Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Aruba Documentation #11101

Closed
wants to merge 94 commits into from
Closed

Initial Aruba Documentation #11101

wants to merge 94 commits into from

Conversation

qcorporation
Copy link

Change Log

  • added manifest file with udp and tcp support
  • named ownership for aruba to the dnd team
  • documented all fields from the official aruba documentation and mapped them to either ecs or fields
  • put placeholders for stream.yml, base-fields and docker-compose
  • added example logs from CX 6300, 6000 and 8360

Checklist

  • [ x ] I have reviewed tips for building integrations and this pull request is aligned with them.
  • [ no ] I have verified that all data streams collect metrics or logs.
  • [ x ] I have added an entry to my package's changelog.yml file.
  • [ x ] I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • Reviewed that all ecs or newly created maps make sense in the absence of actual logs, just from the documentation
  • Review al fields data types, that they make sense
  • Validate that nothing was missed for message type for the Aruba CX lines between version v5200 -> v8214

How to test this PR locally

  • review the mappings. This will be a guide for additional contributions as we separate the work

animehart and others added 4 commits September 11, 2024 12:53
@animehart
initial (#10479)
ec916ab
@efd6
aws_bedrock: support newer guardrails data structure (#11021)
84d71ee
@qcorporation
Initial Aruba Documentation
b4dcce4 
Change Log:
- added manifest file with udp and tcp support
- named ownership for aruba to the dnd team
- documented all fields from the official aruba documentation and mapped them to either ecs or fields
- put placeholders for stream.yml, base-fields and docker-compose
- added example logs from CX 6300, 6000 and 8360
@efd6
sentinel_one: document alert data stream environment limitation (#11036)
3e5e8a1
efd6 and others added 8 commits September 12, 2024 07:01
@efd6
entityanalytics_entra_id: add support for request trace logging (#10765)
f1f0e8d
@w0rk3r
[Enhancement] Improve S1 Cloud Funnel Process event parity with other…
1527b10 
… EDR data sources (#11019)

Uses a field alias to map the process integrity field to the one used in the
rules based on our Elastic Defend for more straightforward rule conditions.

Adds caseless versions of process.name and process.executable as done
in #10533.
@muthu-mps
[Citrix ADC] Update code-owner for logs and metrics data stream (#11064)
105828a 
* update code-owner for Citrix ADC logs and metrics data stream.
@CohenIdo
Add Latest Transform - Wiz Vulnerabilities
b659fac
@dependabot
Bump github.com/elastic/package-registry from 1.24.1 to 1.25.0 (#11097)
7b14f75 
Bumps [github.com/elastic/package-registry](https://github.com/elastic/package-registry) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/elastic/package-registry/releases)
- [Changelog](https://github.com/elastic/package-registry/blob/main/CHANGELOG.md)
- [Commits](elastic/package-registry@v1.24.1...v1.25.0)

---
updated-dependencies:
- dependency-name: github.com/elastic/package-registry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bjmcnic
Fix powershell error on events 40961 and 40962 (#10792)
8711ef8 
Fix pipeline_error for powershell_operational events 40961 and 40962.
@github-actions
chore: [updatecli] Update 7.x snapshot to 7.17.25-SNAPSHOT (#11107)
afac6c5 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@qcorporation
Address PR comments and Refactor
e14c806 
Change Log:
- moved docs to build/docs/README.md
- generated all fields within README.md
- remove duplicate fields defined within field.yml
- fixed yaml formatting within fields.yml
- modified manifest.yml and conformed to listen_address and listening_port
@qcorporation qcorporation self-assigned this Sep 12, 2024
@qcorporation qcorporation added the Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] label Sep 12, 2024
aleksmaus and others added 12 commits September 12, 2024 17:37
@aleksmaus
[citrix_adc] Improve handling of SSLVPN Message (#11121)
c8edfa3 
* [citrix_adc] Improve handling of SSLVPN Message

* Update changelog with PR number

* Address code review
@alaudazzi
[DOCS] Add new section on Azure Functions hosting plans (#10984)
40666e8 
* Add new section on hosting plans

* Integrate reviewer's feedback

* Run elastic-package build

* Integrate reviewer's feedback
@maxcold @efd6
[Cloud Security] fix 'got types.Null, expected iterable type' error (#…
82311e2 
…11098)

