Conversation
💔 Build Failed
Expand to view the summary
Build stats
Steps errors
Expand to view the steps failures
|
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
jamiehynds
added
the
New Integration
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
This will need to have a line added to .github/CODEOWNERS
/packages/tychon @elastic/security-external-integrations
(in alphabetical position)
There are no tests, are you able to add these?
packages/tychon/LICENSE.txt
Outdated
There was a problem hiding this comment.
Please delete this file. It is not needed since the file in the root of the repo cover the code here.
| @@ -0,0 +1,6 @@ | |||
| # newer versions go on top | |||
| - version: "0.0.10" | |||
There was a problem hiding this comment.
| - version: "0.0.10" | |
| - version: "0.0.1" |
packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs
Outdated
Show resolved
Hide resolved
packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
…of the repo cover the code here
….hbs Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Changed {{#each paths as |path i|}} to {{#each paths as |path|}} per efd6 request
Added new line to end per efd6 request.
Updated ecs.version per efd6 request
Added new line to end per efd6 request
Added descriptions to names.
Removed Asset Identification and updated exported field for tychon_cve
| @@ -1,93 +0,0 @@ | |||
| Elastic License 2.0 | |||
There was a problem hiding this comment.
Why are we removing this license here?
There was a problem hiding this comment.
@jsoriano the comment above suggested we remove the file:
packages/tychon/LICENSE.txt
Outdated
Contributor
@efd6 efd6 yesterday
Please delete this file. It is not needed since the file in the root of the repo cover the code here.
There was a problem hiding this comment.
Wrong LICENSE.txt. The file in root needs to stay, I was asking to remove the file that was added in this PR.
There was a problem hiding this comment.
License file was added back in
There was a problem hiding this comment.
This is still not right. The LICENSE.txt in the root needs to exist, the LICENSE.txt file in packages/tychon/LICENSE.txt should not exist. Please do git mv packages/tychon/LICENSE.txt . && git commit -m "replace license file" in the root of the repo.
There was a problem hiding this comment.
moved to the root of the package, hopefully, this is correct :)
|
💚 CLA has been signed |
|
@skidmoco Please check that the email address you have used to sign the CLA matches the email address in your commits. |
Updating description of vulnerability ds
|
@efd6 what is the status of this PR? We have customers waiting on this plugin, is there any way we can jump on a call or something to get this plugin approved and pushed? Is there a faster process? |
| dynamic_fields: | ||
| "@timestamp": ".*" | ||
| event.ingested: ".*" | ||
|
No newline at end of file |
There was a problem hiding this comment.
Please fix these so that they have a final newline, not a final space. There are other cases throughout. (the *-expected.json should not be altered).
| source: if(ctx.vulnerability?.result == 'fail'){ | ||
| ctx.event.outcome = "failure" | ||
| }else if(ctx.vulnerability?.result == 'pass'){ | ||
| ctx.event.outcome = "success" | ||
| }else{ | ||
| ctx.event.outcome = "unknown" | ||
| } |
There was a problem hiding this comment.
Please use the YAML pipe syntax for scripts as shown here.
| - script: | ||
| source: ctx.host.mac = ctx.host.mac.replace(':','-') |
| json: | ||
| keys_under_root: true | ||
| expand_keys: true | ||
|
No newline at end of file |
| - append: | ||
| field: error.message | ||
| value: '{{{ _ingest.on_failure_message }}}' | ||
|
No newline at end of file |
| dynamic_fields: | ||
| "@timestamp": ".*" | ||
| event.ingested: ".*" | ||
|
No newline at end of file |
| {{/if}} | ||
| json: | ||
| keys_under_root: true | ||
| expand_keys: true No newline at end of file |
There was a problem hiding this comment.
| expand_keys: true | |
| expand_keys: true |
| - append: | ||
| field: error.message | ||
| value: '{{{ _ingest.on_failure_message }}}' | ||
|
No newline at end of file |
| {{/if}} | ||
| json: | ||
| keys_under_root: true | ||
| expand_keys: true No newline at end of file |
There was a problem hiding this comment.
| expand_keys: true | |
| expand_keys: true |
| - append: | ||
| field: error.message | ||
| value: '{{{ _ingest.on_failure_message }}}' | ||
|
No newline at end of file |
|
/test |
modified: packages/tychon/changelog.yml modified: packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml modified: packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_cve/fields/ecs.yml modified: packages/tychon/data_stream/tychon_cve/fields/fields.yml modified: packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml modified: packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_epp/fields/ecs.yml modified: packages/tychon/data_stream/tychon_epp/fields/fields.yml modified: packages/tychon/data_stream/tychon_epp/manifest.yml modified: packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml modified: packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_stig/fields/ecs.yml modified: packages/tychon/data_stream/tychon_stig/fields/fields.yml modified: packages/tychon/data_stream/tychon_stig/manifest.yml
modified: packages/tychon/data_stream/tychon_stig/manifest.yml
modified: packages/tychon/changelog.yml
Bruce changes no sync
|
/test |
bhapas
left a comment
bhapas
left a comment
There was a problem hiding this comment.
Please note that comment applies to all pipeline files
| value: "{{id}}" | ||
| - set: | ||
| field: tychon.ipv4 | ||
| value: "{{host.ipv4}}" |
There was a problem hiding this comment.
| value: "{{host.ipv4}}" | |
| - set: | |
| field: tychon.ipv4 | |
| copy_from: host.ipv4 | |
| ignore_empty_value: true | |
This way you don't have empty/null values into tychon.ipv4
|
We have a new, much larger version of this integration being released in the coming days, I'm closing this PR as the change causes this version to be obsolete and will be pushed to a new PR before this one can be completed. |
9 participants
Enhancement
What does this PR do?
This is TYCHON's initial push of its Agentless Beta plugin code base, the software this has been integrated with is a licensed product but the sample JSON files represent a single-line response. This is being released initially as Beta as the product has only been tested using local repo's and QA needs to test from hosted Github code.
Checklist
changelog.ymlfile.How to test this PR locally
Use the sample data to ingest data into the Elastic Agent Pipelines. The provided dashboards shall validate that data is being transferred.