Skip to content

Commit

Permalink
[ti_misp] - update package-spec to 2.10.0 (#7570)
Browse files Browse the repository at this point in the history 
- Update package-spec to 2.10.0
- Ensure event.category is an array
- Ensure event.type is an array

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.9.0 -ecs-git-ref=v8.9.0 -format-version=2.10.0 packages/ti_misp
  • Loading branch information
@taylor-swanson
taylor-swanson committed Aug 29, 2023
1 parent e204d0b commit 4247941
Show file tree
Hide file tree
Showing 13 changed files with 385 additions and 157 deletions.
7 changes: 1 addition & 6 deletions packages/ti_misp/_dev/deploy/docker/files/config.yml
View file
Expand Up @@ -503,9 +503,4 @@ rules:
request_body: /^{"limit":"10","page":"2","returnFormat":"json","timestamp":"\d+"/
responses:
- status_code: 200
body: |-
{
"response": {
"Attribute": []
}
}
body: "{\n \"response\": {\n \"Attribute\": []\n }\n} "
5 changes: 5 additions & 0 deletions packages/ti_misp/changelog.yml
View file
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.21.0"
changes:
- description: Update package-spec to 2.10.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/7570
- version: "1.20.0"
changes:
- description: Update package to ECS 8.9.0.
Expand Down
208 changes: 156 additions & 52 deletions ..._misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json
View file

Large diffs are not rendered by default.

16 changes: 12 additions & 4 deletions ...ges/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-long-ndjson.log-expected.json
View file
Expand Up @@ -6,9 +6,13 @@
"version": "8.9.0"
},
"event": {
"category": "threat",
"category": [
"threat"
],
"kind": "enrichment",
"type": "indicator"
"type": [
"indicator"
]
},
"misp": {
"attribute": {
Expand Down Expand Up @@ -108,9 +112,13 @@
"version": "8.9.0"
},
"event": {
"category": "threat",
"category": [
"threat"
],
"kind": "enrichment",
"type": "indicator"
"type": [
"indicator"
]
},
"misp": {
"attribute": {
Expand Down
120 changes: 90 additions & 30 deletions ...s/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml
View file
Expand Up @@ -12,10 +12,10 @@ processors:
value: enrichment
- set:
field: event.category
value: threat
value: [threat]
- set:
field: event.type
value: indicator
value: [indicator]

######################
# General ECS fields #
Expand Down
26 changes: 15 additions & 11 deletions packages/ti_misp/data_stream/threat/sample_event.json
View file
@@ -1,11 +1,11 @@
{
"@timestamp": "2014-10-06T07:12:57.000Z",
"agent": {
"ephemeral_id": "8b7db8eb-8a30-49a2-83c7-f7e8fa4556ca",
"id": "3a2a2fa1-9d09-4921-b5fa-023b307e92e0",
"ephemeral_id": "24754055-2625-498c-8778-8566dbc8a368",
"id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.6.2"
"version": "8.9.1"
},
"data_stream": {
"dataset": "ti_misp.threat",
Expand All @@ -16,19 +16,23 @@
"version": "8.9.0"
},
"elastic_agent": {
"id": "3a2a2fa1-9d09-4921-b5fa-023b307e92e0",
"id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
"snapshot": false,
"version": "8.6.2"
"version": "8.9.1"
},
"event": {
"agent_id_status": "verified",
"category": "threat",
"created": "2023-04-27T23:35:52.939Z",
"category": [
"threat"
],
"created": "2023-08-28T15:43:07.992Z",
"dataset": "ti_misp.threat",
"ingested": "2023-04-27T23:35:53Z",
"ingested": "2023-08-28T15:43:09Z",
"kind": "enrichment",
"original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"22\",\"first_seen\":null,\"id\":\"12394\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1462454963\",\"to_ids\":false,\"type\":\"domain\",\"uuid\":\"572b4ab3-1af0-4d91-9cd5-07a1c0a8ab16\",\"value\":\"whatsapp.com\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#004646\",\"exportable\":true,\"hide_tag\":false,\"id\":\"1\",\"is_custom_galaxy\":false,\"is_galaxy\":false,\"local\":0,\"name\":\"type:OSINT\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#339900\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"is_custom_galaxy\":false,\"is_galaxy\":false,\"local\":0,\"name\":\"tlp:green\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"29\",\"date\":\"2014-10-03\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1610622316\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1412579577\",\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\"}}",
"type": "indicator"
"type": [
"indicator"
]
},
"input": {
"type": "httpjson"
Expand All @@ -44,7 +48,7 @@
"id": "12394",
"object_id": "0",
"sharing_group_id": "0",
"timestamp": "1462454963",
"timestamp": "2016-05-05T13:29:23.000Z",
"to_ids": false,
"type": "domain",
"uuid": "572b4ab3-1af0-4d91-9cd5-07a1c0a8ab16"
Expand All @@ -61,7 +65,7 @@
"org_id": "1",
"orgc_id": "2",
"proposal_email_lock": false,
"publish_timestamp": "1610622316",
"publish_timestamp": "2021-01-14T11:05:16.000Z",
"published": true,
"sharing_group_id": "0",
"threat_level_id": 2,
Expand Down

0 comments on commit 4247941

Please sign in to comment.