Skip to content

[Azure] Application Gateway WAF: add event.reason #10007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Sep 25, 2024
Merged

[Azure] Application Gateway WAF: add event.reason #10007

merged 12 commits into from
Sep 25, 2024

Conversation

jH-
Copy link
Contributor

@jH- jH- commented May 29, 2024
edited by andrewkroh
Loading

Proposed commit message

Update the Azure Application Gateway pipeline to parse and include values from
`json.properties.details.data` into the ECS `event.reason` field.

This field provides action context by logging the specific data found in 
requests that matched a rule.

It excludes the field if `json.properties.details.message` contains values indicating 
missing headers or content were the reason to avoid unnecessary duplicate data.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have added an entry to my package's changelog.yml file.

How to test this PR locally

elastic-package stack up -v -d

# check that the updated integration version is included (https://localhost:8080/search?package=azure)

elastic-package test pipeline

elastic-package stack down

@jH- jH- requested review from a team as code owners May 29, 2024 13:52
@cla-checker-service CLA Checker Service
Copy link

cla-checker-service bot commented May 29, 2024
edited
Loading

💚 CLA has been signed

@jH-

This comment was marked as resolved.

Sign in to view
@botelastic
Copy link

botelastic bot commented Jul 3, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jul 3, 2024
@jamiehynds jamiehynds added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jul 3, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@botelastic botelastic bot removed the Stalled label Jul 3, 2024
@jamiehynds jamiehynds added enhancement New feature or request Stalled labels Jul 3, 2024
@botelastic botelastic bot removed the Stalled label Jul 3, 2024
@botelastic botelastic bot removed the Stalled label Jul 3, 2024
@kcreddy
Copy link
Contributor

kcreddy commented Jul 5, 2024

/test

@elasticmachine
Copy link

elasticmachine commented Jul 5, 2024
edited by elastic-vault-github-plugin-prod bot
Loading

🚀 Benchmarks report

Package azure 👍(2) 💚(0) 💔(9)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
springcloudlogs 4098.36 3115.26 -983.1 (-23.99%) 💔
application_gateway 2967.36 1733.1 -1234.26 (-41.59%) 💔
auditlogs 1945.53 1526.72 -418.81 (-21.53%) 💔
eventhub 333333.33 250000 -83333.33 (-25%) 💔
firewall_logs 1420.45 1113.59 -306.86 (-21.6%) 💔
graphactivitylogs 1834.86 1451.38 -383.48 (-20.9%) 💔
identity_protection 4608.29 2724.8 -1883.49 (-40.87%) 💔
platformlogs 4950.5 2849 -2101.5 (-42.45%) 💔
provisioning 2898.55 2288.33 -610.22 (-21.05%) 💔

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
38.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

zmoog
zmoog reviewed Jul 5, 2024
View reviewed changes
kcreddy
kcreddy reviewed Jul 5, 2024
View reviewed changes
@kcreddy kcreddy added Integration:azure Azure Logs and removed Integration:aws AWS labels Jul 5, 2024
@botelastic
Copy link

botelastic bot commented Aug 4, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@andrewkroh andrewkroh removed the needs CLA User must sign the Elastic Contributor License before review. label Aug 15, 2024
@andrewkroh andrewkroh added Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] needs CLA User must sign the Elastic Contributor License before review. and removed needs CLA User must sign the Elastic Contributor License before review. labels Aug 15, 2024
@kcreddy
Copy link
Contributor

kcreddy commented Aug 22, 2024

/test

@kcreddy
Copy link
Contributor

kcreddy commented Aug 22, 2024

@jH- could you please fix the merge conflicts?

@jH- jH- requested a review from a team as a code owner August 23, 2024 11:51
@kcreddy
Copy link
Contributor

kcreddy commented Aug 23, 2024

/test

andrewkroh
andrewkroh previously requested changes Aug 23, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are a bunch of changes outside of the packages/azure directory that need to undone. I think they were the result of merge issue.

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

jH-
jH- commented Sep 9, 2024
View reviewed changes
Copy link
Contributor Author

@jH- jH- left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deleted

@jH- jH- force-pushed the add_details_data branch from a2b7ebb to af7f7f8 Compare September 9, 2024 13:45
@andrewkroh
Merge remote-tracking branch 'elastic/main' into add_details_data
905509a
@andrewkroh
azure: rebuild expected application_gateway logs
d5c9a82 
[git-generate]
elastic-package -C packages/azure test pipeline -g -d application_gateway
@andrewkroh andrewkroh dismissed their stale review September 25, 2024 17:48

Merge issues were corrected. Changeset looks fine now.

@andrewkroh
Copy link
Member

/test

@andrewkroh andrewkroh enabled auto-merge (squash) September 25, 2024 17:53
@andrewkroh andrewkroh disabled auto-merge September 25, 2024 17:54
@andrewkroh andrewkroh enabled auto-merge (squash) September 25, 2024 17:54
@andrewkroh andrewkroh disabled auto-merge September 25, 2024 17:55
@andrewkroh andrewkroh enabled auto-merge (squash) September 25, 2024 17:56
@andrewkroh andrewkroh merged commit 9d46e70 into elastic:main Sep 25, 2024
3 checks passed
@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elastic-vault-github-plugin-prod
Copy link

Package azure - 1.17.0 containing this change is available at https://epr.elastic.co/search?package=azure

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@jH- @johhau
@zmoog @kcreddy @andrewkroh
azure/application_gateway: add event.reason (elastic#10007)
ae38c62 
Update the Azure Application Gateway pipeline to parse and include values from
`json.properties.details.data` into the ECS `event.reason` field.

This field provides action context by logging the specific data found in 
requests that matched a rule.

It excludes the field if `json.properties.details.message` contains values indicating 
missing headers or content were the reason to avoid unnecessary duplicate data.

---------

Co-authored-by: Johan H <[email protected]>
Co-authored-by: Maurizio Branca <[email protected]>
Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
Co-authored-by: Andrew Kroh <[email protected]>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@jH- @johhau
@zmoog @kcreddy @andrewkroh
azure/application_gateway: add event.reason (elastic#10007)
10f1d6e 
Update the Azure Application Gateway pipeline to parse and include values from
`json.properties.details.data` into the ECS `event.reason` field.

This field provides action context by logging the specific data found in 
requests that matched a rule.

It excludes the field if `json.properties.details.message` contains values indicating 
missing headers or content were the reason to avoid unnecessary duplicate data.

---------

Co-authored-by: Johan H <[email protected]>
Co-authored-by: Maurizio Branca <[email protected]>
Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
Co-authored-by: Andrew Kroh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmoog zmoog zmoog approved these changes

@kcreddy kcreddy kcreddy approved these changes

@andrewkroh andrewkroh andrewkroh left review comments

Assignees
No one assigned
Labels
enhancement New feature or request Integration:azure Azure Logs Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@jH- @elasticmachine @kcreddy @zmoog @andrewkroh @jamiehynds @johhau