* fix 'got types.Null, expected iterable type' error

* Update packages/wiz/data_stream/audit/agent/stream/cel.yml.hbs

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>

* cr feedback: change to orValue(null)

---------

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@efd6
tenable_io: fix flakey test and timestamp handling (#10940)
08e244c 
The comparison for determining whether the pagination had completed was based
on the response's size and the batch size (via state.batch_size, but could
also have been the response's params.size without difference in behaviour).
This was not correct since the size value is the current response's result
set and so may match the batch size even when the pagination is complete, in
the case that total size mod batch size is zero. Instead keep a running tally
of records returned throughout the pagination and compare this to the total
count reported by the API. Also fix the test case so that the response
matches the API docs.[1]

The timestamps were being examined for their maximum by string comparison.
This should approximately always work if the timestamp is formatted as
RFC3339, but the timestamps are rendered as variable precision RFC3339, so
make sure that the comparisons work by converting to timestamp values to
obtain the maximum.

[1]https://developer.tenable.com/reference/io-plugins-list
@efd6
claroty_ctd: fix replacement configuration (#11093)
db6b7ae
@efd6
cyberarkpas: improve efficiency of event.duration calculation (#11011)
a6eb961 
Rather than allocating a char[] to iterate over, just iterate over the
bytes of the string.
@alaudazzi
Update changelog entry
9c0bb75
@efd6
entityanalytics_okta: map group fields and add test infrastructure (#…
a90c098 
…10973)
@efd6
google_scc: fix field name typo (#11053)
c719ce5
@qcorporation
Update sonar-project.properties
b2842a4 
Change Log:
Update sonar-project.properties to exclude *.yml within the coverage calculations
@qcorporation
Update docker-compose.yml
6af01d9
@qcorporation
Trying to get CI to pass
04dbc83
@elasticmachine
Copy link

elasticmachine commented Sep 13, 2024
edited
Loading

🚀 Benchmarks report

Package 1password 👍(0) 💚(2) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
signin_attempts 6134.97 4219.41 -1915.56 (-31.22%) 💔

Package abnormal_security 👍(1) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 5154.64 4201.68 -952.96 (-18.49%) 💔
threat 2785.52 1492.54 -1292.98 (-46.42%) 💔

Package activemq 👍(3) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 8474.58 5714.29 -2760.29 (-32.57%) 💔
topic 111111.11 76923.08 -34188.03 (-30.77%) 💔

Package apache_tomcat 👍(2) 💚(0) 💔(7)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
access 2531.65 1689.19 -842.46 (-33.28%) 💔
catalina 13333.33 10638.3 -2695.03 (-20.21%) 💔
localhost 25641.03 17857.14 -7783.89 (-30.36%) 💔
memory 33333.33 16393.44 -16939.89 (-50.82%) 💔
request 40000 25000 -15000 (-37.5%) 💔
session 24390.24 19607.84 -4782.4 (-19.61%) 💔
thread_pool 8403.36 6993.01 -1410.35 (-16.78%) 💔

Package auth0 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
logs 6578.95 3816.79 -2762.16 (-41.98%) 💔

Package authentik 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
group 4504.5 3333.33 -1171.17 (-26%) 💔

Package aws 👍(10) 💚(6) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
route53_public_logs 10000 8264.46 -1735.54 (-17.36%) 💔
vpcflow 8000 5747.13 -2252.87 (-28.16%) 💔
cloudfront_logs 2415.46 1416.43 -999.03 (-41.36%) 💔

Package azure 👍(6) 💚(2) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
activitylogs 1607.72 1107.42 -500.3 (-31.12%) 💔
identity_protection 4739.34 3731.34 -1008 (-21.27%) 💔
platformlogs 5434.78 4385.96 -1048.82 (-19.3%) 💔

Package azure_frontdoor 👍(0) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
waf 4149.38 3194.89 -954.49 (-23%) 💔

Package barracuda_cloudgen_firewall 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 11627.91 9615.38 -2012.53 (-17.31%) 💔

Package bitdefender 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
push_statistics 62500 38461.54 -24038.46 (-38.46%) 💔

Package bitwarden 👍(3) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
policy 8196.72 6535.95 -1660.77 (-20.26%) 💔

Package box_events 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
events 5405.41 3300.33 -2105.08 (-38.94%) 💔

