-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CISA KEVs] New Integration - CISA Known Exploited Vulnerabilities Tracking #9240
Conversation
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change here very large, solely in the test expectations. Would it be possible, without loss of integrity, to reduce the size of this somehow?
/test |
@jamiehynds - Can you request from CISA if we can use their logo for this integration? |
Hey @nicpenning, I've just applied but expect it might take some time to work though. We can likely go ahead without a logo for now, and can add it if/when we get approval. Thanks for yet another great contribution :) |
I have a hunch buildkite will be unhappy since I used a new version of the stack. (8.12) Build kite might not be able to test newer versions still? |
@nicpenning @efd6 CISA have confirmed that we are fine to proceed with the integration, however they cannot authorise us to use their logo and we'll therefore need to stick with no logo. We have a generic logo we use for Netflow and File Integrity Monitoring and can use for this package too. |
Thanks for the follow up! I can look at those integrations and logo and get it added. |
I used the generic Logs one as it is pretty straight forward. Will that work? It is a "list". |
/test |
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
/test |
/test |
/test |
/test |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
🚀 Benchmarks reportTo see the full report comment with |
/test |
💚 Build Succeeded
History
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but waiting for @jamiehynds for decision on icon.
@efd6 just commented on the icon discussion. No concerns on my end on list vs default icon, just as long as it's not CISA's logo. |
Thanks team!! 🚀 |
Nice one @nicpenning 👏 ! |
Is there a timeline for how long it takes for this package to be placed in the registry for use to the masses? |
Hey @nicpenning - the package is generally published on the same day it's merged. We should see a notification appear within this PR to say it's available. I'll let you know either way as soon as it lands |
Package cisa_kevs - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=cisa_kevs |
Enhancement
WHAT: CISA Known Exploited Vulnerabilities at glance in the stack. Can also be used for enriching other datasets that contain vulnerability information and more specifically, CVEs.
WHY: This will allow analysts to see the current KEVs in Elastic and/or correlate those with other vulnerability information ingested into the stack.
Checklist
changelog.yml
file.Author's Checklist
Add a checklist of things that are required to be reviewed in order to have the PR approved
- [ ] It would be great to use the CISA logo but I think Elastic needs to request permission to use it.Screenshots