Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] fim(ebpf): enrich file events with container id #38328

Merged
merged 2 commits into from
Apr 8, 2024
Merged

[Auditbeat] fim(ebpf): enrich file events with container id #38328

merged 2 commits into from
Apr 8, 2024

Conversation

mmat11
Copy link
Contributor

@mmat11 mmat11 commented Mar 14, 2024
edited by pkoutsovasilis
Loading

Proposed commit message

fim(ebpf): enrich file events with container id

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

Related issues

elastic/integrations#7401

Screenshot

image

@mmat11 mmat11 requested review from a team as code owners March 14, 2024 14:15
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 14, 2024
@mmat11 mmat11 added the Team:Security-Linux Platform Linux Platform Team in Security Solution label Mar 14, 2024
@mergify mergify bot assigned mmat11 Mar 14, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 14, 2024
@pkoutsovasilis pkoutsovasilis mentioned this pull request Apr 3, 2024
Closed
7 tasks
@mmat11 mmat11 requested review from a team as code owners April 3, 2024 21:05
@mmat11 mmat11 requested review from ycombinator and leehinman and removed request for a team April 3, 2024 21:05
@pkoutsovasilis pkoutsovasilis force-pushed the matt/fim-user-data branch 2 times, most recently from bd4cf98 to e37a6d3 Compare April 4, 2024 18:53
Base automatically changed from matt/fim-user-data to main April 5, 2024 10:19
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from mergify bot Apr 5, 2024
@elastic elastic deleted a comment from mergify bot Apr 5, 2024
@elastic elastic deleted a comment from mergify bot Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elastic elastic deleted a comment from elasticmachine Apr 5, 2024
@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 5, 2024
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 178 min 54 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@pkoutsovasilis
Copy link
Contributor

/test

@pkoutsovasilis
Copy link
Contributor

run docs-build

nicholasberlin
nicholasberlin approved these changes Apr 5, 2024
View reviewed changes
Copy link
Contributor

@nicholasberlin nicholasberlin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, but otherwise, LGTM

auditbeat/module/file_integrity/event.go Show resolved Hide resolved
@pkoutsovasilis pkoutsovasilis added the backport-v8.13.0 Automated backport with mergify label Apr 8, 2024
@pkoutsovasilis pkoutsovasilis mentioned this pull request Apr 8, 2024
Closed
@pkoutsovasilis pkoutsovasilis self-assigned this Apr 8, 2024
@pkoutsovasilis pkoutsovasilis merged commit 5b0b682 into main Apr 8, 2024
120 checks passed
@pkoutsovasilis pkoutsovasilis deleted the matt/fim-container-id branch April 8, 2024 17:40
mergify bot pushed a commit that referenced this pull request Apr 8, 2024
@mmat11 @mergify
[Auditbeat] fim(ebpf): enrich file events with container id (#38328)
7a6f79d 
* fim(ebpf): enrich file events with container id

* fix(fim/ebpf): make container id event field ecs-compliant

---------

Co-authored-by: Panos Koutsovasilis <[email protected]>
(cherry picked from commit 5b0b682)

# Conflicts:
#	NOTICE.txt
#	auditbeat/module/file_integrity/event.go
#	auditbeat/module/file_integrity/event_linux.go
#	auditbeat/module/file_integrity/event_linux_test.go
#	go.mod
#	go.sum
@mergify mergify bot mentioned this pull request Apr 8, 2024
Merged
7 tasks
@pkoutsovasilis pkoutsovasilis mentioned this pull request Apr 8, 2024
Merged
7 tasks
pkoutsovasilis pushed a commit that referenced this pull request Apr 9, 2024
@mmat11 @pkoutsovasilis
[Auditbeat] fim(ebpf): enrich file events with container id (#38328)
e37f947
pkoutsovasilis added a commit that referenced this pull request Apr 9, 2024
@mergify @mmat11 @pkoutsovasilis
[8.13](backport #38328) [Auditbeat] fim(ebpf): enrich file events wit…
2be40fd 
…h container id (#38775)

* [Auditbeat] fim(ebpf): enrich file events with container id (#38328)

* doc: remove irrelevant changes from CHANGELOG.next.asciidoc

---------

Co-authored-by: Mattia Meleleo <[email protected]>
Co-authored-by: Panos Koutsovasilis <[email protected]>
@mergify mergify bot mentioned this pull request Apr 13, 2024
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkoutsovasilis pkoutsovasilis pkoutsovasilis left review comments

@nicholasberlin nicholasberlin nicholasberlin approved these changes

@cmacknz cmacknz cmacknz approved these changes

@ycombinator ycombinator Awaiting requested review from ycombinator ycombinator was automatically assigned from elastic/elastic-agent-data-plane

@leehinman leehinman Awaiting requested review from leehinman leehinman was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@mmat11 mmat11

@pkoutsovasilis pkoutsovasilis

Labels
backport-v8.13.0 Automated backport with mergify enhancement Team:Security-Linux Platform Linux Platform Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mmat11 @elasticmachine @pkoutsovasilis @cmacknz @nicholasberlin