[tanium] Initial Release for the Tanium

[vinit-chauhan]

What does this PR do?

• Generated the skeleton of the Tanium integration package.
• Added data streams.
• Added data collection logic for all the data streams.
• Added the ingest pipeline for all the data streams.
• Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files.
• Added dashboards and visualizations.
• Added test for pipeline for all the data streams.
• Added system test cases for all the data streams.

Note: This integration supports 6 data streams. Out of Which, the Threat Response data stream is developed and tested with sample data. However, the other 5 data streams are developed and tested against the live data.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

• Change follows the contributing guidelines
• Supported versions of the monitoring target is documented
• Supported operating systems are documented (if applicable)
• Integration or System tests exist
• Documentation exists
• Fields follow ECS and naming conventions
• At least a manual test with ES / Kibana / Agent has been performed.
• Required Kibana version set to: ^7.17.0 || ^8.0.0

New Package

• Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• Dashboards exists
• Screenshots added or updated
• Datastream filters added to visualizations

Log dataset changes

• Pipeline tests exist (if applicable)
• Generated output for at least 1 log file exists
• Sample event (sample_event.json) exists

How to test this PR locally

• Clone integrations repo.
• Install elastic package locally.
• Start elastic stack using elastic-package.
• Move to integrations/packages/tanium directory.
• Run the following command to run tests.

elastic-package test

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-03-02T06:54:30.264+0000

• Duration: 23 min 17 sec

Test stats 🧪

Test	Results
Failed	0
Passed	42
Skipped	0
Total	42

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (6/6)	💚
Files	100.0% (7/7)	💚
Classes	100.0% (7/7)	💚
Methods	97.561% (80/82)	👎 -2.439
Lines	92.012% (1774/1928)	👍 6.755
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[syedrafice]

Is there a targeted release version for this integration?

[vinit-chauhan]

Hey @syedrafice - This integration will be available on Elastic stack versions greater than 7.17. and 8.x.

[syedrafice]

Thank you @vinit-elastic. I should have clarified, what release will the integration get merged into the main integrations GitHub repo for the public to use?

[jamiehynds]

Hey @syedrafice - we're currently going through the PR review process and expect the Tanium integration to ship over the coming weeks. We don't have to wait for a stack release.

Do you have a customer looking for the integration? We're shipping the integration as beta, and will be looking for early feedback if you have a user in mind.

[P1llus]

As discussed on the weekly meeting, feel free to add the dynamic template as well, according to: #5055

[P1llus]

From what I can see its ready, but its quite a heavy integration, especially the threat datastream. A bit unsure how much we can see from a simple review.

I will leave it here for a little to see if anyone else have more comments.

[P1llus]

Since this includes proper testing, and has been tested against a live instance of the actual product, I will decide to merge.

[elasticmachine]

Package tanium - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=tanium