the sublime security integration (elastic#13963)
  [integration/system] add use_performance_counters in system integration (elastic#13150)
  crowdstrike,m365_defender,microsoft_defender_{cloud,endpoint},sentinel_one: normalise severity handling (elastic#13955)
  [forgerock] Map `forgerock.response.elapsedTime` as a long not a date (elastic#13959)
  github: squelch errors from pagination ends (elastic#13965)
  cisco_secure_endpoint: squelch errors from pagination ends (elastic#13964)
  [Cloud Security] Cloud Asset Inventory:  fixed cloud formation URL (elastic#13971)
  ...
v1v added a commit that referenced this pull request May 26, 2025
@v1v
Merge branch 'feature/use-google-secrets' into test/use-google-secrets
81b8efa 
* feature/use-google-secrets: (43 commits)
  use -ci account
  [jamf_pro] Fix `flattened` field types for non-object values (#13985)
  [Netskope Alerts] Add text multi-field to netskope.alerts.breach.description field (#13977)
  zscaler_zia: add strict field template mode for tcp and http_endpoint input data streams (#13904)
  apm: Add config for tail-based sampling discard on write (#13950)
  [CI] Add dev/coverage into backport script (#13987)
  Update configuration updatecli for 8.x snapshot (#13981)
  [Prometheus] Add username, password, and SSL related fields for query dataset (#13969)
  o365: Ignore failures in rename processors for organization fields (#13983)
  aws.firewall: Document ingested log types of AWS Network Firewall (#13978)
  mimecast: resolve field data type conflicts between data streams (#13825)
  [Infoblox NIOS] Handle the parsing of IPv6 address (#13947)
  [Cribl] Fix handling of metric event type (#13930)
  zscaler_zpa: fix handling of multiple remote IPs, and event categorisation (#13755)
  Adding agentless deployment to the sublime security integration (#13963)
  [integration/system] add use_performance_counters in system integration (#13150)
  crowdstrike,m365_defender,microsoft_defender_{cloud,endpoint},sentinel_one: normalise severity handling (#13955)
  [forgerock] Map `forgerock.response.elapsedTime` as a long not a date (#13959)
  github: squelch errors from pagination ends (#13965)
  cisco_secure_endpoint: squelch errors from pagination ends (#13964)
  ...
anupratharamachandran pushed a commit to anupratharamachandran/integrations that referenced this pull request Jun 2, 2025
@chemamartinez @anupratharamachandran
o365: Ignore failures in rename processors for organization fields (e…
e992e11 
…lastic#13983)

Ignore failures in rename processors for organization fields, this is a temporary workaround to avoid a collision with the organization field that Agentless adds to events.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@chemamartinez chemamartinez

Labels
bugfix Pull request that fixes a bug issue Integration:o365 Microsoft Office 365 Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chemamartinez @elasticmachine @ShourieG