-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Lumos Package #9276
Add Lumos Package #9276
Conversation
23716dd
to
1013896
Compare
/test |
1013896
to
42ed589
Compare
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
Hi @jamiehynds -- thanks for adding the tags. Please let me know if there is any other information I can provide here to make it easier on you all's end :) |
packages/lastpass/data_stream/user/agent/stream/httpjson.yml.hbs
Outdated
Show resolved
Hide resolved
packages/lumos/data_stream/lumos_api/_dev/test/system/test-default-config.yml
Outdated
Show resolved
Hide resolved
packages/lumos/data_stream/lumos_api/agent/stream/httpjson.yml.hbs
Outdated
Show resolved
Hide resolved
Really appreciate the review @efd6 I'll address comments and turn this around as quickly as I can |
37eb893
to
b15f694
Compare
fb93614
to
29c7a96
Compare
Hey @efd6, thank you again for the previous review. I've incorporated all of your feedback and re-pushed the branch. The biggest change here is the addition of a proper system test, similar to the 1Password implementation you linked me to. Please let me know what else, if anything, needs to be improved here. Thank you! |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you include some pipeline test cases so that we can build on the logic for event classification as it is added?
packages/lumos/data_stream/lumos_api/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/lumos/data_stream/lumos_api/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/lumos/data_stream/lumos_api/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
62f023a
to
c043414
Compare
/test |
03e071b
to
12c9c05
Compare
@efd6 Thank you again, you've been super helpful. Since your last review I've done the following:
|
/test |
Shoot, I'll double-check that the README files are in-sync. Looks like that's what's failing CI |
88ac9b5
to
b5f5d40
Compare
Just re-ran the build, apologies for that oversight |
/test |
🚀 Benchmarks reportTo see the full report comment with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last nit, then LGTM
packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs
Outdated
Show resolved
Hide resolved
b5f5d40
to
b05abec
Compare
Made that one final tweak |
/test |
processors: | ||
{{processors}} | ||
{{/if}} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😄 Too many.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hah, third time is the charm!
b05abec
to
902795f
Compare
/test |
💚 Build Succeeded
History
|
|
Thanks |
Hey @efd6 one more question. I'm seeing this build failure on the main branch -- is this a result of something I did incorrectly? |
No, there is nothing wrong in what was done here. I will look into what is going on. |
Package lumos - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=lumos |
Hi @efd6, I've noticed that https://epr.elastic.co/search?package=lumos is still blank. Let me know if there's something I can do on my end to help debug/remediate. Thank you |
Additionally, should we expect Lumos to be showing up in this catalog: https://www.elastic.co/integrations/data-integrations? |
The package is not GA, so it won't show up without the experimental flag, https://epr.elastic.co/search?package=lumos&experimental=true |
Proposed commit message
This PR introduces a package for Lumos (lumos.com). The Lumos product itself has an Activity Log, and we would like customers to be able to ship their Activity Logs directly to their Elastic instance.
In order to support this, we added an
/activity_logs
endpoint to our API, which returns data in this form:Essentially, we support filtering responses by ISO8601-encoded strings
until
andsince
. And we also return anext
link in the response in order to simplify the pagination logic on the Elastic side.Because this is a 0.1.0, we do not do anything fancy with the log once we receive it, we simply log it in the
json
column. A next step will be to extract out common fields from the JSON response (e.g.actor.email
).Our API is authenticated through a bearer token that the user provides.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots