Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cisco AMP] Add Cisco Secure Endpoint (AMP) package #1645

Merged
merged 9 commits into from
Oct 11, 2021
Merged

[Cisco AMP] Add Cisco Secure Endpoint (AMP) package #1645

merged 9 commits into from
Oct 11, 2021

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented Sep 12, 2021
edited
Loading

What does this PR do?

Add initial Cisco Secure Endpoint (AMP) package, migrated from Filebeat Module

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

  • [ ]

How to test this PR locally

cd integrations/packages/cisco_secure_endpoint
elastic-package build && elastic-package stack down && elastic-package stack up --version 7.16.0-SNAPSHOT -d -v && eval "$(elastic-package stack shellinit)" && elastic-package test  -v

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commented Sep 12, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-10-11T13:41:37.214+0000

  • Duration: 19 min 23 sec

  • Commit: f02df8d

Test stats 🧪

Test Results
Failed 0
Passed 11
Skipped 0
Total 11

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@legoguy1000 legoguy1000 changed the title #1624: Add Cisco AMP package [Cisco AMP] Add Cisco AMP package Sep 13, 2021
@andrewkroh
Copy link
Member

run tests

@P1llus
Copy link
Member

P1llus commented Sep 14, 2021

/test

@P1llus
Copy link
Member

P1llus commented Sep 14, 2021
edited
Loading

Cisco has renamed AMP to Secure Endpoint, I am a bit unsure how we would want to change it in terms of a few things:
The package title (in manifest.yml) should now read something like "Cisco Secure Endpoint (AMP)", and the only other thing is the field names to cisco.secure_endpoint.

WDYT?

@P1llus
Copy link
Member

P1llus commented Sep 16, 2021

/test

@legoguy1000 legoguy1000 changed the title [Cisco AMP] Add Cisco AMP package [Cisco AMP] Add Cisco Secure Endpoint (AMP) package Sep 20, 2021
@legoguy1000
Copy link
Contributor Author

@P1llus I think this is ready for review now that the system tests pass. The only open question is still the processors on the agent side.

@legoguy1000 legoguy1000 marked this pull request as ready for review October 8, 2021 02:23
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@P1llus
Copy link
Member

P1llus commented Oct 11, 2021

/test

@P1llus
Copy link
Member

P1llus commented Oct 11, 2021

/test

@P1llus P1llus merged commit 1e44d34 into elastic:master Oct 11, 2021
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@legoguy1000
[Cisco AMP] Add Cisco Secure Endpoint (AMP) package (elastic#1645)
7962105 
* elastic#1624: Add Cisco AMP package

* Update changelog

* Update to ECS 1.12

* rename to Cisco Secure Endpoint

* update pipeline, system tests still not working

* rename log dataset to event.  Fix system tests

* bump stream container version

* bump strem version

* move processors per comment
@andrewkroh andrewkroh added Integration:cisco_secure_endpoint Cisco Secure Endpoint New Integration Issue or pull request for creating a new integration package. labels Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus approved these changes

Assignees
No one assigned
Labels
Integration:cisco_secure_endpoint Cisco Secure Endpoint New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate Cisco AMP package
4 participants
@legoguy1000 @elasticmachine @andrewkroh @P1llus