[system] Add support for more event-ids in the security data stream

[janvi-elastic]

Proposed commit message

This PR adds support for more event-ids of Security Events to system.security. These events have an event.code as below:

• 4627
• 4662
• 4663
• 4675
• 4793
• 4800
• 4931
• 4932
• 4933
• 4945
• 4946
• 4948
• 4953
• 4957
• 4962
• 4963
• 4965
• 4985
• 5038
• 5058
• 5059
• 5061
• 5136
• 5142
• 5441
• 5446
• 5447
• 5449
• 6144
• 6145
• 6416
• 4658
• 4659
• 4660
• 4664
• 4690
• 4691
• 4692
• 4695
• 4704
• 4705
• 4801
• 4802
• 4803
• 4868
• 4869
• 4876
• 6419
• 6420
• 6421
• 6422

System fields are mapped to their corresponding ECS fields where possible. And also added associated dashboards and visualizations.

Test samples were derived from live logs and documentation and subsequently sanitized.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

• Clone integrations repo.
• Install elastic package locally.
• Start elastic stack using elastic-package.
• Move to integrations/packages/system directory.
• Run the following command to run tests.

elastic-package test

Run pipeline tests for the package
--- Test results for package: system - START ---
╭─────────┬─────────────┬───────────┬───────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME                                                                         │ RESULT │ TIME ELAPSED │
├─────────┼─────────────┼───────────┼───────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1100.json)                                         │ PASS   │ 410.867411ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1102.json)                                         │ PASS   │ 437.799532ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1104.json)                                         │ PASS   │ 357.900872ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-1105.json)                                         │ PASS   │ 354.016433ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4627.json)                                         │ PASS   │ 399.712644ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4658.json)                                         │ PASS   │ 384.419067ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4659.json)                                         │ PASS   │ 396.432177ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4660.json)                                         │ PASS   │ 378.718763ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4662.json)                                         │ PASS   │ 375.322548ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4663.json)                                         │ PASS   │ 360.366752ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4664.json)                                         │ PASS   │ 351.527538ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4670-windowssrv2016.json)                          │ PASS   │ 339.045089ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4674.json)                                         │ PASS   │  344.67135ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4675.json)                                         │ PASS   │  369.28462ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4690.json)                                         │ PASS   │ 359.711271ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4691.json)                                         │ PASS   │ 347.088531ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4692.json)                                         │ PASS   │ 343.638886ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4695.json)                                         │ PASS   │ 416.919941ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4704.json)                                         │ PASS   │ 402.092418ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4705.json)                                         │ PASS   │ 388.236485ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4706-windowssrv2016.json)                          │ PASS   │ 427.154928ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4707-windowssrv2016.json)                          │ PASS   │ 379.463466ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4713-windowssrv2016.json)                          │ PASS   │ 368.470679ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4716-windowssrv2016.json)                          │ PASS   │ 419.854887ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4717-windowssrv2016.json)                          │ PASS   │ 359.192161ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4718-windowssrv2016.json)                          │ PASS   │ 340.217883ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4719-windowssrv2016.json)                          │ PASS   │ 355.411566ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4719.json)                                         │ PASS   │ 387.288819ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4738.json)                                         │ PASS   │ 327.573517ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4739-windowssrv2016.json)                          │ PASS   │ 335.215277ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4742.json)                                         │ PASS   │ 331.223163ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4743.json)                                         │ PASS   │ 340.470685ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4744.json)                                         │ PASS   │ 326.295445ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4745.json)                                         │ PASS   │ 345.405994ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4746.json)                                         │ PASS   │  330.01173ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4747.json)                                         │ PASS   │  365.22273ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4748.json)                                         │ PASS   │ 357.517103ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4749.json)                                         │ PASS   │ 371.620701ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4750.json)                                         │ PASS   │ 393.358833ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4751.json)                                         │ PASS   │ 347.304074ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4752.json)                                         │ PASS   │ 353.975975ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4753.json)                                         │ PASS   │  388.87294ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4759.json)                                         │ PASS   │  343.13919ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4760.json)                                         │ PASS   │ 365.720493ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4761.json)                                         │ PASS   │ 374.194274ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4762.json)                                         │ PASS   │  356.89705ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4763.json)                                         │ PASS   │ 370.165854ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4793.json)                                         │ PASS   │ 326.773419ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4797.json)                                         │ PASS   │  337.33458ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4800.json)                                         │ PASS   │ 325.144867ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4801.json)                                         │ PASS   │ 352.644659ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4802.json)                                         │ PASS   │ 379.032069ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4803.json)                                         │ PASS   │ 338.941249ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4817-windowssrv2016.json)                          │ PASS   │  387.92096ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4868.json)                                         │ PASS   │ 350.711856ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4869.json)                                         │ PASS   │ 380.650307ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4876.json)                                         │ PASS   │ 396.732305ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4902-windowssrv2016.json)                          │ PASS   │ 374.354668ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4904-windowssrv2016.json)                          │ PASS   │ 350.651675ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4905-windowssrv2016.json)                          │ PASS   │ 354.653063ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4906-windowssrv2016.json)                          │ PASS   │ 379.671235ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4907-windowssrv2016.json)                          │ PASS   │ 372.887496ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4931.json)                                         │ PASS   │ 383.065977ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4932.json)                                         │ PASS   │ 409.130124ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4933.json)                                         │ PASS   │  375.30185ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4945.json)                                         │ PASS   │ 367.159414ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4946.json)                                         │ PASS   │ 369.451576ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4948.json)                                         │ PASS   │ 352.728204ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4953.json)                                         │ PASS   │ 351.276692ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4957.json)                                         │ PASS   │ 363.768227ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4962.json)                                         │ PASS   │ 369.478795ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4963.json)                                         │ PASS   │ 388.483002ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4965.json)                                         │ PASS   │ 412.263844ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-4985.json)                                         │ PASS   │ 400.992491ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5038.json)                                         │ PASS   │ 324.867521ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5058.json)                                         │ PASS   │ 343.309089ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5059.json)                                         │ PASS   │ 336.765347ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5061.json)                                         │ PASS   │ 395.220601ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5136.json)                                         │ PASS   │ 340.513671ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5142.json)                                         │ PASS   │ 330.814503ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5152.json)                                         │ PASS   │ 334.981694ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5156.json)                                         │ PASS   │ 335.589718ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5157.json)                                         │ PASS   │ 338.930762ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5158.json)                                         │ PASS   │ 346.277289ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5379.json)                                         │ PASS   │ 385.463126ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5380.json)                                         │ PASS   │ 339.235861ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5381.json)                                         │ PASS   │ 354.602502ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5382.json)                                         │ PASS   │ 354.434192ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5441.json)                                         │ PASS   │ 370.920596ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5446.json)                                         │ PASS   │ 379.039962ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5447.json)                                         │ PASS   │ 355.190387ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-5449.json)                                         │ PASS   │ 350.306161ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6144.json)                                         │ PASS   │ 326.305545ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6145.json)                                         │ PASS   │ 322.508459ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6416.json)                                         │ PASS   │ 339.412818ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6419.json)                                         │ PASS   │ 315.610327ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6420.json)                                         │ PASS   │ 317.642058ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6421.json)                                         │ PASS   │  332.25461ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-6422.json)                                         │ PASS   │ 339.248999ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-log-5136.json)                                     │ PASS   │  433.67658ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-5140-5145.json)                           │ PASS   │ 333.320341ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4673.json)                    │ PASS   │ 329.861211ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4697.json)                    │ PASS   │ 323.156863ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4768.json)                    │ PASS   │ 330.730465ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4769.json)                    │ PASS   │ 409.095077ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4770.json)                    │ PASS   │ 327.679078ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4771.json)                    │ PASS   │  416.75056ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4776.json)                    │ PASS   │ 393.449269ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4778.json)                    │ PASS   │ 407.094233ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012-4779.json)                    │ PASS   │ 378.796502ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2012r2-logon.json)                 │ PASS   │ 398.915453ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4722-account-enabled.json)    │ PASS   │ 363.249489ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4723-password-change.json)    │ PASS   │ 345.107381ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4724-password-reset.json)     │ PASS   │ 370.075833ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4725-account-disabled.json)   │ PASS   │ 354.111046ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4726-account-deleted.json)    │ PASS   │ 333.259372ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4727.json)                    │ PASS   │  349.81742ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4728.json)                    │ PASS   │  330.86591ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4729.json)                    │ PASS   │ 338.928932ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4730.json)                    │ PASS   │ 335.662342ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4731.json)                    │ PASS   │ 397.492128ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4732.json)                    │ PASS   │ 335.055207ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4733.json)                    │ PASS   │ 338.547918ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4734.json)                    │ PASS   │ 396.355012ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4735.json)                    │ PASS   │ 388.116607ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4737.json)                    │ PASS   │ 359.097633ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4738-account-changed.json)    │ PASS   │ 378.222351ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4740-account-locked-out.json) │ PASS   │ 362.422266ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4754.json)                    │ PASS   │ 345.425197ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4755.json)                    │ PASS   │ 361.882157ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4756.json)                    │ PASS   │ 338.304455ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4757.json)                    │ PASS   │ 372.646466ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4758.json)                    │ PASS   │ 351.540639ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4764.json)                    │ PASS   │ 350.355422ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4767-account-unlocked.json)   │ PASS   │ 365.998817ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4781-account-renamed.json)    │ PASS   │ 351.479113ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4798.json)                    │ PASS   │ 331.474515ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-4799.json)                    │ PASS   │ 373.533162ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2016-logoff.json)                  │ PASS   │  362.28205ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2019-4688-process-created.json)    │ PASS   │ 348.589852ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-security-windows2019-4689-process-exited.json)     │ PASS   │ 374.024201ms │
│ system  │ security    │ pipeline  │ (ingest pipeline warnings test-unknown.json)                                      │ PASS   │ 416.306958ms │
│ system  │ security    │ pipeline  │ test-1100.json                                                                    │ PASS   │ 144.865146ms │
│ system  │ security    │ pipeline  │ test-1102.json                                                                    │ PASS   │ 163.908987ms │
│ system  │ security    │ pipeline  │ test-1104.json                                                                    │ PASS   │ 130.204283ms │
│ system  │ security    │ pipeline  │ test-1105.json                                                                    │ PASS   │ 120.582431ms │
│ system  │ security    │ pipeline  │ test-4627.json                                                                    │ PASS   │ 139.352493ms │
│ system  │ security    │ pipeline  │ test-4658.json                                                                    │ PASS   │ 154.194848ms │
│ system  │ security    │ pipeline  │ test-4659.json                                                                    │ PASS   │ 139.136331ms │
│ system  │ security    │ pipeline  │ test-4660.json                                                                    │ PASS   │ 145.298621ms │
│ system  │ security    │ pipeline  │ test-4662.json                                                                    │ PASS   │ 137.476949ms │
│ system  │ security    │ pipeline  │ test-4663.json                                                                    │ PASS   │ 145.099873ms │
│ system  │ security    │ pipeline  │ test-4664.json                                                                    │ PASS   │  140.01738ms │
│ system  │ security    │ pipeline  │ test-4670-windowssrv2016.json                                                     │ PASS   │ 122.798857ms │
│ system  │ security    │ pipeline  │ test-4674.json                                                                    │ PASS   │ 148.451949ms │
│ system  │ security    │ pipeline  │ test-4675.json                                                                    │ PASS   │ 170.315506ms │
│ system  │ security    │ pipeline  │ test-4690.json                                                                    │ PASS   │ 128.669705ms │
│ system  │ security    │ pipeline  │ test-4691.json                                                                    │ PASS   │ 131.949675ms │
│ system  │ security    │ pipeline  │ test-4692.json                                                                    │ PASS   │ 131.005184ms │
│ system  │ security    │ pipeline  │ test-4695.json                                                                    │ PASS   │ 140.694668ms │
│ system  │ security    │ pipeline  │ test-4704.json                                                                    │ PASS   │ 128.211076ms │
│ system  │ security    │ pipeline  │ test-4705.json                                                                    │ PASS   │ 153.544065ms │
│ system  │ security    │ pipeline  │ test-4706-windowssrv2016.json                                                     │ PASS   │ 159.841634ms │
│ system  │ security    │ pipeline  │ test-4707-windowssrv2016.json                                                     │ PASS   │ 136.137037ms │
│ system  │ security    │ pipeline  │ test-4713-windowssrv2016.json                                                     │ PASS   │ 138.188401ms │
│ system  │ security    │ pipeline  │ test-4716-windowssrv2016.json                                                     │ PASS   │ 119.298948ms │
│ system  │ security    │ pipeline  │ test-4717-windowssrv2016.json                                                     │ PASS   │ 121.564557ms │
│ system  │ security    │ pipeline  │ test-4718-windowssrv2016.json                                                     │ PASS   │ 144.347527ms │
│ system  │ security    │ pipeline  │ test-4719-windowssrv2016.json                                                     │ PASS   │ 118.197697ms │
│ system  │ security    │ pipeline  │ test-4719.json                                                                    │ PASS   │ 121.795641ms │
│ system  │ security    │ pipeline  │ test-4738.json                                                                    │ PASS   │ 138.682057ms │
│ system  │ security    │ pipeline  │ test-4739-windowssrv2016.json                                                     │ PASS   │ 127.872662ms │
│ system  │ security    │ pipeline  │ test-4742.json                                                                    │ PASS   │  126.31418ms │
│ system  │ security    │ pipeline  │ test-4743.json                                                                    │ PASS   │ 119.528632ms │
│ system  │ security    │ pipeline  │ test-4744.json                                                                    │ PASS   │ 125.886969ms │
│ system  │ security    │ pipeline  │ test-4745.json                                                                    │ PASS   │ 128.868055ms │
│ system  │ security    │ pipeline  │ test-4746.json                                                                    │ PASS   │ 141.606657ms │
│ system  │ security    │ pipeline  │ test-4747.json                                                                    │ PASS   │ 129.163303ms │
│ system  │ security    │ pipeline  │ test-4748.json                                                                    │ PASS   │  135.24812ms │
│ system  │ security    │ pipeline  │ test-4749.json                                                                    │ PASS   │ 139.523016ms │
│ system  │ security    │ pipeline  │ test-4750.json                                                                    │ PASS   │ 132.430186ms │
│ system  │ security    │ pipeline  │ test-4751.json                                                                    │ PASS   │ 133.562656ms │
│ system  │ security    │ pipeline  │ test-4752.json                                                                    │ PASS   │  170.72144ms │
│ system  │ security    │ pipeline  │ test-4753.json                                                                    │ PASS   │ 124.047611ms │
│ system  │ security    │ pipeline  │ test-4759.json                                                                    │ PASS   │ 120.648221ms │
│ system  │ security    │ pipeline  │ test-4760.json                                                                    │ PASS   │ 114.380998ms │
│ system  │ security    │ pipeline  │ test-4761.json                                                                    │ PASS   │ 133.795443ms │
│ system  │ security    │ pipeline  │ test-4762.json                                                                    │ PASS   │ 133.929951ms │
│ system  │ security    │ pipeline  │ test-4763.json                                                                    │ PASS   │ 120.613403ms │
│ system  │ security    │ pipeline  │ test-4793.json                                                                    │ PASS   │ 117.587409ms │
│ system  │ security    │ pipeline  │ test-4797.json                                                                    │ PASS   │ 182.083222ms │
│ system  │ security    │ pipeline  │ test-4800.json                                                                    │ PASS   │ 122.302221ms │
│ system  │ security    │ pipeline  │ test-4801.json                                                                    │ PASS   │ 130.169195ms │
│ system  │ security    │ pipeline  │ test-4802.json                                                                    │ PASS   │  129.22898ms │
│ system  │ security    │ pipeline  │ test-4803.json                                                                    │ PASS   │ 118.087932ms │
│ system  │ security    │ pipeline  │ test-4817-windowssrv2016.json                                                     │ PASS   │ 116.885044ms │
│ system  │ security    │ pipeline  │ test-4868.json                                                                    │ PASS   │ 116.495734ms │
│ system  │ security    │ pipeline  │ test-4869.json                                                                    │ PASS   │ 159.882769ms │
│ system  │ security    │ pipeline  │ test-4876.json                                                                    │ PASS   │ 131.577194ms │
│ system  │ security    │ pipeline  │ test-4902-windowssrv2016.json                                                     │ PASS   │ 140.066177ms │
│ system  │ security    │ pipeline  │ test-4904-windowssrv2016.json                                                     │ PASS   │ 112.920818ms │
│ system  │ security    │ pipeline  │ test-4905-windowssrv2016.json                                                     │ PASS   │ 143.430854ms │
│ system  │ security    │ pipeline  │ test-4906-windowssrv2016.json                                                     │ PASS   │ 115.512978ms │
│ system  │ security    │ pipeline  │ test-4907-windowssrv2016.json                                                     │ PASS   │ 118.929654ms │
│ system  │ security    │ pipeline  │ test-4931.json                                                                    │ PASS   │ 117.765396ms │
│ system  │ security    │ pipeline  │ test-4932.json                                                                    │ PASS   │  133.84725ms │
│ system  │ security    │ pipeline  │ test-4933.json                                                                    │ PASS   │ 112.295928ms │
│ system  │ security    │ pipeline  │ test-4945.json                                                                    │ PASS   │ 131.440501ms │
