Add network traffic package #1176
Conversation
andrewstucki
added
enhancement
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
| vars: | ||
| - name: port | ||
| type: integer | ||
| # currently the Kibana UI doesn't support multi inputs |
There was a problem hiding this comment.
Is there an issue for this that you can link to in the comment. Then it will be clear when we can start allowing numeric mutli-inputs.
There was a problem hiding this comment.
I'll create one and link it
| type: text | ||
| title: Interface | ||
| required: false | ||
| show_user: false |
There was a problem hiding this comment.
might be good to add a description that says what happens if you don't specify the interface (any interface or no interface?) Do we want to expose that you could give a filename here for pcap files?
There was a problem hiding this comment.
might be good to add a description that says what happens if you don't specify the interface (any interface or no interface?)
I'll try and come up with something for the description, felt the need to, but wasn't sure what to put since it's not super simple -- it actually follows the logic of Packetbeat's default template which is:
- Mac OS X:
en0 - Linux:
any - Windows: whatever the first interface is 😅
Do we want to expose that you could give a filename here for pcap files?
I think I'd probably want to avoid adding that, mainly because I don't see a good use-case for 99.99% of users to add a pcap file as the thing to read from.
|
I'm going to go ahead and just merge this so it doesn't sit out any longer, will add the descriptions and comments to an issue link in a follow-up PR. Still have additional dashboards to add and potentially some installation lifecycle management stuff to work out before this goes primetime anyway. |
* Add network trafic package * Add pcap tests * run elastic-package format * Fix up ports on http tests * Fix up ports on mysql tests * Fix field mappings for mongo, mysql, and nfs * Fix up fields for pgsql, sip, thrift, and tls * update README * Update dns fields * Fix up http fields * Fix redis test configuration port * Fix cassandra fields * Fix missing fields * Fix up test ids for dns * Fix missing dns field * Fix some more bad fields * Revert keyword -> long changes and add testing config
|
Package cloud_security_posture - 1.5.0 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture |
What does this PR do?
This is a generic network traffic package that is a replacement for Packetbeat. It contains data streams and configuration for the following protocols:
I still need to add test fixtures for it.As it uses thecontainshandlebars helper I extended in Kibana to support strings and conditional blocks, it requires Kibana 7.14.Additionally, tests won't pass until the latest Kibana 7.14 snapshot comes out and until tomorrow's Packetbeat 7.14 snapshot comes out, as the tests and manifest rely on some bugfixes and the above functionality.Testing is good to go.
Checklist
changelog.ymlfile.manifest.ymlfile to point to the latest Elastic stack release (e.g.^7.13.0).Screenshots