Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Exchange Server integration #9197

Merged
merged 9 commits into from Mar 11, 2024
Merged

New Exchange Server integration #9197

merged 9 commits into from Mar 11, 2024

Conversation

SimonKoetting
Copy link
Contributor

Initial push of new developed Microsoft Exchange Server Integration (on-prem)

@SimonKoetting @smnschneider
initial commit new Exchange Server integration
2a00633 
Co-authored-by: Simon Schneider <95302847+smnschneider@users.noreply.github.com>
@SimonKoetting SimonKoetting changed the title initial commit new Exchange Server integration New Exchange Server integration Feb 20, 2024
@jamiehynds jamiehynds requested a review from a team February 20, 2024 11:17
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

taylor-swanson
taylor-swanson reviewed Feb 22, 2024
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did an initial look over this, but I'll be diving deeper into the data streams next.

packages/microsoft_exchange_server/changelog.yml Outdated Show resolved Hide resolved
packages/microsoft_exchange_server/manifest.yml Outdated Show resolved Hide resolved
packages/microsoft_exchange_server/img/sample-logo.svg Outdated Show resolved Hide resolved
packages/microsoft_exchange_server/img/sample-screenshot.png Outdated Show resolved Hide resolved
packages/microsoft_exchange_server/docs/README.md Show resolved Hide resolved
packages/microsoft_exchange_server/data_stream/smtp/manifest.yml Outdated Show resolved Hide resolved
@taylor-swanson
Copy link
Contributor

I feel like this integration would be better suited under the @elastic/sec-windows-platform team.

@elastic/sec-deployment-and-devices primarily works with physical devices (routers, firewalls) where as this a Windows-exclusive application. While this currently reads from log files, I do believe Exchange can write to Windows Event Logs for at least some of its events, which would involve the winlog input.

@norrietaylor norrietaylor added the Team:Security-Windows Platform Security Windows Platform Team label Feb 22, 2024
@jamiehynds jamiehynds requested a review from a team February 23, 2024 12:32
taylor-swanson
taylor-swanson reviewed Feb 28, 2024
View reviewed changes
.github/CODEOWNERS Outdated Show resolved Hide resolved
packages/microsoft_exchange_server/manifest.yml Outdated Show resolved Hide resolved
@norrietaylor norrietaylor removed the Team:Security-Deployment and Devices Deployment and Devices Security team label Mar 5, 2024
marc-gr
marc-gr reviewed Mar 6, 2024
View reviewed changes
Copy link
Contributor

@marc-gr marc-gr left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! Just couple of observations to simplify the pipelines if it makes sense.

PS: added them to the first one, but they apply to all pipelines

...es/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
...es/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
...es/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
packages/microsoft_exchange_server/validation.yml Show resolved Hide resolved
@marc-gr marc-gr self-assigned this Mar 6, 2024
@SimonKoetting
Copy link
Contributor Author

Hi @marc-gr
thanks for your report! Good points that I hadn't thought of.
The first 3 points are now implemented.

@marc-gr
Copy link
Contributor

marc-gr commented Mar 11, 2024

/test

@marc-gr marc-gr enabled auto-merge (squash) March 11, 2024 08:56
@marc-gr marc-gr merged commit 0da0ea5 into elastic:main Mar 11, 2024
5 checks passed
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @marc-gr @taylor-swanson

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
95.2% 95.2% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

Package microsoft_exchange_server - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=microsoft_exchange_server

@SimonKoetting SimonKoetting mentioned this pull request Mar 11, 2024
Merged
gizas pushed a commit that referenced this pull request Mar 13, 2024
@SimonKoetting @smnschneider @gizas
New Exchange Server integration (#9197)
4f6bc9a 
* initial commit new Exchange Server integration

Co-authored-by: Simon Schneider <95302847+smnschneider@users.noreply.github.com>

* Remove License file

* change Codeowner

* rename test-files for validation check

* add validation.yml

* Update Changelog, switch to filestream and fix docs

* adjust manifest description

* Change Codeowner

* Added failure processors, switch to copy_from and remove duplicates

---------

Co-authored-by: Simon Schneider <95302847+smnschneider@users.noreply.github.com>
@SimonKoetting SimonKoetting mentioned this pull request Apr 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson left review comments

@marc-gr marc-gr marc-gr approved these changes

Assignees

@marc-gr marc-gr

@taylor-swanson taylor-swanson

Labels
New Integration Team:Security-Windows Platform Security Windows Platform Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@SimonKoetting @elasticmachine @taylor-swanson @marc-gr @jamiehynds @norrietaylor