Add additional fields to beaconing and fix alert issues #16706
Conversation
susan-shu-c
changed the title
susan-shu-c
changed the title
andrewkroh
added
Integration:beaconing
|
Pinging @elastic/sec-applied-ml (Team:Security-Applied ML) |
|
@elastic/kibana-management Can someone from your team review the transform changes? I mentioned @alisonelizabeth that we’ll add your team as CODEOWNERS and attempted to add the team to the CODEOWNERS file, but it seems the team doesn’t currently have write access to this repository, so we’re unable to add it at this time. |
| field: "@timestamp" | ||
| _meta: | ||
| fleet_transform_version: 1.2.4 | ||
| fleet_transform_version: 1.3.0 |
There was a problem hiding this comment.
This is so confusing and difficult to maintain.
There was a problem hiding this comment.
That's true... I followed semantic versioning like the package version, the package version was bumped a minor version 1.3.3 -> 1.4.0 so I bumped it here too in the same manner 1.2.4 -> 1.3.0 instead of to 1.2.5, but either way it's really confusing 😔
There was a problem hiding this comment.
Should we change it to 1.4.0 to match the destination index? Tbh, it can cause confusion as ideally you'd want your transform version to match your index.
There was a problem hiding this comment.
Good point, might as well - updated!
There was a problem hiding this comment.
But noting that previously the fleet transform version 1.2.4 (previous) doesn't match the destination index 1.3.3 (previous); rather, the destination index 1.3.3 matches the package version 1.3.3, while the fleet transform version was independent
susan-shu-c
force-pushed
the
add-beaconing-fields
branch
from
bb1602d to
426d9d0
Compare
susan-shu-c
force-pushed
the
add-beaconing-fields
branch
from
426d9d0 to
703c730
Compare
💚 Build Succeeded
History
|
Proposed commit message
Add additional fields to beaconing and fix alert issues
Checklist
changelog.ymlfile.How to test this PR locally
(In the beaconing directory)
Related issues
Screenshots