Skip to content

[Crowdstrike] Parse prevented and worker_node_name field for alert data streams #14026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 30, 2025
Merged

[Crowdstrike] Parse prevented and worker_node_name field for alert data streams #14026

merged 4 commits into from
May 30, 2025

Conversation

moxarth-rathod
Copy link
Contributor

@moxarth-rathod moxarth-rathod commented May 28, 2025
edited
Loading

Proposed commit message

crowdstrike: request for parsing additional fields

This PR parses `prevented` and `worker_node_name` fields for alert data streams.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/crowdstrike directory.
  • Run the following command to run tests.

elastic-package test

@moxarth-rathod moxarth-rathod self-assigned this May 28, 2025
@moxarth-rathod moxarth-rathod requested a review from a team as a code owner May 28, 2025 08:26
@moxarth-rathod moxarth-rathod added enhancement New feature or request Integration:crowdstrike CrowdStrike Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels May 28, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@ShourieG
Copy link
Contributor

@moxarth-rathod, just one query, how were the logs generated ?

@ShourieG ShourieG self-requested a review May 28, 2025 09:55
@moxarth-rathod
Copy link
Contributor Author

@moxarth-rathod, just one query, how were the logs generated ?

@ShourieG since the original event wasn’t provided, I've created a log based on the issue description.

@efd6
Copy link
Contributor

efd6 commented May 28, 2025

since the original event wasn’t provided, I've created a log based on the issue description.

Can we get by with deriving this from the last event that already exists in the test sample? It is much shorter and would still exercise the change here.

@ShourieG
Copy link
Contributor

since the original event wasn’t provided, I've created a log based on the issue description.

Can we get by with deriving this from the last event that already exists in the test sample? It is much shorter and would still exercise the change here.

Agree with Dan here, if its possible to retrofit the new attributes in the existing smaller log then it would be good in reducing the overall footprint of the change.

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @moxarth-rathod

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@ShourieG ShourieG merged commit 5b772a1 into elastic:main May 30, 2025
8 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package crowdstrike - 1.73.0 containing this change is available at https://epr.elastic.co/package/crowdstrike/1.73.0/

anupratharamachandran pushed a commit to anupratharamachandran/integrations that referenced this pull request Jun 2, 2025
@moxarth-rathod @anupratharamachandran
[Crowdstrike] Parse prevented and worker_node_name field for aler…
7a8bdc6 
…t data streams (elastic#14026)

crowdstrike: request for parsing additional fields.
This PR parses `prevented` and `worker_node_name` fields 
for alert data streams.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

@efd6 efd6 efd6 approved these changes

@ShourieG ShourieG Awaiting requested review from ShourieG

Assignees

@moxarth-rathod moxarth-rathod

Labels
enhancement New feature or request Integration:crowdstrike CrowdStrike Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@moxarth-rathod @elasticmachine @ShourieG @efd6 @kcreddy