Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add threat_intel category to integrations #3689

Merged
merged 1 commit into from Jul 20, 2022
Merged

add threat_intel category to integrations #3689

merged 1 commit into from Jul 20, 2022

Conversation

stevewritescode
Copy link
Contributor

@stevewritescode stevewritescode commented Jul 12, 2022
edited

What does this PR do?

As a follow-on to elastic/package-spec#366, this PR adds new threat_intel category to the relevant integrations:

  • Mimecast
  • AbuseCH
  • Anomali
  • Cybersixgill
  • MISP
  • AlienVault OTX
  • Recorded Future
  • Threat Quotient

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

Relates to elastic/kibana#135758, elastic/kibana#136208

@stevewritescode stevewritescode requested a review from a team July 12, 2022 16:51
@stevewritescode stevewritescode requested a review from a team as a code owner July 12, 2022 16:51
stevewritescode
stevewritescode commented Jul 12, 2022
View reviewed changes
packages/ti_cybersixgill/manifest.yml
release: ga
description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.
type: integration
format_version: 1.0.0
license: basic
categories: ["security", "productivity"]
categories: ["security", "threat_intel"]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why this specific package was listed with productivity even though the other ti-* packages were not. For consistency, I removed it.

stevewritescode
stevewritescode commented Jul 12, 2022
View reviewed changes
packages/mimecast/manifest.yml
license: basic
description: "Collect logs from the Mimecast API with Elastic Agent."
type: integration
categories:
- security
categories: ["security", "threat_intel"]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I marked this package with the threat_intel category because it supports pulling data from the Mimecast Threat Intel Feed.

@stevewritescode
Copy link
Contributor Author

@elastic/security-external-integrations did I miss any steps for updating the categories for 8.4? Happy to adjust the PR if needed.

@elasticmachine
Copy link

elasticmachine commented Jul 12, 2022
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-07-20T18:31:36.485+0000

  • Duration: 21 min 22 sec

Test stats 🧪

Test Results
Failed 0
Passed 139
Skipped 0
Total 139

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jul 12, 2022
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (18/18) 💚
Files 100.0% (19/19) 💚 3.012
Classes 100.0% (19/19) 💚 3.012
Methods 94.758% (235/248) 👍 5.708
Lines 86.714% (2813/3244) 👎 -3.765
Conditionals 100.0% (0/0) 💚

efd6
efd6 reviewed Jul 12, 2022
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after nit.

packages/mimecast/changelog.yml Outdated
@@ -1,3 +1,8 @@
- version: "1.1.1"
Copy link
Contributor

@efd6 efd6 Jul 12, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these are marked as enhancements, they would be minor version bumps rather than patch bumps.

@stevewritescode
Copy link
Contributor Author

Thanks @efd6! I modified the version numbers. @elastic/protections-experience would you mind giving this a once over before I merge?

efd6
efd6 approved these changes Jul 13, 2022
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

PhilippeOberti
PhilippeOberti approved these changes Jul 20, 2022
View reviewed changes
Copy link

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (although not exactly sure how to test this :) )

@dhru42
Copy link

dhru42 commented Jul 20, 2022

@stevewritescode you're missing ThreatQuotient in your list of TI feeds. Also just as an FYI, Mimecast isn't a full TI integration but they have some data streams that are Threat Intelligence related so good to keep on the list.

@stevewritescode
Copy link
Contributor Author

Thanks @dhru42! I accidentally left ThreatQuotient out of the list in the PR description, though it is represented in the code changed. I updated the description to match.

I will also rebase on the recent mimecast updates before merging.

@stevewritescode stevewritescode merged commit a2f3eb5 into main Jul 20, 2022
@andrewkroh andrewkroh mentioned this pull request Jul 26, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@stevewritescode @elasticmachine @dhru42 @PhilippeOberti @efd6