Cyberark Privileged Access Security module #24803
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adriansr
added
enhancement
in progress
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
added
needs_team
adriansr
commented
Mar 29, 2021
| @@ -0,0 +1,161 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
This file is necessary to configure the Vault, but it's not used by the module. Added it here so that it's under version control. We need to see how to distribute it.
|
|
||
| processors: | ||
| # | ||
| # Set ECS event.ingested |
There was a problem hiding this comment.
TODO: Most of these comments can be moved to a description field.
| # | ||
| - script: | ||
| lang: painless | ||
| params: |
There was a problem hiding this comment.
Note to reviewers: Please review these mappings
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
adriansr
force-pushed
the
cyberarkpas
branch
3 times, most recently
from
727eb7d to
2a461e5
Compare
adriansr
added
review
backport-v7.13.0
adriansr
changed the title
|
/test |
andrewkroh
reviewed
Apr 16, 2021
| target: '' | ||
| fields: | ||
| ecs.version: 1.8.0 | ||
| # TODO: internal/external zones |
There was a problem hiding this comment.
Is this for adding network_direction? We do have that available in Ingest Node too now.
There was a problem hiding this comment.
Thanks, I added the ingest node processor. However, I don't see a way for the user to pass custom internal networks in a way that's compatible with packages. Any ideas?
marc-gr
reviewed
Apr 19, 2021
andrewkroh
approved these changes
Apr 19, 2021
Technically it should escape all control characters (0-0x1f) but I can't find a way to do that in XSLT v1.0. Only TAB, CR and LF can be represented.
mergify bot
pushed a commit
that referenced
this pull request
Apr 19, 2021
This PR adds a new module, cyberarkpas, to ingest Privileged Access Security audit logs from Vault via syslog. (cherry picked from commit 2d51864)
v1v
added a commit
to v1v/beats
that referenced
this pull request
Apr 20, 2021
…-github-pr-comment-template * upstream/master: [Ingest Manager] Keep http and logging config during enroll (elastic#25132) Refactor kubernetes autodiscover to avoid skipping short-living pods (elastic#24742) [libbeat] New decode xml wineventlog processor (elastic#25115) Add svc to agent k8s clusterRole (elastic#25146) Add awsfargate module to collect container logs from Amazon ECS on Fargate (elastic#25041) [Filebeat][Cisco ASA] log enhancement and performance (elastic#24744) Watch kubernetes namespaces for autodiscover metadata for pods (elastic#25117) Cyberark Privileged Access Security module (elastic#24803) [Elastic Agent] Log the container command output with LOGS_PATH (elastic#25150) Fix for tests after `device...` field has been removed (elastic#25141) [Ingest Manager] Restart process on output change (elastic#24907) Set --insecure in container when FLEET_SERVER_ENABLE and FLEET_INSECURE set. (elastic#25137) [filebeat] Update documentation / changelog / beta warnings for the syslog input (elastic#25047) Add support for ignore_inactive in filestream input (elastic#25036) Fix bug with annotations dedot config on k8s not used (elastic#25111)
adriansr
pushed a commit
that referenced
this pull request
Apr 20, 2021
3 tasks
adriansr
added a commit
to elastic/integrations
that referenced
this pull request
May 12, 2021
Adds a new package, cyberarkpas, for Cyberark Privileged Access Security audit logs (from elastic/beats#24803)
eyalkraft
pushed a commit
to build-security/integrations
that referenced
this pull request
Mar 30, 2022
…ic#928) Adds a new package, cyberarkpas, for Cyberark Privileged Access Security audit logs (from elastic/beats#24803)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new module,
cyberarkpas, to ingest Privileged Access Security audit logs from Vault via syslog.Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Dashboard:
Logs