Skip to content

[modsecurity] Generate processor tags and normalize error handler #15563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 27, 2025
Merged

[modsecurity] Generate processor tags and normalize error handler #15563

merged 1 commit into from
Oct 27, 2025

Conversation

@taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Oct 6, 2025
edited
Loading

Proposed commit message

  • Generate tags for processors missing tags
  • Normalize the pipeline error handler
  • Ran elastic-package format

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
    - [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

@taylor-swanson taylor-swanson self-assigned this Oct 6, 2025
@taylor-swanson taylor-swanson added enhancement New feature or request Integration:modsecurity ModSecurity Audit (Community supported) Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] labels Oct 6, 2025
@taylor-swanson
Copy link
Contributor Author

/test

@taylor-swanson
[modsecurity] Generate processor tags and normalize error handler
5b47582 
- Generate tags for processors missing tags
- Normalize the pipeline error handler
@taylor-swanson taylor-swanson force-pushed the enhance/tag-modsecurity branch from 908cfcf to 5b47582 Compare October 22, 2025 13:34
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @taylor-swanson

@taylor-swanson taylor-swanson marked this pull request as ready for review October 22, 2025 14:52
@taylor-swanson taylor-swanson requested a review from a team as a code owner October 22, 2025 14:52
@elasticmachine
Copy link

Pinging @elastic/integration-experience (Team:Integration-Experience)

bhapas
bhapas approved these changes Oct 27, 2025
View reviewed changes
packages/modsecurity/data_stream/auditlog/elasticsearch/ingest_pipeline/apache-modsec.yml
patterns:
- "%{NOTSPACE:http.request.method} %{URIPATHPARAM:url.original}(?: HTTP/%{NUMBER:http.version})"
- rename:
tag: rename_json_transaction_request_headers_host_to_json_transaction_request_headers_Host_50a00924
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious.. Hope there is no limitation on the tag character length?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question... I don't think there is? Not aware of anything in elasticsearch itself (aside from maybe the default limit we put on fields, I can't recall what it was but I think it's 1024 or higher). I don't think BigQuery will impose any limits either. Data types should be variable length, and don't think we impose limits there.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@haetamoudi, are you aware of limits in BigQuery or other places?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be fine. Here is a valid tag name that is already present in stats tables in bigquery

integrations/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml

Line 642 in 2b57770

tag: grok_for_message_id_0203-0017_0203-0018_0203-0019_0203-0009_0203-000A_0203-000B_0203-000D_0203-000E_0203-0011_0203-0012_0203-0015_0203-0020_0203-0026_0203-0029_0203-002A_021A-0007_021A-0008_021A-0009_021A-000B_021A-000C_021A-000D_021A-0014

@taylor-swanson taylor-swanson merged commit f70eba0 into elastic:main Oct 27, 2025
7 checks passed
@taylor-swanson taylor-swanson deleted the enhance/tag-modsecurity branch October 27, 2025 16:05
@elastic-vault-github-plugin-prod
Copy link

Package modsecurity - 1.21.2 containing this change is available at https://epr.elastic.co/package/modsecurity/1.21.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haetamoudi haetamoudi haetamoudi left review comments

@bhapas bhapas bhapas approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels

enhancement New feature or request Integration:modsecurity ModSecurity Audit (Community supported) Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@taylor-swanson @elasticmachine @bhapas @haetamoudi