Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Cherry-pick #10500 to 6.x: System module: Add entity_id fields #10570

Merged
merged 1 commit into from
Feb 5, 2019
Merged

[Auditbeat] Cherry-pick #10500 to 6.x: System module: Add entity_id fields #10570

merged 1 commit into from
Feb 5, 2019

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented Feb 5, 2019

Cherry-pick of PR #10500 to 6.x branch. Original message:

Implements {entity}.entity_id as a SHA-256 hash as proposed in #10463.

The new fields and what goes in the hash:

Field Hash components
system.audit.package.entity_id host.id + name + version
process.entity_id host.id + PID + StartTime
socket.entity_id host.id + inode + LocalIP + RemoteIP + LocalPort + RemotePort
user.entity_id host.id + UID + username

Note: socket is a net new top-level object, I just didn't see where else to put it. Open to suggestions.

host.id is retrieved when the system module is created and stored so the individual datasets don't have to re-fetch it. It's exposed to all through a new SystemMetricSet.

Closes #10463.

[Auditbeat] System module: Add entity_id fields (elastic#10500)
6e9d392 
Implements `{entity}.entity_id` as a SHA-256 hash as proposed in elastic#10463.

Closes elastic#10463.

(cherry picked from commit c047ef7)
@cwurm cwurm changed the title Cherry-pick #10500 to 6.x: [Auditbeat] System module: Add entity_id fields [Auditbeat] Cherry-pick #10500 to 6.x: System module: Add entity_id fields Feb 5, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

@cwurm cwurm requested a review from a team February 5, 2019 14:26
tsg
tsg approved these changes Feb 5, 2019
View reviewed changes
Copy link
Contributor

@tsg tsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport looks good.

webmat
webmat approved these changes Feb 5, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cwurm cwurm merged commit f7c44b1 into elastic:6.x Feb 5, 2019
@cwurm cwurm deleted the backport_10500_6.x branch February 5, 2019 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@tsg tsg tsg approved these changes

@webmat webmat webmat approved these changes

Assignees
No one assigned
Labels
Auditbeat backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cwurm @elasticmachine @webmat @tsg @houndci-bot