Skip to content

[ti_google_threat_intelligence] Clarify "enrichment" in the README#19411

Open
chrisberkhout wants to merge 4 commits into
elastic:mainfrom
chrisberkhout:ti_google_threat_intelligence-clarify-enhanced-in-readme
Open

[ti_google_threat_intelligence] Clarify "enrichment" in the README#19411
chrisberkhout wants to merge 4 commits into
elastic:mainfrom
chrisberkhout:ti_google_threat_intelligence-clarify-enhanced-in-readme

Conversation

@chrisberkhout

@chrisberkhout chrisberkhout commented Jun 5, 2026
edited by efd6
Loading

Copy link
Copy Markdown
Contributor

Proposed commit message

ti_google_threat_intelligence: rename detection rules section to avoid confusion with data enrichment

The heading "Enrichment with Detection Rules" led a customer to
expect automatic data enrichment of their existing indices. The
integration actually ingests threat indicators separately; prebuilt
SIEM detection rules then match those indicators against other data
sources and fire alerts.

Rename the section to "Customizing Detection Rules" and reword
surrounding text to remove ambiguity between this detection-rule
workflow and the unrelated ECS event.kind "enrichment" value that
also appears in the integration's data.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chrisberkhout chrisberkhout self-assigned this Jun 5, 2026
@chrisberkhout chrisberkhout requested review from a team as code owners June 5, 2026 16:46
@chrisberkhout chrisberkhout added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:ti_google_threat_intelligence Google Threat Intelligence (Partner supported) labels Jun 5, 2026
@infra-vault-gh-plugin-prod

infra-vault-gh-plugin-prod Bot commented Jun 5, 2026

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

efd6
efd6 reviewed Jun 9, 2026
View reviewed changes
Comment thread packages/ti_google_threat_intelligence/changelog.yml Outdated
# newer versions go on top
- version: "0.13.0"
changes:
- description: Clarify "enhanced" in the README.

@efd6 efd6 Jun 9, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what "enhanced" is here since it doesn't appear in the original documents.

@chrisberkhout chrisberkhout Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant to say "enrichment". Updated the changelog and proposed commit message.

@chrisberkhout chrisberkhout force-pushed the ti_google_threat_intelligence-clarify-enhanced-in-readme branch from b4abfd6 to 00db59e Compare June 9, 2026 12:09
@chrisberkhout chrisberkhout requested a review from efd6 June 9, 2026 12:10
@chrisberkhout chrisberkhout enabled auto-merge (squash) June 9, 2026 12:10
@chrisberkhout chrisberkhout changed the title [ti_google_threat_intelligence] Clarify "enhanced" in the README [ti_google_threat_intelligence] Clarify "enrichment" in the README Jun 9, 2026
@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Jun 9, 2026

Copy link
Copy Markdown

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Jun 9, 2026
View reviewed changes
Comment thread packages/ti_google_threat_intelligence/changelog.yml Outdated
efd6
efd6 reviewed Jun 9, 2026
View reviewed changes
Comment thread packages/ti_google_threat_intelligence/changelog.yml Outdated
Comment thread packages/ti_google_threat_intelligence/_dev/build/docs/README.md Outdated
@efd6
Apply suggestions from code review
07eb599 
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Jun 9, 2026

Copy link
Copy Markdown

✅ All changelog entries have the correct PR link.

@elasticmachine

elasticmachine commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

💔 Build Failed

Failed CI Steps

History

cc @chrisberkhout

@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

TL;DR

Buildkite failed in docs lint because the package README is stale: the template was updated, but the rendered file was not regenerated and committed. Regenerate the package docs and commit the updated docs/README.md.

Remediation

  • Run elastic-package build for packages/ti_google_threat_intelligence and commit the regenerated packages/ti_google_threat_intelligence/docs/README.md.
  • Re-run the package check (.buildkite/scripts/test_one_package.sh packages/ti_google_threat_intelligence origin/main 07eb59977618429c50fbe1989091c23b731e2ebd) to confirm lint passes.
Investigation details

Root Cause

The failing step is the README up-to-date check during package lint. In commit 07eb59977618429c50fbe1989091c23b731e2ebd, _dev/build/docs/README.md was edited, but the generated output in docs/README.md still contained the old text, so elastic-package detected a mismatch.

Relevant lines at the failing commit:

  • packages/ti_google_threat_intelligence/_dev/build/docs/README.md:162 uses "processed"
  • packages/ti_google_threat_intelligence/docs/README.md:162 still uses "procesed"

Evidence

README.md is outdated. Rebuild the package with 'elastic-package build'
@@ -161,3 +161,3 @@
-2. If GTI information is ingested and procesed by a transform, ...
+2. If GTI information is ingested and processed by a transform, ...
Error: checking package failed: checking readme files are up-to-date failed: files do not match

Verification

  • Not run locally in this workflow; conclusion is from Buildkite failure log plus repository content at commit 07eb59977618429c50fbe1989091c23b731e2ebd.

Follow-up

After committing the regenerated docs file, this failure should clear without code changes outside documentation.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@chrisberkhout chrisberkhout

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ti_google_threat_intelligence Google Threat Intelligence (Partner supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chrisberkhout @elasticmachine @efd6