mimecast.audit_events: Prevent pageToken from incorrectly reappearing…

… in interval requests (elastic#12770) * Remove pagetoken from incorrectly appearing in interval requests
harnish-elastic · Feb 14, 2025 · 015ff7f · 015ff7f
1 parent c5ea194
commit 015ff7f
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 28 deletions.
diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.5.1"
+  changes:
+    - description: Prevent pageToken from incorrectly reappearing in interval requests.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/12770
 - version: "2.5.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.

diff --git a/packages/mimecast/data_stream/audit_events/agent/stream/cel.yml.hbs b/packages/mimecast/data_stream/audit_events/agent/stream/cel.yml.hbs
@@ -83,7 +83,7 @@ program: |
           }
         }).do_request().as(resp, resp.StatusCode == 200 ?
           bytes(resp.Body).decode_json().as(body, body.?fail.orValue([]).size() == 0 ?
-            {
+            (has(body.?meta.pagination.next) && size(body.data) != 0).as(want_more, {
               "events": body.data.map(e, {"message": e.encode_json()}),
               "cursor": {
                 "last": (
@@ -97,19 +97,16 @@ program: |
                   ).format(time_layout.RFC3339)
                 ),
               },
-              ?"last_page": has(body.?meta.pagination.next) && size(body.data) != 0 ?
-                optional.of({
-                  ?"next": body.?meta.pagination.next,
-                  "data": req.data,
-                })
-              :
-                optional.none(),
+              "last_page": {
+                ?"next": want_more ? body.?meta.pagination.next : optional.none(),
+                ?"data": want_more ? req.?data : optional.none(),
+              },
               "token": {
                 "access_token": token.access_token,
                 "expires": token.expires,
               },
-              "want_more": has(body.?meta.pagination.next) && size(body.data) != 0,
-            }
+              "want_more": want_more,
+            })
           :
             // Mimecast can return failure states with a 200. This
             // is detected by a non-empty fail array at the root

