Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Data Telemetry] Add index pattern to identify "meow" attacks #75163

Merged
merged 3 commits into from
Aug 21, 2020

Conversation

afharo
Copy link
Member

@afharo afharo commented Aug 17, 2020

Summary

Adds *meow* to the list of index patterns to identify possible indices following meow attacks 🐱

For maintainers

@afharo afharo requested a review from a team as a code owner August 17, 2020 14:16
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-telemetry (Team:KibanaTelemetry)

@afharo afharo added the v7.10.0 label Aug 17, 2020
Copy link
Contributor

@TinaHeiligers TinaHeiligers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love it!
LGMT 😹

@TinaHeiligers
Copy link
Contributor

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@afharo afharo merged commit ee75e57 into elastic:master Aug 21, 2020
@afharo afharo deleted the data-telemetry/add-meow-index-pattern branch August 21, 2020 12:47
afharo added a commit to afharo/kibana that referenced this pull request Aug 21, 2020
…c#75163)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
afharo added a commit that referenced this pull request Aug 21, 2020
…75163) (#75644)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
afharo added a commit that referenced this pull request Aug 21, 2020
…75163) (#75645)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Aug 21, 2020
* master: (71 commits)
  [Lens] Show 'No data for this field' for empty field in accordion (elastic#73772)
  Skip failing lens test
  Configure ScopedHistory consistenty regardless of URL used to mount app (elastic#75074)
  Fix returned payload by "search" usage collector (elastic#75340)
  [Security Solution] Fix missing key error (elastic#75576)
  Upgrade EUI to v27.4.1 (elastic#75240)
  Update datasets UI copy to data streams (elastic#75618)
  [Lens] Register saved object references (elastic#74523)
  [DOCS] Update links to Beats documentation (elastic#70380)
  [Enterprise Search] Convert our `public_url` route to `config_data` and collect initialAppData (elastic#75616)
  [Usage Collection Schemas] Remove Legacy entries (elastic#75652)
  [Dashboard First] Lens Originating App Breadcrumb (elastic#75470)
  Improve login UI error message. (elastic#75642)
  [Security Solution] modify circular deps checker to output images of circular deps graphs (elastic#75579)
  [Data Telemetry] Add index pattern to identify "meow" attacks (elastic#75163)
  Migrate CSP usage collector to `kibana_usage_collection` plugin (elastic#75536)
  [Console] Get ES Config from core (elastic#75406)
  [Uptime] Add delay in telemetry test (elastic#75162)
  [Lens] Use index pattern service instead saved object client (elastic#74654)
  Embeddable input (elastic#73033)
  ...
thomasneirynck pushed a commit to thomasneirynck/kibana that referenced this pull request Aug 21, 2020
…c#75163)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@agenest
Copy link

agenest commented Aug 27, 2020

I was wondering how this has been working and if there might be an easier way to identify owners that I am notifying with instructions on how to secure the open instances. Currently, I am running a shodan scan, aggregating the data, and notifying the larger providers of the IPs found with instructions. If not in this ticket is there another one that might be solving for this proactive alerting out to the security community? Thanks

@TinaHeiligers
Copy link
Contributor

TinaHeiligers commented Aug 27, 2020

@agenest the changes will only take effect after 7.9.1 is released. Please reach out to Brian Milbier (@bmilbier), he has been working on a POC. @alexfrancoeur might also be able to help you out.

@lukeelmers lukeelmers added the Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc label Oct 1, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core (Team:Core)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Telemetry release_note:skip Skip the PR/issue when compiling release notes Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc v7.9.1 v7.10.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants