Skip to content

[PANW] Add conditional to processors populating _temp_ fields for internal and external zones #14671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 25, 2025
Merged

[PANW] Add conditional to processors populating _temp_ fields for internal and external zones #14671

merged 3 commits into from
Jul 25, 2025

Conversation

leandrojmp
Copy link
Contributor

Proposed commit message

The first 2 processors in the logic to populate the field network.direction relies on the existence of the fields _conf.internal_zones and _conf.external_zones if the user does not configure those fields in the integration, or if the source data does not have this field, those processors would still try to process every message and would fail because the field does not exist, this can add some extra time in the overall processing time of the ingest pipeline.

These 2 processors needs to be conditionally executed to avoid this, we detected this issue while troubleshooting the performance of the ingest pipeline.

  • Bug

@leandrojmp leandrojmp requested a review from a team as a code owner July 24, 2025 02:37
@leandrojmp leandrojmp changed the title [PANW ] Add conditional to processors populating _temp_ fields for internal and external zones [PANW] Add conditional to processors populating _temp_ fields for internal and external zones Jul 24, 2025
@leandrojmp leandrojmp mentioned this pull request Jul 24, 2025
Merged
5 tasks
@andrewkroh andrewkroh added Integration:panw Palo Alto Next-Gen Firewall Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Jul 24, 2025
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

taylor-swanson
taylor-swanson reviewed Jul 24, 2025
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks good to me, just a suggestion to use ignore_empty_value instead of an if statement.

@taylor-swanson
Copy link
Contributor

/test

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
33.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@taylor-swanson taylor-swanson merged commit ecb85b2 into elastic:main Jul 25, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package panw - 5.3.2 containing this change is available at https://epr.elastic.co/package/panw/5.3.2/

@leandrojmp leandrojmp deleted the add_conditional_panw_pipeline branch July 25, 2025 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees
No one assigned
Labels
Integration:panw Palo Alto Next-Gen Firewall Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@leandrojmp @elasticmachine @taylor-swanson @andrewkroh