Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cisco_meraki: handle blocked ARP packet, auth and port messages #7771

Merged
merged 3 commits into from Sep 20, 2023
Merged

cisco_meraki: handle blocked ARP packet, auth and port messages #7771

merged 3 commits into from Sep 20, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Sep 12, 2023

What does this PR do?

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Sep 12, 2023
@efd6 efd6 force-pushed the 7770-cisco_meraki branch 2 times, most recently from db74b7a to 215ca81 Compare September 12, 2023 07:39
@efd6 efd6 changed the title cisco_meraki: hndle blocked ARP packet messages cisco_meraki: handle blocked ARP packet messages Sep 12, 2023
@elasticmachine
Copy link

elasticmachine commented Sep 12, 2023
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-09-19T23:23:06.705+0000

  • Duration: 18 min 2 sec

Test stats 🧪

Test Results
Failed 0
Passed 19
Skipped 0
Total 19

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Sep 12, 2023
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (9/9) 💚
Classes 100.0% (9/9) 💚
Methods 100.0% (66/66) 💚
Lines 98.142% (1162/1184)
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review September 12, 2023 08:01
@efd6 efd6 requested a review from a team as a code owner September 12, 2023 08:01
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@LaZyDK
Copy link
Contributor

LaZyDK commented Sep 12, 2023

LGTM

@efd6
Copy link
Contributor Author

efd6 commented Sep 12, 2023

@LaZyDK Are you happy with the subtype? I was also wondering whether we should be retaining the fact that it's a ARP packet that's being blocked somewhere other than in the event.original.

@LaZyDK
Copy link
Contributor

LaZyDK commented Sep 12, 2023

If you want to follow the current format then arp_blocked is probably better.

Do you want some more log lines that are not normalized?

@LaZyDK
Copy link
Contributor

LaZyDK commented Sep 12, 2023

I just found something that could be optimized in the Meraki integrations.
The subtype usually is the same as event.action but sometimes this field is empty.

@efd6 efd6 changed the title cisco_meraki: handle blocked ARP packet messages cisco_meraki: handle blocked ARP packet, auth and port messages Sep 12, 2023
@efd6
Copy link
Contributor Author

efd6 commented Sep 12, 2023

@LaZyDK Added your new events and changed the subtype.

That optimisation is worth considering, please open an issue for it.

@LaZyDK LaZyDK mentioned this pull request Sep 13, 2023
Merged
4 tasks
@LaZyDK
Copy link
Contributor

LaZyDK commented Sep 19, 2023

You don't have to implement my suggestions. I will add it to another PR to be reviewed later on.

@efd6 efd6 merged commit f2b80b1 into elastic:main Sep 20, 2023
4 checks passed
@elasticmachine
Copy link

Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki

2 similar comments
@elasticmachine
Copy link

Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki

@elasticmachine
Copy link

Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:Cisco Meraki
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cisco_meraki: parse out details from Blocked ARP Packet log events
4 participants
@efd6 @elasticmachine @LaZyDK @andrewkroh