New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ti_crowdstrike] Add Mapping of Hash Sha1 type Indicator #9270
Conversation
Add offset in the config in case of unsuccessful requests. Add test data related to the hash sha1 type indicator in pipeline test.
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
Change the secret to false for token url.
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
|
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
Package ti_crowdstrike - 0.5.1 containing this change is available at https://epr.elastic.co/search?package=ti_crowdstrike |
1 similar comment
Package ti_crowdstrike - 0.5.1 containing this change is available at https://epr.elastic.co/search?package=ti_crowdstrike |
* Add the mapping of hash sha1 type indicator. As per the API Documentation, Hash Sha1 type indicator is not mentioned in the Intel Responses but the users are getting those in the live responses hence adding the support for that. * Add the offset in the config in case of unsuccessful requests.
Type of change
What does this PR do?
1. Add the mapping of hash sha1 type indicator.
As per the API Documentation, Hash Sha1 type indicator is not mentioned in the Intel Responses but the customer are getting those in the live responses (mentioned in SDH Issue) hence adding the support for that.
2. Add the offset in the config in case of unsuccessful requests.
Checklist
changelog.yml
file.All changes
How to test this PR locally
Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/ti_crowdstrike directory.
Run the following command to run tests.
elastic-package test -v
Related issues
Automated Test
test_ti_crowdstrike-0.5.1.txt