Skip to content

[Enhancement] Set event.kind to alert on AWS WAF events.#16515

Merged
w0rk3r merged 4 commits intomainfrom
aws_waf_alert
Dec 15, 2025
Merged

[Enhancement] Set event.kind to alert on AWS WAF events.#16515
w0rk3r merged 4 commits intomainfrom
aws_waf_alert

Conversation

@w0rk3r
Copy link
Copy Markdown
Contributor

@w0rk3r w0rk3r commented Dec 11, 2025

Proposed commit message

Set `event.kind` to `alert` on AWS WAF events.

Summary

This sets event.kind to alert in AWS WAF events, so we can use our default alert promotion detection rule for these events.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@w0rk3r w0rk3r self-assigned this Dec 11, 2025
@w0rk3r w0rk3r requested review from a team as code owners December 11, 2025 18:19
@w0rk3r w0rk3r added enhancement New feature or request Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Dec 11, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 11, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Dec 11, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

chemamartinez
chemamartinez approved these changes Dec 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a small nit, it would be nice to run system tests so the sample event in docs gets updated as well.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 15, 2025

💚 Build Succeeded

History

cc @w0rk3r

@w0rk3r w0rk3r merged commit e6ceca0 into main Dec 15, 2025
8 checks passed
@w0rk3r w0rk3r deleted the aws_waf_alert branch December 15, 2025 19:32
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Dec 15, 2025

Package aws - 5.1.0 containing this change is available at https://epr.elastic.co/package/aws/5.1.0/

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jan 8, 2026
@w0rk3r w0rk3r mentioned this pull request Mar 30, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

@terrancedejesus terrancedejesus terrancedejesus approved these changes

Assignees

@w0rk3r w0rk3r

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@w0rk3r @elasticmachine @chemamartinez @terrancedejesus @andrewkroh