New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[trendmicro] Add support of Deep Security version 20 #9124
Conversation
Enhance the code and ECS mappings. Update the minimum kibana version to 8.11.0 Add support of new dashboard.
packages/trendmicro/manifest.yml
Outdated
title: "Trendmicro" | ||
version: "1.8.4" | ||
description: "collect Trendmicro Deep Security events with elastic agent." | ||
title: Trend Micro |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we adjust the title to 'Trend Micro Deep Security' to avoid confusion with other Trend products.
packages/trendmicro/manifest.yml
Outdated
description: "collect Trendmicro Deep Security events with elastic agent." | ||
title: Trend Micro | ||
version: "1.9.0" | ||
description: Collect logs from Trend Micro with Elastic Agent. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change to Trend Micro Deep Security
...s/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json
Show resolved
Hide resolved
...s/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json
Outdated
Show resolved
Hide resolved
packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
.../trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/device-control-event.yml
Outdated
Show resolved
Hide resolved
packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/firewall-event.yml
Outdated
Show resolved
Hide resolved
1. Change Trend Micro to Trend Micro Deep Security everywhere. 2. Split the descriptions in new lines. 3. Update the changelog as per Jamie's suggestion. 4. Add some related.* fields in pipeline. 5. Add script to remove CS from threat.tactic.id and threat.technique.id.
}, | ||
"related": { | ||
"hosts": [ | ||
"4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
host.name
makes more sense than host.id
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rest LGTM 👍🏼
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
host.name
makes more sense thanhost.id
host.name
in the pipeline test is something that is coming from filebeat, we are not doing mapping of that field in the pipeline. However, I have removed that from the pipeline tests.
Thanks for the catch @kcreddy
/test |
Either the manifest.yml or the CODEOWNERS needs to be updated.
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but waiting for @kcreddy and @jamiehynds
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/test |
💚 Build Succeeded
History
|
Quality Gate failedFailed conditions77.3% Coverage on New Code (required ≥ 80%) |
For Sonarqube, I think we need to add more log samples covering all ingest pipelines to satisfy the coverage. |
Yes, possibly a majority, but those have been minor changes rather than large additions. Looking at the uncovered lines, I think this is probably OK, but please take a look and confirm. |
owner: | ||
github: elastic/sec-deployment-and-devices | ||
type: community |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mohitjha-elastic can we change this to elastic
please, as we'll support the integration from here given the major updates we've done to the package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jamiehynds This is actually old code.
Its changed in the latest commit to elastic
.
@efd6 Thanks! I was also under same impression. Since merging is blocked, can we skip the SonarQube or force it to pass ? How was that handled in previous case? |
The merge is waiting on elastic/sec-deployment-and-devices approval. |
Would you mind approving @taylor-swanson? Apologies for the mix up on ownership. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Package trendmicro - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=trendmicro |
1 similar comment
Package trendmicro - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=trendmicro |
* Add support of Deep Security version 20. * Enhance the code and ECS mappings. * Update the minimum kibana version to 8.11.0 * Add support of new dashboard. * Update codeowner.
Type of change
What does this PR do?
Checklist
changelog.yml
file.All changes
How to test this PR locally
Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/trendmicro directory.
Run the following command to run tests.
elastic-package test -v
Automated Test
test-log-trendmicro.txt
Screenshots