Skip to content

[AWS CloudTrail] Remove host.id assignment from target entities#19630

Open
alexreal1314 wants to merge 2 commits into
elastic:mainfrom
alexreal1314:19628-remove-host-assignment
Open

[AWS CloudTrail] Remove host.id assignment from target entities#19630
alexreal1314 wants to merge 2 commits into
elastic:mainfrom
alexreal1314:19628-remove-host-assignment

Conversation

@alexreal1314

@alexreal1314 alexreal1314 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Closes #19628

Proposed commit message

Remove set host.id from the CloudTrail target entities via hostTargets.first(). This is incorrect: host.id identifies the actor
host that originated the event, not a resource the event acted upon.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

cd packages/aws
elastic-package build
elastic-package install
elastic-package test pipeline -v --data-streams cloudtrail --generate

Related issues

Screenshots

@alexreal1314 alexreal1314 requested review from a team as code owners June 18, 2026 10:00
@alexreal1314 alexreal1314 added bug Something isn't working, use only for issues Integration:aws AWS Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] Team:Security-Cloud Services Security Data Experience - Cloud Services team [elastic/cloud-services] labels Jun 18, 2026
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Jun 18, 2026

Copy link
Copy Markdown

✅ All changelog entries have the correct PR link.

@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jun 18, 2026
@infra-vault-gh-plugin-prod

infra-vault-gh-plugin-prod Bot commented Jun 18, 2026

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine

elasticmachine commented Jun 18, 2026

Copy link
Copy Markdown

💚 Build Succeeded

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working, use only for issues Integration:aws AWS Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] Team:Security-Cloud Services Security Data Experience - Cloud Services team [elastic/cloud-services] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[AWS CloudTrail] Remove host.id assignment from target entities — host.id represents the actor, not the target

3 participants

@alexreal1314 @elasticmachine @andrewkroh