Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TI MISP] Add datastream for Attributes API endpoint #4136

Merged
merged 29 commits into from Apr 4, 2023
Merged

[TI MISP] Add datastream for Attributes API endpoint #4136

merged 29 commits into from Apr 4, 2023

Conversation

legoguy1000
Copy link
Contributor

What does this PR do?

Add new datastream to support the /attributes/restSearch API endpoint

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commented Sep 6, 2022
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-04-03T08:29:54.220+0000

  • Duration: 15 min 53 sec

Test stats 🧪

Test Results
Failed 0
Passed 15
Skipped 0
Total 15

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@P1llus P1llus self-requested a review September 28, 2022 08:31
@P1llus P1llus self-assigned this Sep 28, 2022
@P1llus
Copy link
Member

P1llus commented Sep 28, 2022

This is a great contribution @legoguy1000 . Please ping me when you feel its finished.

@legoguy1000
Copy link
Contributor Author

Will do. I think it's pretty much done, the only thing I've been debating is whether to align the fields to match the other datastream or not? There is overlap in the data that's retrieved but it's structure is different and I've been debating whether to rename the fields to match the other datastream or just leave as is.

@botelastic
Copy link

botelastic bot commented Oct 28, 2022

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Oct 28, 2022
@legoguy1000
Copy link
Contributor Author

:)

@botelastic botelastic bot removed the Stalled label Oct 28, 2022
@ebeahan
Copy link
Member

ebeahan commented Oct 28, 2022

thanks for the bump, @legoguy1000!

If you're ready to have this one looked at again, can you move it out of draft?

@andrewkroh
Copy link
Member

/test

@botelastic
Copy link

botelastic bot commented Nov 30, 2022

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 30, 2022
@botelastic
Copy link

botelastic bot commented Dec 30, 2022

Hi! This PR has been stale for a while and we're going to close it as part of our cleanup procedure. We appreciate your contribution and would like to apologize if we have not been able to review it, due to the current heavy load of the team. Feel free to re-open this PR if you think it should stay open and is worth rebasing. Thank you for your contribution!

@botelastic botelastic bot closed this Dec 30, 2022
@narph narph reopened this Jan 17, 2023
@botelastic botelastic bot removed the Stalled label Jan 17, 2023
@P1llus
Copy link
Member

P1llus commented Jan 24, 2023

We could safely take over this PR. The current progress is that we need to review the integration to make sure it produces the same outcome as the existing datastream (it just uses two different API's, this one is less performance heavy).

We should also update the documentation to ensure that they only use one or the other.

@kcreddy kcreddy self-assigned this Jan 27, 2023
@botelastic
Copy link

botelastic bot commented Mar 11, 2023

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Mar 11, 2023
@botelastic botelastic bot removed the Stalled label Mar 30, 2023
@kcreddy
Copy link
Contributor

kcreddy commented Mar 30, 2023

/test

@elasticmachine
Copy link

elasticmachine commented Mar 30, 2023
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 100.0% (30/30) 💚
Lines 85.082% (519/610) 👎 -12.614
Conditionals 100.0% (0/0) 💚

@kcreddy kcreddy marked this pull request as ready for review March 30, 2023 10:42
@kcreddy kcreddy requested a review from a team as a code owner March 30, 2023 10:42
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

efd6
efd6 reviewed Apr 3, 2023
View reviewed changes
packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
@kcreddy
Copy link
Contributor

kcreddy commented Apr 3, 2023

/test

@kcreddy kcreddy merged commit fc4df7f into elastic:main Apr 4, 2023
3 checks passed
@elasticmachine
Copy link

Package ti_misp - 1.11.0 containing this change is available at https://epr.elastic.co/search?package=ti_misp

@elasticmachine
Copy link

Package ti_misp - 1.12.0 containing this change is available at https://epr.elastic.co/search?package=ti_misp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@kcreddy kcreddy kcreddy left review comments

@efd6 efd6 efd6 approved these changes

@P1llus P1llus Awaiting requested review from P1llus

Assignees

@P1llus P1llus

@kcreddy kcreddy

Labels
enhancement New feature or request Integration:MISP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[MISP] Support Attributes API
9 participants
@legoguy1000 @elasticmachine @P1llus @ebeahan @andrewkroh @kcreddy @efd6 @narph @jamiehynds