Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Mimecast] Add event.kind: alert to parse alert data #12600

Open
3 tasks
raqueltabuyo opened this issue Feb 4, 2025 · 0 comments · May be fixed by #12835
Open
3 tasks

[Mimecast] Add event.kind: alert to parse alert data #12600

raqueltabuyo opened this issue Feb 4, 2025 · 0 comments · May be fixed by #12835
Assignees
@efd6
Labels
enhancement New feature or request Integration:mimecast Mimecast Team:Service-Integrations Label for the Service Integrations team

Comments

@raqueltabuyo
Copy link

Add event.kind: alert to Parsed Data for Mimecast Integration

Description

Currently, the Mimecast integration does not include event.kind: alert in the parsed data mapped to ECS. As a result, alerts are not visible in Kibana since event.kind: alert is a required field for External Alerts. While event.module is correctly mapped, event.kind: alert is missing.

At the moment, the only values assigned to event.kind are:

  • event
  • enrichment
  • pipeline_error

Impact

  • Alerts are not visible in Kibana under External Alerts.
  • Users cannot effectively use Kibana’s detection and alerting workflows for Mimecast-generated alerts.
  • Breaks consistency with ECS mapping for third-party alerts.

Proposed Solution

  • Ensure event.kind: alert is correctly assigned to relevant Mimecast alert events.
  • Validate that all alert events from Mimecast include both event.kind and event.module.
  • Update documentation if necessary to reflect this requirement.

Acceptance Criteria

  • event.kind: alert is correctly mapped for all relevant Mimecast alerts.
  • Alerts are visible in Kibana under External Alerts.
  • Integration tests verify the presence of event.kind: alert.
@raqueltabuyo raqueltabuyo added bug Something isn't working, use only for issues Integration:mimecast Mimecast Team:Service-Integrations Label for the Service Integrations team labels Feb 4, 2025
@raqueltabuyo raqueltabuyo changed the title [Mimecast] Add event.kind: alert to Parsed Data for Mimecast Integration [Mimecast] Add event.kind: alert to parse alert data Feb 4, 2025
@efd6 efd6 self-assigned this Feb 19, 2025
@efd6 efd6 linked a pull request Feb 19, 2025 that will close this issue
Open
5 tasks
@efd6 efd6 added enhancement New feature or request and removed bug Something isn't working, use only for issues labels Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:mimecast Mimecast Team:Service-Integrations Label for the Service Integrations team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

mimecast: set event.kind:alert for appropriate events efd6/integrations
2 participants
@efd6 @raqueltabuyo