rebase-3-1-0-from-release-3-0-0 #1132
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Updated terraform version and git branch Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * removed step no longer required, as the choices are dynamically created based on the @StreamAlertOutput class decorator Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * reset to stable and changed note Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
#1081) Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
[testing] Added trendmicro schema and rule test Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
[testing] fixed test for rules_engine assertion Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
This in-turn re-introduced #1047. I fixed this by ensuring that the cleanup function removes the metric_filters.tf.json file, otherwise terraform reads this in as part of its deployment. Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Updated the optional_top_level_keys for cloudtrail:events Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
…eriods from bucket names (#1114) * updating secrets bucket name to remove periods * updating s3-logging bucket name to remove periods * updating athena-results bucket name to remove periods * updating streamalerts bucket name to remove periods * updating terraform-state bucket name to remove periods * updating streamalert-data bucket name to remove periods * fixing misc places that were missed regarding periods in bucket names * making data and alerts bucket names configurable * restructuring docs to allow for highlighting global settings * doc updates for alerts_table config * updating documentation, round 1 * moving clusters and global docs to new file * trailing space removal * Update to commands for consistency * misc formatting fixes, migrating rule-staging config to global * updating cluster config docs * massive updates to docs * adding other changes related to doc updates and config changes * adding prefix validation for periods * removing prefix setting trash * updates to remove need for setting terraform config * removing nonsense for athena bucket configuration * addressing PR comments * removing kinesis region setting since it would break things * addressing chunyong PR feedback * adding new streamalert images and updating doc references
* [core] Initial Microsoft Teams output code commit, looking for feedback Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * [testing] added TeamsOutput Testing (used slack tests as template), ammended list for output_base aswell Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * [docs] added Microsoft Teams to output documentation [setup] added pymsteams to reuirements-top-level and added sample-webhook to outputs.json Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * [core] Moved pymsteams to package.py [docs] Corrected docstring for teams and added teams to outputs [core] Added Alert section to card (didn't have the alert_id which made it confusing previously) [testing] re-wrote the tests Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
* Now possible to pass dynamic_outputs to the @rule decorator and have outputs be dynamically configured based on information in the record. For example, you could use lookup_tables to map an account_id to an owner which maps to an output [testing] Updated unit tests and added additional tests for new dynamic_outputs [docs] Added dynamic_outputs documentation Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
[testing] added aws-ses output tests [docs] updated docs/source/outputs.rst to include aws ses [terraform] Added ses:SendRawEmail to tf_alert_processor_iam Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
* threat intel downloader terraform module now uses tf_lambda * small cleanups make for happier linters * fixed some stale references in the threat_intel_downloader terraform module
* [setup] fixing missing awscli Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com> * [setup] Natively pass AWS credentials through ssh Updated the sshd_config file to allow AWS_* to be passed through when using vagrant ssh. This allows you to not hardcode credentials inside of the vm Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
…ery events (#1127) * [rules] Add community rule to alert on ssh login activity based on osquery detection * address comments
|
We will need this ASAP since we have many changes in flight. Looks good so far, but there's 2 conflicts leftover in the documentation files I believe we're going to feature freeze |
|
I don't know how to remove these merge conflicts hence the |
ryandeivert
reviewed
Feb 19, 2020
| @@ -0,0 +1,129 @@ | |||
| Dynamic Outputs | |||
There was a problem hiding this comment.
this format is now outdated and should be updated for consistency (either here or in another PR)
titles should now be:
###############
Dynamic Outputs
###############and the page should then follow the hierarchy laid out here: https://documentation-style-guide-sphinx.readthedocs.io/en/latest/style-guide.html#headings
There was a problem hiding this comment.
Will update and push this (I'll squash the commit into the one that introduced this)
|
This PR has been superseded by #1136 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
to: @ryandeivert @chunyong-lin
cc: @airbnb/streamalert-maintainers
related to:
resolves:
Background
Keeping
release-3-1-0current with work carried out againstrelease-3-0-0so that i can update the documentation accordinglyChanges
Carried out
git checkout release-3-1-0 && git pullEnsure i have the latest branchs on my machine thengit checkout -b rebase_from/release-3-0-0 && git fetch upstream && git rebase upstream/release-3-0-0This ensured i rebased a branch against the latest on the remoteUpdated the style of
rules.rstwhen thedynamic_outputsfeature was addedTesting
./tests/scripts/test_the_docs.shto ensure the documentation still built./tests/scripts/pylint.shEnsured pylint will pass./tests/scripts/unit_tests.shto ensure unit tests passedNotes to merger
Add my remote
git remote add jack git@github.com:jack1902/streamalert.git && git fetch jackRun
git merge -X theirs jack/rebase_from/release-3-0-0to use my branch as the newrelease-3-1-0otherwise you'll run into all the merge conflicts i resolved when i did the rebase