[Cloud Security] add cloud_configuration_finding data stream to wiz#9528
[Cloud Security] add cloud_configuration_finding data stream to wiz#9528maxcold wants to merge 5 commits intoelastic:mainfrom maxcold:csp-add-cloud-configuration-finding-data-stream-to-wiz
Conversation
|
84.8% Coverage on New Code
0.0% Duplication on New Code
| @@ -0,0 +1,41 @@ | |||
| { | |||
There was a problem hiding this comment.
@maxcold rename the file to match the data stream name
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
| index: | ||
| - "logs-wiz.cloud_configuration_finding-*" | ||
| dest: | ||
| index: "logs-wiz.cloud_configuration_finding_latest-default" |
There was a problem hiding this comment.
omit -default from the destination index, it is preserved for namespaces. which is not relevant here
There was a problem hiding this comment.
@kfirpeled It wasn't really important for the POC, for better or for worse it shows that the namespace question is still open. I will investigate if we can get around the problem of constant_keyword and have namespace-indifferent latest index or not
There was a problem hiding this comment.
as you suggested it should be possible to have keyword as a type for data_stream.namespace even though the schema restrict it with constant_keyword. Here is some discussion around why restrict it in the schema in the first place elastic/ecs#845 (comment) . Though going against ECS might impose some risks, eg. if the package-spec implements some validation for that in the future for some reason
| index: "logs-wiz.cloud_configuration_finding_latest-default" | ||
| latest: | ||
| unique_key: | ||
| - event.id |
There was a problem hiding this comment.
is it the unique_key?
shouldn't we have resource.id and rule.id as we use in current transform for findings?
There was a problem hiding this comment.
@kfirpeled yes, it should be a combination of the fields we care about same or similar to our native integration. I didn't intend this PR to be production ready and for POC it didn't make a difference really. there are a lot of things to fix if we want to release the cloud_configuration_finding data stream ourselves
…o the ingest pipeline
💔 Build Failed
Failed CI StepsHistory
|
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
andrewkroh
added
the
Team:Security-Service Integrations
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
|
Keeping this open as the POC it is a part of is still relevant. Will close after Wiz data stream is implemented |
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
|
closing as transform has already been released and this POC is not relevant enymore |
maxcold
deleted the
csp-add-cloud-configuration-finding-data-stream-to-wiz
branch
4 participants
Proposed commit message
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots