Skip to content

aws: fix handling of last response body in guardduty data stream #14525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 16, 2025
Merged

aws: fix handling of last response body in guardduty data stream #14525

merged 1 commit into from
Jul 16, 2025

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Jul 14, 2025
edited
Loading

Proposed commit message

aws: fix handling of last response body in guardduty data stream

The previous code would access .last_response.body.findings and assess
its size. However, is the findings field is not present, which is
expected in the first part of the chain, the template fails with a map
look-up error. Instead, use the index helper to allow us to more gently
probe for the presence of the field, only preceeding if it is non-zero.
This does not fix the issue, but does allow us to handle it by logic
changes in the input.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jul 14, 2025
@efd6 efd6 added Integration:aws AWS bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 14, 2025
@efd6 efd6 force-pushed the 14491-aws branch 2 times, most recently from 11fe4a5 to d3967f7 Compare July 14, 2025 06:34
@efd6 efd6 mentioned this pull request Jul 14, 2025
Merged
6 tasks
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jul 14, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review July 14, 2025 21:53
@efd6 efd6 requested review from a team as code owners July 14, 2025 21:53
@elasticmachine
Copy link

elasticmachine commented Jul 14, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

This was referenced Jul 15, 2025
Merged
Merged
Merged
@efd6
aws: fix handling of last response body in guardduty data stream
b810cb5 
The previous code would access .last_response.body.findings and assess
its size. However, is the findings field is not present, which is
expected in the first part of the chain, the template fails with a map
look-up error. Instead, use the index helper to allow us to more gently
probe for the presence of the field, only preceeding if it is non-zero.
This does not fix the issue, but does allow us to handle it by logic
changes in the input.
@elasticmachine
Copy link

elasticmachine commented Jul 16, 2025

💚 Build Succeeded

History

cc @efd6

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jul 16, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6 efd6 merged commit fe60a72 into elastic:main Jul 16, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jul 16, 2025

Package aws - 3.13.1 containing this change is available at https://epr.elastic.co/package/aws/3.13.1/

@navnit-elastic navnit-elastic mentioned this pull request Jul 30, 2025
Merged
5 tasks
kcreddy added a commit that referenced this pull request Aug 19, 2025
@kcreddy
{m365_defender,microsoft_defender_endpoint}: Add mapping and transfor…
b40b443 
…m for CDR workflows (#14809)

Add support for CDR Cloud Native Vulnerability Management (CNVM)[1] workflow by 
adding necessary mappings and latest transform.

Also fixes agent degradation from httpjson's empty cursor happening in 
log data stream using "ignore_empty_value". Similar to [2].

[1] https://www.elastic.co/guide/en/security/current/vuln-management-overview.html
[2] #14525
@efd6 efd6 mentioned this pull request Oct 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6 @elasticmachine @chemamartinez