│ system  │ security    │ pipeline  │ test-4946.json                                                                    │ PASS   │ 118.010061ms │
│ system  │ security    │ pipeline  │ test-4948.json                                                                    │ PASS   │ 134.005416ms │
│ system  │ security    │ pipeline  │ test-4953.json                                                                    │ PASS   │ 124.707757ms │
│ system  │ security    │ pipeline  │ test-4957.json                                                                    │ PASS   │ 107.902427ms │
│ system  │ security    │ pipeline  │ test-4962.json                                                                    │ PASS   │ 126.570565ms │
│ system  │ security    │ pipeline  │ test-4963.json                                                                    │ PASS   │ 113.940348ms │
│ system  │ security    │ pipeline  │ test-4965.json                                                                    │ PASS   │ 143.943282ms │
│ system  │ security    │ pipeline  │ test-4985.json                                                                    │ PASS   │ 128.269814ms │
│ system  │ security    │ pipeline  │ test-5038.json                                                                    │ PASS   │ 117.594026ms │
│ system  │ security    │ pipeline  │ test-5058.json                                                                    │ PASS   │ 112.081266ms │
│ system  │ security    │ pipeline  │ test-5059.json                                                                    │ PASS   │ 111.442985ms │
│ system  │ security    │ pipeline  │ test-5061.json                                                                    │ PASS   │  116.08419ms │
│ system  │ security    │ pipeline  │ test-5136.json                                                                    │ PASS   │  113.70797ms │
│ system  │ security    │ pipeline  │ test-5142.json                                                                    │ PASS   │ 122.249329ms │
│ system  │ security    │ pipeline  │ test-5152.json                                                                    │ PASS   │ 116.198913ms │
│ system  │ security    │ pipeline  │ test-5156.json                                                                    │ PASS   │ 116.160425ms │
│ system  │ security    │ pipeline  │ test-5157.json                                                                    │ PASS   │ 116.204109ms │
│ system  │ security    │ pipeline  │ test-5158.json                                                                    │ PASS   │ 113.426762ms │
│ system  │ security    │ pipeline  │ test-5379.json                                                                    │ PASS   │ 176.370623ms │
│ system  │ security    │ pipeline  │ test-5380.json                                                                    │ PASS   │ 186.831431ms │
│ system  │ security    │ pipeline  │ test-5381.json                                                                    │ PASS   │ 167.574121ms │
│ system  │ security    │ pipeline  │ test-5382.json                                                                    │ PASS   │  174.59591ms │
│ system  │ security    │ pipeline  │ test-5441.json                                                                    │ PASS   │ 113.732287ms │
│ system  │ security    │ pipeline  │ test-5446.json                                                                    │ PASS   │ 114.947879ms │
│ system  │ security    │ pipeline  │ test-5447.json                                                                    │ PASS   │  122.72096ms │
│ system  │ security    │ pipeline  │ test-5449.json                                                                    │ PASS   │ 132.388307ms │
│ system  │ security    │ pipeline  │ test-6144.json                                                                    │ PASS   │ 121.583202ms │
│ system  │ security    │ pipeline  │ test-6145.json                                                                    │ PASS   │ 108.400762ms │
│ system  │ security    │ pipeline  │ test-6416.json                                                                    │ PASS   │ 113.403474ms │
│ system  │ security    │ pipeline  │ test-6419.json                                                                    │ PASS   │ 125.674499ms │
│ system  │ security    │ pipeline  │ test-6420.json                                                                    │ PASS   │ 123.288114ms │
│ system  │ security    │ pipeline  │ test-6421.json                                                                    │ PASS   │ 122.581059ms │
│ system  │ security    │ pipeline  │ test-6422.json                                                                    │ PASS   │ 117.144163ms │
│ system  │ security    │ pipeline  │ test-log-5136.json                                                                │ PASS   │ 123.842372ms │
│ system  │ security    │ pipeline  │ test-security-5140-5145.json                                                      │ PASS   │ 133.416621ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4673.json                                               │ PASS   │ 111.171548ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4697.json                                               │ PASS   │ 113.884045ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4768.json                                               │ PASS   │ 116.106871ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4769.json                                               │ PASS   │ 119.628022ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4770.json                                               │ PASS   │ 115.062614ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4771.json                                               │ PASS   │ 127.007468ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4776.json                                               │ PASS   │ 135.331923ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4778.json                                               │ PASS   │   127.2871ms │
│ system  │ security    │ pipeline  │ test-security-windows2012-4779.json                                               │ PASS   │ 161.812698ms │
