[Netskope] Add support to handle null values in ip field and handle failure in uri_parts processor applied on url #3621
Assignees
Labels
Comments
darshan-elastic
added
enhancement
darshan-elastic
changed the title
4 tasks
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
andrewkroh
pushed a commit
that referenced
this issue
Jul 19, 2022
This commit adds support of handling null values in ip fields and failure in uri_parts processor. Fixes #3621 * Updated *.url fields from flattened to specific fields
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem statement:
Netskope events data is getting dropped when ip fields are having null values. When uri_parts processor is applied on url field and url field contains url without protocol in it, then data is getting dropped.
Describe the enhancement:
Data received from newer version of Netskope CLS, it is found that ip field are having null values because of which ip processor applied on that field is getting failed and so data is getting dropped. So there is a need to handle null values when received for the field source.ip, destination.ip and user.ip. There is a need to handle the failure in uri_parts processor when url field contains url without protocol in it.
The text was updated successfully, but these errors were encountered: