Add CrowdStrike filebeat module #182
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
💚 Build Succeeded
Expand to view the summary
Build stats
|
andrewstucki
commented
Jul 21, 2020
andrewstucki
added
Team:Integrations
|
Pinging @elastic/siem (Team:SIEM) |
|
Pinging @elastic/integrations (Team:Integrations) |
andrewstucki
commented
Jul 21, 2020
packages/crowdstrike/manifest.yml
Outdated
| title: CrowdStrike SIEM Alerts | ||
| size: 3360x1776 | ||
| type: image/jpg | ||
| - src: /img/siem-events-cs.jpg |
There was a problem hiding this comment.
Should this appear in the Kibana UI? It looks like it's only showing the first screenshot right now?
There was a problem hiding this comment.
I noticed the same thing with Suricata. I kind of expected to be able to thumb through the screenshots.
andrewstucki
force-pushed
the
filebeat-crowdstrike-falcon
branch
from
4afcbf0
to
def0627
Compare
eyalkraft
pushed a commit
to build-security/integrations
that referenced
this pull request
Mar 30, 2022
* Add crowdstrike filebeat module * Update crowdstrike module * Revert accidental removal * Update with changes to crowdstrike module * add back new samples * Update base fields * Update READMe * update owner * remove dataset fields and add in log and input fields * remove stray png
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
So, one of the things in the handlebars yaml file to bring it to parity with what's currently in filebeat is blocked by elastic/kibana#72698I'm going to try and actually test this locally as well, but I'm putting this up here early in case anyone wants to give early feedback.Checklist
Related issues
Screenshots