Package carbon_black_cloud 👍(3) 💚(2) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
watchlist_hit 3378.38 2801.12 -577.26 (-17.09%) 💔

Package ceph 👍(1) 💚(3) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
cluster_health 30303.03 21739.13 -8563.9 (-28.26%) 💔
cluster_status 7462.69 5319.15 -2143.54 (-28.72%) 💔
osd_tree 25641.03 17241.38 -8399.65 (-32.76%) 💔

Package cisco_duo 👍(0) 💚(3) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
auth 2057.61 1485.88 -571.73 (-27.79%) 💔
offline_enrollment 32258.06 6329.11 -25928.95 (-80.38%) 💔

Package cisco_ftd 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 841.75 644.75 -197 (-23.4%) 💔

Package cisco_meraki 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
events 500000 333333.33 -166666.67 (-33.33%) 💔

Package citrix_adc 👍(4) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
system 6410.26 4830.92 -1579.34 (-24.64%) 💔

Package claroty_ctd 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
event 1394.7 1162.79 -231.91 (-16.63%) 💔

Package cloudflare_logpush 👍(6) 💚(5) 💔(7)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
gateway_network 7194.24 5376.34 -1817.9 (-25.27%) 💔
sinkhole_http 6134.97 3424.66 -2710.31 (-44.18%) 💔
spectrum_event 3984.06 3003 -981.06 (-24.62%) 💔
workers_trace 9090.91 3436.43 -5654.48 (-62.2%) 💔
dns_firewall 5747.13 4347.83 -1399.3 (-24.35%) 💔
firewall_event 3105.59 2314.81 -790.78 (-25.46%) 💔
gateway_dns 4545.45 3846.15 -699.3 (-15.38%) 💔

Package couchbase 👍(1) 💚(6) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
bucket 15873.02 10526.32 -5346.7 (-33.68%) 💔
database_stats 32258.06 27027.03 -5231.03 (-16.22%) 💔
query_index 9803.92 7936.51 -1867.41 (-19.05%) 💔

Package couchdb 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
server 4405.29 3484.32 -920.97 (-20.91%) 💔

Package crowdstrike 👍(1) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alert 1071.81 813.01 -258.8 (-24.15%) 💔
host 1818.18 1356.85 -461.33 (-25.37%) 💔

Package cybereason 👍(4) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
poll_malop 1926.78 1557.63 -369.15 (-19.16%) 💔

Package darktrace 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
system_status_alert 4854.37 4000 -854.37 (-17.6%) 💔

Package eset_protect 👍(1) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
detection 2409.64 1782.53 -627.11 (-26.03%) 💔
event 2659.57 1845.02 -814.55 (-30.63%) 💔

Package f5 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
bigipafm 28571.43 19607.84 -8963.59 (-31.37%) 💔

Package forcepoint_web 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
logs 2518.89 1953.13 -565.76 (-22.46%) 💔

Package forgerock 👍(5) 💚(2) 💔(4)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
am_access 11235.96 8264.46 -2971.5 (-26.45%) 💔
am_activity 26315.79 20000 -6315.79 (-24%) 💔
am_authentication 17241.38 11111.11 -6130.27 (-35.56%) 💔
am_config 30303.03 24390.24 -5912.79 (-19.51%) 💔

Package gcp 👍(4) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
firewall 4032.26 3184.71 -847.55 (-21.02%) 💔

Package google_scc 👍(2) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
asset 1490.31 1114.83 -375.48 (-25.19%) 💔
source 35714.29 21739.13 -13975.16 (-39.13%) 💔

Package google_workspace 👍(8) 💚(2) 💔(4)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
user_accounts 13513.51 10309.28 -3204.23 (-23.71%) 💔
context_aware_access 4291.85 3533.57 -758.28 (-17.67%) 💔
gcp 7092.2 5917.16 -1175.04 (-16.57%) 💔
groups 7194.24 5000 -2194.24 (-30.5%) 💔

Package hadoop 👍(2) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
cluster 5882.35 4255.32 -1627.03 (-27.66%) 💔
namenode 11235.96 7462.69 -3773.27 (-33.58%) 💔

Package ibmmq 👍(0) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
qmgr 3717.47 2257.34 -1460.13 (-39.28%) 💔

Package jamf_pro 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
inventory 6289.31 5050.51 -1238.8 (-19.7%) 💔

Package jamf_protect 👍(2) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
telemetry_legacy 1984.13 1510.57 -473.56 (-23.87%) 💔
web_threat_events 8547.01 5494.51 -3052.5 (-35.71%) 💔

Package kubernetes 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
container_logs 200000 125000 -75000 (-37.5%) 💔

Package lastpass 👍(2) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
detailed_shared_folder 10752.69 6410.26 -4342.43 (-40.38%) 💔

Package m365_defender 👍(3) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alert 857.63 594.88 -262.75 (-30.64%) 💔

Package mattermost 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 2985.07 2293.58 -691.49 (-23.16%) 💔

Package microsoft_dnsserver 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 15873.02 6849.32 -9023.7 (-56.85%) 💔

Package microsoft_exchange_server 👍(2) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
smtp 62500 41666.67 -20833.33 (-33.33%) 💔

Package mimecast 👍(4) 💚(5) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
archive_search_logs 10309.28 6250 -4059.28 (-39.38%) 💔

Package modsecurity 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
auditlog 553.4 395.26 -158.14 (-28.58%) 💔

Package mongodb_atlas 👍(6) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
project 4651.16 2109.7 -2541.46 (-54.64%) 💔

Package mysql 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
slowlog 25641.03 19607.84 -6033.19 (-23.53%) 💔

Package nagios_xi 👍(0) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
events 16393.44 13888.89 -2504.55 (-15.28%) 💔
service 3246.75 1937.98 -1308.77 (-40.31%) 💔

Package netskope 👍(0) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alerts 1506.02 1180.64 -325.38 (-21.61%) 💔
events 2358.49 1540.83 -817.66 (-34.67%) 💔

Package nginx_ingress_controller 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
error 38461.54 32258.06 -6203.48 (-16.13%) 💔

Package pps 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 4975.12 3703.7 -1271.42 (-25.56%) 💔

Package proofpoint_on_demand 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
audit 1872.66 1385.04 -487.62 (-26.04%) 💔

Package pulse_connect_secure 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 3759.4 1265.82 -2493.58 (-66.33%) 💔

Package rabbitmq 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 9090.91 4761.9 -4329.01 (-47.62%) 💔

Package redis 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 8620.69 5319.15 -3301.54 (-38.3%) 💔

Package salesforce 👍(2) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
setupaudittrail 6289.31 4739.34 -1549.97 (-24.64%) 💔

Package snort 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 17857.14 14285.71 -3571.43 (-20%) 💔

Package snyk 👍(2) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
vulnerabilities 5434.78 3690.04 -1744.74 (-32.1%) 💔

Package stormshield 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 2272.73 1754.39 -518.34 (-22.81%) 💔

Package sublime_security 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
message_event 6944.44 5847.95 -1096.49 (-15.79%) 💔

Package system 👍(1) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
syslog 22222.22 16666.67 -5555.55 (-25%) 💔

Package tanium 👍(2) 💚(1) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
discover 4149.38 3267.97 -881.41 (-21.24%) 💔
endpoint_config 12820.51 5847.95 -6972.56 (-54.39%) 💔
reporting 21739.13 14925.37 -6813.76 (-31.34%) 💔

Package thycotic_ss 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
logs 3367 2739.73 -627.27 (-18.63%) 💔

Package ti_cif3 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
feed 2985.07 1876.17 -1108.9 (-37.15%) 💔

Package ti_cybersixgill 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
threat 3086.42 1972.39 -1114.03 (-36.09%) 💔

Package ti_eclecticiq 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
threat 2577.32 2123.14 -454.18 (-17.62%) 💔

Package ti_eset 👍(3) 💚(1) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
apt 1730.1 1364.26 -365.84 (-21.15%) 💔
botnet 9345.79 5649.72 -3696.07 (-39.55%) 💔
cc 11363.64 7142.86 -4220.78 (-37.14%) 💔

Package ti_rapid7_threat_command 👍(1) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alert 4237.29 3436.43 -800.86 (-18.9%) 💔
ioc 2857.14 1934.24 -922.9 (-32.3%) 💔

Package tomcat 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 76923.08 58823.53 -18099.55 (-23.53%) 💔

Package trendmicro 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
deep_security 1089.32 914.08 -175.24 (-16.09%) 💔

Package vsphere 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 3676.47 3058.1 -618.37 (-16.82%) 💔

Package windows 👍(6) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
applocker_msi_and_script 8771.93 6250 -2521.93 (-28.75%) 💔
powershell_operational 4629.63 3184.71 -1444.92 (-31.21%) 💔

Package wiz 👍(1) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
issue 3333.33 2222.22 -1111.11 (-33.33%) 💔
vulnerability 2481.39 1904.76 -576.63 (-23.24%) 💔

Package zeek 👍(24) 💚(11) 💔(8)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
ntp 52631.58 35714.29 -16917.29 (-32.14%) 💔
signature 62500 20000 -42500 (-68%) 💔
connection 31250 17857.14 -13392.86 (-42.86%) 💔
software 66666.67 55555.56 -11111.11 (-16.67%) 💔
dce_rpc 21276.6 12987.01 -8289.59 (-38.96%) 💔
traceroute 30303.03 22727.27 -7575.76 (-25%) 💔
weird 40000 30303.03 -9696.97 (-24.24%) 💔
x509 13333.33 10989.01 -2344.32 (-17.58%) 💔

Package zerofox 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
alerts 3367 2364.07 -1002.93 (-29.79%) 💔

Package zoom 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
webhook 3558.72 2242.15 -1316.57 (-37%) 💔

Package zscaler_zia 👍(5) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
sandbox_report 4166.67 3194.89 -971.78 (-23.32%) 💔
tunnel 4651.16 3745.32 -905.84 (-19.48%) 💔

Package zscaler_zpa 👍(2) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
app_connector_status 1996.01 1552.8 -443.21 (-22.2%) 💔
user_status 6993.01 5405.41 -1587.6 (-22.7%) 💔

To see the full report comment with /test benchmark fullreport

taylor-swanson and others added 10 commits September 19, 2024 07:38
@taylor-swanson
[stormshield] Fix timestamp fields, move stormshield.msg to message (#…
bde6b51 
…11177)

- Use stormshield.time for @timestamp
- Use stormshield.starttime for event.start
- Move stormshield.msg to message
- Release integration as GA
@niraj-elastic @niraj-crest
[vSphere] Add new resourcepool datatastream (#10996)
40459dc 
* add resourcepool datastream

* Update changelog

* address review comments

* add triggered_alarm

* address review comments

* update changelog

* address review comment

* address review comment

---------

Co-authored-by: Niraj Rathod <niraj.rathod@crestdatasys.com>
@qcorporation
Address PR comments
5e3f48f 
Change Log:
- re-instate ecs.yml files to due some external issues of ecs dynamic bindings
- added filestream within the manifest, docker-compose, handlebars file
- added udp, filestream and tls within docker-compose file
- addressed listen_address and listen_port within the tcp and udp handlebars file as per PR recommendations
- setup a catch all for on_failure within the default pipeline ingest
-
@qcorporation
Fix build issues
9702a76
@alvarezmelissa87
Update README for packages with ML Modules to ensure naming is consis…
424e6e6 
…tent (#11165)

* update readme for packages with ml modules

* update changelog

* Revert "update changelog"

This reverts commit fd62849.
@efd6
carbon_black_cloud: ensure alert search range is a valid temporal ord…
6ecaa71 
…ering (#11149)
@github-actions
.github/ISSUE_TEMPLATE/integration_bug.yml - update bedrock title (#1…
ccfbcfc 
…1194)

Update title for aws_bedrock to "Amazon Bedrock".

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@lucian-ioan
[vSphere][virtualmachine] Add support for additional metrics (#10942)
69dc708
@zmoog
azure storage account: fix capacity and count metrics visualizations …
c7d87fc 
…in the all dashboards (#11120)

Fix capacity and count metrics visualizations in the overview, blob, table, and file storage dashboards.

The capacity and count metric visualizations were missing the filter option, so they all displayed "N/A". 

