New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Barracuda WAF: Add new integration #5493
Conversation
🌐 Coverage report
|
… into 1302-barracuda-waf
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, this looks great!
Just a few minor comments here and there. Also, could you add those screenshots as part of the package as well?
packages/barracuda_waf/data_stream/log/_dev/test/system/test-tcp-config.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/access.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/access.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/networkfirewall.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/elasticsearch/ingest_pipeline/webfirewall.yml
Outdated
Show resolved
Hide resolved
packages/barracuda_waf/data_stream/log/_dev/test/pipeline/test-access.log-expected.json
Outdated
Show resolved
Hide resolved
After a discussion with @jamiehynds and the team it is decided to go with a major step upgrade of existing "Barracuda" integration with replacement of existing These changes shall be captured in the changelog and also a section shall be written in the documentation to keep the users aware of this. |
Moved the code from |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made some suggestions in the readme that felt alright given that now WAF is a datastream instead of a whole integration in itself. Also I think the object barracuda.log
should be changed to barracuda.waf
for the same reason. WDYT?
packages/barracuda/data_stream/waf/elasticsearch/ingest_pipeline/webfirewall.yml
Outdated
Show resolved
Hide resolved
Package barracuda - 1.0.0 containing this change is available at https://epr.elastic.co/search?package=barracuda |
Type of change
What does this PR do?
Update the Barracuda Logs integration to support Web Firewall Logs , Access Logs , Network Firewall Logs.
This PR shall remove
spamfirewall
data stream and modifieswaf
datastream to adapt to ELK and ECS based mappingChecklist
changelog.yml
file.Author's Checklist
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
7.17.0
or8.0.0
New Package
Dashboards changes
Log dataset changes
sample_event.json
) existsRelated issues
Screenshots
Add Integration
Overview
Access Logs
Web Firewall Logs
Network Firewall Logs