Skip to content

entityanalytics_{ad,entra_id,okta}: fix misleading event.action in docs#19302

Open
efd6 wants to merge 1 commit into
elastic:mainfrom
efd6:19299-entityanalytics_entra_id
Open

entityanalytics_{ad,entra_id,okta}: fix misleading event.action in docs#19302
efd6 wants to merge 1 commit into
elastic:mainfrom
efd6:19299-entityanalytics_entra_id

Conversation

@efd6
Copy link
Copy Markdown
Contributor

@efd6 efd6 commented Jun 1, 2026

Proposed commit message

entityanalytics_{ad,entra_id,okta}: fix misleading event.action in docs

The sample events in documentation showed event.action values like
"user-discovered" and "device-discovered" that are stripped at ingest
and never appear in indexed documents. Remove those values and add a
note clarifying that these integrations provide asset inventory, not
audit trail data, with cross-references to the appropriate audit log
integrations.

Fixes #19299

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jun 1, 2026
@efd6 efd6 added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. bugfix Pull request that fixes a bug issue Integration:entityanalytics_entra_id Microsoft Entra ID Entity Analytics Integration:entityanalytics_okta Okta Entity Analytics Integration:entityanalytics_ad Active Directory Entity Analytics labels Jun 1, 2026
@efd6 efd6 force-pushed the 19299-entityanalytics_entra_id branch from 8a0b029 to 233633e Compare June 1, 2026 03:20
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 1, 2026
edited
Loading

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jun 1, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review June 1, 2026 03:55
@efd6 efd6 requested review from a team as code owners June 1, 2026 03:55
@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jun 1, 2026
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented Jun 1, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6
entityanalytics_{ad,entra_id,okta}: fix misleading event.action in docs
d2f2189 
The sample events in documentation showed event.action values like
"user-discovered" and "device-discovered" that are stripped at ingest
and never appear in indexed documents. Remove those values and add a
note clarifying that these integrations provide asset inventory, not
audit trail data, with cross-references to the appropriate audit log
integrations.

Fixes elastic#19299
@efd6 efd6 force-pushed the 19299-entityanalytics_entra_id branch from 233633e to d2f2189 Compare June 4, 2026 23:50
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jun 4, 2026

✅ All changelog entries have the correct PR link.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 5, 2026

💚 Build Succeeded

History

cc @efd6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@efd6 efd6

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:entityanalytics_ad Active Directory Entity Analytics Integration:entityanalytics_entra_id Microsoft Entra ID Entity Analytics Integration:entityanalytics_okta Okta Entity Analytics Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Entity Analytics - Entra ID]: Event Action Missing

3 participants

@efd6 @elasticmachine @andrewkroh