Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-pick #21325 to 7.11: [Winlogbeat] Add IP validation to Security module #23365

Merged
merged 1 commit into from
Jan 6, 2021

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Jan 5, 2021

Cherry-pick of PR #21325 to 7.11 branch. Original message:

What does this PR do?

For event 4778 (A session was reconnected to a Window Station) the winlog.event_data.ClientAddress
could be "LOCAL" which is obviosuly not a valid IP so we don't want to copy it into source.ip in that case.

Why is it important?

This bug can causes mapping exceptions.

Checklist

  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jan 5, 2021
For event 4778 (A session was reconnected to a Window Station) the `winlog.event_data.ClientAddress`
could be "LOCAL" which is obviosuly not a valid IP so we don't want to copy it into `source.ip` in that case.

Fixes elastic#19627

(cherry picked from commit 8c992c5)
@andrewkroh andrewkroh force-pushed the backport_21325_7.11 branch from 148c884 to 89a4a0e Compare January 5, 2021 17:54
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 5, 2021

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #23365 updated

  • Start Time: 2021-01-05T17:55:27.206+0000

  • Duration: 21 min 33 sec

Test stats 🧪

Test Results
Failed 0
Passed 92
Skipped 0
Total 92

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 92
Skipped 0
Total 92

@andrewkroh andrewkroh merged commit b7e3d9b into elastic:7.11 Jan 6, 2021
@zube zube bot removed the [zube]: Done label Apr 6, 2021
@andrewkroh andrewkroh deleted the backport_21325_7.11 branch January 14, 2022 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants