Skip to content

[Tenable IO] Drop empty events in vulnerability data stream#17878

Open
moxarth-rathod wants to merge 2 commits intoelastic:mainfrom
moxarth-rathod:tenable-io-17608
Open

[Tenable IO] Drop empty events in vulnerability data stream#17878
moxarth-rathod wants to merge 2 commits intoelastic:mainfrom
moxarth-rathod:tenable-io-17608

Conversation

@moxarth-rathod
Copy link
Contributor

@moxarth-rathod moxarth-rathod commented Mar 18, 2026

Proposed commit message

tenable_io: drop empty events in vulnerability data stream

The CEL program emits empty events ([{}]) on two fallback paths, 
causing the error field [original] not present as part of path [event.original]. 
Add a drop-event processor in CEL to discard empty events.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@moxarth-rathod moxarth-rathod self-assigned this Mar 18, 2026
@moxarth-rathod moxarth-rathod added the Integration:tenable_io Tenable Vulnerability Management label Mar 18, 2026
@moxarth-rathod moxarth-rathod requested a review from a team as a code owner March 18, 2026 12:04
@moxarth-rathod moxarth-rathod added bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Mar 18, 2026
@elasticmachine
Copy link

elasticmachine commented Mar 18, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 18, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Mar 18, 2026

💚 Build Succeeded

cc @moxarth-rathod

efd6
efd6 reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this more explicit? Instead of using an empty sentinel, use [{"retry": true}] and then have - drop_event.when.equals.retry: true in the processors. This makes it easier to see the intent and to find the locations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@moxarth-rathod moxarth-rathod

Labels

bugfix Pull request that fixes a bug issue Integration:tenable_io Tenable Vulnerability Management Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[tenable_io] Empty events in vulnerability data stream cause event.original pipeline errors

3 participants

@moxarth-rathod @elasticmachine @efd6