New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New package for Carbon Black EDR logs #1527
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
VMware doesn't allow use of any logos without explicit written consent.
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great. 2 minor things ecs.version bump and related.hash. one optional.
@@ -0,0 +1,3 @@ | |||
dependencies: | |||
ecs: | |||
reference: git@1.10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we 1.11 so it is matches others, I don't think there are any changes needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
"@timestamp": "2021-06-25T10:32:46.182Z", | ||
"carbonblack": { | ||
"edr": { | ||
"sha256": "BCA92084BAC4A371631307A8015E0AB5F221CD0593D6D589007F2AF689B0C6FA", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it be useful to add this hash to related.hash
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
"watchlists": {}, | ||
"link_md5": "https://CB_SERVER/#/binary/B1EADD12A85FD321B05819041C27CC7B", | ||
"group": "SENSORS_GROUP_NAME", | ||
"md5": "B1EADD12A85FD321B05819041C27CC7B", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it be useful to add this hash to related.hash
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
packages/carbonback_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
no support for carbon black cloud events |
Adds a new package for VMware Carbon Black EDR logs ingested via CB Event Forwarder.
What does this PR do?
Adds a new package for VMware Carbon Black EDR logs ingested via CB Event Forwarder.
Checklist
changelog.yml
file.manifest.yml
file to point to the latest Elastic stack release (e.g.^7.13.0
).Screenshots
Default enabled data_streams:
Extra data_streams:
What's missing