Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process unique ID #1051

Merged
merged 15 commits into from
Aug 11, 2022
Merged

Process unique ID #1051

merged 15 commits into from
Aug 11, 2022

Conversation

delliott90
Copy link
Collaborator

@delliott90 delliott90 commented Jul 26, 2022
edited
Loading

Partially addresses this issue: #922 by adding process.x_unique_id to QRadar, Elastic ECS, CB Cloud, ReaQta, and Sentinel One.

@delliott90 delliott90 marked this pull request as draft July 27, 2022 17:24
@delliott90 delliott90 changed the title Process unique Process unique ID Jul 27, 2022
@codecov
Copy link

codecov bot commented Jul 27, 2022
edited
Loading

Codecov Report

Merging #1051 (d5fe244) into develop (8b43e8f) will decrease coverage by 0.00%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #1051      +/-   ##
===========================================
- Coverage    64.77%   64.76%   -0.01%     
===========================================
  Files          518      518              
  Lines        48841    48835       -6     
===========================================
- Hits         31637    31629       -8     
- Misses       17204    17206       +2
Impacted Files Coverage Δ
.../stix_translation/test_elastic_ecs_json_to_stix.py 57.49% <ø> (ø)
.../test/stix_translation/test_reaqta_json_to_stix.py 94.49% <100.00%> (-0.55%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@delliott90 delliott90 marked this pull request as ready for review July 28, 2022 16:42
@delliott90 delliott90 requested a review from baulus July 29, 2022 12:45
@mdazam1942 mdazam1942 merged commit 7b015f1 into develop Aug 11, 2022
@mdazam1942 mdazam1942 deleted the process-unique-id branch August 11, 2022 19:42
AmitHaim1 pushed a commit to aviv1ron1/stix-shifter that referenced this pull request Sep 26, 2022
@delliott90 @AmitHaim1
Process unique ID (opencybersecurityalliance#1051)
5fb1296
@subbyte subbyte mentioned this pull request Oct 5, 2022
Closed
@subbyte
Copy link
Member

subbyte commented Oct 5, 2022

Awesome! Thanks @delliott90 and @pcoccoli !

This is an important feature that helps cross-observation/query reasoning. Kestrel will upgrade with this feature for better process identification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baulus baulus baulus approved these changes

@mdazam1942 mdazam1942 mdazam1942 approved these changes

@pcoccoli pcoccoli Awaiting requested review from pcoccoli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@delliott90 @subbyte @baulus @mdazam1942