Skip to content

Map Qualys cloud fields to cloud ECS fields #15810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Nov 3, 2025
Merged

Map Qualys cloud fields to cloud ECS fields #15810

merged 12 commits into from
Nov 3, 2025

Conversation

@clement-fouque
Copy link
Contributor

@clement-fouque clement-fouque commented Oct 29, 2025
edited
Loading

Proposed commit message

This pull request introduces significant enhancements to the Qualys GAV integration, focusing on improved mapping of cloud provider fields to ECS (Elastic Common Schema) fields, expanded support for cloud metadata configuration, and the addition of new fields for inventory data. It also addresses a bug in the mapping of inventory fields and updates sample events and documentation to reflect these changes.

Cloud metadata mapping and configuration:

  • Added logic and configuration options to control the source of cloud.* fields (Elastic, provider, both, or none) via the new cloud_data stream option in manifest.yml, and updated ingest pipeline logic to support this selection. [1] [2] [3]
  • Implemented comprehensive mapping and conversion of AWS, Azure, GCP, and IBM cloud provider-specific fields to ECS-compliant cloud.* fields in the ingest pipeline.
  • Ensured proper cleanup of temporary fields used during processing.

Bug fixes:

  • Fixed the mapping for the qualys_gav.asset.inventory_list_data.inventory field to ensure correct data ingestion.

Documentation and sample updates:

  • Updated the sample event JSON and documentation to reflect new and changed fields, including expanded cloud.* objects and new tags. [1] [2] [3] [4] [5] [6] [7] [8]

Changelog:

  • Added a new changelog entry for version 0.4.0 summarizing the cloud field mapping enhancement and the inventory field mapping fix.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 29, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the Integration:qualys_gav Qualys Global AssetView label Oct 30, 2025
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Oct 30, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 31, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@clement-fouque clement-fouque marked this pull request as ready for review October 31, 2025 14:43
@clement-fouque clement-fouque requested a review from a team as a code owner October 31, 2025 14:43
@kgeller kgeller added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Oct 31, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 31, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

kcreddy
kcreddy reviewed Nov 3, 2025
View reviewed changes
@clement-fouque clement-fouque enabled auto-merge (squash) November 3, 2025 08:25
@elasticmachine
Copy link

elasticmachine commented Nov 3, 2025

💚 Build Succeeded

History

@clement-fouque clement-fouque merged commit dedb408 into main Nov 3, 2025
7 checks passed
@clement-fouque clement-fouque deleted the qualys_gav_map_cloud_fields_ecs branch November 3, 2025 08:45
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 3, 2025

Package qualys_gav - 0.4.0 containing this change is available at https://epr.elastic.co/package/qualys_gav/0.4.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:qualys_gav Qualys Global AssetView Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@clement-fouque @elasticmachine @kcreddy @andrewkroh @kgeller