Skip to content

Add custom documentation entries for LDAP/HTTP ETW telemetry #636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 11, 2025
Merged

Add custom documentation entries for LDAP/HTTP ETW telemetry #636

merged 1 commit into from
Jun 11, 2025

Conversation

@matthewh-elastic
Copy link
Contributor

@matthewh-elastic matthewh-elastic commented Jun 6, 2025
edited
Loading

Change Summary

Add the following fields for LDAP/WinHTTP/WinINet ETW telemetry:

Endpoint.metrics.system_impact.ldap_client_events.week_idle_ms
Endpoint.metrics.system_impact.ldap_client_events.week_ms
Endpoint.metrics.system_impact.winhttp_events.week_idle_ms
Endpoint.metrics.system_impact.winhttp_events.week_ms
Endpoint.metrics.system_impact.wininet_events.week_idle_ms
Endpoint.metrics.system_impact.wininet_events.week_ms

Release Target

Q/A

For mapping changes:

  • I ran make after making the schema changes, and committed all changes
  • If these field(s) are "exception"-able, I made a companion PR to Kibana adding it (see Readme)
  • If this is a metadata change, I also updated both transform destination schemas to match

For Transform changes:

  • The new transform successfully starts in Kibana
  • The corresponding transform destination schema was updated if necessary

@matthewh-elastic matthewh-elastic requested review from a team as code owners June 6, 2025 11:59
@AsuNa-jp
Copy link
Contributor

AsuNa-jp commented Jun 6, 2025

Thank you for adding metrics for LDAP events!

pzl
pzl approved these changes Jun 9, 2025
View reviewed changes
package/endpoint/manifest.yml
kibana:
version: "^9.1.0"
# See https://github.com/Masterminds/semver#caret-range-comparisons-major for more details on `^` and supported versioning

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this newline is the only reason workflows team was pulled in 😂

approving for the newline!

@gergoabraham gergoabraham removed their request for review June 11, 2025 09:01
@matthewh-elastic matthewh-elastic merged commit 352e4bf into main Jun 11, 2025
4 checks passed
@pzl pzl deleted the matthew/etw_http_ldap branch June 24, 2025 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pzl pzl pzl approved these changes

@AsuNa-jp AsuNa-jp AsuNa-jp approved these changes

@intxgo intxgo intxgo approved these changes

@brian-mckinney brian-mckinney brian-mckinney approved these changes

@ashokaditya ashokaditya Awaiting requested review from ashokaditya ashokaditya is a code owner automatically assigned from elastic/security-defend-workflows

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@matthewh-elastic @AsuNa-jp @pzl @intxgo @brian-mckinney