New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SentinelOne_Cloud_Funnel] Initial release for the SentinelOne Cloud Funnel #6386
[SentinelOne_Cloud_Funnel] Initial release for the SentinelOne Cloud Funnel #6386
Conversation
🌐 Coverage report
|
@@ -0,0 +1,71 @@ | |||
# SentinelOne Cloud Funnel | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reworded slightly: This Sentinel One Cloud Funnel integration enables your security team to securely stream XDR data to Elastic Security, via Amazon S3. When integrated with Elastic Security, this valuable data can be leveraged within Elastic for threat protection, detection and incident response.
|
||
## Requirements | ||
|
||
Elastic Agent must be installed. For more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we expand on this? Users are sometimes confused on the need for agent, what it does and where it should be deployed. We should make it clearer that Elastic Agent is required to stream data from the S3 bucket and ship the data to Elastic, whereby the events will then be processing via the integration's ingest pipelines. Should also provide some guidance as to where agent should be installed, and state it can run on a host, a container, etc.
type: integration | ||
categories: ["security", "edr_xdr"] | ||
conditions: | ||
kibana.version: ^8.3.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we set the version to ^8.7.1, inline with our current Sentinel One integration?
## Requirements | ||
|
||
Elastic Agent must be installed. For more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html). | ||
The minimum **kibana.version** required is **8.3.0**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we adjust to 8.7.1, inline with our current Sentinel One integration?
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this? We have the same license in the root of the repo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@efd6 As per new version of elastic-package license file is getting created at package creation level reference - elastic/elastic-package#898 and before that we had been using old elastic-package version. Had discussion on same before link
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I know mechanically why it's there, but I'm not convinced that it's needed. It would be good to get another view on this.
...sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json
Outdated
Show resolved
Hide resolved
...sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json
Outdated
Show resolved
Hide resolved
..._one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json
Outdated
Show resolved
Hide resolved
..._one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json
Outdated
Show resolved
Hide resolved
...entinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-process.log-expected.json
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for implementing my suggested changes.
...sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json
Outdated
Show resolved
Hide resolved
2df3cec
to
a3e19d4
Compare
…ntinel_one_cloud_funnel-0.1.0
99bcffc
to
2cd904c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please address these unresolved comments:
- https://github.com/elastic/integrations/pull/6386/files#r1222318221
- https://github.com/elastic/integrations/pull/6386/files#r1222319727
- https://github.com/elastic/integrations/pull/6386/files#r1222320194
- https://github.com/elastic/integrations/pull/6386/files#r1222320674
- https://github.com/elastic/integrations/pull/6386/files#r1222324255
- https://github.com/elastic/integrations/pull/6386/files#r1222349710
- https://github.com/elastic/integrations/pull/6386/files#r1222339921
- https://github.com/elastic/integrations/pull/6386/files#r1222346905
- https://github.com/elastic/integrations/pull/6386/files#r1222347549
- https://github.com/elastic/integrations/pull/6386/files#r1222345775
- https://github.com/elastic/integrations/pull/6386/files#r1222344859
- https://github.com/elastic/integrations/pull/6386/files#r1222332411
changes: | ||
- description: Initial release. | ||
type: enhancement | ||
link: https://github.com/elastic/integrations/pull/1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
link: https://github.com/elastic/integrations/pull/1 | |
link: https://github.com/elastic/integrations/pull/6386 |
💚 Build Succeeded
History |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Only two remaining unresolved queries.
You can run Elastic Agent inside a container, either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes. | ||
|
||
There are some minimum requirements for running Elastic Agent and for more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html). | ||
The minimum **kibana.version** required is **8.7.1**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not quite my question; this particular bit of information is quite important and so it may benefit from being in its own paragraph to avoid eye-glide. Adding a newline before this would do that.
packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
Package sentinel_one_cloud_funnel - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=sentinel_one_cloud_funnel |
What does this PR do?
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
How to test this PR locally
Related issues
Screenshots