-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Prisma Cloud] Initial Release for Prisma Cloud #8135
Conversation
/test |
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
/test |
🌐 Coverage report
|
@@ -0,0 +1,4 @@ | |||
dependencies: | |||
ecs: | |||
reference: git@v8.9.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reference: git@v8.9.0 | |
reference: git@v8.10.0 |
- set: | ||
field: ecs.version | ||
tag: set_ecs_version | ||
value: 8.9.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8.10.0
is now available.
vars: | ||
url: http://{{Hostname}}:{{Port}} | ||
preserve_original_event: true | ||
preserve_duplicate_custom_fields: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add assert.hit_count
to all system test configs?
packages/prisma_cloud/manifest.yml
Outdated
@@ -0,0 +1,113 @@ | |||
format_version: 2.8.0 | |||
name: prisma_cloud | |||
title: "Prisma Cloud" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
update title to Palo Alto Prisma Cloud
/test |
preserve_original_event: true | ||
preserve_duplicate_custom_fields: true | ||
assert: | ||
hit_count: 500 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How are we getting 500 events? Where are these 500 events defined?
Hello, just curious, is this integration planned for 8.10 or just 8.11? |
Hey @leandrojmp, We have planned it for 8.10.1. |
…host profile data streams.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
"user": state.user, | ||
"password": state.password, | ||
"batch_size": string(state.batch_size), | ||
"access_token": state.access_token, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you could save this token in redact config next release
Package prisma_cloud - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=prisma_cloud |
Hello, We are planning to test this integration, but one question, is the Incident Audit dataset only available when using TCP/UDP? The datastreams for this dataset only have those two inputs available. Not sure if this is a limitation of the Prisma Cloud tool or the integration. EDIT: Just saw this in the notes:
|
What does this PR do?
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Log dataset changes
How to test this PR locally
Related issues
Automated Test
test-file.txt
Screenshot
We are facing message size exceeding errors so need to validate it in the cloud instance.
![image](https://private-user-images.githubusercontent.com/138874484/273832989-700e3591-48c3-458b-8562-8e7d94bf8943.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA2ODE0ODcsIm5iZiI6MTcyMDY4MTE4NywicGF0aCI6Ii8xMzg4NzQ0ODQvMjczODMyOTg5LTcwMGUzNTkxLTQ4YzMtNDU4Yi04NTYyLThlN2Q5NGJmODk0My5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzExJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxMVQwNjU5NDdaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0zMzc5YmQzYWM2Mjg0NzljNGU0YTkyYmZlMGM0YTEyMWE5Mjk1ZDMwNmVlNzEwYWU4ZTYyYTE4NmY2NjY4YTgwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.kvRmBJ_Nq1WUOegtVzW1WWsNmXYjbTE5SL8Jhdsucu0)