Skip to content

[BugFix] O365 - Fix OperationCount Mapping #15796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 29, 2025
Merged

[BugFix] O365 - Fix OperationCount Mapping #15796

merged 6 commits into from
Oct 29, 2025

Conversation

@w0rk3r
Copy link
Contributor

@w0rk3r w0rk3r commented Oct 29, 2025

Proposed commit message

Fixes the mapping of the OperationCount field that was modified in https://github.com/elastic/integrations/pull/15699 to be a string.

Summary

This PR fixes the mapping of the OperationCount field to be a long instead of string. The field was modified as part of #15699 to be a string, which breaks the logic that we use in this detection rule. Community Slack user reported that this is causing False Positives.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@w0rk3r w0rk3r self-assigned this Oct 29, 2025
@w0rk3r w0rk3r requested a review from a team as a code owner October 29, 2025 12:18
@w0rk3r w0rk3r added bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 29, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 29, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

w0rk3r
w0rk3r commented Oct 29, 2025
View reviewed changes
@narph
Copy link
Contributor

narph commented Oct 29, 2025

@StacieClark-Elastic, can you have a look here?

andrewkroh
andrewkroh reviewed Oct 29, 2025
View reviewed changes
@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:o365 Microsoft Office 365 labels Oct 29, 2025
andrewkroh
andrewkroh reviewed Oct 29, 2025
View reviewed changes
@w0rk3r w0rk3r requested a review from andrewkroh October 29, 2025 19:03
@w0rk3r w0rk3r requested a review from andrewkroh October 29, 2025 19:28
@elasticmachine
Copy link

elasticmachine commented Oct 29, 2025

💚 Build Succeeded

History

cc @w0rk3r

@w0rk3r w0rk3r merged commit d9f7ac6 into main Oct 29, 2025
7 checks passed
@w0rk3r w0rk3r deleted the fix_opcount_o365 branch October 29, 2025 20:41
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 29, 2025

Package o365 - 2.33.1 containing this change is available at https://epr.elastic.co/package/o365/2.33.1/

tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@w0rk3r @andrewkroh
[BugFix] O365 - Fix OperationCount Mapping (elastic#15796)
4ebd2e4 
* [BugFix] O365 - Fix OperationCount Mapping

* Apply code suggestions

* Update packages/o365/changelog.yml

Co-authored-by: Andrew Kroh <[email protected]>

* Update default.yml

* Update packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Andrew Kroh <[email protected]>

---------

Co-authored-by: Andrew Kroh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@StacieClark-Elastic StacieClark-Elastic StacieClark-Elastic approved these changes

Assignees

@w0rk3r w0rk3r

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:o365 Microsoft Office 365 Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@w0rk3r @elasticmachine @narph @andrewkroh @StacieClark-Elastic