Skip to content

Commit

Permalink
[ECS] Updating keycloak to ECS 8.10 & ECS field validation updates (#…
Browse files Browse the repository at this point in the history 
…7928)

* Correcting ecs field validation & updating to ecs 8.10

* Update changelog.yml

* Update changelog.yml
  • Loading branch information
@kgeller
kgeller committed Sep 22, 2023
1 parent 49ba2f2 commit 2b74cc9
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 43 deletions.
2 changes: 1 addition & 1 deletion packages/keycloak/_dev/build/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.9.0
reference: git@v8.10.0
5 changes: 5 additions & 0 deletions packages/keycloak/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.14.0"
changes:
- description: Update package to ECS 8.10.0 and align ECS categorization fields.
type: enhancement
link: https://github.com/elastic/integrations/pull/7928
- version: "1.13.0"
changes:
- description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
Expand Down
62 changes: 28 additions & 34 deletions packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
{
"@timestamp": "2021-10-22T21:01:42.548-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'",
Expand All @@ -26,7 +26,7 @@
{
"@timestamp": "2021-10-22T21:01:42.667-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication",
Expand All @@ -49,7 +49,7 @@
{
"@timestamp": "2021-10-22T21:01:42.912-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ",
Expand All @@ -72,7 +72,7 @@
{
"@timestamp": "2021-10-22T21:01:43.208-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ",
Expand All @@ -95,7 +95,7 @@
{
"@timestamp": "2021-10-22T21:01:43.299-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server",
Expand All @@ -118,7 +118,7 @@
{
"@timestamp": "2021-10-22T21:01:43.307-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)",
Expand All @@ -141,7 +141,7 @@
{
"@timestamp": "2021-10-22T21:01:43.327-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management",
Expand All @@ -164,7 +164,7 @@
{
"@timestamp": "2021-10-22T21:01:43.327-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990",
Expand All @@ -187,7 +187,7 @@
{
"@timestamp": "2021-10-22T21:01:45.403-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN_ERROR",
Expand All @@ -199,8 +199,7 @@
"original": "2021-10-22 21:01:45,403 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080",
"timezone": "America/Chicago",
"type": [
"info",
"denied"
"info"
]
},
"keycloak": {
Expand Down Expand Up @@ -250,7 +249,7 @@
{
"@timestamp": "2021-10-22T21:20:42.120-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN_ERROR",
Expand All @@ -262,8 +261,7 @@
"original": "2021-10-22 21:20:42,120 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=test, clientId=test, userId=cc74404c-de7e-482a-98f7-b271ff3c49be, ipAddress=172.18.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:8080, code_id=3a76b735-e324-42b1-aa15-7c1f69f22eb8, username=admin, authSessionParentId=3a76b735-e324-42b1-aa15-7c1f69f22eb8, authSessionTabId=oJpF-WjDC04",
"timezone": "America/Chicago",
"type": [
"info",
"denied"
"info"
]
},
"keycloak": {
Expand Down Expand Up @@ -325,7 +323,7 @@
{
"@timestamp": "2021-10-22T21:24:41.076-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN_ERROR",
Expand All @@ -337,8 +335,7 @@
"original": "2021-10-22 21:24:41,076 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:9090/auth/admin/master/console/, code_id=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionParentId=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionTabId=C8EtUrcFMsg",
"timezone": "America/Chicago",
"type": [
"info",
"denied"
"info"
]
},
"keycloak": {
Expand Down Expand Up @@ -394,7 +391,7 @@
{
"@timestamp": "2021-10-22T21:31:31.555-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN_ERROR",
Expand All @@ -406,8 +403,7 @@
"original": "2021-10-22 21:31:31,555 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080",
"timezone": "America/Chicago",
"type": [
"info",
"denied"
"info"
]
},
"keycloak": {
Expand Down Expand Up @@ -457,7 +453,7 @@
{
"@timestamp": "2021-10-22T20:58:02.700-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN_ERROR",
Expand All @@ -469,8 +465,7 @@
"original": "2021-10-22 20:58:02,700 WARN [org.keycloak.events] (default task-18) type=LOGIN_ERROR, realmId=ABCD TEST, clientId=https://www.example.com/shibboleth, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://www.example.com/Shibboleth.sso/SAML2/POST, code_id=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, username=admin, authSessionParentId=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, authSessionTabId=97qImXws36A",
"timezone": "America/Chicago",
"type": [
"info",
"denied"
"info"
]
},
"keycloak": {
Expand Down Expand Up @@ -532,7 +527,7 @@
{
"@timestamp": "2021-10-22T22:11:31.257-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGIN",
Expand All @@ -544,8 +539,7 @@
"timezone": "America/Chicago",
"type": [
"info",
"start",
"allowed"
"start"
]
},
"keycloak": {
Expand Down Expand Up @@ -608,7 +602,7 @@
{
"@timestamp": "2021-10-22T22:11:32.131-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "CODE_TO_TOKEN",
Expand Down Expand Up @@ -666,7 +660,7 @@
{
"@timestamp": "2021-10-22T22:12:09.871-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "CREATE-USER",
Expand Down Expand Up @@ -734,7 +728,7 @@
{
"@timestamp": "2021-10-22T22:12:13.599-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "UPDATE-USER",
Expand Down Expand Up @@ -802,7 +796,7 @@
{
"@timestamp": "2021-10-22T22:14:29.031-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "CREATE-GROUP",
Expand Down Expand Up @@ -869,7 +863,7 @@
{
"@timestamp": "2021-10-22T22:16:12.150-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "CREATE-CLIENT_SCOPE",
Expand Down Expand Up @@ -933,7 +927,7 @@
{
"@timestamp": "2021-10-22T22:45:12.592-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "LOGOUT",
Expand Down Expand Up @@ -1001,7 +995,7 @@
{
"@timestamp": "2021-10-22T22:46:14.913-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "DELETE-GROUP",
Expand Down Expand Up @@ -1068,7 +1062,7 @@
{
"@timestamp": "2021-10-22T23:05:03.371-05:00",
"ecs": {
"version": "8.9.0"
"version": "8.10.0"
},
"event": {
"action": "CREATE-GROUP",
Expand Down
2 changes: 1 addition & 1 deletion packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for parsing keycloak logs
processors:
- set:
field: ecs.version
value: '8.9.0'
value: '8.10.0'
- rename:
field: message
target_field: event.original
Expand Down
6 changes: 0 additions & 6 deletions packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/events.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,16 +143,10 @@ processors:
field: event.type
value:
- info
- append:
field: event.type
value:
- denied
if: ctx.keycloak?.login?.type == 'LOGIN_ERROR'
- append:
field: event.type
value:
- start
- allowed
if: ctx.keycloak?.login?.type == 'LOGIN'
- append:
field: event.type
Expand Down
2 changes: 1 addition & 1 deletion packages/keycloak/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: keycloak
title: Keycloak
version: "1.13.0"
version: "1.14.0"
description: Collect logs from Keycloak with Elastic Agent.
type: integration
format_version: 2.11.0
Expand Down

0 comments on commit 2b74cc9

Please sign in to comment.