[ti_eclecticiq][Enhancement] Enable SSL configuration #8911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
petarc-eiq
force-pushed
the
ti_eclecticiq_0.1.1
branch
from
9dcf55e
to
b801b73
Compare
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
bhapas
reviewed
Jan 23, 2024
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
bhapas
approved these changes
Jan 23, 2024
|
/test |
|
Saw the PR was blocked by conflicts with |
|
/test |
💚 Build Succeeded
History
|
efd6
approved these changes
Jan 29, 2024
|
Package ti_eclecticiq - 0.2.0 containing this change is available at https://epr.elastic.co/search?package=ti_eclecticiq |
1 similar comment
|
Package ti_eclecticiq - 0.2.0 containing this change is available at https://epr.elastic.co/search?package=ti_eclecticiq |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Enhancement: Enable SSL configuration
Motivation: some users use EIQ IC platform with invalid SSL certificates and don't intend to renew or add a valid certificate. Still want to use that instance at least for testing purpose and we need to enable them.
Implementation: added "SSL Configuration" yaml field to allow users to configure outgoing requests SSL certificate validation. This way they have full control over this part of the communication and they can turn off SSL validation by setting
verification_modetonone.Bugfix: parsing incoming data fields that contain dots
Bug: conditions for dot expanders are bad and they prevent reading input data properly. This causes data loss.
Fix: the conditions are updated (fixed) to enable parsing incoming data fields that contain dots.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Scenario: SSL configuration field works as desired.
Given: updated integration is installed in an Elastic Stack environment
And: EIQ IC is running with on https with invalid certificate
And: integration is set up to use that IC instance with
verification_mode=noneWhen: integration agent runs
Then: communication is successful.
Scenario: dot expanders are set up properly.
Given: updated integration is installed in an Elastic Stack environment
And: observables that are added to dataset to be downloaded contain populated fields that should be "dot expanded" (source.names, meta.tags, meta.ingest_time, meta.estimated_threat_start_time, meta.estimated_threat_end_time, meta.estimated_observed_time)
When: integration agent runs
Then: values from "dot expanded" fields are mapped into ECS fields (event.provider, tags, event.created, event.start, event.end, threat.indicator.first_seen).