Skip to content

Commit ae62592

Browse files
chemamartinezchemamartinez
committed
Fix processing of crowdstrike.User.Name field
1 parent f200413 commit ae62592

File tree

5 files changed

+13
-2
lines changed

5 files changed

+13
-2
lines changed

packages/crowdstrike/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "2.2.1"
3+
changes:
4+
- description: Fix processing of `crowdstrike.User.Name` field.
5+
type: bugfix
6+
link: https://github.com/elastic/integrations/pull/15272
27
- version: "2.2.0"
38
changes:
49
- description: >-

packages/crowdstrike/data_stream/fdr/_dev/deploy/tf/files/fdr-0_userinfo.log

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
{"AccountType":"Domain User","LastLoggedOnHost":"COMPUTER1","LocalAdminAccess":"No","LogonInfo":"Domain User Logon","LogonTime":"1702546155.197","LogonType":"Interactive","PasswordLastSet":"1699971198.062","User":"DOMAIN\\BRADLEYA","UserIsAdmin":"0","UserLogonFlags_decimal":"0","UserName":"Alan-One","UserSid_readable":"S-1-12-1-3697283754-1083485977-2164330645-2516515886","_time":"1702546168.576","cid":"ffffffff15754bcfb5f9152ec7ac90ac","event_platform":"Win","monthsincereset":"1.0"}
2+
{"AccountType":"Domain User","LastLoggedOnHost":"COMPUTER1","LocalAdminAccess":"No","LogonInfo":"Domain User Logon","LogonTime":"1702546155.197","LogonType":"Interactive","PasswordLastSet":"1699971198.062","User":{"Name":"DOMAIN\\BRADLEYA"},"UserIsAdmin":"0","UserLogonFlags_decimal":"0","UserSid_readable":"S-1-12-1-3697283754-1083485977-2164330645-2516515886","_time":"1702546168.576","cid":"ffffffff15754bcfb5f9152ec7ac90ad","event_platform":"Win","monthsincereset":"1.0"}

packages/crowdstrike/data_stream/fdr/_dev/test/system/test-keep-metadata-config.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,4 @@ data_stream:
1414
keep_metadata: true
1515
enable_deduplication: true
1616
assert:
17-
hit_count: 131
17+
hit_count: 132

packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2446,6 +2446,11 @@ processors:
24462446
field: user.roles
24472447
value: admin
24482448
if: ctx.crowdstrike?.UserIsAdmin == "1"
2449+
- rename:
2450+
field: crowdstrike.User.Name
2451+
target_field: user.name
2452+
ignore_missing: true
2453+
if: ctx.crowdstrike?.User?.Name != null && ctx.user?.name == null
24492454
- rename:
24502455
field: crowdstrike.UserName
24512456
target_field: user.name

packages/crowdstrike/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
name: crowdstrike
22
title: CrowdStrike
3-
version: "2.2.0"
3+
version: "2.2.1"
44
description: Collect logs from Crowdstrike with Elastic Agent.
55
type: integration
66
format_version: "3.4.0"

0 commit comments

Comments
 (0)