-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Forcepoint Web Security] New integration #4992
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
/test |
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/forcepoint_web/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
packages/forcepoint_web/data_stream/logs/fields/base-fields.yml
Outdated
Show resolved
Hide resolved
Almost passing locally. Needs the following change diff --git a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
index f12487324..49fbf04a9 100644
--- a/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
+++ b/packages/forcepoint_web/data_stream/logs/_dev/test/pipeline/test-forcepoint-web.json-expected.json
@@ -1,6 +1,7 @@
{
"expected": [
{
+ "@timestamp": "2022-12-16T07:05:25.000Z",
"data_stream": {
"dataset": "forcepoint_web.logs",
"namespace": "default",
@@ -52,7 +53,6 @@
"None"
],
"time": "07:05:25",
- "timestamp": "2022-12-16T07:05:25.000Z",
"user": "anonymous",
"user_agent_string": "Java/11.0.6"
}, |
Odd but definitely not intended... I've modified as suggested. Tests passing. Additional commit/push made to resolve comments. |
/test |
packages/forcepoint_web/manifest.yml
Outdated
- network | ||
- security | ||
conditions: | ||
kibana.version: "^8.0.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will need to be bumped.
[2023-01-20T07:21:15.967Z] Error: error running package asset tests: could not complete test run: can't install the package: can't install the package: could not install package; API status code = 422; response body = {"statusCode":422,"error":"Unprocessable Entity","message":"Document \"forcepoint_web-05cb8903-79fb-4aa1-a20e-db1eb073a8e9\" has property \"dashboard\" which belongs to a more recent version of Kibana [8.5.0]. The last known version is [8.0.0]"}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bumped to 8.5.1
/test |
This looks good, but I'm wondering if we need to full 2.7k lines of system tests; there are sets of lines that differ little from each other that do not appear to add significantly to test coverage. |
Ah yeap, that'll be the full_sample.log ... not really used by the system tests, can definitely be removed from the release. |
Not required for system tests to function
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
Package forcepoint_web - 0.0.1 containing this change is available at https://epr.elastic.co/search?package=forcepoint_web |
Enhancement
What does this PR do?
Adds initial release of forcepoint_web integration
Addresses issue #1208
Checklist
changelog.yml
file.Author's Checklist
Not sure. We're actually using this in production already just via custom injection of components that this will supercede.
How to test this PR locally
Use the packages/forcepoint_web/_dev/deploy/docker/sample_logs/full-sample.log as a log file to be ingested by the integration, e.g. docker cp packages/forcepoint_web/_dev/deploy/docker/sample_logs/full-sample.log CONTAINER_ID:/var/log/forcepoint-web-1.log
Related issues
Screenshots