-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat] Add Zeek Signatures fileset #23772
Conversation
💚 CLA has been signed |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
e814af5
to
0b632a2
Compare
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
0b632a2
to
cd2c30e
Compare
I tried to do the local testing per the documentation but i don't know if I did it correctly and think someone with more beats module dev experience should look at this and make whatever changes are needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution!
I left a suggestion about a configuration change you likely were intending.
Additionally you'll also want to revert the Makefile
change, change the top-level zeek/_meta/config.yml
file that I mention, and run the mage
commands for generating the expected document and the generated configuration files.
Let me know if you have any questions or need some help with running the generators.
x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json
Outdated
Show resolved
Hide resolved
cd2c30e
to
3e4e1ec
Compare
jenkins, run tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a changelog entry into the CHANGELOG.next.asciidoc file under the Added/Filebeat section.
I will try to get to this today |
89578a9
to
9e80f28
Compare
Done |
9e80f28
to
8e7a3a7
Compare
jenkins, run tests |
cdcc1e5
to
db21eda
Compare
@andrewkroh can u rerun the Jenkins tests? |
jenkins, run tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM assuming CI is green.
db21eda
to
bf2c64d
Compare
Add the Signature fileset to the Zeek module for Filbeat. Co-authored-by: Andrew Kroh <[email protected]> (cherry picked from commit e332d9d)
Thanks for your contribution. I opened a PR to move this into the 7.x branch so that it's included in the next minor release. |
Add the Signature fileset to the Zeek module for Filbeat. Co-authored-by: Andrew Kroh <[email protected]> (cherry picked from commit e332d9d) Co-authored-by: Alex Resnick <[email protected]>
…-arm * upstream/master: [CI] install docker-compose with retry (elastic#24069) Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052) updating manifest files for filebeat threatintel module (elastic#24074) Add Zeek Signatures (elastic#23772) Update Beats to ECS 1.8.0 (elastic#23465) Support running Docker logging plugin on ARM64 (elastic#24034) Fix ec2 metricset fields.yml and add integration test (elastic#23726) Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060) [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773) [Elastic Agent] Enroll with Fleet Server (elastic#23865) [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944) [Ingest Management] Fix reloading of log level for services (elastic#24055) Add Agent standalone k8s manifest (elastic#23679)
…dows-7 * upstream/master: (332 commits) Use ECS v1.8.0 (elastic#24086) Add support for postgresql csv logs (elastic#23334) [Heartbeat] Refactor config system (elastic#23467) [CI] install docker-compose with retry (elastic#24069) Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052) updating manifest files for filebeat threatintel module (elastic#24074) Add Zeek Signatures (elastic#23772) Update Beats to ECS 1.8.0 (elastic#23465) Support running Docker logging plugin on ARM64 (elastic#24034) Fix ec2 metricset fields.yml and add integration test (elastic#23726) Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060) [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773) [Elastic Agent] Enroll with Fleet Server (elastic#23865) [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944) [Ingest Management] Fix reloading of log level for services (elastic#24055) Add Agent standalone k8s manifest (elastic#23679) [Metricbeat][Kubernetes] Extend state_node with more conditions (elastic#23905) [CI] googleStorageUploadExt step (elastic#24048) Check fields are documented for aws metricsets (elastic#23887) Update go-concert to 0.1.0 (elastic#23770) ...
What does this PR do?
Add the Signature fileset to the Zeek module for Filbeat.
Why is it important?
Its one of the last zeek logs that isn't parsed by Filebeat currently.
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.