-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New integration - ESET Threat Intelligence #9255
Conversation
💚 CLA has been signed |
/test |
I changed my primary email to the one that was in the CLA, as it was set to my personal mail. Please try building it now. |
/test |
1 similar comment
/test |
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
/test |
@MichalVisnovsky Can you please add following line into
|
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for PR once again 😄
I like the dashboards, just quick question:
Were they pointing at destination index, so we are only querying the latest active indicators? if not, you can query using _index: <alias name>
or with NOT labels.is_ioc_transform_source: true
packages/ti_eset/elasticsearch/transform/apt_latest_ioc/transform.yml
Outdated
Show resolved
Hide resolved
packages/ti_eset/elasticsearch/transform/apt_latest_ioc/transform.yml
Outdated
Show resolved
Hide resolved
packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
/test |
@polakovicp Looks like the CI is failing on README file. Can you run Also, please let me know when all the review comments are answered, I can take a look again. |
@kcreddy thank you for your response. I found problem with paging #9372 and need some assistance :) |
PR updated. Thanks for #9372, pagination and cursor is now working as expected. |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clearing all of the requested changes.
Looks like the CI is failing on README file changes.
Can you re-run system tests: eval "$(elastic-package stack shellinit)" && elastic-package test system --generate -v
followed by elastic-package build && elastic-package format && elastic-package lint && elastic-package check && elastic-package build
and commit the generated files?
There are some minimum requirements for running Elastic Agent and for more information, | ||
refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html). | ||
|
||
The minimum **Kibana version** required is **8.12.0**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update manifest.yml
accordingly
conditions:
kibana:
version: "^8.12.0"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
"actions": { | ||
"delete": {} | ||
}, | ||
"min_age": "3d" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"min_age": "3d" | |
"min_age": "7d" |
As per the README doc. Same for other datastreams that have 7d
in README doc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
@kcreddy PR updated. |
/test |
I ran your test locally and it seems to be an issue with pipeline tests. |
Updated |
/test |
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
History
|
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍🏼
Package ti_eset - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=ti_eset |
…es (#9465) This PR aims to improve compatibility with threat intelligence and other security integrations, including ESET Threat Intelligence #9255, by lowercasing the ECS hash fields threat.indicator.file.hash.sha1, file.hash.sha and related.hash, which is more in line with similar security integrations. This would enable one to use indicator match rules more easily as well. Also fixes a parsing error when object_uri equals script.
What does this PR do?
PR adds integration package for ESET Threat Intelligence data feeds.
Checklist
changelog.yml
file.Author's Checklist