│ system  │ security    │ pipeline  │ test-security-windows2012r2-logon.json                                            │ PASS   │ 498.862726ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4722-account-enabled.json                               │ PASS   │ 142.769715ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4723-password-change.json                               │ PASS   │ 140.807484ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4724-password-reset.json                                │ PASS   │ 138.874605ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4725-account-disabled.json                              │ PASS   │ 136.537791ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4726-account-deleted.json                               │ PASS   │ 149.073184ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4727.json                                               │ PASS   │ 114.201637ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4728.json                                               │ PASS   │  134.24107ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4729.json                                               │ PASS   │ 126.734054ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4730.json                                               │ PASS   │ 113.646138ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4731.json                                               │ PASS   │ 125.681525ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4732.json                                               │ PASS   │ 125.630896ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4733.json                                               │ PASS   │ 123.401608ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4734.json                                               │ PASS   │ 114.543806ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4735.json                                               │ PASS   │ 116.334753ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4737.json                                               │ PASS   │ 120.521978ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4738-account-changed.json                               │ PASS   │ 120.925239ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4740-account-locked-out.json                            │ PASS   │ 117.717933ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4754.json                                               │ PASS   │ 113.694344ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4755.json                                               │ PASS   │ 127.490969ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4756.json                                               │ PASS   │ 127.913031ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4757.json                                               │ PASS   │ 155.826038ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4758.json                                               │ PASS   │ 115.568818ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4764.json                                               │ PASS   │ 114.157787ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4767-account-unlocked.json                              │ PASS   │ 122.034409ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4781-account-renamed.json                               │ PASS   │ 144.833984ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4798.json                                               │ PASS   │ 138.159885ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-4799.json                                               │ PASS   │ 118.244244ms │
│ system  │ security    │ pipeline  │ test-security-windows2016-logoff.json                                             │ PASS   │ 136.381927ms │
│ system  │ security    │ pipeline  │ test-security-windows2019-4688-process-created.json                               │ PASS   │  126.67986ms │
│ system  │ security    │ pipeline  │ test-security-windows2019-4689-process-exited.json                                │ PASS   │ 210.088354ms │
│ system  │ security    │ pipeline  │ test-unknown.json                                                                 │ PASS   │ 100.588171ms │
╰─────────┴─────────────┴───────────┴───────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done
Run asset tests for the package
2025/05/13 18:56:45  INFO License text found in "/home/devuser/janvi-bitbucket/integrations/LICENSE.txt" will be included in package
--- Test results for package: system - START ---
╭─────────┬─────────────────┬───────────┬─────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM     │ TEST TYPE │ TEST NAME                                                       │ RESULT │ TIME ELAPSED │
├─────────┼─────────────────┼───────────┼─────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ system  │                 │ asset     │ dashboard system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab is loaded │ PASS   │      1.952µs │
│ system  │                 │ asset     │ dashboard system-0e70e1bd-9a57-4f17-9d96-cc97e3d3a4f9 is loaded │ PASS   │        591ns │
│ system  │                 │ asset     │ dashboard system-277876d0-fa2c-11e6-bbd3-29c986c96e5a is loaded │ PASS   │        554ns │
│ system  │                 │ asset     │ dashboard system-2c4debf0-ef4f-4379-99a1-c57c307f23af is loaded │ PASS   │        735ns │
│ system  │                 │ asset     │ dashboard system-3c46ecdb-0a41-4be3-907e-722de8edac12 is loaded │ PASS   │        608ns │
│ system  │                 │ asset     │ dashboard system-5517a150-f9ce-11e6-8115-a7c18106d86a is loaded │ PASS   │        826ns │
│ system  │                 │ asset     │ dashboard system-71f720f0-ff18-11e9-8405-516218e3d268 is loaded │ PASS   │        593ns │
│ system  │                 │ asset     │ dashboard system-79ffd6e0-faa0-11e6-947f-177f697178b8 is loaded │ PASS   │        677ns │
│ system  │                 │ asset     │ dashboard system-Logs-syslog-dashboard is loaded                │ PASS   │        749ns │
│ system  │                 │ asset     │ dashboard system-Metrics-system-overview is loaded              │ PASS   │        614ns │
│ system  │                 │ asset     │ dashboard system-Windows-Dashboard is loaded                    │ PASS   │        623ns │
│ system  │                 │ asset     │ dashboard system-bae11b00-9bfc-11ea-87e4-49f31ec44891 is loaded │ PASS   │        734ns │
│ system  │                 │ asset     │ dashboard system-bb858830-f412-11e9-8405-516218e3d268 is loaded │ PASS   │        738ns │
│ system  │                 │ asset     │ dashboard system-d401ef40-a7d5-11e9-a422-d144027429da is loaded │ PASS   │        714ns │
│ system  │                 │ asset     │ dashboard system-db94459a-7232-4d1b-aa0c-b80dece8bc3a is loaded │ PASS   │        713ns │
│ system  │                 │ asset     │ search system-00025874-1cfb-47f8-a766-6af263f47fab is loaded    │ PASS   │        603ns │
│ system  │                 │ asset     │ search system-00757d92-6a5f-48d9-b9a9-37dcee0389e2 is loaded    │ PASS   │        630ns │
│ system  │                 │ asset     │ search system-135250ac-861d-43cf-9bfb-ce04a39c2ed9 is loaded    │ PASS   │        644ns │
│ system  │                 │ asset     │ search system-1b9117c8-e5a6-44ec-a237-2dbbdde131ea is loaded    │ PASS   │        705ns │
│ system  │                 │ asset     │ search system-1e5f6375-b6ac-4bab-a495-4c97c316bbfc is loaded    │ PASS   │        636ns │
│ system  │                 │ asset     │ search system-2b944fd9-7be6-4128-951b-a023df492fa6 is loaded    │ PASS   │        664ns │
