[ModSecurity]Add modsecurity integration

[sawwn23]

What does this PR do?

ModSecurity audit log integration.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

• Added data streams
• Dashboards

How to test this PR locally

elastic-package stack up -d
eval "$(elastic-package stack shellinit)"
elastic-package test

Related issues

Screenshots

[cla-checker-service]

💚 CLA has been signed

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-09-17T04:22:32.231+0000

• Duration: 12 min 43 sec

• Commit: 3962358

Test stats 🧪

Test	Results
Failed	0
Passed	5
Skipped	0
Total	5

Trends 🧪

[sawwn23]

Hi @legoguy1000 I updated according to your review. Please also point me out if anything needs

[legoguy1000]

Hi @legoguy1000 I updated according to your review. Please also point me out if anything needs

I don't see anything else that jumps out at me. Do the system tests pass when you run the locally? If so then I think you're probably good.

[sawwn23]

Hi @legoguy1000 I updated according to your review. Please also point me out if anything needs

I don't see anything else that jumps out at me. Do the system tests pass when you run the locally? If so then I think you're probably good.

Yes, tests are pass in my local box.

[P1llus]

jenkins run tests

[P1llus]

Are you able to sign the CLA in the comment above @sawwn23 ?

[sawwn23]

Are you able to sign the CLA in the comment above @sawwn23 ?

Hi @P1llus I signed the CLA. I changes all above and make some adjustments.

[P1llus]

Thanks for the contribution! :) I double checked the CLA, it does not seem to have been signed yet, did you add the same email address as you use for github?

[P1llus]

/test

[sawwn23]

Thanks for the contribution! :) I double checked the CLA, it does not seem to have been signed yet, did you add the same email address as you use for github?

Sorry, I commit with a different email for first two. I signed both

[P1llus]

jenkins run tests

[P1llus]

/test

[P1llus]

@sawwn23
Just two small nitpicks before its ready.
For some reason this PR also includes a package named "test", I think thats just a mistake right?
Once the ECS version number is fixed, and the test package removed, we can go ahead and merge!

[P1llus]

/test

[P1llus]

Seems like you also need to regenerate your test logs, so that they include the updated version @sawwn23, sorry for the inconvenience :(

[sawwn23]

Seems like you also need to regenerate your test logs, so that they include the updated version @sawwn23, sorry for the inconvenience :(

Never mind my pleasure. This is my first integration and has some mistakes. Also, Thanks for your guidance

[P1llus]

/test

[P1llus]

We always appreciate community PR's, so happy you wanted to add in a new integration :)
I will let the tests run again, do a quick review just in case, and merge it if its working correctly.

@sawwn23:
And just so you know, a lot of us (including me) hang out in the community slack channel, so if you are thinking about creating integrations and such, I usually am in the #stack-beats channel :)

[P1llus]

Thank you very much for your contributions @sawwn23, we really appreciate it!

Please remember that we have a community program, so if you want to create contributions and receive swag for it, you can register your PR's there :)

https://www.elastic.co/community/contributor