Skip to content

Conversation

chemamartinez
Copy link
Contributor

Proposed commit message

Add support for the oauth_endpoint_params configuration parameter for all available data streams.

Log data stream still works under httpjson so the option has been added under data stream level along with all the OAuth2 options for this data stream.

For the another data streams, as they work under the CEL input, it has been added at input level so adding any value to this option will affect all data streams that rely on CEL (machine, machine_action, and vulnerability).

Finally, the auth logic for the vulnerability data stream is implemented in the CEL program instead of delegate in the CEL auth options for the input. Therefore, the oauth endpoint params in this case are added manually in the program as well.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

Screenshots

image

@chemamartinez chemamartinez self-assigned this Oct 16, 2025
@chemamartinez chemamartinez added enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 16, 2025
@chemamartinez chemamartinez marked this pull request as ready for review October 16, 2025 11:12
@chemamartinez chemamartinez requested a review from a team as a code owner October 16, 2025 11:12
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 16, 2025

🚀 Benchmarks report

Package microsoft_defender_endpoint 👍(3) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 3012.05 2525.25 -486.8 (-16.16%) 💔

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Oct 16, 2025
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @chemamartinez

@chemamartinez chemamartinez merged commit f75ddbe into elastic:main Oct 22, 2025
7 checks passed
@chemamartinez chemamartinez deleted the 15605-mdefender-endpoint-oauth-endpoint-params branch October 22, 2025 09:23
@elastic-vault-github-plugin-prod

Package microsoft_defender_endpoint - 4.1.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/4.1.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Microsoft Defender for Endpoint: make OAuth2 endpoint params configurable

4 participants