│ system  │                 │ asset     │ search system-2d98c0f5-b501-4581-bc34-e90e82ef6295 is loaded    │ PASS   │        677ns │
│ system  │                 │ asset     │ search system-31950df9-7171-4672-87e4-36cd20decb6d is loaded    │ PASS   │        730ns │
│ system  │                 │ asset     │ search system-3f35f4fe-f01a-44a7-8892-cd64f88d0a61 is loaded    │ PASS   │        717ns │
│ system  │                 │ asset     │ search system-4c34518b-de35-4ffb-a11f-2da89fb028d7 is loaded    │ PASS   │        703ns │
│ system  │                 │ asset     │ search system-5d27d5fd-8fd3-4954-83ee-9c89862bcadf is loaded    │ PASS   │        722ns │
│ system  │                 │ asset     │ search system-5dd71405-86d2-4eab-a3d5-088f71889e94 is loaded    │ PASS   │        815ns │
│ system  │                 │ asset     │ search system-67574c86-e986-4efa-bd94-e052e7510475 is loaded    │ PASS   │        750ns │
│ system  │                 │ asset     │ search system-71c28785-7ab7-4210-833b-6d65de60940a is loaded    │ PASS   │        738ns │
│ system  │                 │ asset     │ search system-72966c9a-d594-48f4-9838-aac38d5d4bee is loaded    │ PASS   │        801ns │
│ system  │                 │ asset     │ search system-7af1e82c-155c-4f5b-813e-a2b6c3e5bc75 is loaded    │ PASS   │        815ns │
│ system  │                 │ asset     │ search system-8947d1c6-6a3a-4b5d-890e-6f59d3d8f1e9 is loaded    │ PASS   │        829ns │
│ system  │                 │ asset     │ search system-906dc8d0-0330-46c1-831c-beda2868b383 is loaded    │ PASS   │        806ns │
│ system  │                 │ asset     │ search system-94378112-04db-4813-a95f-2b157d6d4bb7 is loaded    │ PASS   │        836ns │
│ system  │                 │ asset     │ search system-99f8b490-4f75-418e-bd91-4ef4bb7851de is loaded    │ PASS   │        947ns │
│ system  │                 │ asset     │ search system-9efb946b-528d-4cd9-b3ef-4040859570ba is loaded    │ PASS   │        890ns │
│ system  │                 │ asset     │ search system-a9c32a08-b008-463a-800a-f46730fed42b is loaded    │ PASS   │        861ns │
│ system  │                 │ asset     │ search system-ac59de7d-ca7d-4182-a3ec-d9a4ab69713d is loaded    │ PASS   │       1.07µs │
│ system  │                 │ asset     │ search system-b624ecd1-b43d-4ab1-829c-b22f2fcb5662 is loaded    │ PASS   │        897ns │
│ system  │                 │ asset     │ search system-b6ff5e31-6c94-479a-b567-729def3b6b5b is loaded    │ PASS   │        931ns │
│ system  │                 │ asset     │ search system-b856c615-5136-4e02-9c3b-14c6576e16e1 is loaded    │ PASS   │      1.068µs │
│ system  │                 │ asset     │ search system-ba83542b-5838-41ce-a569-bc7b9c8c0a87 is loaded    │ PASS   │        935ns │
│ system  │                 │ asset     │ search system-cc7c88b4-22c4-4f42-8b5b-3466000a3b32 is loaded    │ PASS   │        938ns │
│ system  │                 │ asset     │ search system-cd3d5a1b-aeb6-4bf0-b45e-adf7837b3fa1 is loaded    │ PASS   │      1.037µs │
│ system  │                 │ asset     │ search system-dd3e3d90-8f72-4f04-ba7d-de0051bc1749 is loaded    │ PASS   │        979ns │
│ system  │                 │ asset     │ search system-e629186d-6a2a-4469-a060-bac42926f5d3 is loaded    │ PASS   │       1.07µs │
│ system  │                 │ asset     │ search system-f21d4873-7987-480e-8110-1fda397c3e0d is loaded    │ PASS   │      1.046µs │
│ system  │                 │ asset     │ search system-f6a50ac5-d9cd-469c-8169-0d4fc5c0bef5 is loaded    │ PASS   │      1.068µs │
│ system  │                 │ asset     │ search system-f6dbb7a7-25a5-4d42-9e64-8cb6cd9e173c is loaded    │ PASS   │      1.058µs │
│ system  │ application     │ asset     │ index_template logs-system.application is loaded                │ PASS   │        395ns │
│ system  │ application     │ asset     │ ingest_pipeline logs-system.application-2.1.0 is loaded         │ PASS   │        227ns │
│ system  │ auth            │ asset     │ index_template logs-system.auth is loaded                       │ PASS   │        354ns │
│ system  │ auth            │ asset     │ ingest_pipeline logs-system.auth-2.1.0 is loaded                │ PASS   │        199ns │
│ system  │ core            │ asset     │ index_template metrics-system.core is loaded                    │ PASS   │        417ns │
│ system  │ cpu             │ asset     │ index_template metrics-system.cpu is loaded                     │ PASS   │        467ns │
│ system  │ diskio          │ asset     │ index_template metrics-system.diskio is loaded                  │ PASS   │        412ns │
│ system  │ filesystem      │ asset     │ index_template metrics-system.filesystem is loaded              │ PASS   │        430ns │
│ system  │ fsstat          │ asset     │ index_template metrics-system.fsstat is loaded                  │ PASS   │        504ns │
│ system  │ load            │ asset     │ index_template metrics-system.load is loaded                    │ PASS   │        921ns │
│ system  │ memory          │ asset     │ index_template metrics-system.memory is loaded                  │ PASS   │      1.053µs │
│ system  │ network         │ asset     │ index_template metrics-system.network is loaded                 │ PASS   │        478ns │
│ system  │ process         │ asset     │ index_template metrics-system.process is loaded                 │ PASS   │        573ns │
│ system  │ process_summary │ asset     │ index_template metrics-system.process.summary is loaded         │ PASS   │        540ns │
│ system  │ security        │ asset     │ index_template logs-system.security is loaded                   │ PASS   │        566ns │
│ system  │ security        │ asset     │ ingest_pipeline logs-system.security-2.1.0 is loaded            │ PASS   │        471ns │
│ system  │ socket_summary  │ asset     │ index_template metrics-system.socket_summary is loaded          │ PASS   │        559ns │
│ system  │ syslog          │ asset     │ index_template logs-system.syslog is loaded                     │ PASS   │        748ns │
│ system  │ syslog          │ asset     │ ingest_pipeline logs-system.syslog-2.1.0 is loaded              │ PASS   │        425ns │
│ system  │ system          │ asset     │ index_template logs-system.system is loaded                     │ PASS   │        615ns │
│ system  │ system          │ asset     │ ingest_pipeline logs-system.system-2.1.0 is loaded              │ PASS   │        451ns │
│ system  │ uptime          │ asset     │ index_template metrics-system.uptime is loaded                  │ PASS   │        726ns │
╰─────────┴─────────────────┴───────────┴─────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done
Run static tests for the package
--- Test results for package: system - START ---
╭─────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ system  │ security    │ static    │ Verify sample_event.json │ PASS   │ 146.062149ms │
╰─────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: system - END   ---
Done

