fortinet_fortiedr: new package for Fortinet FortiEDR ingestion

[efd6]

What does this PR do?

This adds a package for Fortinet FortiEDR ingestion.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• For Fortinet FortiEDR #1190

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-10-26T21:40:49.919+0000

• Duration: 17 min 15 sec

Test stats 🧪

Test	Results
Failed	0
Passed	7
Skipped	0
Total	7

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (1/1)	💚
Files	100.0% (1/1)	💚 2.488
Classes	100.0% (1/1)	💚 2.488
Methods	100.0% (12/12)	💚 9.445
Lines	95.349% (205/215)	👍 3.779
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[botelastic]

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

[P1llus]

Shall we bump this one?

[efd6]

Done

[P1llus]

Any reason for needing ignore_failure? We usually don't want to have that unless absolutely necessary

[efd6]

Removed

[P1llus]

Are these maybe from older package?

[efd6]

Yeah, these were residual in fortinet_fortimanager. I'll drop them.

[P1llus]

We could bump this to 7.17 maybe? Don't know how far back we want to support this, up to @jamiehynds

[jamiehynds]

@P1llus sounds good - supporting 7.17 or later is what we've done with most other new integrations so best to bump FortiEDR to 7.17 too.

[efd6]

Done

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[jamiehynds]

@efd6 I'm a day late and a dollar short, but Fortinet have just provided me with an NFR license for FortiEDR. If it's still of use for integration testing, I can provide the details.

[efd6]

@jamiehynds Thanks. That will be useful for the dashboard.