Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cloud Security] Fix ECS import method #5106

Merged
merged 5 commits into from
Feb 7, 2023
Merged

[Cloud Security] Fix ECS import method #5106

merged 5 commits into from
Feb 7, 2023

Conversation

kfirpeled
Copy link
Contributor

@kfirpeled kfirpeled commented Jan 26, 2023
edited
Loading

What does this PR do?

This PR fixes the way cloud_security_posture imports ECS mappings. Till now, we did it manually without knowing how to instruct elastic-package which ECS version to import its mappings from.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

  1. Build locally the package
  2. Install version 1.2.10-next
  3. Check mappings are as before

Tested with elastic-package 0.72 (requires go 1.19 when built locally)

Related issues

Screenshots

@kfirpeled kfirpeled added the enhancement New feature or request label Jan 26, 2023
@kfirpeled kfirpeled added Team:Cloud Security Label for the Cloud Security team [elastic/cloud-security-posture] Integration:cloud_security_posture Security Posture Management labels Jan 26, 2023
kfirpeled
kfirpeled commented Jan 26, 2023
View reviewed changes
packages/cloud_security_posture/data_stream/findings/fields/ecs.yml
- name: host.name
external: ecs
type: keyword
- name: host.os.codename
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

host.os.codename and host.containerized are not part of ECS atm
elastic/ecs#294
elastic/ecs#1512

Do you think it's worth adding them as a custom field? and for the sake of backward compatibility?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as the field type does not change between the type you set manually and the type the ECS field ends up being its fine to map them. If its unsure then we should get confirmation about the preferred type first.

@elasticmachine
Copy link

elasticmachine commented Jan 26, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-07T08:39:32.270+0000

  • Duration: 14 min 20 sec

Test stats 🧪

Test Results
Failed 0
Passed 2
Skipped 0
Total 2

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

P1llus
P1llus reviewed Jan 26, 2023
View reviewed changes
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some small comments

packages/cloud_security_posture/data_stream/findings/fields/ecs.yml
- name: host.name
external: ecs
type: keyword
- name: host.os.codename
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as the field type does not change between the type you set manually and the type the ECS field ends up being its fine to map them. If its unsure then we should get confirmation about the preferred type first.

packages/cloud_security_posture/_dev/build/build.yml Outdated Show resolved Hide resolved
@elasticmachine
Copy link

elasticmachine commented Jan 26, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (0/0) 💚
Files 100.0% (0/0) 💚
Classes 100.0% (0/0) 💚
Methods 25.0% (1/4) 👎 -75.0
Lines 100.0% (0/0) 💚
Conditionals 100.0% (0/0) 💚

@kfirpeled kfirpeled marked this pull request as ready for review January 31, 2023 13:46
@kfirpeled kfirpeled requested a review from a team as a code owner January 31, 2023 13:46
amirbenun
amirbenun approved these changes Feb 7, 2023
View reviewed changes
Copy link
Contributor

@amirbenun amirbenun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@kfirpeled kfirpeled merged commit c0fa4cf into elastic:main Feb 7, 2023
@kfirpeled kfirpeled deleted the cspm/fix-ecs-import branch February 7, 2023 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus left review comments

@amirbenun amirbenun amirbenun approved these changes

@oren-zohar oren-zohar Awaiting requested review from oren-zohar

@eyalkraft eyalkraft Awaiting requested review from eyalkraft

Assignees
No one assigned
Labels
enhancement New feature or request Integration:cloud_security_posture Security Posture Management Team:Cloud Security Label for the Cloud Security team [elastic/cloud-security-posture]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kfirpeled @elasticmachine @P1llus @amirbenun