Related issues

• Relates https://github.com/elastic/enhancements/issues/21929

Screenshot

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[janvi-elastic]

Hi @jamiehynds ,@kcreddy , @efd6,
In this PR, the system test for the auth data stream is failing. We have identified that this is a known issue, which is being tracked here: elastic/integrations#12610.

[marc-gr]

LGMT in general, just a couple of things:

• I would consider adding handling similar to

  integrations/packages/windows/data_stream/sysmon_operational/elasticsearch/ingest_pipeline/default.yml

  Lines 9 to 13 in e102b7a

  	- script:
  	description: Remove all empty values from event_data.
  	lang: painless
  	source: ctx.winlog?.event_data?.entrySet().removeIf(entry -> [null, "", "-", "{00000000-0000-0000-0000-000000000000}"].contains(entry.getValue()))
  	if: ctx.winlog?.event_data != null

  in addition to the new null handling
• The final changes also need to be ported to https://github.com/elastic/integrations/blob/e102b7a76d582078aa4754fc227ca3f966736f7d/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security_default.yml and https://github.com/elastic/integrations/blob/e102b7a76d582078aa4754fc227ca3f966736f7d/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security_standard.yml to keep the forwarded data stream in sync

[janvi-elastic]

@marc-gr

• We already have this script of removing empty values in default.yml:
  

  integrations/packages/system/data_stream/security/elasticsearch/ingest_pipeline/default.yml

  Lines 8 to 13 in 967f515

  	- script:
  	tag: remove_empty_values_from_event_data
  	description: Remove all empty values from event_data.
  	lang: painless
  	source: ctx.winlog?.event_data?.entrySet().removeIf(entry -> [null, "", "-", "{00000000-0000-0000-0000-000000000000}"].contains(entry.getValue()))
  	if: ctx.winlog?.event_data instanceof Map

• We will update the forwarded data stream and raise a new PR for windows, once this PR will get merged.

[botelastic]

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

[piyush-elastic]

@marc-gr - If you are done with review, can you help me with your approval please?

[marc-gr]

LGTM just needs to fix the changelog/manifest

[nfritts]

Approving for the linux team... I'm not sure they really have anything to contribute to this PR even though they own a couple of the files.

[janvi-elastic]

LGTM just needs to fix the changelog/manifest

@marc-gr I have fixed the changelog and manifest.

[jamiehynds]

@marc-gr @janvi-elastic is this PR ready for merge yet or still waiting on CI to pass?

[piyush-elastic]

@marc-gr @janvi-elastic is this PR ready for merge yet or still waiting on CI to pass?

@jamiehynds – Everything is done from our side, except for the CI issue, which we aren’t able to fix from our end. @marc-gr Let me know if there’s anything else you’re expecting from us.

[kcreddy]

Everything is done from our side, except for the CI issue, which we aren’t able to fix from our end.

@piyush-elastic, as per the CI error:

test case failed: one or more errors found in documents stored in logs-system.auth-68388 data stream: [0] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1710)
[1] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1721)
[2] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1723)
[3] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 1743)
[4] field "log.syslog.procid"'s Go type, float64, does not match the expected field type: keyword (field value: 26538)

You could ignore numeric fields using numeric_keyword_fields option inside system test config for the failing data stream.
Example.

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 6d51115

History

• 💔 Build #28647 failed 2294e65
• 💔 Build #28638 failed a62fca2
• 💔 Build #28424 failed aeab033
• 💔 Build #28356 failed f390f91
• 💔 Build #28333 failed 90699be

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
98.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)