Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add processing of event ID's 5140 and 5145 to mirror Elastic Agent's … #34352

Merged
merged 9 commits into from
Jan 24, 2023
Merged

Add processing of event ID's 5140 and 5145 to mirror Elastic Agent's … #34352

merged 9 commits into from
Jan 24, 2023

Conversation

MakoWish
Copy link
Contributor

@MakoWish MakoWish commented Jan 23, 2023
edited
Loading

Type of change

  • Enhancement

What does this PR do?

While creating #5085, I realized Elastic Agent includes parsing for two additional event ID's not included in the Winlogbeat Security Ingest Pipeline. This PR adds event parsing to the Security Ingest Pipeline for Winlogbeat for Event ID's 4040 and 4045.

Why is it important?

This PR will create a 1:1 match of event ID coverage between Winlogbeat's Security module and Elastic Agent's system Integration for Windows Security events.

Checklist

  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@MakoWish
Add processing of event ID's 5040 and 5045 to mirror Elastic Agent's …
9a338bc 
…Security Ingest Pipeline for System Integration
@MakoWish MakoWish requested a review from a team as a code owner January 23, 2023 20:16
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jan 23, 2023
@mergify
Copy link
Contributor

mergify bot commented Jan 23, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @MakoWish? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 23, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-01-24T04:57:05.271+0000

  • Duration: 38 min 17 sec

Test stats 🧪

Test Results
Failed 0
Passed 336
Skipped 0
Total 336

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6
Copy link
Contributor

efd6 commented Jan 23, 2023

/test

efd6
efd6 reviewed Jan 24, 2023
View reviewed changes
CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Outdated Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Outdated Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Outdated Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Outdated Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Show resolved Hide resolved
x-pack/winlogbeat/module/security/ingest/security.yml Show resolved Hide resolved
@efd6 efd6 changed the title Add processing of event ID's 5040 and 5045 to mirror Elastic Agent's … Add processing of event ID's 5140 and 5145 to mirror Elastic Agent's … Jan 24, 2023
@efd6 efd6 added Winlogbeat Team:Security-External Integrations backport-skip Skip notification from the automated backport with mergify 8.7-candidate labels Jan 24, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jan 24, 2023
@efd6
Copy link
Contributor

efd6 commented Jan 24, 2023

/test

efd6
efd6 approved these changes Jan 24, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@efd6 efd6 merged commit 48603f7 into elastic:main Jan 24, 2023
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@MakoWish @chrisberkhout
x-pack/winlogbeat/module/security: add mapping for events 5140 and 51…
dee270a 
…45 (#34352)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@MakoWish MakoWish

Labels
8.7-candidate backport-skip Skip notification from the automated backport with mergify Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MakoWish @elasticmachine @efd6