Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

microsoft_exchange_online_message_trace - handle SenderAddress of '<>' #12292

Merged
merged 3 commits into from
Jan 13, 2025
Merged

microsoft_exchange_online_message_trace - handle SenderAddress of '<>' #12292

merged 3 commits into from
Jan 13, 2025

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Jan 9, 2025
edited
Loading

Proposed commit message

In the microsoft_exchange_online_message_trace integration, JSON events
containing "SenderAddress":"<>" caused a pipeline error of

    Provided Grok expressions do no match field value: [<>]

This commit changes the pipeline to treat the value that same as it would an
empty string or no SenderAddress field present.

Improve the pipeline error.message by including more details about the
processor that is failing.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@andrewkroh andrewkroh force-pushed the microsoft_exchange_online_message_trace/bugfix/sender-address branch from 0cd7fa4 to 3487fb3 Compare January 9, 2025 22:07
@andrewkroh
ms exchange msg trace - fix SenderAddress of '<>'
e53e49c 
In the microsoft_exchange_online_message_trace integration, JSON events
containing "SenderAddress":"<>" caused a pipeline error of

    Provided Grok expressions do no match field value: [<>]

This commit changes the pipeline to treat the value that same as it would an
empty string or no SenderAddress field present.

Improve the pipeline error.message by including more details about the
processor that is failing.
@andrewkroh andrewkroh force-pushed the microsoft_exchange_online_message_trace/bugfix/sender-address branch from 3487fb3 to e53e49c Compare January 9, 2025 22:10
@andrewkroh andrewkroh added bugfix Pull request that fixes a bug issue Integration:microsoft_exchange_online_message_trac Microsoft Exchange Online Message Trace labels Jan 9, 2025
@andrewkroh andrewkroh marked this pull request as ready for review January 9, 2025 22:14
@andrewkroh andrewkroh requested a review from a team as a code owner January 9, 2025 22:14
@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] label Jan 9, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
60.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@andrewkroh andrewkroh merged commit 747fefc into elastic:main Jan 13, 2025
5 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package microsoft_exchange_online_message_trace - 1.25.2 containing this change is available at https://epr.elastic.co/package/microsoft_exchange_online_message_trace/1.25.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees
No one assigned
Labels
bugfix Pull request that fixes a bug issue Integration:microsoft_exchange_online_message_trac Microsoft Exchange Online Message Trace Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @chemamartinez