Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cisco ASA] Fix GROK to add support for spaces and special characters in usernames #8612

Merged
merged 6 commits into from
Dec 18, 2023
Merged

[Cisco ASA] Fix GROK to add support for spaces and special characters in usernames #8612

merged 6 commits into from
Dec 18, 2023

Conversation

chemamartinez
Copy link
Contributor

Proposed commit message

Adds support for spaces and special characters in usernames. According to the Cisco docs there are some characters that are allowed to be user for usernames and are not taken into account.

Some events delimite usernames with spaces, so for now the PR covers usernames that are between parentheses.

It fixes the parse of this event:

<140>Oct 06 2023 10:11:00 myAsaHostname : %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:192.168.2.2(9999:my_SgtNameSrc) dst inside:192.168.2.3(8888:my_SgtNameDst) (type 3, code 3) on outside interface.  Original IP payload: udp src 192.168.2.3/53 dst 192.168.2.2/60919.

Where the SGT tag can appear for the destination as well as the source.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Added pipeline tests to cover new cases:

# elastic-package test pipeline --generate
Run pipeline tests for the package
--- Test results for package: cisco_asa - START ---
╭───────────┬─────────────┬───────────┬──────────────────────────────┬────────┬──────────────╮
│ PACKAGE   │ DATA STREAM │ TEST TYPE │ TEST NAME                    │ RESULT │ TIME ELAPSED │
├───────────┼─────────────┼───────────┼──────────────────────────────┼────────┼──────────────┤
│ cisco_asa │ log         │ pipeline  │ test-additional-messages.log │ PASS   │     18.203ms │
│ cisco_asa │ log         │ pipeline  │ test-anyconnect-messages.log │ PASS   │   7.588167ms │
│ cisco_asa │ log         │ pipeline  │ test-asa-fix.log             │ PASS   │   9.515958ms │
│ cisco_asa │ log         │ pipeline  │ test-asa-missing-groups.log  │ PASS   │   8.462125ms │
│ cisco_asa │ log         │ pipeline  │ test-asa.log                 │ PASS   │  84.864375ms │
│ cisco_asa │ log         │ pipeline  │ test-dap-records.log         │ PASS   │   4.271375ms │
│ cisco_asa │ log         │ pipeline  │ test-filtered.log            │ PASS   │   4.044916ms │
│ cisco_asa │ log         │ pipeline  │ test-hostnames.log           │ PASS   │   4.407083ms │
│ cisco_asa │ log         │ pipeline  │ test-non-canonical.log       │ PASS   │  10.056292ms │
│ cisco_asa │ log         │ pipeline  │ test-not-ip.log              │ PASS   │   5.195292ms │
│ cisco_asa │ log         │ pipeline  │ test-sample.log              │ PASS   │  42.080083ms │
│ cisco_asa │ log         │ pipeline  │ test-sgt-tag-name.log        │ PASS   │   18.17725ms │
│ cisco_asa │ log         │ pipeline  │ test-sip.log                 │ PASS   │   5.741125ms │
╰───────────┴─────────────┴───────────┴──────────────────────────────┴────────┴──────────────╯
--- Test results for package: cisco_asa - END   ---
Done

@chemamartinez chemamartinez self-assigned this Nov 29, 2023
@chemamartinez chemamartinez marked this pull request as ready for review November 29, 2023 22:36
@chemamartinez chemamartinez requested a review from a team as a code owner November 29, 2023 22:36
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Nov 29, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-12-11T10:25:25.219+0000

  • Duration: 17 min 42 sec

Test stats 🧪

Test Results
Failed 0
Passed 24
Skipped 0
Total 24

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Nov 29, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚
Classes 100.0% (1/1) 💚
Methods 94.444% (17/18)
Lines 69.735% (1606/2303)
Conditionals 100.0% (0/0) 💚

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@chemamartinez chemamartinez merged commit 80c5cee into elastic:main Dec 18, 2023
4 checks passed
@elasticmachine
Copy link

Package cisco_asa - 2.29.0 containing this change is available at https://epr.elastic.co/search?package=cisco_asa

1 similar comment
@elasticmachine
Copy link

Package cisco_asa - 2.29.0 containing this change is available at https://epr.elastic.co/search?package=cisco_asa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@chemamartinez chemamartinez

Labels
bugfix Pull request that fixes a bug issue Integration:cisco_asa Cisco ASA
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chemamartinez @elasticmachine @efd6