diff --git a/packages/mimecast/data_stream/audit_events/sample_event.json b/packages/mimecast/data_stream/audit_events/sample_event.json
@@ -1,27 +1,27 @@
 {
     "@timestamp": "2024-10-17T02:06:50.000Z",
     "agent": {
-        "ephemeral_id": "d3d233d7-62b7-40f6-8de7-d3c2937d6dae",
-        "id": "b6346117-4ee0-428a-9d74-6580e405feeb",
-        "name": "elastic-agent-20780",
+        "ephemeral_id": "9d307917-d823-49c5-99de-422de2e4de90",
+        "id": "38f355c8-68cd-43d6-bd0a-1e57a3d29eea",
+        "name": "elastic-agent-60619",
         "type": "filebeat",
-        "version": "8.14.0"
+        "version": "8.15.0"
     },
     "client": {
         "ip": "203.59.201.168"
     },
     "data_stream": {
         "dataset": "mimecast.audit_events",
-        "namespace": "54489",
+        "namespace": "26694",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "b6346117-4ee0-428a-9d74-6580e405feeb",
+        "id": "38f355c8-68cd-43d6-bd0a-1e57a3d29eea",
         "snapshot": false,
-        "version": "8.14.0"
+        "version": "8.15.0"
     },
     "event": {
         "action": "api-application-updated",
@@ -32,7 +32,7 @@
         "created": "2024-10-17T02:06:50.000Z",
         "dataset": "mimecast.audit_events",
         "id": "eNoVzk0PgiAAgOH_wrUO4SizrYOasxUzs6jWLYURfqEg6Wr99-z-bs_7AZplRjFBwQp4E3y5t3G7w1SVz9KxwxtJj7mVNripeP7WV3N2-3AohNUFGw0DmMY2aqOeq7MZfCKqyME1jeUMv_qAdVub6MJdnprZIYz2PS3u-bNuB54kfA2m4GGo6ErJ_zZCi4UD51OQGd3JiqlMUjYu-eTkIdey0di_mNJC1mAFvz-isz1f",
-        "ingested": "2024-12-05T00:52:32Z",
+        "ingested": "2025-02-13T15:17:26Z",
         "original": "{\"auditType\":\"API Application Updated\",\"category\":\"account_logs\",\"eventInfo\":\"API Gateway Application testing Updated. Application Program Interface Addendum (22 September 2022) acknowledged, Date: 2024-10-17, Time: 02:06:50+0000, IP: 203.59.201.168, Application: Administration Console\",\"eventTime\":\"2024-10-17T02:06:50+0000\",\"id\":\"eNoVzk0PgiAAgOH_wrUO4SizrYOasxUzs6jWLYURfqEg6Wr99-z-bs_7AZplRjFBwQp4E3y5t3G7w1SVz9KxwxtJj7mVNripeP7WV3N2-3AohNUFGw0DmMY2aqOeq7MZfCKqyME1jeUMv_qAdVub6MJdnprZIYz2PS3u-bNuB54kfA2m4GGo6ErJ_zZCi4UD51OQGd3JiqlMUjYu-eTkIdey0di_mNJC1mAFvz-isz1f\",\"user\":\"user.name@company.mime-api.com\"}"
     },
     "input": {
@@ -62,4 +62,4 @@
         "email": "user.name@company.mime-api.com",
         "name": "user.name"
     }
-}
+}
diff --git a/packages/mimecast/docs/README.md b/packages/mimecast/docs/README.md
@@ -136,27 +136,27 @@ An example event for `audit_events` looks as following:
 {
     "@timestamp": "2024-10-17T02:06:50.000Z",
     "agent": {
-        "ephemeral_id": "d3d233d7-62b7-40f6-8de7-d3c2937d6dae",
-        "id": "b6346117-4ee0-428a-9d74-6580e405feeb",
-        "name": "elastic-agent-20780",
+        "ephemeral_id": "9d307917-d823-49c5-99de-422de2e4de90",
+        "id": "38f355c8-68cd-43d6-bd0a-1e57a3d29eea",
+        "name": "elastic-agent-60619",
         "type": "filebeat",
-        "version": "8.14.0"
+        "version": "8.15.0"
     },
     "client": {
         "ip": "203.59.201.168"
     },
     "data_stream": {
         "dataset": "mimecast.audit_events",
-        "namespace": "54489",
+        "namespace": "26694",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "b6346117-4ee0-428a-9d74-6580e405feeb",
+        "id": "38f355c8-68cd-43d6-bd0a-1e57a3d29eea",
         "snapshot": false,
-        "version": "8.14.0"
+        "version": "8.15.0"
     },
     "event": {
         "action": "api-application-updated",
@@ -167,7 +167,7 @@ An example event for `audit_events` looks as following:
         "created": "2024-10-17T02:06:50.000Z",
         "dataset": "mimecast.audit_events",
         "id": "eNoVzk0PgiAAgOH_wrUO4SizrYOasxUzs6jWLYURfqEg6Wr99-z-bs_7AZplRjFBwQp4E3y5t3G7w1SVz9KxwxtJj7mVNripeP7WV3N2-3AohNUFGw0DmMY2aqOeq7MZfCKqyME1jeUMv_qAdVub6MJdnprZIYz2PS3u-bNuB54kfA2m4GGo6ErJ_zZCi4UD51OQGd3JiqlMUjYu-eTkIdey0di_mNJC1mAFvz-isz1f",
-        "ingested": "2024-12-05T00:52:32Z",
+        "ingested": "2025-02-13T15:17:26Z",
         "original": "{\"auditType\":\"API Application Updated\",\"category\":\"account_logs\",\"eventInfo\":\"API Gateway Application testing Updated. Application Program Interface Addendum (22 September 2022) acknowledged, Date: 2024-10-17, Time: 02:06:50+0000, IP: 203.59.201.168, Application: Administration Console\",\"eventTime\":\"2024-10-17T02:06:50+0000\",\"id\":\"eNoVzk0PgiAAgOH_wrUO4SizrYOasxUzs6jWLYURfqEg6Wr99-z-bs_7AZplRjFBwQp4E3y5t3G7w1SVz9KxwxtJj7mVNripeP7WV3N2-3AohNUFGw0DmMY2aqOeq7MZfCKqyME1jeUMv_qAdVub6MJdnprZIYz2PS3u-bNuB54kfA2m4GGo6ErJ_zZCi4UD51OQGd3JiqlMUjYu-eTkIdey0di_mNJC1mAFvz-isz1f\",\"user\":\"user.name@company.mime-api.com\"}"
     },
     "input": {

diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: mimecast
 title: "Mimecast"
-version: "2.5.0"
+version: "2.5.1"
 description: Collect logs from Mimecast with Elastic Agent.
 type: integration
 categories: ["security", "email_security"]