Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ESET PROTECT] Normalize ECS hash fields enabling indicator match rules #9465

Merged
merged 6 commits into from
Apr 2, 2024
Merged

[ESET PROTECT] Normalize ECS hash fields enabling indicator match rules #9465

merged 6 commits into from
Apr 2, 2024

Conversation

kat-does-code
Copy link
Contributor

@kat-does-code kat-does-code commented Mar 28, 2024
edited
Loading

[Enhancement]

This PR aims to improve compatibility with threat intelligence and other security integrations, including ESET Threat Intelligence #9255, by lowercasing the ECS hash fields threat.indicator.file.hash.sha1, file.hash.sha and related.hash, which is more in line with similar security integrations. This would enable one to use indicator match rules more easily as well.

Also fixes a parsing error when object_uri equals script.

Proposed commit message

Lowercase related hash and indicator hash to support indicator rule matching. Fixed grok parse error when object_uri equals script.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@kat-does-code kat-does-code requested a review from a team as a code owner March 28, 2024 12:14
@kat-does-code kat-does-code reopened this Mar 28, 2024
@efd6
Copy link
Contributor

efd6 commented Apr 2, 2024

/test

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

efd6
efd6 approved these changes Apr 2, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@efd6 efd6 merged commit 6a1931b into elastic:main Apr 2, 2024
5 checks passed
@LaZyDK
Copy link
Contributor

LaZyDK commented Apr 3, 2024

You are referencing the wrong pull request in the changelog

@kat-does-code
Copy link
Contributor Author

You are referencing the wrong pull request in the changelog

@efd6 How do I go about fixing this, issue and PR?

@efd6
Copy link
Contributor

efd6 commented Apr 3, 2024

Sorry about that, I should have caught it. You can send another PR to fix the line. No other change is required. Otherwise I can do it tomorrow.

@kat-does-code kat-does-code mentioned this pull request Apr 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
Integration:eset_protect ESET PROTECT
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kat-does-code @efd6 @elasticmachine @LaZyDK @andrewkroh