[qualys_was] Added scripts to convert doubles to long. Added terminate Processor. Added IDs to web app tag list #14322
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StacieClark-Elastic
added
breaking change
Team:Security-Service Integrations
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
efd6
reviewed
Jun 25, 2025
packages/qualys_was/changelog.yml
Outdated
Comment on lines
5
to
7
| Explicitly cast all long fields to long in case CEL sends them as doubles | ||
| Add terminate processor at start of default.yml | ||
| Changed web app tags from list of names to list of tag objects with name and id |
There was a problem hiding this comment.
Suggested change
| Explicitly cast all long fields to long in case CEL sends them as doubles | |
| Add terminate processor at start of default.yml | |
| Changed web app tags from list of names to list of tag objects with name and id | |
| Explicitly cast all long fields to long in case the agent sends them as doubles. | |
| Terminate ingest pipeline early if agent sends an error message. | |
| Change web app tags from list of names to list of tag objects with name and id. |
Comment on lines
+81
to
+94
| - script: | ||
| if: ctx.qualys_was?.vulnerability?.id != null | ||
| tag: vul_id_is_long | ||
| lang: painless | ||
| source: > | ||
| if (ctx.qualys_was.vulnerability.id instanceof String) { | ||
| ctx.qualys_was.vulnerability.id = Long.parseLong(ctx.qualys_was.vulnerability.id); | ||
| } else { | ||
| ctx.qualys_was.vulnerability.id = (long)ctx.qualys_was.vulnerability.id; | ||
| } |
There was a problem hiding this comment.
I think we probably want on_failures for these.
| - rename: | ||
| field: json.detection.webApp.id | ||
| tag: rename_webApp_url | ||
| target_field: qualys_was.vulnerability.web_app.id |
🚀 Benchmarks reportTo see the full report comment with |
StacieClark-Elastic
force-pushed
the
qualys-was-add-terminate-processor
branch
from
b2ad6d0 to
4a655fb
Compare
StacieClark-Elastic
force-pushed
the
qualys-was-add-terminate-processor
branch
from
4a655fb to
29e9816
Compare
…for long types. Added terminate processor. Changed tag list to list of objects Added painless script to convert potential double values from cel scripts to longs. Changed web app tags to a list of tags with id and name instead of just a list of names. Added a terminate processor
…uble to long conversions
…ME to reflect new webApp.Tags structure
StacieClark-Elastic
force-pushed
the
qualys-was-add-terminate-processor
branch
from
29e9816 to
c8d5880
Compare
|
💚 Build Succeeded
History
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed commit message
[qualys_was] Fixed several issues
since tags used to be a list of names and it's now a list of objects with id and name.
Checklist
I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's
changelog.ymlfile.I have verified that Kibana version constraints are current according to guidelines.
I have verified that any added dashboard complies with Kibana's Dashboard good practices
Relates [New Integration] Qualys Web Application Scanning #12008