New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ti_crowdstrike] Initial release for ti_crowdstrike. #8789
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For dashboards, the preferred approach is to use labels.is_ioc_transform_source
and not _index
field for querying the destination index.
Also, on what basis/fields are you expiring your indicators from the destination index?
packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/ti_crowdstrike/elasticsearch/transform/latest/transform.yml
Outdated
Show resolved
Hide resolved
Add transform pipeline for IOC. Add threat_intel in category in manifest. Update reamde, add details of the IOC and Intel endpoints. Add pagination in system test. Add IOC expiration duration user parameter. Add missing ECS mappings. Add threat.feed.name.
packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json
Outdated
Show resolved
Hide resolved
packages/ti_crowdstrike/data_stream/ioc/_dev/test/pipeline/test-ioc.log-expected.json
Outdated
Show resolved
Hide resolved
packages/ti_crowdstrike/data_stream/ioc/_dev/test/system/test-default-config.yml
Show resolved
Hide resolved
packages/ti_crowdstrike/elasticsearch/transform/intel/transform.yml
Outdated
Show resolved
Hide resolved
...ges/ti_crowdstrike/kibana/dashboard/ti_crowdstrike-37a9ef30-9993-11ee-9b44-fd906664033c.json
Outdated
Show resolved
Hide resolved
packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
Update the filter in dashboard. Update the name of transforms to latest_ioc and latest_intel respectively. Update threat.file.name to file.name ecs mapping Add more details in readme regarding transform pipeline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍🏼
/test |
🚀 Benchmarks reportTo see the full report comment with |
Package ti_crowdstrike - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=ti_crowdstrike |
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
What does this PR do?
Integration release checklist
This checklist is intended for integration maintainers to ensure consistency when creating or updating a Package, Module, or Dataset for an Integration.
All changes
New Package
Log dataset changes
How to test this PR locally
Automated Test
Screenshot