Here is the JSON before:

```json
{
  "customLabel": true,
  "dataType": "number",
  "filter": {
    "language": "kuery",
    "query": "" <————————— empty query here 👀 
  },
  "isBucketed": false,
  "label": "File Share Snapshot Size",
  "operationType": "last_value",
  "params": {
    "format": {
      "id": "bytes"
    },
    "sortField": "@timestamp"
  },
  "scale": "ratio",
  "sourceField": "azure.storage_account.file_share_snapshot_size.avg"
}
```

I just set the `filter.query` value with the corresponding metric:

```json
{
  "customLabel": true,
  "dataType": "number",
  "filter": {
    "language": "kuery",
    "query": "azure.storage_account.file_share_snapshot_size.avg: *"
  },
  "isBucketed": false,
  "label": "File Share Snapshot Size",
  "operationType": "last_value",
  "params": {
    "format": {
      "id": "bytes"
    },
    "sortField": "@timestamp"
  },
  "scale": "ratio",
  "sourceField": "azure.storage_account.file_share_snapshot_size.avg"
}
```

With the proper `filter.query` values are back.
@tetianakravchenko @gizas
[kubernetes OTEL] Add kubernetes OTEL package (#11137)
7c0518c 
* add content package - k8s OTEL

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* rename dashboard; fix tag; change description of the package

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* fix dashboard to use correct data view

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* Update packages/kubernetes_otel/manifest.yml

Co-authored-by: Andrew Gizas <andreas.gkizas@elastic.co>

* rename package to use Kubernetes OpenTelemetry Assets name

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

* change tag OTEL -> OpenTelemetry

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

---------

Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
Co-authored-by: Andrew Gizas <andreas.gkizas@elastic.co>
@qcorporation qcorporation marked this pull request as draft September 20, 2024 13:17
qcorporation and others added 15 commits September 20, 2024 09:18
@qcorporation
Update sonar-properties
e9fb3eb
@mohitjha-elastic
[crowdstrike] Add Support of IDP and EPP Alert Fields (#11135)
3189c70 
Add Support of IDP and EPP Alert Fields.

- Enhance the existing pipeline by adding new IDP and EPP Alert Fields.
- Add some visualizations related to IDP and EPP Alert.
- Add support of some new Alert fields coming through v2 API endpoint.
- Added test data for the supported fields.
@qcorporation
Initial Aruba Documentation
12e5710 
Change Log:
- added manifest file with udp and tcp support
- named ownership for aruba to the dnd team
- documented all fields from the official aruba documentation and mapped them to either ecs or fields
- put placeholders for stream.yml, base-fields and docker-compose
- added example logs from CX 6300, 6000 and 8360
@qcorporation
Address PR comments and Refactor
930bf0c 
Change Log:
- moved docs to build/docs/README.md
- generated all fields within README.md
- remove duplicate fields defined within field.yml
- fixed yaml formatting within fields.yml
- modified manifest.yml and conformed to listen_address and listening_port
@qcorporation
Update sonar-project.properties
bce905c 
Change Log:
Update sonar-project.properties to exclude *.yml within the coverage calculations
@qcorporation
Update docker-compose.yml
ce3fda1
@qcorporation
Trying to get CI to pass
39e005d
@qcorporation
minor tweaks for versioning and naming
cc9ae30
@qcorporation
Update fields.yml
f70c5d6 
Update the vrf.id to keyword
@qcorporation
Reverting changes to sonar-project.properties
6176ace
@qcorporation
Address PR comments
e9c8133 
Change Log:
- re-instate ecs.yml files to due some external issues of ecs dynamic bindings
- added filestream within the manifest, docker-compose, handlebars file
- added udp, filestream and tls within docker-compose file
- addressed listen_address and listen_port within the tcp and udp handlebars file as per PR recommendations
- setup a catch all for on_failure within the default pipeline ingest
-
@qcorporation
Fix build issues
9a27720
@qcorporation
Update sonar-properties
049f893
@qcorporation
Merge branch 'feature-5255-aruba-qcorp' of github.com:elastic/integra…
3698867 
…tions into feature-5255-aruba-qcorp
@qcorporation
revering sonar-project.properties
8dc8f2e
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @qcorporation

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 20, 2024

⚠️ The sha of the head commit of this PR conflicts with #11201. Mergify cannot evaluate rules on this PR. ⚠️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gogochan gogochan gogochan left review comments

@dwhyrock dwhyrock dwhyrock left review comments

@taylor-swanson taylor-swanson taylor-swanson left review comments

Assignees

@qcorporation qcorporation

Labels
New Integration Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.