Barracuda WAF: Add new integration

[bhapas]

Type of change

• Enhancement

What does this PR do?

Update the Barracuda Logs integration to support Web Firewall Logs , Access Logs , Network Firewall Logs.

This PR shall remove spamfirewall data stream and modifies waf datastream to adapt to ELK and ECS based mapping

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

• Change follows the contributing guidelines
• Supported versions of the monitoring target are documented
• Supported operating systems are documented (if applicable)
• Integration or System tests exist
• Documentation exists
• Fields follow ECS and naming conventions
• At least a manual test with ES / Kibana / Agent has been performed.
• Required Kibana version set to: 7.17.0 or 8.0.0

New Package

• Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• Dashboards exists
• Screenshots added or updated
• Datastream filters added to visualizations

Log dataset changes

• Pipeline tests exist (if applicable)
• Generated output for at least 1 log file exists
• Sample event (sample_event.json) exists

Related issues

• Relates Barracuda WAF #1302

Screenshots

Add Integration

Overview

Access Logs

Web Firewall Logs

Network Firewall Logs

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-03-29T11:50:29.328+0000

• Duration: 17 min 56 sec

Test stats 🧪

Test	Results
Failed	0
Passed	14
Skipped	0
Total	14

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (1/1)	💚
Files	100.0% (4/4)	💚
Classes	100.0% (4/4)	💚
Methods	100.0% (28/28)	💚 8.696
Lines	95.86% (301/314)	👍 13.386
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[taylor-swanson]

Overall, this looks great!

Just a few minor comments here and there. Also, could you add those screenshots as part of the package as well?

[bhapas]

After a discussion with @jamiehynds and the team it is decided to go with a major step upgrade of existing "Barracuda" integration with replacement of existing waf data_stream with this code and removal of spamfirewall data_stream.

These changes shall be captured in the changelog and also a section shall be written in the documentation to keep the users aware of this.

[bhapas]

Moved the code from barracuda_waf . log to barracuda.waf to provide seamless upgrade option to customers that are already running old rsa integration to the new ELK integration.

[marc-gr]

I made some suggestions in the readme that felt alright given that now WAF is a datastream instead of a whole integration in itself. Also I think the object barracuda.log should be changed to barracuda.waf for the same reason. WDYT?

[elasticmachine]

Package barracuda - 1.0.0 containing this change is available at https://epr.elastic.co/search?package=barracuda