Skip to content

ssi: ensure request trace is off by default#13712

Merged
efd6 merged 2 commits into
elastic:mainfrom
efd6:13710-all
Apr 30, 2025
Merged

ssi: ensure request trace is off by default#13712
efd6 merged 2 commits into
elastic:mainfrom
efd6:13710-all

Conversation

@efd6

@efd6 efd6 commented Apr 29, 2025

Copy link
Copy Markdown
Contributor

Proposed commit message

all: ensure request trace is off by default

The change from truthy to boolean in #13710 resulted in policies with a
null *.tracer.enabled value which is treated as on by the inputs if
there are other *.tracer.* fields set. This change ensures that the value
is false unless altered to be true, fixing behavior in integrations that
have adopted request trace deletion capabilities.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Apr 29, 2025
@efd6 efd6 added the bugfix Pull request that fixes a bug issue label Apr 29, 2025
@efd6 efd6 added Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels Apr 29, 2025
@efd6 efd6 force-pushed the 13710-all branch 2 times, most recently from cfbfac1 to d842ef0 Compare April 29, 2025 05:58
@efd6

efd6 commented Apr 29, 2025

Copy link
Copy Markdown
Contributor Author

/test

@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Apr 29, 2025

Copy link
Copy Markdown

🚀 Benchmarks report

Package abnormal_security 👍(2) 💚(2) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 4629.63 3424.66 -1204.97 (-26.03%) 💔
case 7142.86 5102.04 -2040.82 (-28.57%) 💔

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review April 29, 2025 08:03
@efd6 efd6 requested review from a team as code owners April 29, 2025 08:03
@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@efd6 efd6 requested review from khushijain21 and rdner April 29, 2025 08:03
@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package google_scc - 1.9.1 containing this change is available at https://epr.elastic.co/package/google_scc/1.9.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package google_secops - 1.0.1 containing this change is available at https://epr.elastic.co/package/google_secops/1.0.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package google_workspace - 2.39.1 containing this change is available at https://epr.elastic.co/package/google_workspace/2.39.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package imperva_cloud_waf - 1.11.4 containing this change is available at https://epr.elastic.co/package/imperva_cloud_waf/1.11.4/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package m365_defender - 3.3.1 containing this change is available at https://epr.elastic.co/package/m365_defender/3.3.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package microsoft_defender_endpoint - 2.33.1 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.33.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package microsoft_sentinel - 1.0.1 containing this change is available at https://epr.elastic.co/package/microsoft_sentinel/1.0.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package mimecast - 2.7.3 containing this change is available at https://epr.elastic.co/package/mimecast/2.7.3/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package o365 - 2.14.1 containing this change is available at https://epr.elastic.co/package/o365/2.14.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package okta - 3.6.1 containing this change is available at https://epr.elastic.co/package/okta/3.6.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package prisma_cloud - 3.1.1 containing this change is available at https://epr.elastic.co/package/prisma_cloud/3.1.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package proofpoint_itm - 0.1.1 containing this change is available at https://epr.elastic.co/package/proofpoint_itm/0.1.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package qualys_vmdr - 6.6.1 containing this change is available at https://epr.elastic.co/package/qualys_vmdr/6.6.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package sailpoint_identity_sc - 0.3.1 containing this change is available at https://epr.elastic.co/package/sailpoint_identity_sc/0.3.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package sentinel_one - 1.34.1 containing this change is available at https://epr.elastic.co/package/sentinel_one/1.34.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package servicenow - 0.13.1 containing this change is available at https://epr.elastic.co/package/servicenow/0.13.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package splunk - 0.3.1 containing this change is available at https://epr.elastic.co/package/splunk/0.3.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package sublime_security - 1.8.2 containing this change is available at https://epr.elastic.co/package/sublime_security/1.8.2/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package symantec_endpoint_security - 1.10.2 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.10.2/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package tenable_io - 3.10.1 containing this change is available at https://epr.elastic.co/package/tenable_io/3.10.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package tenable_ot_security - 0.2.1 containing this change is available at https://epr.elastic.co/package/tenable_ot_security/0.2.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package ti_abusech - 2.9.2 containing this change is available at https://epr.elastic.co/package/ti_abusech/2.9.2/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package ti_crowdstrike - 2.4.2 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.4.2/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package ti_domaintools - 0.3.2 containing this change is available at https://epr.elastic.co/package/ti_domaintools/0.3.2/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package ti_threatq - 1.34.1 containing this change is available at https://epr.elastic.co/package/ti_threatq/1.34.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package wiz - 3.1.1 containing this change is available at https://epr.elastic.co/package/wiz/3.1.1/

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package zscaler_zia - 3.10.1 containing this change is available at https://epr.elastic.co/package/zscaler_zia/3.10.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:abnormal_security Abnormal AI Integration:admin_by_request_epm Admin By Request EPM Integration:beyondinsight_password_safe BeyondInsight and Password Safe Integration:beyondtrust_pra BeyondTrust PRA Integration:blacklens blacklens.io (Community supported) Integration:carbon_black_cloud VMware Carbon Black Cloud Integration:cel Custom API using Common Expression Language Integration:checkpoint_email Check Point Harmony Email & Collaboration Integration:cloudflare_logpush Cloudflare Logpush Integration:crowdstrike CrowdStrike Integration:cyberark_epm CyberArk EPM Integration:entityanalytics_okta Okta Entity Analytics Integration:google_scc Google Security Command Center Integration:google_secops Google SecOps Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:m365_defender Microsoft Defender XDR Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:microsoft_sentinel Microsoft Sentinel Integration:mimecast Mimecast (Partner supported) Integration:o365 Microsoft Office 365 Integration:okta Okta Integration:prisma_cloud Palo Alto Prisma Cloud Integration:proofpoint_itm Proofpoint ITM Integration:qualys_vmdr Qualys VMDR Integration:sailpoint_identity_sc Sailpoint Identity Security Cloud Integration:sentinel_one SentinelOne Integration:servicenow ServiceNow Integration:splunk Splunk Integration:sublime_security Sublime Security Integration:symantec_endpoint_security Symantec Endpoint Security Integration:tenable_io Tenable Vulnerability Management Integration:tenable_ot_security Tenable OT Security Integration:ti_abusech abuse.ch Integration:ti_crowdstrike CrowdStrike Falcon Intelligence Integration:ti_domaintools DomainTools Feeds (Partner supported) Integration:ti_threatq ThreatQuotient (Partner supported) Integration:wiz Wiz Integration:zscaler_zia Zscaler Internet Access Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] Enable Request Tracer Defaults to null causing request tracing to be collected

8 participants