Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[amazon_security_lake] Added support for all the OCSF Classes #8579

Merged
merged 3 commits into from
Dec 20, 2023
Merged

[amazon_security_lake] Added support for all the OCSF Classes #8579

merged 3 commits into from
Dec 20, 2023

Conversation

janvi-elastic
Copy link
Contributor

@janvi-elastic janvi-elastic commented Nov 27, 2023
edited
Loading

Type of change

  • Enhancement

What does this PR do?

  • Added support for all third party vendors.
  • Added ingest pipeline and test files for all OCSF Categories.
  • Added dashboards for all OCSF Categories and updated dashboard screenshots of existing OCSF Categories.
  • Implemented re-routing based on OCSF Categories.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/amazon_security_lake directory.
  • Run the following command to run tests.

elastic-package test

Automated Test

2023/11/27 14:13:10 DEBUG latest version (cached): v0.92.0. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.92.0 (Timestamp 2023-11-27 14:12:59.272688863 +0530 IST)
Run test suite for the package
Run asset tests for the package
2023/11/27 14:13:10 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:10 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:10 DEBUG Connecting with Elasticsearch host from current profile (profile: default, host: "https://127.0.0.1:9200")
2023/11/27 14:13:10 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:10 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:10 DEBUG Connecting with Kibana host from current profile (profile: default, host: "https://127.0.0.1:5601")
2023/11/27 14:13:10 DEBUG GET https://127.0.0.1:5601/api/status
2023/11/27 14:13:10 DEBUG installing package...
2023/11/27 14:13:10 DEBUG Build directory: /root/integrations/build/packages/amazon_security_lake/0.9.0
2023/11/27 14:13:10 DEBUG Clear target directory (path: /root/integrations/build/packages/amazon_security_lake/0.9.0)
2023/11/27 14:13:10 DEBUG Copy package content (source: /root/integrations/packages/amazon_security_lake)
2023/11/27 14:13:10 DEBUG Copy license file if needed
2023/11/27 14:13:10  INFO License text found in "/root/integrations/LICENSE.txt" will be included in package
2023/11/27 14:13:10 DEBUG Encode dashboards
2023/11/27 14:13:11 DEBUG Resolve external fields
2023/11/27 14:13:11 DEBUG Package has external dependencies defined
2023/11/27 14:13:11 DEBUG data_stream/application_activity/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/application_activity/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/application_activity/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/application_activity/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/discovery/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/discovery/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/discovery/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/discovery/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/event/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/event/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/event/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/event/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/findings/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/findings/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/findings/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/findings/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/iam/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/iam/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/iam/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/iam/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/network_activity/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/network_activity/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/network_activity/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/network_activity/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/system_activity/fields/base-fields.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/system_activity/fields/beats.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/system_activity/fields/ecs.yml: source file hasn't been changed
2023/11/27 14:13:11 DEBUG data_stream/system_activity/fields/fields.yml: source file hasn't been changed
2023/11/27 14:13:11  INFO Import ECS mappings into the built package (technical preview)
2023/11/27 14:13:11 DEBUG Build zipped package
2023/11/27 14:13:11 DEBUG Compress using archiver.Zip (destination: /root/integrations/build/packages/amazon_security_lake-0.9.0.zip)
2023/11/27 14:13:11 DEBUG Create work directory for archiving: /tmp/elastic-package-724042393/amazon_security_lake-0.9.0
2023/11/27 14:13:11 DEBUG Skip validation of the built .zip package
2023/11/27 14:13:11 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/11/27 14:13:18 DEBUG removing package...
2023/11/27 14:13:18 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/amazon_security_lake/0.9.0
--- Test results for package: amazon_security_lake - START ---
╭──────────────────────┬──────────────────────┬───────────┬───────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE              │ DATA STREAM          │ TEST TYPE │ TEST NAME                                                                     │ RESULT │ TIME ELAPSED │
├──────────────────────┼──────────────────────┼───────────┼───────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-0d2d7a60-2472-11ee-8d80-89e82659e0f1 is loaded │ PASS   │     10.812µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-15b6e140-24a3-11ee-bb84-975fc16e8386 is loaded │ PASS   │      2.241µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-1bbac7b0-2632-11ee-a94e-bfa24df19b15 is loaded │ PASS   │      2.314µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-3ec9b110-7d82-11ee-8bb4-f99e39910112 is loaded │ PASS   │      2.211µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-41b73270-25fe-11ee-983a-17fb20a3b25d is loaded │ PASS   │      2.266µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-48997710-7d65-11ee-8bb4-f99e39910112 is loaded │ PASS   │      2.366µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-9f829d40-7e1e-11ee-8bb4-f99e39910112 is loaded │ PASS   │      2.267µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-c2efb230-7d48-11ee-8bb4-f99e39910112 is loaded │ PASS   │      2.315µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-ed18e3a0-2565-11ee-be5c-17edc959116c is loaded │ PASS   │      2.308µs │
│ amazon_security_lake │                      │ asset     │ dashboard amazon_security_lake-f21df8e0-249d-11ee-aa05-4dd9349682f3 is loaded │ PASS   │      2.344µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-16a0aa00-26dd-11ee-a94e-bfa24df19b15 is loaded    │ PASS   │      2.319µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-2e073aa0-7e3b-11ee-8bb4-f99e39910112 is loaded    │ PASS   │      2.244µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-3a96bbb0-7e04-11ee-8bb4-f99e39910112 is loaded    │ PASS   │      2.251µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-81902d50-2538-11ee-9f72-193490b86197 is loaded    │ PASS   │      2.261µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-93f1c2f0-262e-11ee-abb4-f9698f7e351e is loaded    │ PASS   │      2.282µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-ab4090f0-2618-11ee-983a-17fb20a3b25d is loaded    │ PASS   │      2.316µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-c19ca310-7dfd-11ee-8bb4-f99e39910112 is loaded    │ PASS   │      2.667µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-c2472e60-262e-11ee-a94e-bfa24df19b15 is loaded    │ PASS   │      2.366µs │
│ amazon_security_lake │                      │ asset     │ search amazon_security_lake-db3fdad0-7e07-11ee-8bb4-f99e39910112 is loaded    │ PASS   │      2.487µs │
│ amazon_security_lake │ application_activity │ asset     │ index_template logs-amazon_security_lake.application_activity is loaded       │ PASS   │      2.599µs │
│ amazon_security_lake │ discovery            │ asset     │ index_template logs-amazon_security_lake.discovery is loaded                  │ PASS   │      2.596µs │
│ amazon_security_lake │ event                │ asset     │ index_template logs-amazon_security_lake.event is loaded                      │ PASS   │     90.058µs │
│ amazon_security_lake │ event                │ asset     │ ingest_pipeline logs-amazon_security_lake.event-0.9.0 is loaded               │ PASS   │      2.528µs │
│ amazon_security_lake │ findings             │ asset     │ index_template logs-amazon_security_lake.findings is loaded                   │ PASS   │      3.215µs │
│ amazon_security_lake │ iam                  │ asset     │ index_template logs-amazon_security_lake.iam is loaded                        │ PASS   │       2.57µs │
│ amazon_security_lake │ network_activity     │ asset     │ index_template logs-amazon_security_lake.network_activity is loaded           │ PASS   │      2.698µs │
│ amazon_security_lake │ system_activity      │ asset     │ index_template logs-amazon_security_lake.system_activity is loaded            │ PASS   │      2.669µs │
╰──────────────────────┴──────────────────────┴───────────┴───────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: amazon_security_lake - END   ---
Done
Run pipeline tests for the package
2023/11/27 14:13:22 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:22 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:22 DEBUG Connecting with Elasticsearch host from current profile (profile: default, host: "https://127.0.0.1:9200")
2023/11/27 14:13:22 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:22 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:22 DEBUG Connecting with Kibana host from current profile (profile: default, host: "https://127.0.0.1:5601")
2023/11/27 14:13:22 DEBUG GET https://127.0.0.1:5601/api/status
--- Test results for package: amazon_security_lake - START ---
╭──────────────────────┬─────────────┬───────────┬───────────────────────────────┬────────┬──────────────╮
│ PACKAGE              │ DATA STREAM │ TEST TYPE │ TEST NAME                     │ RESULT │ TIME ELAPSED │
├──────────────────────┼─────────────┼───────────┼───────────────────────────────┼────────┼──────────────┤
│ amazon_security_lake │ event       │ pipeline  │ test-application-activity.log │ PASS   │  12.907353ms │
│ amazon_security_lake │ event       │ pipeline  │ test-discovery.log            │ PASS   │  19.721826ms │
│ amazon_security_lake │ event       │ pipeline  │ test-findings.log             │ PASS   │   12.06439ms │
│ amazon_security_lake │ event       │ pipeline  │ test-iam.log                  │ PASS   │  16.057015ms │
│ amazon_security_lake │ event       │ pipeline  │ test-network-activity.log     │ PASS   │  55.806813ms │
│ amazon_security_lake │ event       │ pipeline  │ test-system-activity.log      │ PASS   │ 101.230473ms │
╰──────────────────────┴─────────────┴───────────┴───────────────────────────────┴────────┴──────────────╯
--- Test results for package: amazon_security_lake - END   ---
Done
Run static tests for the package
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:50 DEBUG Connecting with Elasticsearch host from current profile (profile: default, host: "https://127.0.0.1:9200")
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:50 DEBUG Connecting with Kibana host from current profile (profile: default, host: "https://127.0.0.1:5601")
2023/11/27 14:13:50 DEBUG GET https://127.0.0.1:5601/api/status
--- Test results for package: amazon_security_lake - START ---
No test results
--- Test results for package: amazon_security_lake - END   ---
Done
Run system tests for the package
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:50 DEBUG Connecting with Elasticsearch host from current profile (profile: default, host: "https://127.0.0.1:9200")
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker ps -a --filter label=com.docker.compose.project=elastic-package-stack --format {{.ID}}
2023/11/27 14:13:50 DEBUG output command: /usr/bin/docker inspect 422cd02fb4bb 2fff09c67c80 6d920f48cb82 69ed77f27f45 3374a0a5de8c 33fd99ec9493 44f6909e38a2 b6568f99a260 f15c4a47355a 2aefbcddc744
2023/11/27 14:13:50 DEBUG Connecting with Kibana host from current profile (profile: default, host: "https://127.0.0.1:5601")
2023/11/27 14:13:50 DEBUG GET https://127.0.0.1:5601/api/status
--- Test results for package: amazon_security_lake - START ---
No test results
--- Test results for package: amazon_security_lake - END   ---
Done

@janvi-elastic janvi-elastic requested a review from a team as a code owner November 27, 2023 10:09
@elasticmachine
Copy link

elasticmachine commented Nov 27, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-12-08T07:15:03.677+0000

  • Duration: 15 min 18 sec

Test stats 🧪

Test Results
Failed 0
Passed 33
Skipped 0
Total 33

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Nov 27, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 95.238% (20/21)
Classes 95.238% (20/21)
Methods 77.099% (101/131)
Lines 54.618% (7421/13587)
Conditionals 100.0% (0/0) 💚

@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

andrewkroh
andrewkroh reviewed Dec 1, 2023
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+52,228

😮

What can you tell us reviewers about these changes to help us? Is there any duplication between the fields.yml files such that we could review the common fields only once? Was any of the fields.yml content generated from OCSF? If so, how?

packages/amazon_security_lake/data_stream/event/routing_rules.yml Outdated
- source_dataset: amazon_security_lake.event
rules:
- target_dataset: amazon_security_lake.system_activity
if: ctx.ocsf?.category_uid != null && ctx.ocsf.category_uid == '1'
Copy link
Member

@andrewkroh andrewkroh Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if: ctx.ocsf?.category_uid != null && ctx.ocsf.category_uid == '1'
if: ctx.ocsf?.category_uid == '1'

The null check should not be necessary if you use the null-safe operator. Applies to the other conditions in this file too.

packages/amazon_security_lake/data_stream/application_activity/fields/base-fields.yml
@@ -0,0 +1,20 @@
- name: data_stream.type
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field (any many others here) is declared in ECS, and therefore should be using the external: ecs definition for consistency.

