Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Lateral Movement Detection] Update package to add RDP based lateral movement detection #6588

Merged
merged 2 commits into from
Jun 15, 2023
Merged

[Lateral Movement Detection] Update package to add RDP based lateral movement detection #6588

merged 2 commits into from
Jun 15, 2023

Conversation

sodhikirti07
Copy link
Contributor

@sodhikirti07 sodhikirti07 commented Jun 15, 2023
edited
Loading

What does this PR do?

Refer the old PR to check the comment history. Starting this PR to avoid multiple rebases on the previous, otherwise, the content is exactly the same as the old one.

  • Adds anomaly detection jobs and security rules to detect malicious RDP activity in the environment.
  • Adds a folder that installs pivot transform in the user environment. The transform is created following the new guidelines for 8.8 (link)
  • Update dashboard to include all the anomaly detection jobs.
  • Update README to include additional instructions, AD jobs and security rules.
  • Updates changelog.yml and manifest.yml

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Stand the elastic-package stack using 8.8.0-SNAPSHOT using the below command. This is for testing the transform with the latest guidelines and features. Note that previous versions of elastic with elastic-package will throw installation error for the transform. For more context, read the section for _meta.run_as_kibana_system here

                     `elastic-package stack up -d -v --version 8.8.0-SNAPSHOT`

Related issues

Screenshots

Screenshots are in the comment section below.

@sodhikirti07 sodhikirti07 requested review from a team as code owners June 15, 2023 14:05
@sodhikirti07
Copy link
Contributor Author

Screenshots

  • Landing page

image

  • Transform installed and running

image

image

  • ML jobs started and retrieving data

image

image

image

  • Security rules enabled

image

  • Updated dashboard

image

@elasticmachine
Copy link

💚 Build Succeeded

@elasticmachine
Copy link

elasticmachine commented Jun 15, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-06-15T14:06:49.794+0000

  • Duration: 14 min 31 sec

Test stats 🧪

Test Results
Failed 0
Passed 1
Skipped 0
Total 1

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@susan-shu-c
Copy link
Member

Hi, is this PR a 100% clone of this one? #6406

If so, could you make a note in the description?

@susan-shu-c
Copy link
Member

And also the rationale for reopening (CI issue) so that we are able to look at the conversation thread in the old PR as well and follow the linage of this PR

@sodhikirti07
Copy link
Contributor Author

Hi, is this PR a 100% clone of this one? #6406

If so, could you make a note in the description?

@susan-shu-c added old link in the description.

susan-shu-c
susan-shu-c approved these changes Jun 15, 2023
View reviewed changes
Copy link
Member

@susan-shu-c susan-shu-c left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving since the PR this is cloned from has been approved

@sodhikirti07 sodhikirti07 merged commit 9495cd7 into main Jun 15, 2023
@elasticmachine
Copy link

Package lmd - 1.0.2 containing this change is available at https://epr.elastic.co/search?package=lmd

@SourinPaul SourinPaul mentioned this pull request Jul 11, 2023
Closed
@andrewkroh andrewkroh added the Integration:lmd Lateral Movement Detection label Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qn895 qn895 qn895 approved these changes

@susan-shu-c susan-shu-c susan-shu-c approved these changes

Assignees
No one assigned
Labels
Integration:lmd Lateral Movement Detection
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sodhikirti07 @elasticmachine @susan-shu-c @qn895 @andrewkroh