Skip to content

[cisco_ise] Add Support of Timezone Configuration Parameter #13540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[cisco_ise] Add Support of Timezone Configuration Parameter #13540

wants to merge 1 commit into from

Conversation

mohitjha-elastic
Copy link
Contributor

@mohitjha-elastic mohitjha-elastic commented Apr 15, 2025
edited
Loading

Proposed Commit Message

cisco_ise: add support for timezone offset in configuration parameter of all the input types.

This adds support for the timezone offset as a configuration parameter in all the three input types to adjust
the timezone when importing logs from a host in a different timezone so that datetimes are
appropriately interpreted.

This change has been tested on the data available in the test folder.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/cisco_ise directory.
Run the following command to run tests.
elastic-package test -v

Related issues

It closes issue #24307 from the enhancements repo.

@mohitjha-elastic mohitjha-elastic added enhancement New feature or request Integration:cisco_ise Cisco ISE Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Apr 15, 2025
@mohitjha-elastic mohitjha-elastic self-assigned this Apr 15, 2025
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner April 15, 2025 05:59
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @mohitjha-elastic

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
96.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@andrewkroh andrewkroh added the Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] label Apr 15, 2025
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

taylor-swanson
taylor-swanson reviewed Apr 17, 2025
View reviewed changes
packages/cisco_ise/changelog.yml
changes:
- description: Add support of timezone in configuration parameter.
type: enhancement
link: https://github.com/elastic/integrations/pull/1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
link: https://github.com/elastic/integrations/pull/1
link: https://github.com/elastic/integrations/pull/13540

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Comment on lines +65 to 76
- rename:
field: _conf.tz_offset
target_field: event.timezone
if: ctx._conf?.tz_offset != null
tag: rename_tz_offset
ignore_missing: true
- rename:
field: _tmp.timezone
tag: rename_tmp_timezone
target_field: event.timezone
if: ctx.event?.timezone == null # If user has not provided the timezone offset.
ignore_missing: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this will give the configuration priority over a time zone seen in a log, is this intended behavior? In other Cisco integrations, the priority is log, then configuration.

Should we reverse the order here so the log time zone is given priority and if it isn't present, then we use the time zone from configuration?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson

At least 1 approving review is required to merge this pull request.

Assignees

@mohitjha-elastic mohitjha-elastic

Labels
enhancement New feature or request Integration:cisco_ise Cisco ISE Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mohitjha-elastic @elasticmachine @taylor-swanson @andrewkroh