add zeek system tests #448
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leehinman
added
enhancement
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
|
The CI error is
Try |
andrewkroh
approved these changes
Dec 8, 2020
| - {from: zeek.dns.query, to: dns.question.name} | ||
| - {from: zeek.dns.qtype_name, to: dns.question.type} | ||
| - {from: zeek.dns.rcode_name, to: dns.response_code} | ||
| - convert: | ||
| ignore_missing: true | ||
| ignore_failure: true |
There was a problem hiding this comment.
Suggested change
| ignore_failure: true | |
| fail_on_error: false |
- update version to 0.3.5 - capture_loss - connection - dce_rpc, update ecs.yml - dhcp, update ecs.yml - dnp3, update ecs.yml - dns, update ecs.yml, fix type mismatch - dpd - files - http, update ecs.yml, fix path configuration - intel - irc - kerberos, update ecs.yml - modbus, update ecs.yml - mysql, update ecs.yml - notice - ntlm - pe - radius - rdp, update ecs.yml - rfb - sip - smb_cmd - smb_files - smb_mapping - smtp - snmp - socks - ssh - ssl, update ecs.yml - stats - traceroute - tunnel - weird - x509, update ecs.yml
- fix indentation in fields files - fix "fail_on_error" option in dns
leehinman
force-pushed
the
zeek_system_test
branch
from
c28ea46 to
ffe02cb
Compare
andrewkroh
reviewed
Jan 11, 2021
| @@ -21,7 +21,7 @@ processors: | |||
| target: zeek.dns | |||
| - registered_domain: | |||
| ignore_missing: true | |||
| ignore_failure: true | |||
| fail_on_error: false | |||
There was a problem hiding this comment.
This one was correct with the use of ignore_failure: true.
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Jan 12, 2021
Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448
andrewkroh
added a commit
to elastic/beats
that referenced
this pull request
Jan 25, 2021
* Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Feb 16, 2021
* Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog (cherry picked from commit bf46572)
adriansr
pushed a commit
to elastic/beats
that referenced
this pull request
Feb 17, 2021
#24077) * Sync fixes from Integration Package Testing (#23424) * Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog (cherry picked from commit bf46572)
eyalkraft
pushed a commit
to build-security/integrations
that referenced
this pull request
Mar 30, 2022
* add zeek system tests - update version to 0.3.5 - capture_loss - connection - dce_rpc, update ecs.yml - dhcp, update ecs.yml - dnp3, update ecs.yml - dns, update ecs.yml, fix type mismatch - dpd - files - http, update ecs.yml, fix path configuration - intel - irc - kerberos, update ecs.yml - modbus, update ecs.yml - mysql, update ecs.yml - notice - ntlm - pe - radius - rdp, update ecs.yml - rfb - sip - smb_cmd - smb_files - smb_mapping - smtp - snmp - socks - ssh - ssl, update ecs.yml - stats - traceroute - tunnel - weird - x509, update ecs.yml * incorporate feedback - fix indentation in fields files - fix "fail_on_error" option in dns
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Add system tests to zeek package and bump version to 0.3.5
Specific changes to data_streams were:
Checklist
How to test this PR locally
Related issues