New integration - ESET Threat Intelligence #9255
Conversation
|
💚 CLA has been signed |
|
/test |
|
I changed my primary email to the one that was in the CLA, as it was set to my personal mail. Please try building it now. |
|
/test |
1 similar comment
|
/test |
kcreddy
added
New Integration
Integration:ESET Threat Intelligence
Team:Security-Service Integrations
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
/test |
|
@MichalVisnovsky Can you please add following line into
|
|
/test |
kcreddy
added
Team:Security-Service Integrations
There was a problem hiding this comment.
Thanks for PR once again 😄
I like the dashboards, just quick question:
Were they pointing at destination index, so we are only querying the latest active indicators? if not, you can query using _index: <alias name> or with NOT labels.is_ioc_transform_source: true
packages/ti_eset/elasticsearch/transform/apt_latest_ioc/transform.yml
Outdated
Show resolved
Hide resolved
packages/ti_eset/elasticsearch/transform/apt_latest_ioc/transform.yml
Outdated
Show resolved
Hide resolved
packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
|
/test |
|
@polakovicp Looks like the CI is failing on README file. Can you run Also, please let me know when all the review comments are answered, I can take a look again. |
@kcreddy thank you for your response. I found problem with paging #9372 and need some assistance :) |
PR updated. Thanks for #9372, pagination and cursor is now working as expected. |
|
/test |
There was a problem hiding this comment.
Thanks for clearing all of the requested changes.
Looks like the CI is failing on README file changes.
Can you re-run system tests: eval "$(elastic-package stack shellinit)" && elastic-package test system --generate -v followed by elastic-package build && elastic-package format && elastic-package lint && elastic-package check && elastic-package build and commit the generated files?
| There are some minimum requirements for running Elastic Agent and for more information, | ||
| refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html). | ||
|
|
||
| The minimum **Kibana version** required is **8.12.0**. |
There was a problem hiding this comment.
Update manifest.yml accordingly
conditions:
kibana:
version: "^8.12.0"
| "actions": { | ||
| "delete": {} | ||
| }, | ||
| "min_age": "3d" |
There was a problem hiding this comment.
| "min_age": "3d" | |
| "min_age": "7d" |
As per the README doc. Same for other datastreams that have 7d in README doc.
@kcreddy PR updated. |
|
/test |
|
I ran your test locally and it seems to be an issue with pipeline tests. |
Updated |
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
History
|
|
90.0% Coverage on New Code
0.0% Duplication on New Code
|
Package ti_eset - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=ti_eset |
…es (#9465) This PR aims to improve compatibility with threat intelligence and other security integrations, including ESET Threat Intelligence #9255, by lowercasing the ECS hash fields threat.indicator.file.hash.sha1, file.hash.sha and related.hash, which is more in line with similar security integrations. This would enable one to use indicator match rules more easily as well. Also fixes a parsing error when object_uri equals script.
What does this PR do?
PR adds integration package for ESET Threat Intelligence data feeds.
Checklist
changelog.ymlfile.Author's Checklist