Skip to content

[microsoft_defender_endpoint] Add Initial Interval in Config Options #14331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 1, 2025
Merged

[microsoft_defender_endpoint] Add Initial Interval in Config Options #14331

merged 3 commits into from
Jul 1, 2025

Conversation

mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Jun 26, 2025
edited by efd6
Loading

Proposed Commit Message

microsoft_defender_endpoint: add configurable initial interval to the log data stream.

Previously, the initial interval was hardcoded to "5m" and not exposed
in the configuration options in log data stream. This update adds it as
a configurable option, with a default value of "5m". It allows users to
define how far back they want to pull data from the API.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/microsoft_defender_endpoint directory.
Run the following command to run tests.
elastic-package test -v

Related issues

@mohitjha-elastic mohitjha-elastic self-assigned this Jun 26, 2025
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner June 26, 2025 07:51
@mohitjha-elastic mohitjha-elastic added enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jun 26, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Jun 30, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit only, then LGTM

packages/microsoft_defender_endpoint/changelog.yml Outdated
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.40.0"
changes:
- description: Added support for `Initial Interval` in Config Options.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- description: Added support for `Initial Interval` in Config Options.
- description: Added support for Initial Interval in Config Options.

@mohitjha-elastic
Resolve review comments.
f164061 
Update the changelog description.
@mohitjha-elastic mohitjha-elastic requested a review from efd6 June 30, 2025 05:37
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @mohitjha-elastic

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@mohitjha-elastic mohitjha-elastic merged commit 70f19e5 into elastic:main Jul 1, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package microsoft_defender_endpoint - 2.40.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.40.0/

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jul 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@mohitjha-elastic mohitjha-elastic

Labels
documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[microsoft/defender_atp]: Offer initial_interval instead of hardcoding to 5m
4 participants
@mohitjha-elastic @elasticmachine @efd6 @andrewkroh