symantec_endpoint_security: handle non-map raw data values (#10630)

elastic · Jul 30, 2024 · 5c1373d · 5c1373d
1 parent b8d328c
commit 5c1373d
Show file tree

Hide file tree

Showing 5 changed files with 291 additions and 1 deletion.
diff --git a/packages/symantec_endpoint_security/changelog.yml b/packages/symantec_endpoint_security/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.3.1"
+  changes:
+    - description: Improve handling of scalar `raw_data` field values.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10630
 - version: "0.3.0"
   changes:
     - description: Merge Symantec EDR Cloud into Symantec Endpoint Security.

diff --git a/...symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-scalar-flattened.log b/...symantec_endpoint_security/data_stream/event/_dev/test/pipeline/test-scalar-flattened.log
@@ -0,0 +1,2 @@
+{"category_id":1,"count":1,"device_end_time":1721812942435,"device_ip":"192.168.100.100","device_location":{"desc":"Default","on_premises":false },"device_time":1721812956826,"feature_name":"COMPLIANCE","feature_uid":"123E4567-E89B-12D3-A456-426614174000","id":1,"message":"Host Integrity check passed\n  Requirement:\"Symantec Definition up-to-date?\" passed\n","policy":{"name":"Default Host Integrity","uid":"123e4567-e89b-12d3-a456-426614174001","version":"3"},"raw_data":"46563D312E300A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D73746172740A433D61765F7369676E61747572655F6F6B5E533D706173735E543D2253796D616E74656320456E64706F696E742050726F74656374696F6E220A433D74696D657374616D705F6F6B5E543D22436865636B2054696D657374616D70225E533D706173730A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D70617373","scan_end":1721812942435,"scan_start":1721812942435,"scan_type_id":2,"scan_uid":"123E4567E89B12D3A456426614174002","severity_id":1,"subfeature_name":"Host Integrity","type":"HOST_COMPLIANCE_SCAN","type_id":8070,"version":"1.0","composite":2,"device_domain":"example.com","device_group":"Default/Example/XXX-US-Example","device_name":"DESKTOP-EXAMPLE","device_networks":[{"ipv4":"192.168.100.101","ipv6":"fe80::26a3:da5d:4c46:523d","mac":"00:05:9A:3C:7A:00"}],"device_os_name":"Windows 11 Professional Edition","device_uid":"123e4567E89b12d3a45642","org_unit_uid":"123e4567s_E89be89be89Q","product_data":{"sep_domain_uid":"","sep_hw_uid":"123E4567E89B12D3A456426614174005"},"product_name":"Symantec Endpoint Security","product_uid":"123E4567-E89B-12D3-A456-426614174006","product_ver":"14.3.11216.9000","stic_hw_uid":"123E4567-E89B-12D3-A456-426614174007","stic_uid":"123E4567-E89B-12D3-A456-426614174008","timezone":-120,"user_name":"user123456","customer_uid":"123e4567e89b12d3a45642","device_public_ip":"81.2.69.144","domain_uid":"123e4567e89b12d3a45642","user":{"name":"user123456"},"device_os_type_id":100,"time":"2024-07-24T09:22:36.826Z","end_time":"2024-07-24T09:22:22.435Z","log_time":"2024-07-24T09:22:43.530Z","uuid":"8070:123e4567-e89b-12d3-a456-426614174011"}
+{"category_id":1,"count":1,"device_end_time":1721812942435,"device_ip":"192.168.100.100","device_location":{"desc":"Default","on_premises":false },"device_time":1721812956826,"feature_name":"COMPLIANCE","feature_uid":"123E4567-E89B-12D3-A456-426614174000","id":1,"message":"Host Integrity check passed\n  Requirement:\"Symantec Definition up-to-date?\" passed\n","policy":{"name":"Default Host Integrity","uid":"123e4567-e89b-12d3-a456-426614174001","version":"3"},"raw_data":["46563D312E300A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D73746172740A433D61765F7369676E61747572655F6F6B5E533D706173735E543D2253796D616E74656320456E64706F696E742050726F74656374696F6E220A433D74696D657374616D705F6F6B5E543D22436865636B2054696D657374616D70225E533D706173730A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D70617373"],"scan_end":1721812942435,"scan_start":1721812942435,"scan_type_id":2,"scan_uid":"123E4567E89B12D3A456426614174002","severity_id":1,"subfeature_name":"Host Integrity","type":"HOST_COMPLIANCE_SCAN","type_id":8070,"version":"1.0","composite":2,"device_domain":"example.com","device_group":"Default/Example/XXX-US-Example","device_name":"DESKTOP-EXAMPLE","device_networks":[{"ipv4":"192.168.100.101","ipv6":"fe80::26a3:da5d:4c46:523d","mac":"00:05:9A:3C:7A:00"}],"device_os_name":"Windows 11 Professional Edition","device_uid":"123e4567E89b12d3a45642","org_unit_uid":"123e4567s_E89be89be89Q","product_data":{"sep_domain_uid":"","sep_hw_uid":"123E4567E89B12D3A456426614174005"},"product_name":"Symantec Endpoint Security","product_uid":"123E4567-E89B-12D3-A456-426614174006","product_ver":"14.3.11216.9000","stic_hw_uid":"123E4567-E89B-12D3-A456-426614174007","stic_uid":"123E4567-E89B-12D3-A456-426614174008","timezone":-120,"user_name":"user123456","customer_uid":"123e4567e89b12d3a45642","device_public_ip":"81.2.69.144","domain_uid":"123e4567e89b12d3a45642","user":{"name":"user123456"},"device_os_type_id":100,"time":"2024-07-24T09:22:36.826Z","end_time":"2024-07-24T09:22:22.435Z","log_time":"2024-07-24T09:22:43.530Z","uuid":"8070:123e4567-e89b-12d3-a456-426614174011"}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		{"category_id":1,"count":1,"device_end_time":1721812942435,"device_ip":"192.168.100.100","device_location":{"desc":"Default","on_premises":false },"device_time":1721812956826,"feature_name":"COMPLIANCE","feature_uid":"123E4567-E89B-12D3-A456-426614174000","id":1,"message":"Host Integrity check passed\n Requirement:\"Symantec Definition up-to-date?\" passed\n","policy":{"name":"Default Host Integrity","uid":"123e4567-e89b-12d3-a456-426614174001","version":"3"},"raw_data":"46563D312E300A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D73746172740A433D61765F7369676E61747572655F6F6B5E533D706173735E543D2253796D616E74656320456E64706F696E742050726F74656374696F6E220A433D74696D657374616D705F6F6B5E543D22436865636B2054696D657374616D70225E533D706173730A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D70617373","scan_end":1721812942435,"scan_start":1721812942435,"scan_type_id":2,"scan_uid":"123E4567E89B12D3A456426614174002","severity_id":1,"subfeature_name":"Host Integrity","type":"HOST_COMPLIANCE_SCAN","type_id":8070,"version":"1.0","composite":2,"device_domain":"example.com","device_group":"Default/Example/XXX-US-Example","device_name":"DESKTOP-EXAMPLE","device_networks":[{"ipv4":"192.168.100.101","ipv6":"fe80::26a3:da5d:4c46:523d","mac":"00:05:9A:3C:7A:00"}],"device_os_name":"Windows 11 Professional Edition","device_uid":"123e4567E89b12d3a45642","org_unit_uid":"123e4567s_E89be89be89Q","product_data":{"sep_domain_uid":"","sep_hw_uid":"123E4567E89B12D3A456426614174005"},"product_name":"Symantec Endpoint Security","product_uid":"123E4567-E89B-12D3-A456-426614174006","product_ver":"14.3.11216.9000","stic_hw_uid":"123E4567-E89B-12D3-A456-426614174007","stic_uid":"123E4567-E89B-12D3-A456-426614174008","timezone":-120,"user_name":"user123456","customer_uid":"123e4567e89b12d3a45642","device_public_ip":"81.2.69.144","domain_uid":"123e4567e89b12d3a45642","user":{"name":"user123456"},"device_os_type_id":100,"time":"2024-07-24T09:22:36.826Z","end_time":"2024-07-24T09:22:22.435Z","log_time":"2024-07-24T09:22:43.530Z","uuid":"8070:123e4567-e89b-12d3-a456-426614174011"}
		{"category_id":1,"count":1,"device_end_time":1721812942435,"device_ip":"192.168.100.100","device_location":{"desc":"Default","on_premises":false },"device_time":1721812956826,"feature_name":"COMPLIANCE","feature_uid":"123E4567-E89B-12D3-A456-426614174000","id":1,"message":"Host Integrity check passed\n Requirement:\"Symantec Definition up-to-date?\" passed\n","policy":{"name":"Default Host Integrity","uid":"123e4567-e89b-12d3-a456-426614174001","version":"3"},"raw_data":["46563D312E300A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D73746172740A433D61765F7369676E61747572655F6F6B5E533D706173735E543D2253796D616E74656320456E64706F696E742050726F74656374696F6E220A433D74696D657374616D705F6F6B5E543D22436865636B2054696D657374616D70225E533D706173730A523D2253796D616E74656320446566696E6974696F6E2075702D746F2D646174653F225E533D70617373"],"scan_end":1721812942435,"scan_start":1721812942435,"scan_type_id":2,"scan_uid":"123E4567E89B12D3A456426614174002","severity_id":1,"subfeature_name":"Host Integrity","type":"HOST_COMPLIANCE_SCAN","type_id":8070,"version":"1.0","composite":2,"device_domain":"example.com","device_group":"Default/Example/XXX-US-Example","device_name":"DESKTOP-EXAMPLE","device_networks":[{"ipv4":"192.168.100.101","ipv6":"fe80::26a3:da5d:4c46:523d","mac":"00:05:9A:3C:7A:00"}],"device_os_name":"Windows 11 Professional Edition","device_uid":"123e4567E89b12d3a45642","org_unit_uid":"123e4567s_E89be89be89Q","product_data":{"sep_domain_uid":"","sep_hw_uid":"123E4567E89B12D3A456426614174005"},"product_name":"Symantec Endpoint Security","product_uid":"123E4567-E89B-12D3-A456-426614174006","product_ver":"14.3.11216.9000","stic_hw_uid":"123E4567-E89B-12D3-A456-426614174007","stic_uid":"123E4567-E89B-12D3-A456-426614174008","timezone":-120,"user_name":"user123456","customer_uid":"123e4567e89b12d3a45642","device_public_ip":"81.2.69.144","domain_uid":"123e4567e89b12d3a45642","user":{"name":"user123456"},"device_os_type_id":100,"time":"2024-07-24T09:22:36.826Z","end_time":"2024-07-24T09:22:22.435Z","log_time":"2024-07-24T09:22:43.530Z","uuid":"8070:123e4567-e89b-12d3-a456-426614174011"}