-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fortinet_fortiproxy] Add Fortinet FortiProxy integration #9846
[fortinet_fortiproxy] Add Fortinet FortiProxy integration #9846
Conversation
- Initial draft of Fortinet FortiProxy integration - Add initial support for all log types - Add system and integration tests
7a47038
to
b74637a
Compare
🚀 Benchmarks reportTo see the full report comment with |
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
default: |- | ||
#certificate_authorities: | ||
# - | | ||
# -----BEGIN CERTIFICATE----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this certificate used for anything? Maybe it's better to remove it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that leaked over from the fortigate integration. certificate authorities
doesn't really make sense here now that I'm looking at it. I see other integrations use something like this which I think I'll go with (good to show some sort of example, but better to not have a live key/cert pair that someone can accidentally use):
#certificate: "/etc/server/cert.pem"
#key: "/etc/server/key.pem"
@@ -0,0 +1,205 @@ | |||
- name: cloud |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are these fields here, and not in packages/fortinet_fortiproxy/data_stream/log/fields/ecs.yml
?
They're part of ECS, and from the descriptions, they look like they're taken from ECS. So I think I just don't understand how they're generated, and why some things go into agent.yml
vs ecs.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Historical reasons I suppose. This file was copied from another integration pretty much verbatim. I haven't heard any complaints about doing it this way from any other teams and it hasn't caused us any issues so far as far as I know.
💚 Build Succeeded
History
|
Quality Gate passedIssues Measures |
Package fortinet_fortiproxy - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=fortinet_fortiproxy |
Proposed commit message
Checklist
changelog.yml
file.How to test this PR locally
Related issues
Screenshots