Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Forcepoint Web Security] New integration #4992

Merged
merged 5 commits into from
Jan 23, 2023
Merged

[Forcepoint Web Security] New integration #4992

merged 5 commits into from
Jan 23, 2023

Conversation

colin-stubbs
Copy link
Contributor

@colin-stubbs colin-stubbs commented Jan 13, 2023
edited
Loading

Enhancement

What does this PR do?

Adds initial release of forcepoint_web integration

Addresses issue #1208

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

Not sure. We're actually using this in production already just via custom injection of components that this will supercede.

How to test this PR locally

Use the packages/forcepoint_web/_dev/deploy/docker/sample_logs/full-sample.log as a log file to be ingested by the integration, e.g. docker cp packages/forcepoint_web/_dev/deploy/docker/sample_logs/full-sample.log CONTAINER_ID:/var/log/forcepoint-web-1.log

Related issues

Screenshots

dashboard

@elasticmachine
Copy link

elasticmachine commented Jan 13, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-01-23T06:28:49.991+0000

  • Duration: 14 min 33 sec

Test stats 🧪

Test Results
Failed 0
Passed 6
Skipped 0
Total 6

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@jamiehynds jamiehynds requested a review from a team January 16, 2023 11:13
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6
Copy link
Contributor

efd6 commented Jan 16, 2023

/test

@elasticmachine
Copy link

elasticmachine commented Jan 16, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚
Classes 100.0% (1/1) 💚
Methods 95.0% (19/20) 👍 20.0
Lines 86.017% (203/236) 👎 -13.983
Conditionals 100.0% (0/0) 💚

efd6
efd6 reviewed Jan 17, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

packages/forcepoint_web/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/forcepoint_web/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/forcepoint_web/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/forcepoint_web/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/forcepoint_web/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
packages/forcepoint_web/data_stream/logs/fields/ecs.yml Outdated Show resolved Hide resolved
packages/forcepoint_web/data_stream/logs/fields/base-fields.yml Outdated Show resolved Hide resolved
@efd6
Copy link
Contributor

efd6 commented Jan 17, 2023

Almost passing locally. Needs the following change

diff --git a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
index f12487324..49fbf04a9 100644
--- a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
+++ b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
@@ -1,6 +1,7 @@
 {
     "expected": [
         {
+            "@timestamp": "2022-12-16T07:05:25.000Z",
             "data_stream": {
                 "dataset": "forcepoint_web.logs",
                 "namespace": "default",
@@ -52,7 +53,6 @@
                     "None"
                 ],
                 "time": "07:05:25",
-                "timestamp": "2022-12-16T07:05:25.000Z",
                 "user": "anonymous",
                 "user_agent_string": "Java/11.0.6"
             },

@andrewkroh andrewkroh changed the title Resolve #1208 - Initial release of forcepoint_web [Forcepoint Web Security] New integration Jan 18, 2023
@andrewkroh andrewkroh added the Integration:forcepoint_web Forcepoint Web Security label Jan 18, 2023
@colin-stubbs
Copy link
Contributor Author

Odd but definitely not intended... I've modified as suggested. Tests passing. Additional commit/push made to resolve comments.

@efd6
Copy link
Contributor

efd6 commented Jan 20, 2023

/test

efd6
efd6 reviewed Jan 22, 2023
View reviewed changes
packages/forcepoint_web/manifest.yml Outdated
- network
- security
conditions:
kibana.version: "^8.0.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be bumped.

[2023-01-20T07:21:15.967Z] Error: error running package asset tests: could not complete test run: can't install the package: can't install the package: could not install package; API status code = 422; response body = {"statusCode":422,"error":"Unprocessable Entity","message":"Document \"forcepoint_web-05cb8903-79fb-4aa1-a20e-db1eb073a8e9\" has property \"dashboard\" which belongs to a more recent version of Kibana [8.5.0]. The last known version is [8.0.0]"}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumped to 8.5.1

@efd6
Copy link
Contributor

efd6 commented Jan 23, 2023

/test

@efd6
Copy link
Contributor

efd6 commented Jan 23, 2023

This looks good, but I'm wondering if we need to full 2.7k lines of system tests; there are sets of lines that differ little from each other that do not appear to add significantly to test coverage.

@colin-stubbs
Copy link
Contributor Author

Ah yeap, that'll be the full_sample.log ... not really used by the system tests, can definitely be removed from the release.

@colin-stubbs
Delete full-sample.log
e151e7b 
Not required for system tests to function
@efd6
Copy link
Contributor

efd6 commented Jan 23, 2023

/test

efd6
efd6 approved these changes Jan 23, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@efd6 efd6 merged commit 0ccba71 into elastic:main Jan 23, 2023
@elasticmachine
Copy link

Package forcepoint_web - 0.0.1 containing this change is available at https://epr.elastic.co/search?package=forcepoint_web

@colin-stubbs colin-stubbs deleted the forcepoint_web branch January 28, 2023 02:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
Integration:forcepoint_web Forcepoint Web Security New Integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Forcepoint Web Security Cloud
5 participants
@colin-stubbs @elasticmachine @efd6 @andrewkroh @jamiehynds