Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Cisco AMP package #1624

Closed
13 tasks
jamiehynds opened this issue Sep 9, 2021 · 4 comments · Fixed by #1645
Closed
13 tasks

Migrate Cisco AMP package #1624

jamiehynds opened this issue Sep 9, 2021 · 4 comments · Fixed by #1645
Labels
7.16 candidate Epic fleet-migration Used to track the migration to the new experience Theme: just_ingest_it

Comments

@jamiehynds
Copy link

jamiehynds commented Sep 9, 2021
edited
Loading

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

Migration Checklist

  • Rename the package to Cisco Secure Endpoint (as Cisco rebranded AMP to Secure Endpoint recently)
  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Generated output for at least 1 log file exists
  • Documentation explains how to configure monitoring target to work with the integration
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to:
  • Screenshot of the "Add Integration" page on Fleet added to PR

Dashboards

  • Dashboards exists
  • Screenshots added to manifest
  • Data stream filters added to visualizations

Data Streams
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added 7.16 candidate fleet-migration Used to track the migration to the new experience Theme: just_ingest_it Epic labels Sep 9, 2021
legoguy1000 added a commit to legoguy1000/integrations that referenced this issue Sep 12, 2021
@legoguy1000
elastic#1624: Add Cisco AMP package
300d8eb
@legoguy1000 legoguy1000 mentioned this issue Sep 12, 2021
Merged
4 tasks
@legoguy1000
Copy link
Contributor

opened PR #1624

@jamiehynds
Copy link
Author

FYI @P1llus - @legoguy1000 has opened a PR, just incase you had planned on working on AMP/Secure Endpoint migration this week.

@legoguy1000
Copy link
Contributor

It's really just copy and paste, I didn't add all the new threat.* fields. Figured I'd just keep it simple at first. I can definitely take a look at doing that.

P1llus pushed a commit that referenced this issue Oct 11, 2021
@legoguy1000
[Cisco AMP] Add Cisco Secure Endpoint (AMP) package (#1645)
1e44d34 
* #1624: Add Cisco AMP package

* Update changelog

* Update to ECS 1.12

* rename to Cisco Secure Endpoint

* update pipeline, system tests still not working

* rename log dataset to event.  Fix system tests

* bump stream container version

* bump strem version

* move processors per comment
eyalkraft pushed a commit to build-security/integrations that referenced this issue Mar 30, 2022
@legoguy1000
[Cisco AMP] Add Cisco Secure Endpoint (AMP) package (elastic#1645)
7962105 
* elastic#1624: Add Cisco AMP package

* Update changelog

* Update to ECS 1.12

* rename to Cisco Secure Endpoint

* update pipeline, system tests still not working

* rename log dataset to event.  Fix system tests

* bump stream container version

* bump strem version

* move processors per comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
7.16 candidate Epic fleet-migration Used to track the migration to the new experience Theme: just_ingest_it
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Cisco AMP] Add Cisco Secure Endpoint (AMP) package legoguy1000/integrations
3 participants
@legoguy1000 @elasticmachine @jamiehynds