[Arista NG Firewall] Initial Release

[MakoWish]

Type of Change

• Enhancement

What does this PR do?

This is an initial integration release for Arista NG Firewall (previously Untangle NG Firewall)

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• Package has been tested with sample data from all covered event types

Related issues

• Closes [Arista NG Firewall] Initial Release #6346

Additional Notes

I am not sure how to open elastic-package's stack up to accept live syslog data, so I am unable to create dashboards just yet. Once this initial release is available to install in my environment, I can get some dashboards created.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-06-22T21:50:17.513+0000

• Duration: 14 min 29 sec

Test stats 🧪

Test	Results
Failed	0
Passed	15
Skipped	0
Total	15

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

Nice. A few comments.

[efd6]

/test

[efd6]

/test

[efd6]

You will need to add a line to https://github.com/elastic/integrations/blob/main/.github/CODEOWNERS

/packages/arista_ngfw @elastic/security-external-integrations

(list is — should be — ordered alphabetically)

[MakoWish]

You will need to add a line to https://github.com/elastic/integrations/blob/main/.github/CODEOWNERS

/packages/arista_ngfw @elastic/security-external-integrations

(list is — should be — ordered alphabetically)

Beat you to it, but did not do alphabetically, because I noticed it was not already. I will move my addition into order.

[efd6]

/test

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (1/1)	💚
Files	100.0% (7/7)	💚
Classes	100.0% (7/7)	💚
Methods	100.0% (36/36)	💚
Lines	94.639% (865/914)	👍 8.103
Conditionals	100.0% (0/0)	💚

[efd6]

LGTM after cisco file is removed.

[MakoWish]

LGTM after cisco file is removed.

I reverted the changes, but how do I remove it?

[efd6]

Done. I just did a revert of the changes on that file an pushed it (you could copy from the main branch's state, but I did a file revert on that file for each of the commits here that touched it).

[efd6]

/test

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: 7ca0fdf

Failed CI Steps

• :pipeline:⬆️ Upload Pipeline: .buildkite/pipeline.yml

History

• 💔 Build #71 failed cd08f60
• 💔 Build #67 failed 03f05ec

[MakoWish]

@efd6,

Is there a way to install this onto a live Elastic cluster instead of just the elastic-package stack?

[efd6]

LGTM after minor issues addressed.

[MakoWish]

Anything else needed on this one? Also, is there a way to install onto a test cluster so I can push some live data to it? Or do I need to wait until the Beta is actually released?

[efd6]

Easiest to wait until it's released.

[efd6]

Thanks

[efd6]

/test

[MakoWish]

It failed because the expected results did not match after the ECS version change. Regenerated the expected results, and the test passes locally now. Please test again.

[efd6]

/test

[MakoWish]

I'm getting a 404 when trying to view the BuildKite results again. It worked for a few days, but not anymore.

Anything else needed on this?

[efd6]

Don't worry about the buildkite builds, they are not required at this stage.

[efd6]

Still LGTM

[efd6]

Thanks

[elasticmachine]

Package arista_ngfw - 0.0.1 containing this change is available at https://epr.elastic.co/search?package=arista_ngfw