Skip to content

trend_micro_vision_one: fix detection pipeline marking events as pipeline_error#20047

Merged
efd6 merged 1 commit into
elastic:mainfrom
efd6:s7346-trend_micro_vision_one
Jul 9, 2026
Merged

trend_micro_vision_one: fix detection pipeline marking events as pipeline_error#20047
efd6 merged 1 commit into
elastic:mainfrom
efd6:s7346-trend_micro_vision_one

Conversation

@efd6

@efd6 efd6 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Proposed commit message

trend_micro_vision_one: fix detection pipeline marking events as pipeline_error

The convert_risk_level_to_long and uri_parts_request processors both
had on_failure handlers that appended to error.message. The pipeline
epilogue marks any document with error.message as pipeline_error, so
events with non-numeric risk levels or malformed URLs were classified
as errors instead of being indexed normally.

Remove the error.message append from convert_risk_level_to_long
(keeping the field removal since the mapping is long) and replace
the uri_parts_request on_failure block with ignore_failure.

Test case was manually constructed based on a report.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jul 8, 2026
@efd6 efd6 added Integration:trend_micro_vision_one TrendAI Vision One bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 8, 2026
…line_error

The convert_risk_level_to_long and uri_parts_request processors both
had on_failure handlers that appended to error.message. The pipeline
epilogue marks any document with error.message as pipeline_error, so
events with non-numeric risk levels or malformed URLs were classified
as errors instead of being indexed normally.

Remove the error.message append from convert_risk_level_to_long
(keeping the field removal since the mapping is long) and replace
the uri_parts_request on_failure block with ignore_failure.

Test case was manually constructed based on a report.
@efd6 efd6 force-pushed the s7346-trend_micro_vision_one branch from 8a18c2a to bfeb32c Compare July 8, 2026 21:17
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!


The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown
Contributor

✅ All changelog entries have the correct PR link.

@infra-vault-gh-plugin-prod

Copy link
Copy Markdown

💚 Build Succeeded

cc @efd6

@efd6 efd6 marked this pull request as ready for review July 8, 2026 21:56
@efd6 efd6 requested review from a team as code owners July 8, 2026 21:56
@infra-vault-gh-plugin-prod

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@vera-review-bot

Copy link
Copy Markdown

No issues across the latest commits bfeb32c.

A new commit triggers another review — at most once every 15 minutes. I skip the PR while it's approved or has merge conflicts.

🤖 AI-Generated Review | Vera Review Bot | 📚 Knowledge base: integration-skills

⚠️ Automated review — verify suggestions before applying.

@mergify

mergify Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@efd6 efd6 merged commit 4acfa9a into elastic:main Jul 9, 2026
9 checks passed
@elastic-vault-github-plugin-prod

Copy link
Copy Markdown
Contributor

Package trend_micro_vision_one - 2.13.1 containing this change is available at https://epr.elastic.co/package/trend_micro_vision_one/2.13.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:trend_micro_vision_one TrendAI Vision One Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants