Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Add ThreatQuotient to Threat Intel Module elastic#27423 #28314

Merged
merged 9 commits into from
Oct 19, 2021
Merged

[Filebeat] Add ThreatQuotient to Threat Intel Module elastic#27423 #28314

merged 9 commits into from
Oct 19, 2021

Conversation

wanusmaximus
Copy link
Contributor

What does this PR do?

This PR adds the integration with the ThreatQ Threat Intel Platform to export security indicators from ThreatQ to Elastic.

Why is it important?

This is a new integration within the threatintel module.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 7, 2021
@botelastic
Copy link

botelastic bot commented Oct 7, 2021

This pull request doesn't have a Team:<team> label.

@mergify
Copy link
Contributor

mergify bot commented Oct 7, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b threatintel-threatq upstream/threatintel-threatq
git merge upstream/master
git push upstream threatintel-threatq

@mergify
Copy link
Contributor

mergify bot commented Oct 7, 2021

This pull request does not have a backport label. Could you fix it @wanusmaximus? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip Skip notification from the automated backport with mergify label Oct 7, 2021
@wanusmaximus
Copy link
Contributor Author

@P1llus @peasead Hi guys, I had to create a new PR in order to turn on "all edits by maintainers". Let me know if you encounter any other issues. Thanks!!!

@P1llus
Copy link
Member

P1llus commented Oct 11, 2021

Thank you @wanusmaximus . This looks like it would work better :) will give it a go today!

@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 11, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-10-19T07:10:54.632+0000

  • Duration: 97 min 2 sec

  • Commit: 46b604e

Test stats 🧪

Test Results
Failed 0
Passed 14812
Skipped 2318
Total 17130

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

@P1llus
Copy link
Member

P1llus commented Oct 11, 2021

/test

@P1llus P1llus requested a review from a team October 12, 2021 13:55
efd6
efd6 reviewed Oct 12, 2021
View reviewed changes
x-pack/filebeat/module/threatintel/threatq/_meta/fields.yml
- name: attributes
type: flattened
description: >
These provide additional context about an object
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: .editorconfig asks for final newlines (also in config/config.yml).

@mergify
Copy link
Contributor

mergify bot commented Oct 13, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b threatintel-threatq upstream/threatintel-threatq
git merge upstream/master
git push upstream threatintel-threatq

@P1llus P1llus requested a review from a team October 13, 2021 10:27
andrewkroh
andrewkroh reviewed Oct 13, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but can you please update the documentation to include threatq and include any screenshots of the dashboards if you have them.

@P1llus
Copy link
Member

P1llus commented Oct 14, 2021

Okay I will go ahead and try to add that before merging

marc-gr
marc-gr approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@marc-gr marc-gr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM other than the extra changelog 👍

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@P1llus @marc-gr
Update CHANGELOG.next.asciidoc
46b604e 
Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
@P1llus
Copy link
Member

P1llus commented Oct 19, 2021

run tests

@P1llus P1llus merged commit 0971fe7 into elastic:master Oct 19, 2021
Icedroid pushed a commit to Icedroid/beats that referenced this pull request Nov 1, 2021
@wanusmaximus @P1llus @marc-gr
[Filebeat] Add ThreatQuotient to Threat Intel Module elastic#27423 (e…
7eba5c3 
…lastic#28314)

* [Filebeat] Add ThreatQuotient to Threat Intel Module elastic#27423

* generating golden files

* updating pipeline, adding some more configuration options and such

* updating dashboard import, and adding filter to dashboard

* mage update

* update docs and add image

* Update CHANGELOG.next.asciidoc

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>

Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@efd6 efd6 efd6 left review comments

@marc-gr marc-gr marc-gr approved these changes

Assignees
No one assigned
Labels
backport-skip Skip notification from the automated backport with mergify needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat] Add ThreatQuotient to Threat Intel Module
6 participants
@wanusmaximus @P1llus @elasticmachine @andrewkroh @marc-gr @efd6