Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into feature/fix-pre-a…
Browse files Browse the repository at this point in the history
…rchive-for-functionbeat

* upstream/master:
  [CI] bump gvm version and use the binary (elastic#24571)
  [Filebeat] Add Dashboards to Threat Intel Module (elastic#24488)
  Fix default scope in add_nomad_metadata (elastic#24559)
  • Loading branch information
v1v committed Mar 17, 2021
2 parents a7cc625 + 34e5c09 commit 5f7cde5
Show file tree
Hide file tree
Showing 20 changed files with 11,586 additions and 12 deletions.
6 changes: 3 additions & 3 deletions .ci/scripts/install-go.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ fi
echo "UNMET DEP: Installing Go"
mkdir -p "${HOME}/bin"

curl -sSLo "${GVM_CMD}" "https://github.com/andrewkroh/gvm/releases/download/v0.2.2/gvm-${OS}-${GVM_ARCH_SUFFIX}"
curl -sSLo "${GVM_CMD}" "https://github.com/andrewkroh/gvm/releases/download/v0.3.0/gvm-${OS}-${GVM_ARCH_SUFFIX}"
chmod +x "${GVM_CMD}"

gvm ${GO_VERSION}|cut -d ' ' -f 2|tr -d '\"' > ${PROPERTIES_FILE}
${GVM_CMD} "${GO_VERSION}" |cut -d ' ' -f 2|tr -d '\"' > ${PROPERTIES_FILE}

eval $(gvm ${GO_VERSION})
eval "$("${GVM_CMD}" "${GO_VERSION}")"
4 changes: 2 additions & 2 deletions .ci/scripts/install-tools.bat
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,14 @@ mkdir %WORKSPACE%\bin
IF EXIST "%PROGRAMFILES(X86)%" (
REM Force the gvm installation.
SET GVM_BIN=gvm.exe
curl -L -o %WORKSPACE%\bin\gvm.exe https://github.com/andrewkroh/gvm/releases/download/v0.2.4/gvm-windows-amd64.exe
curl -L -o %WORKSPACE%\bin\gvm.exe https://github.com/andrewkroh/gvm/releases/download/v0.3.0/gvm-windows-amd64.exe
IF ERRORLEVEL 1 (
REM gvm installation has failed.
exit /b 1
)
) ELSE (
REM Windows 7 workers got a broken gvm installation.
curl -L -o %WORKSPACE%\bin\gvm.exe https://github.com/andrewkroh/gvm/releases/download/v0.2.4/gvm-windows-386.exe
curl -L -o %WORKSPACE%\bin\gvm.exe https://github.com/andrewkroh/gvm/releases/download/v0.3.0/gvm-windows-386.exe
IF ERRORLEVEL 1 (
REM gvm installation has failed.
exit /b 1
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix Netflow module issue with missing `internal_networks` config parameter. {issue}24094[24094] {pull}24110[24110]
- in httpjson input using encode_as "application/x-www-form-urlencoded" now sets Content-Type correctly {issue}24331[24331] {pull}24336[24336]
- Fix netflow module ignoring detect_sequence_reset flag. {issue}24268[24268] {pull}24270[24270]
- Fix default `scope` in `add_nomad_metadata`. {issue}24559[24559]

