Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

network_traffic: fix mapping for tls.detailed.{client,server}_certificate_chain #6856

Merged
merged 2 commits into from
Jul 10, 2023
Merged

network_traffic: fix mapping for tls.detailed.{client,server}_certificate_chain #6856

merged 2 commits into from
Jul 10, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jul 7, 2023

What does this PR do?

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jul 7, 2023
@elasticmachine
Copy link

elasticmachine commented Jul 7, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-07-09T22:10:52.859+0000

  • Duration: 65 min 14 sec

Test stats 🧪

Test Results
Failed 0
Passed 154
Skipped 0
Total 154

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 98.276% (57/58)
Lines 88.356% (129/146)
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review July 7, 2023 01:59
@efd6 efd6 requested a review from a team as a code owner July 7, 2023 01:59
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

andrewkroh
andrewkroh reviewed Jul 7, 2023
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that we know the fields that should be present here, I'm think we should declare them in the mapping. WDYT?

packages/network_traffic/data_stream/tls/fields/protocol.yml Outdated
Comment on lines 164 to 165
type: flattened
description: Chain of trust for the server certificate.
Copy link
Member

@andrewkroh andrewkroh Jul 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type: flattened
description: Chain of trust for the server certificate.
type: group
description: Chain of trust for the server certificate.
fields: &certificate_object
- name: alternative_names
type: keyword
description: Subject alternative names (SANs) in the certificate.
- name: issuer
type: group
description: Issuer certificate metadata.
fields: &x509_attributes
- name: common_name
type: keyword
- name: country
type: keyword
- name: distinguished_name
type: keyword
- name: locality
type: keyword
- name: organization
type: keyword
- name: organizational_unit
type: keyword
- name: postal_code
type: keyword
- name: serial_number
type: keyword
- name: state_or_province
type: keyword
- name: street_address
type: keyword
- name: subject
type: group
description: Subject certificate metadata.
fields: *x509_attributes
- name: not_after
type: date
description: End of the validity period (inclusive).
- name: not_before
type: date
description: Start of the validity period (inclusive).
- name: public_key_algorithm
type: keyword
description: Public key algorithm (e.g. RSA, DSA, ECDSA, Ed25519).
- name: public_key_size
type: long
description: Number of bits in the public key.
- name: serial_number
type: keyword
description: Base 10 representation of the certificate serial number.
- name: signature_algorithm
type: keyword
description: Signature algorithm (e.g. SHA256-RSA).
- name: version_number
type: keyword
description: The x509 certificate version. Version 3 is the latest and most common.

packages/network_traffic/data_stream/tls/fields/protocol.yml Outdated
Comment on lines 167 to 221
type: flattened
description: Chain of trust for the client certificate.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type: flattened
description: Chain of trust for the client certificate.
type: group
description: Chain of trust for the client certificate.
fields: *certificate_object

@efd6 efd6 requested a review from andrewkroh July 9, 2023 22:11
@efd6 efd6 merged commit ab865d6 into elastic:main Jul 10, 2023
4 checks passed
@elasticmachine
Copy link

Package network_traffic - 1.19.2 containing this change is available at https://epr.elastic.co/search?package=network_traffic

gizas pushed a commit that referenced this pull request Sep 5, 2023
@efd6 @gizas
network_traffic: fix mapping for tls.detailed.{client,server}_certifi…
93f12fc 
…cate_chain (#6856)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@efd6 efd6

Labels
bug Something isn't working Integration:Network Packet Capture
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[network_traffic] tls.detailed.server_certificate_chain mapping error
3 participants
@efd6 @elasticmachine @andrewkroh