Endace Integration enhancements #12784
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update the input type from HTTPJSON to CEL.
* Update the input type to CEL for better debugging
* Added fingerprint in the plugin data stream
* Update the build version 3.0.0 and change the type to enhancement
* Added asset.hit_count to all datastreams system test config
* Handled the export_status timeout condition in assets and vulnerability datastreams
* Implemented the cancel export_uid API to terminate the export job ID if the timeout condition is met, in asset and vulnerability data stream.
* Added a check to ensure that if the previous export is not finished, a new export shouldn't be initiated, in asset and vulnerability data stream.
---------
Co-authored-by: Dan Kortschak <[email protected]>
* Rename apache2.error.integration to apache.error.module * Add Changelog for the PR * Update manifest to version 1.17.2
All non-200 HTTP status codes are treated as error conditions. The ThreatConnect API docs[1] indicate that 200 and 201 are success codes used by their API, but this integration does not make use of object creation, so 201 is not handled here. [1]https://docs.threatconnect.com/en/latest/rest_api/v3/http_status_codes.html
* Decode evidence_details field
Added support for the new WAF score fields included in the HTTP requests event dataset by Cloudflare.
Add `ignore_failure: true` to the community_id processor to prevent failures from skipping the execution of the remaining processors. Fixes #9835
…n packages (#9832) * updated field types in multiple packages to resolve ignore_malformed related issues * updated changelogs * updated data types and addressed PR comments * updated readmes
Set `response.split.ignore_empty_value: true` for splitting responses from AWS Security Hub, to avoid indexing the empty wrapper document when the Insights or Findings list is empty. The [`response.split` documentation][1] says: > If the split target is empty the parent document will be kept. > If documents with empty splits should be dropped, the > `ignore_empty_value` option should be set to `true`. [1]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#response-split
…her nsg (#9652) * Initial release of the azure network watcher nsg
…cher vnet (elastic#9680) * Initial release of the azure network watcher vnet
* Revert "[Universal profiling symbolizer] use secrets variables (#9807)" This reverts commit 9ea6816. * restore 8.14.0 changelog * bump to 8.14.1 + changelog
* Revert "[Universal profiling collector] use secrets variables (#9806)" This reverts commit 0ce1c1b. * restore 8.14.0 changelog * bump to 8.14.1 + changelog
Migrate package to spec v3 so it is ready for serverless, this includes: * Add secrets support. * Remove duplicated and ambiguous field definitions. * Fix normalization as arrays of event.category and event.type fields. * Handle event.original in pipelines.
* Add condition to Logstash cel streams While `condition` is an option for the Logstash cel-based metrics, the condition parameter was not specified in the stream definitions. Fixes: #9800
* add the cloud formation credentials url * add cloud credentials change for changelog * use 8.15.0 version and change description
Responsibility was split between teams.
* add support of organization log datastream * update changelog with pr link * resolve review comments * resolve review comments * update readme.md * minor interval change * update readme.md
* [Enhancement] Update winlog.event_data.AttributeValue * Update manifest.yml * Update README.md
- Improve ECS categorizations for messages
Co-authored-by: Michael Wolf <[email protected]>
…/default.yml Co-authored-by: Taylor Swanson <[email protected]>
… (#10489) * Able to create P2V when just one IP is present - Fixed start&end time * ngest_pipeline/endace-netflow.yml changed to handle single IP events * updating expected.json after command elastic-package test pipeline --generate
Co-authored-by: Taylor Swanson <[email protected]>
* Able to create P2V when just one IP is present - Fixed start&end time * ngest_pipeline/endace-netflow.yml changed to handle single IP events * updating expected.json after command elastic-package test pipeline --generate * change lookback to view window * updating expected test flows * update Endace README.md * changing view_window to 20 * changed expected.json files to reflect the new view_window of 10 minutes * change default udp host to 0.0.0.0 * Fixed grammar and terminology * updating docs/README.md * updating docs/README.md, remove empty line at the end of the file * removing the ? after && for a condition already evaluated * changed variable to endace_view_window * json-expected after test pipeline generate * Adding tags in all processors * fixing final errors * caught a mistake last minute * One last fix in the ? after && --------- Co-authored-by: barry.shaw <[email protected]>
|
❌ Author of the following commits did not sign a Contributor Agreement: Please, read and sign the above mentioned agreement if you want to contribute to this project |
|
See attached the CLA signed by Endace |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Proposed commit message
This PR is replacing PR #12000 that was cancelled due to corrupstion in the original repository.
A new repository was created to work with Endace Integration.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots