Skip to content

ti_misp: Fix ECS date mapping on threat fields. #10638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 30, 2024
Merged

ti_misp: Fix ECS date mapping on threat fields. #10638

merged 2 commits into from
Jul 30, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Jul 29, 2024
edited
Loading

Proposed commit message

Fix ECS date mapping for threat fields.

ecs@mappings component template is missing threat fields 
mapped as date. Example: fields such as first_seen, last_seen, 
modified_at are being mapped as keyword in transform's source 
datastream-backed indices. The transform's destination indices
are not effected as they are not datastream-backed and mappings
are explicitly defined as date. This causes field type conflicts.

   - Explicitly add ECS threat fields that are of type date into 
     source data-stream backed fields.

   - Fix first_seen, last_seen date processors with microseconds.

   - Add missing first_seen, last_seen fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@kcreddy kcreddy added Integration:ti_misp MISP bugfix Pull request that fixes a bug issue labels Jul 29, 2024
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
71.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

@kcreddy kcreddy marked this pull request as ready for review July 29, 2024 14:12
@kcreddy kcreddy requested a review from a team as a code owner July 29, 2024 14:12
@kcreddy kcreddy added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jul 29, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@kcreddy kcreddy merged commit b8d328c into elastic:main Jul 30, 2024
4 of 5 checks passed
@elasticmachine
Copy link

Package ti_misp - 1.35.1 containing this change is available at https://epr.elastic.co/search?package=ti_misp

This was referenced Aug 1, 2024
Closed
Merged
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@kcreddy
ti_misp: Fix ECS date mapping on threat fields. (elastic#10638)
5fa13a6 
Fix ECS date mapping for threat fields.

ecs@mappings component template is missing threat fields 
mapped as date. Example: fields such as first_seen, last_seen, 
modified_at are being mapped as keyword in transform's source 
datastream-backed indices. The transform's destination indices
are not effected as they are not datastream-backed and mappings
are explicitly defined as date. This causes field type conflicts.

   - Explicitly add ECS threat fields that are of type date into 
     source data-stream backed fields.

   - Fix first_seen, last_seen date processors with microseconds.

   - Add missing first_seen, last_seen fields.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@kcreddy
ti_misp: Fix ECS date mapping on threat fields. (elastic#10638)
8cde581 
Fix ECS date mapping for threat fields.

ecs@mappings component template is missing threat fields 
mapped as date. Example: fields such as first_seen, last_seen, 
modified_at are being mapped as keyword in transform's source 
datastream-backed indices. The transform's destination indices
are not effected as they are not datastream-backed and mappings
are explicitly defined as date. This causes field type conflicts.

   - Explicitly add ECS threat fields that are of type date into 
     source data-stream backed fields.

   - Fix first_seen, last_seen date processors with microseconds.

   - Add missing first_seen, last_seen fields.
@kcreddy kcreddy deleted the ti_misp_ecs_date branch February 7, 2025 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
bugfix Pull request that fixes a bug issue Integration:ti_misp MISP Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kcreddy @elasticmachine @efd6