My recommendation for fixing is to use

go run github.com/andrewkroh/fydler@main --fix packages/amazon_security_lake/**/fields/*.yml

then review the automated changes for correctness and commit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrewkroh The mentioned fields are automatically included in the base-fields.yml file during package creation, and we've opted to maintain consistency across all integrations by keeping them unchanged. Let me know your thoughts.

Copy link
Contributor

@kcreddy kcreddy Dec 20, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are indeed defined manually for other packages too.

@janvi-elastic
Copy link
Contributor Author

+52,228

😮

What can you tell us reviewers about these changes to help us? Is there any duplication between the fields.yml files such that we could review the common fields only once? Was any of the fields.yml content generated from OCSF? If so, how?

@andrewkroh We've structured the fields based on OCSF categories, assigning them to the relevant datastream's fields.yml files. For instance, fields linked to the System Activity category are gathered in the system_activity datastream's fields.yml file. Similarly, we have followed this approach for each data-stream. Notably, there's no predefined list or method for identifying duplicates within the fields.yml files. Reviewers can optimize their process by bypassing the review of an actor object in one data-stream if it has already been reviewed in another.

@andrewkroh
Copy link
Member

We've structured the fields based on OCSF categories, assigning them to the relevant datastream's fields.yml files.

@janvi-elastic Did you do this without any automation?

Given that OSCF is itself a schema as JSON, it seems that generation of fields definitions for each specific data stream could largely be mechanized. The benefits would be a drastic reduction is reviewable material and a simple manner to keep these fields up to date when OCSF releases new versions.

The reduction in reviewable material results from being able to review the "tool" used for the code generation and trusting its output.

@janvi-elastic
Copy link
Contributor Author

We've structured the fields based on OCSF categories, assigning them to the relevant datastream's fields.yml files.

@janvi-elastic Did you do this without any automation?

Given that OSCF is itself a schema as JSON, it seems that generation of fields definitions for each specific data stream could largely be mechanized. The benefits would be a drastic reduction is reviewable material and a simple manner to keep these fields up to date when OCSF releases new versions.

The reduction in reviewable material results from being able to review the "tool" used for the code generation and trusting its output.

Yes we have not used automation for creating fields.yml. In first phase we have covered maximum objects and in this phase we have reused that objects.

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

ShourieG
ShourieG approved these changes Dec 12, 2023
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, approving to unblock, but please wait for @andrewkroh to give the final approval before merging.

kcreddy
kcreddy approved these changes Dec 20, 2023
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reduction in reviewable material results from being able to review the "tool" used for the code generation and trusting its output.

Yes we have not used automation for creating fields.yml. In first phase we have covered maximum objects and in this phase we have reused that objects.

It might be worth creating automation tool and review it if we are going to have more use cases with OCSF. For now, I have reviewed few datasets like Discovery and Application Activity and it looks good to me. Proceeding with approval to unblock 👍🏼

@kcreddy kcreddy merged commit fe3a018 into elastic:main Dec 20, 2023
4 checks passed
@elasticmachine
Copy link

Package amazon_security_lake - 0.9.0 containing this change is available at https://epr.elastic.co/search?package=amazon_security_lake

v1v added a commit that referenced this pull request Dec 21, 2023
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
3e599b5 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

@piyush-elastic piyush-elastic piyush-elastic left review comments

@ShourieG ShourieG ShourieG approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@janvi-elastic @elasticmachine @andrewkroh @kcreddy @ShourieG @piyush-elastic @ebeahan