*Heartbeat*

Expand Down
4 changes: 2 additions & 2 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ if (-Not (Test-Path $gopath_beats)) {
if (-Not (Get-Command "gvm" -ErrorAction SilentlyContinue)) {
echo "Installing gvm to manage go version"
[Net.ServicePointManager]::SecurityProtocol = "tls12"
Invoke-WebRequest -URI https://github.com/andrewkroh/gvm/releases/download/v0.2.2/gvm-windows-amd64.exe -Outfile C:\\Windows\\System32\\gvm.exe
Invoke-WebRequest -URI https://github.com/andrewkroh/gvm/releases/download/v0.3.0/gvm-windows-amd64.exe -Outfile C:\\Windows\\System32\\gvm.exe
C:\\Windows\\System32\\gvm.exe --format=powershell #{GO_VERSION} | Invoke-Expression
go version
Expand Down Expand Up @@ -119,7 +119,7 @@ def linuxGvmProvision(arch="amd64")
return <<SCRIPT
mkdir -p ~/bin
if [ ! -e "~/bin/gvm" ]; then
curl -sL -o ~/bin/gvm https://github.com/andrewkroh/gvm/releases/download/v0.2.2/gvm-linux-#{arch}
curl -sL -o ~/bin/gvm https://github.com/andrewkroh/gvm/releases/download/v0.3.0/gvm-linux-#{arch}
chmod +x ~/bin/gvm
~/bin/gvm #{GO_VERSION}
echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
45 changes: 44 additions & 1 deletion filebeat/docs/modules/threatintel.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ This file is generated! See scripts/docs_collector.py
[role="xpack"]

:modulename: threatintel
:has-dashboards: false
:has-dashboards: true

== Threat Intel module
beta[]
Expand Down Expand Up @@ -341,6 +341,49 @@ Anomali Threat Intel is mapped to the following ECS fields.

`anomali.pattern` is mapped to the appropriate field dependent on attribute type.

:has-dashboards!:

[float]
=== Dashboards

This module comes with dashboards for the threat information feeds.

[role="screenshot"]
image::./images/filebeat-threatintel-overview.png[]

[float]
Overview of the information provided, and the health of, the Threat Intel module.

[role="screenshot"]
image::./images/filebeat-threatintel-abuse-malware.png[]

[float]
Overview of the information provided by the Abuse.ch Malware feed.

[role="screenshot"]
image::./images/filebeat-threatintel-abuse-url.png[]

[float]
Overview of the information provided by the Abuse.ch URL feed.

[role="screenshot"]
image::./images/filebeat-threatintel-alienvault-otx.png[]

[float]
Overview of the information provided by the AlienVault OTX feed.

[role="screenshot"]
image::./images/filebeat-threatintel-anomali-limo.png[]

[float]
Overview of the information provided by the Anomali Limo feed.

[role="screenshot"]
image::./images/filebeat-threatintel-misp.png[]

[float]
Overview of the information provided by the MSIP feed.

:modulename!:


Expand Down
45 changes: 44 additions & 1 deletion x-pack/filebeat/module/threatintel/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[role="xpack"]

:modulename: threatintel
:has-dashboards: false
:has-dashboards: true

== Threat Intel module
beta[]
Expand Down Expand Up @@ -336,4 +336,47 @@ Anomali Threat Intel is mapped to the following ECS fields.

`anomali.pattern` is mapped to the appropriate field dependent on attribute type.

:has-dashboards!:

[float]
=== Dashboards

This module comes with dashboards for the threat information feeds.

[role="screenshot"]
image::./images/filebeat-threatintel-overview.png[]

[float]
Overview of the information provided, and the health of, the Threat Intel module.

[role="screenshot"]
image::./images/filebeat-threatintel-abuse-malware.png[]

[float]
Overview of the information provided by the Abuse.ch Malware feed.

[role="screenshot"]
image::./images/filebeat-threatintel-abuse-url.png[]

[float]
Overview of the information provided by the Abuse.ch URL feed.

[role="screenshot"]
image::./images/filebeat-threatintel-alienvault-otx.png[]

[float]
Overview of the information provided by the AlienVault OTX feed.

[role="screenshot"]
image::./images/filebeat-threatintel-anomali-limo.png[]

[float]
Overview of the information provided by the Anomali Limo feed.

[role="screenshot"]
image::./images/filebeat-threatintel-misp.png[]

[float]
Overview of the information provided by the MSIP feed.

:modulename!:
Loading

0 comments on commit 5f7cde5

Please sign in to comment.