Skip to content

ssi: ensure request trace is off by default #13712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 30, 2025
Merged

ssi: ensure request trace is off by default #13712

merged 2 commits into from
Apr 30, 2025

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Apr 29, 2025
edited
Loading

Proposed commit message

all: ensure request trace is off by default

The change from truthy to boolean in #13710 resulted in policies with a
null *.tracer.enabled value which is treated as on by the inputs if
there are other *.tracer.* fields set. This change ensures that the value
is false unless altered to be true, fixing behavior in integrations that
have adopted request trace deletion capabilities.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Apr 29, 2025
@efd6 efd6 added the bugfix Pull request that fixes a bug issue label Apr 29, 2025
@efd6 efd6 added Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels Apr 29, 2025
@efd6 efd6 force-pushed the 13710-all branch 2 times, most recently from cfbfac1 to d842ef0 Compare April 29, 2025 05:58
@efd6
Copy link
Contributor Author

efd6 commented Apr 29, 2025

/test

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Apr 29, 2025
edited
Loading

🚀 Benchmarks report

Package abnormal_security 👍(2) 💚(2) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 4629.63 3424.66 -1204.97 (-26.03%) 💔
case 7142.86 5102.04 -2040.82 (-28.57%) 💔

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review April 29, 2025 08:03
@efd6 efd6 requested review from a team as code owners April 29, 2025 08:03
@elasticmachine
Copy link

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@efd6 efd6 requested review from rdner and khushijain21 April 29, 2025 08:03
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine
Copy link

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@elastic-vault-github-plugin-prod
Copy link

Package crowdstrike - 1.63.1 containing this change is available at https://epr.elastic.co/package/crowdstrike/1.63.1/

@elastic-vault-github-plugin-prod
Copy link

Package cyberark_epm - 0.2.1 containing this change is available at https://epr.elastic.co/package/cyberark_epm/0.2.1/

@elastic-vault-github-plugin-prod
Copy link

Package entityanalytics_okta - 2.2.1 containing this change is available at https://epr.elastic.co/package/entityanalytics_okta/2.2.1/

@elastic-vault-github-plugin-prod
Copy link

Package google_scc - 1.9.1 containing this change is available at https://epr.elastic.co/package/google_scc/1.9.1/

@elastic-vault-github-plugin-prod
Copy link

Package google_secops - 1.0.1 containing this change is available at https://epr.elastic.co/package/google_secops/1.0.1/

@elastic-vault-github-plugin-prod
Copy link

Package google_workspace - 2.39.1 containing this change is available at https://epr.elastic.co/package/google_workspace/2.39.1/

@elastic-vault-github-plugin-prod
Copy link

Package imperva_cloud_waf - 1.11.4 containing this change is available at https://epr.elastic.co/package/imperva_cloud_waf/1.11.4/

@elastic-vault-github-plugin-prod
Copy link

Package m365_defender - 3.3.1 containing this change is available at https://epr.elastic.co/package/m365_defender/3.3.1/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_defender_endpoint - 2.33.1 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.33.1/

@elastic-vault-github-plugin-prod
Copy link

Package microsoft_sentinel - 1.0.1 containing this change is available at https://epr.elastic.co/package/microsoft_sentinel/1.0.1/

@elastic-vault-github-plugin-prod
Copy link

Package mimecast - 2.7.3 containing this change is available at https://epr.elastic.co/package/mimecast/2.7.3/

@elastic-vault-github-plugin-prod
Copy link

Package o365 - 2.14.1 containing this change is available at https://epr.elastic.co/package/o365/2.14.1/

@elastic-vault-github-plugin-prod
Copy link

Package okta - 3.6.1 containing this change is available at https://epr.elastic.co/package/okta/3.6.1/

@elastic-vault-github-plugin-prod
Copy link

Package prisma_cloud - 3.1.1 containing this change is available at https://epr.elastic.co/package/prisma_cloud/3.1.1/

@elastic-vault-github-plugin-prod
Copy link

Package proofpoint_itm - 0.1.1 containing this change is available at https://epr.elastic.co/package/proofpoint_itm/0.1.1/

@elastic-vault-github-plugin-prod
Copy link

Package qualys_vmdr - 6.6.1 containing this change is available at https://epr.elastic.co/package/qualys_vmdr/6.6.1/

@elastic-vault-github-plugin-prod
Copy link

Package sailpoint_identity_sc - 0.3.1 containing this change is available at https://epr.elastic.co/package/sailpoint_identity_sc/0.3.1/

@elastic-vault-github-plugin-prod
Copy link

Package sentinel_one - 1.34.1 containing this change is available at https://epr.elastic.co/package/sentinel_one/1.34.1/

@elastic-vault-github-plugin-prod
Copy link

Package servicenow - 0.13.1 containing this change is available at https://epr.elastic.co/package/servicenow/0.13.1/

@elastic-vault-github-plugin-prod
Copy link

Package splunk - 0.3.1 containing this change is available at https://epr.elastic.co/package/splunk/0.3.1/

@elastic-vault-github-plugin-prod
Copy link

Package sublime_security - 1.8.2 containing this change is available at https://epr.elastic.co/package/sublime_security/1.8.2/

@elastic-vault-github-plugin-prod
Copy link

Package symantec_endpoint_security - 1.10.2 containing this change is available at https://epr.elastic.co/package/symantec_endpoint_security/1.10.2/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_io - 3.10.1 containing this change is available at https://epr.elastic.co/package/tenable_io/3.10.1/

@elastic-vault-github-plugin-prod
Copy link

Package tenable_ot_security - 0.2.1 containing this change is available at https://epr.elastic.co/package/tenable_ot_security/0.2.1/

@elastic-vault-github-plugin-prod
Copy link

Package ti_abusech - 2.9.2 containing this change is available at https://epr.elastic.co/package/ti_abusech/2.9.2/

@elastic-vault-github-plugin-prod
Copy link

Package ti_crowdstrike - 2.4.2 containing this change is available at https://epr.elastic.co/package/ti_crowdstrike/2.4.2/

@elastic-vault-github-plugin-prod
Copy link

Package ti_domaintools - 0.3.2 containing this change is available at https://epr.elastic.co/package/ti_domaintools/0.3.2/

@elastic-vault-github-plugin-prod
Copy link

Package ti_threatq - 1.34.1 containing this change is available at https://epr.elastic.co/package/ti_threatq/1.34.1/

@elastic-vault-github-plugin-prod
Copy link

Package wiz - 3.1.1 containing this change is available at https://epr.elastic.co/package/wiz/3.1.1/

@elastic-vault-github-plugin-prod
Copy link

Package zscaler_zia - 3.10.1 containing this change is available at https://epr.elastic.co/package/zscaler_zia/3.10.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmoog zmoog zmoog approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

@kcreddy kcreddy kcreddy approved these changes

@taylor-swanson taylor-swanson taylor-swanson approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

@rdner rdner Awaiting requested review from rdner rdner was automatically assigned from elastic/elastic-agent-data-plane

@khushijain21 khushijain21 Awaiting requested review from khushijain21 khushijain21 was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@efd6 efd6

Labels
bugfix Pull request that fixes a bug issue Integration:abnormal_security Abnormal Security Integration:admin_by_request_epm Admin By Request EPM Integration:beyondinsight_password_safe BeyondInsight and Password Safe Integration:beyondtrust_pra BeyondTrust PRA Integration:blacklens blacklens.io (Community supported) Integration:carbon_black_cloud VMware Carbon Black Cloud Integration:cel Custom API using Common Expression Language Integration:checkpoint_email Check Point Harmony Email & Collaboration Integration:cloudflare_logpush Cloudflare Logpush Integration:crowdstrike CrowdStrike Integration:cyberark_epm CyberArk EPM Integration:entityanalytics_okta Okta Entity Analytics Integration:google_scc Google Security Command Center Integration:google_secops Google SecOps Integration:google_workspace Google Workspace Integration:imperva_cloud_waf Imperva Cloud WAF Integration:m365_defender Microsoft M365 Defender Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Integration:microsoft_sentinel Microsoft Sentinel Integration:mimecast Mimecast (Partner supported) Integration:o365 Microsoft Office 365 Integration:okta Okta Integration:prisma_cloud Palo Alto Prisma Cloud Integration:proofpoint_itm Proofpoint ITM Integration:qualys_vmdr Qualys VMDR Integration:sailpoint_identity_sc Sailpoint Identity Security Cloud Integration:sentinel_one SentinelOne Integration:servicenow ServiceNow Integration:splunk Splunk Integration:sublime_security Sublime Security Integration:symantec_endpoint_security Symantec Endpoint Security Integration:tenable_io Tenable Vulnerability Management Integration:tenable_ot_security Tenable OT Security Integration:ti_abusech AbuseCH Integration:ti_crowdstrike CrowdStrike Falcon Intelligence Integration:ti_domaintools DomainTools Real Time Unified Feeds (Partner supported) Integration:ti_threatq ThreatQuotient (Partner supported) Integration:wiz Wiz Integration:zscaler_zia Zscaler Internet Access Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Enable Request Tracer Defaults to null causing request tracing to be collected
8 participants
@efd6 @elasticmachine @ishleenk17 @zmoog @andrewkroh @kcreddy @taylor-swanson @pierrehilbert