Skip to content

SECURITY-ENDPOINT: add more host properties to metadata and policy#70238

Merged
nnamdifrankie merged 1 commit intoelastic:masterfrom
nnamdifrankie:SECURITY-ENDPOINT_add_more_host_properties
Jun 29, 2020
Merged

SECURITY-ENDPOINT: add more host properties to metadata and policy#70238
nnamdifrankie merged 1 commit intoelastic:masterfrom
nnamdifrankie:SECURITY-ENDPOINT_add_more_host_properties

Conversation

@nnamdifrankie
Copy link
Contributor

@nnamdifrankie nnamdifrankie commented Jun 29, 2020
edited
Loading

Summary

Issue:

#70201

  • update generator and type to hold new fields.
{
          "@timestamp" : 1593452539763,
          "agent" : {
            "id" : "da16d6dd-9d6d-4711-90dc-b040c8035ff6",
            "version" : "1.0.0-local.20200416.0"
          },
          "elastic" : {
            "agent" : {
              "id" : "82dcace3-2be0-4155-abf2-fec19d2bb716"
            }
          },
          "ecs" : {
            "version" : "1.4.0"
          },
          "host" : {
            "id" : "743728ae-388d-40b2-8d98-6ca2dace27c1",
            "hostname" : "Host-why0jfi4w7",
            "name" : "Host-why0jfi4w7",
            "architecture" : "829lle6lhm",
            "ip" : [
              "10.25.175.177",
              "10.182.91.142",
              "10.228.55.210"
            ],
            "mac" : [
              "bd-8-87-3f-1a-cb",
              "5d-61-40-87-cb-62",
              "8-3d-f3-4a-3d-ad"
            ],
            "os" : {
              "name" : "windows 6.2",
              "full" : "Windows Server 2012",
              "version" : "6.2",
              "platform" : "Windows",
              "family" : "Windows",
              "Ext" : {
                "variant" : "Windows Server"
              }
            }
          },
          "Endpoint" : {
            "policy" : {
              "applied" : {
                "actions" : [
                  {
                    "name" : "configure_elasticsearch_connection",
                    "message" : "elasticsearch comes configured successfully",
                    "status" : "success"
                  },
                  {
                    "name" : "configure_kernel",
                    "message" : "Failed to configure kernel",
                    "status" : "failure"
                  },
                  {
                    "name" : "configure_logging",
                    "message" : "Successfully configured logging",
                    "status" : "success"
                  },
                  {
                    "name" : "configure_malware",
                    "message" : "Unexpected error configuring malware",
                    "status" : "failure"
                  },
                  {
                    "name" : "connect_kernel",
                    "message" : "Successfully initialized minifilter",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_file_open_events",
                    "message" : "Successfully stopped file open event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_file_write_events",
                    "message" : "Failed to stop file write event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_image_load_events",
                    "message" : "Successfully started image load event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_process_events",
                    "message" : "Successfully started process event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "download_global_artifacts",
                    "message" : "Failed to download EXE model",
                    "status" : "success"
                  },
                  {
                    "name" : "load_config",
                    "message" : "Successfully parsed configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "load_malware_model",
                    "message" : "Error deserializing EXE model; no valid malware model installed",
                    "status" : "success"
                  },
                  {
                    "name" : "read_elasticsearch_config",
                    "message" : "Successfully read Elasticsearch configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_events_config",
                    "message" : "Successfully read events configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_kernel_config",
                    "message" : "Succesfully read kernel configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_logging_config",
                    "message" : "Field (logging.debugview) not found in config",
                    "status" : "success"
                  },
                  {
                    "name" : "read_malware_config",
                    "message" : "Successfully read malware detect configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "workflow",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  },
                  {
                    "name" : "download_model",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  },
                  {
                    "name" : "ingest_events_config",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  }
                ],
                "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
                "response" : {
                  "configurations" : {
                    "events" : {
                      "concerned_actions" : [
                        "download_model"
                      ],
                      "status" : "warning"
                    },
                    "logging" : {
                      "concerned_actions" : [
                        "load_config"
                      ],
                      "status" : "success"
                    },
                    "malware" : {
                      "concerned_actions" : [
                        "load_config"
                      ],
                      "status" : "failure"
                    },
                    "streaming" : {
                      "concerned_actions" : [
                        "workflow",
                        "connect_kernel"
                      ],
                      "status" : "warning"
                    }
                  }
                },
                "artifacts" : {
                  "global" : {
                    "version" : "1.4.0",
                    "identifiers" : [
                      {
                        "name" : "endpointpe-model",
                        "sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                      }
                    ]
                  },
                  "user" : {
                    "version" : "1.4.0",
                    "identifiers" : [
                      {
                        "name" : "user-model",
                        "sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                      }
                    ]
                  }
                },
                "status" : "success",
                "version" : "734806ca-bd98-4b22-937b-2b8339737cc0",
                "name" : "With Eventing"
              }
            }
          },
          "event" : {
            "created" : 1593452539763,
            "id" : "af95c838-eb08-4dcf-82e4-29d3ea209638",
            "kind" : "state",
            "category" : "host",
            "type" : "change",
            "module" : "endpoint",
            "action" : "endpoint_policy_response",
            "dataset" : "endpoint.policy"
          }
        }


{
            "created" : 1593452539763
          },
          "agent" : {
            "version" : "6.3.7",
            "id" : "da16d6dd-9d6d-4711-90dc-b040c8035ff6",
            "type" : "endpoint"
          },
          "elastic" : {
            "agent" : {
              "id" : "82dcace3-2be0-4155-abf2-fec19d2bb716"
            }
          },
          "host" : {
            "id" : "743728ae-388d-40b2-8d98-6ca2dace27c1",
            "hostname" : "Host-why0jfi4w7",
            "name" : "Host-why0jfi4w7",
            "architecture" : "829lle6lhm",
            "ip" : [
              "10.25.175.177",
              "10.182.91.142",
              "10.228.55.210"
            ],
            "mac" : [
              "bd-8-87-3f-1a-cb",
              "5d-61-40-87-cb-62",
              "8-3d-f3-4a-3d-ad"
            ],
            "os" : {
              "name" : "windows 6.2",
              "full" : "Windows Server 2012",
              "version" : "6.2",
              "platform" : "Windows",
              "family" : "Windows",
              "Ext" : {
                "variant" : "Windows Server"
              }
            }
          },
          "Endpoint" : {
            "status" : "enrolled",
            "policy" : {
              "applied" : {
                "name" : "With Eventing",
                "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
                "status" : "success"
              }
            }
          }
        }

Checklist

Delete any items that are not applicable to this PR.

@nnamdifrankie nnamdifrankie requested review from a team as code owners June 29, 2020 17:53
@nnamdifrankie nnamdifrankie added v7.9.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes labels Jun 29, 2020
@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 29, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nnamdifrankie nnamdifrankie merged commit f196546 into elastic:master Jun 29, 2020
@nnamdifrankie nnamdifrankie deleted the SECURITY-ENDPOINT_add_more_host_properties branch June 29, 2020 20:04
@nnamdifrankie nnamdifrankie mentioned this pull request Jun 29, 2020
Merged
nnamdifrankie added a commit to nnamdifrankie/kibana that referenced this pull request Jun 29, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add host properties (elastic#70238)
8121b8c
nnamdifrankie added a commit that referenced this pull request Jun 29, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add host properties (#70238) (#70254)
52b5e35 
SECURITY-ENDPOINT: add host properties (#70238) (#70254)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 30, 2020
@gmmorris
Merge branch 'alerting/consumer-based-rbac' of github.com:gmmorris/ki…
f22c7aa 
…bana into alerting/consumer-based-rbac

* 'alerting/consumer-based-rbac' of github.com:gmmorris/kibana: (49 commits)
  [Discover] Deangularize Skip to bottom button (elastic#69811)
  Implement recursive plugin discovery (elastic#68811)
  Use ts-expect-error in platform code (elastic#69883)
  [SIEM][Detection Engine][Lists] Moves getQueryFilter to common folder for use by both front and backend
  [Ingest Manager][SECURITY SOLUTION] adjust config reassign link and add roundtrip to Reassignment flow (elastic#70208)
  [Security][Lists] Add API functions and react hooks for value list APIs (elastic#69603)
  [ILM] Fix bug when clearing priority field (elastic#70154)
  [Platform][Security] Updates cluster_manager ignorePaths to include security scripts (elastic#70139)
  [IngestManager] Allow to filter agent by packages (elastic#69731)
  [code coverage] exclude folders: test_helpers, tests_bundle (elastic#70199)
  [Metrics UI] UX improvements for saved views (elastic#69910)
  [APM] docs: unique transaction troubleshooting (elastic#69831)
  Cross cluster search functional test with minimun privileges assigned to the test_user (elastic#70007)
  [Maps] choropleth layer wizard (elastic#69699)
  Make custom errors by extending Error (elastic#69966)
  [Ingest Manager] Support updated package output structure (elastic#69864)
  Resolver test coverage (elastic#70246)
  Async Discover search test (elastic#64388)
  [ui-shared-deps] include styled-components (elastic#69322)
  SECURITY-ENDPOINT: add host properties (elastic#70238)
  ...
Bamieh pushed a commit to Bamieh/kibana that referenced this pull request Jul 1, 2020
@nnamdifrankie @Bamieh
SECURITY-ENDPOINT: add host properties (elastic#70238)
fe4cd96
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 16, 2020

Pinging @elastic/siem (Team:SIEM)

@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marshallmain marshallmain marshallmain approved these changes

+2 more reviewers

@kevinlog kevinlog kevinlog approved these changes

@aisantos aisantos aisantos approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@nnamdifrankie @kibanamachine @elasticmachine @marshallmain @kevinlog @aisantos @MindyRS @LeeDr