Skip to content

Creating Cyberark PTA integration#3908

Merged
kgeller merged 28 commits intoelastic:mainfrom
kgeller:create-cyberark-pta
Aug 24, 2022
Merged

Creating Cyberark PTA integration#3908
kgeller merged 28 commits intoelastic:mainfrom
kgeller:create-cyberark-pta

Conversation

@kgeller
Copy link
Contributor

@kgeller kgeller commented Jul 29, 2022
edited
Loading

What does this PR do?

Adding a new integration for CyberArk PTA

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

cd packages/cyberark_pta
elastic-package test

You can also follow the instructions on the README / the CyberArk PTA docs to send events.

If you want to perform manual testing, but without setting up that integration, you can use the following to mock syslog events via TCP.

logger -n localhost -P 9301 -T "CEF:0|CyberArk|PTA|11.4|26|Active dormant Vault user|5|suser=Administrator(Vault user) shost=None src=None duser=svc_account@components.cyberark.local dhost=components.cyberark.local dst=10.0.1.20 cs1Label=ExtraData cs1=None cs2Label=EventID cs2=62bb9d97c2dcd9b6beb4cc15 deviceCustomDate1Label=DetectionDate deviceCustomDate1=1656462743000 cs3Label=PTALink cs3=https://components.cyberark.local:443/PasswordVault/v10/pta/events/62bb9d97c2dcd9b6beb4cc15 cs4Label=ExternalLink cs4=None."

Related issues

Closes #3533

Screenshots

Screen Shot 2022-08-11 at 10 50 10 AM

Demo

https://drive.google.com/file/d/1qXqX59NoWaVKsgk3p5jm7nGp0QLu4lSl/view?usp=sharing

@kgeller kgeller self-assigned this Jul 29, 2022
@elasticmachine
Copy link

elasticmachine commented Jul 29, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-08-22T14:01:15.030+0000

  • Duration: 17 min 44 sec

Test stats 🧪

Test Results
Failed 0
Passed 9
Skipped 0
Total 9

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jul 29, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 2.825
Classes 100.0% (1/1) 💚 2.825
Methods 83.333% (5/6) 👎 -6.021
Lines 77.778% (28/36) 👎 -13.139
Conditionals 100.0% (0/0) 💚

@andrewkroh andrewkroh added the Integration:cyberarkpas CyberArk Privileged Access Security label Aug 2, 2022
@kgeller kgeller marked this pull request as ready for review August 11, 2022 18:34
@elasticmachine
Copy link

elasticmachine commented Aug 11, 2022

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@kgeller kgeller requested a review from a team August 11, 2022 18:34
taylor-swanson
taylor-swanson reviewed Aug 11, 2022
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few quick comments, but at first glance, this looks awesome! 🎉

@kgeller kgeller requested a review from a team August 22, 2022 13:58
taylor-swanson
taylor-swanson approved these changes Aug 22, 2022
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kgeller kgeller merged commit ba5ca2a into elastic:main Aug 24, 2022
@kgeller kgeller deleted the create-cyberark-pta branch August 24, 2022 13:02
@andrewkroh andrewkroh mentioned this pull request Aug 25, 2022
Merged
@andrewkroh andrewkroh added Integration:cyberark_pta Cyberark Privileged Threat Analytics New Integration Issue or pull request for creating a new integration package. and removed Integration:cyberarkpas CyberArk Privileged Access Security labels Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees

@kgeller kgeller

Labels

enhancement New feature or request Integration:cyberark_pta Cyberark Privileged Threat Analytics New Integration Issue or pull request for creating a new integration package.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CyberArk Privileged Threat Analytics (PTA)

4 participants

@kgeller @elasticmachine @taylor-swanson @andrewkroh