[CISA KEVs] New Integration - CISA Known Exploited Vulnerabilities Tracking #9240
Conversation
jamiehynds
added
New Integration
Team:Security-Service Integrations
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
/test |
👋 Hello, we meet again! I can try to see what I can do for the size. Are referring to file size, number of commits or something else? A screenshot or reference to what is large will be great! For example, I can reduce a couple of the files for testing such as these: Today I use the entire CISA KEV library for the test. But if we want to bring it down to around 100 items instead of the 1000+, I can easily do that and not feel like we lose much on the testing. If this is what you would like to see sized down, I have the changes ready to commit. The new sizes would be around 1,204 and 3,504 lines respectively. |
|
@jamiehynds - Can you request from CISA if we can use their logo for this integration? |
Hey @nicpenning, I've just applied but expect it might take some time to work though. We can likely go ahead without a logo for now, and can add it if/when we get approval. Thanks for yet another great contribution :) |
|
I have a hunch buildkite will be unhappy since I used a new version of the stack. (8.12) Build kite might not be able to test newer versions still? |
|
@nicpenning @efd6 CISA have confirmed that we are fine to proceed with the integration, however they cannot authorise us to use their logo and we'll therefore need to stick with no logo. We have a generic logo we use for Netflow and File Integrity Monitoring and can use for this package too. |
|
Thanks for the follow up! I can look at those integrations and logo and get it added. |
A reduced the sample size so now were are down to about 6500 lines for everything. |
I used the generic Logs one as it is pretty straight forward. Will that work? It is a "list". |
|
/test |
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
|
/test |
|
/test |
|
/test |
|
/test |
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
|
/test |
💚 Build Succeeded
History
|
|
95.5% Coverage on New Code
0.0% Duplication on New Code
@efd6 just commented on the icon discussion. No concerns on my end on list vs default icon, just as long as it's not CISA's logo. |
|
Thanks team!! 🚀 |
|
Nice one @nicpenning 👏 ! |
|
Is there a timeline for how long it takes for this package to be placed in the registry for use to the masses? |
Hey @nicpenning - the package is generally published on the same day it's merged. We should see a notification appear within this PR to say it's available. I'll let you know either way as soon as it lands |
|
Package cisa_kevs - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=cisa_kevs |
Enhancement
WHAT: CISA Known Exploited Vulnerabilities at glance in the stack. Can also be used for enriching other datasets that contain vulnerability information and more specifically, CVEs.
WHY: This will allow analysts to see the current KEVs in Elastic and/or correlate those with other vulnerability information ingested into the stack.
Checklist
changelog.ymlfile.Author's Checklist
Add a checklist of things that are required to be reviewed in order to have the PR approved
- [ ] It would be great to use the CISA logo but I think Elastic needs to request permission to use it.Screenshots