Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Auditbeat] Update auditbeat ECS mappings #18596

Merged
merged 3 commits into from
May 16, 2020

Conversation

andrewstucki
Copy link

@andrewstucki andrewstucki commented May 15, 2020

What does this PR do?

This is the spiritual successor to #18028 -- with the code to do the categorization itself moved into go-libaudit (see elastic/go-libaudit#62).

It adds in ECS categorization fields for a good chunk of auditd-based syscalls and event types.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels May 15, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented May 15, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

Test stats 🧪

Test Results
Failed 0
Passed 9210
Skipped 1542
Total 10752

Steps errors

Expand to view the steps failures

  • Name: Report to Codecov
    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Result: FAILURE

    • Duration: 0 min 10 sec

    • Start Time: 2020-05-15T22:50:35.370+0000

    • log

Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuming the tests go green.

@andrewstucki andrewstucki merged commit bd7414d into elastic:master May 16, 2020
andrewstucki pushed a commit to andrewstucki/beats that referenced this pull request May 16, 2020
* Update auditbeat ECS mappings

* Add changelog entry

* Rev go-libaudit with build tag fix

(cherry picked from commit bd7414d)
@andrewstucki andrewstucki deleted the auditbeat-auditd-update2 branch May 16, 2020 01:40
v1v added a commit to v1v/beats that referenced this pull request May 16, 2020
…ngle-modules

* upstream/master:
  [Auditbeat] Update auditbeat ECS mappings (elastic#18596)
andrewstucki pushed a commit that referenced this pull request May 18, 2020
* Update auditbeat ECS mappings

* Add changelog entry

* Rev go-libaudit with build tag fix

(cherry picked from commit bd7414d)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants