Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New package for Carbon Black EDR logs #1527

Merged
merged 12 commits into from Aug 17, 2021
Merged

New package for Carbon Black EDR logs #1527

merged 12 commits into from Aug 17, 2021

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Aug 14, 2021
edited

What does this PR do?

Adds a new package for VMware Carbon Black EDR logs ingested via CB Event Forwarder.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Screenshots

image

Screenshot 2021-08-15 at 13-32-08 VMware Carbon Black EDR - Integrations - Elastic

Default enabled data_streams:

Screenshot 2021-08-15 at 13-33-52 Add integration - VMware Carbon Black EDR - Integrations - Elastic

Extra data_streams:

Screenshot 2021-08-15 at 13-34-38 Add integration - VMware Carbon Black EDR - Integrations - Elastic

What's missing

  • Logo, can't be used without explicit agreement from VMware.
  • Dashboards.

@elasticmachine
Copy link

elasticmachine commented Aug 14, 2021
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-08-17T20:36:05.293+0000

  • Duration: 18 min 14 sec

  • Commit: 4fc4797

Test stats 🧪

Test Results
Failed 0
Passed 8
Skipped 0
Total 8

Trends 🧪

Image of Build Times

Image of Tests

@adriansr
No icon / logo
8f932dc 
VMware doesn't allow use of any logos without explicit  written consent.
@adriansr
Pull request no.
92ba756
@adriansr
Fix docs
b0eaa8b
@adriansr
Beta ---> Experimental
a454806
@adriansr adriansr marked this pull request as ready for review August 15, 2021 11:36
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

leehinman
leehinman requested changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great. 2 minor things ecs.version bump and related.hash. one optional.

packages/carbonback_edr/_dev/build/build.yml Outdated
@@ -0,0 +1,3 @@
dependencies:
ecs:
reference: git@1.10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we 1.11 so it is matches others, I don't think there are any changes needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

packages/carbonback_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json
"@timestamp": "2021-06-25T10:32:46.182Z",
"carbonblack": {
"edr": {
"sha256": "BCA92084BAC4A371631307A8015E0AB5F221CD0593D6D589007F2AF689B0C6FA",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be useful to add this hash to related.hash ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

packages/carbonback_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json
"watchlists": {},
"link_md5": "https://CB_SERVER/#/binary/B1EADD12A85FD321B05819041C27CC7B",
"group": "SENSORS_GROUP_NAME",
"md5": "B1EADD12A85FD321B05819041C27CC7B",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be useful to add this hash to related.hash ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

packages/carbonback_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/carbonback_edr/data_stream/log/manifest.yml Show resolved Hide resolved
leehinman
leehinman approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@adriansr adriansr merged commit aa4d701 into elastic:master Aug 17, 2021
@epixa epixa mentioned this pull request Aug 26, 2021
Closed
15 tasks
@CyberTaoFlow
Copy link

no support for carbon black cloud events

eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@adriansr
New package for Carbon Black EDR logs (elastic#1527)
5853e8e 
Adds a new package for VMware Carbon Black EDR logs ingested via CB Event Forwarder.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
7.15 candidate enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adriansr @elasticmachine @CyberTaoFlow @leehinman