-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Data Telemetry] Add index pattern to identify "meow" attacks #75163
[Data Telemetry] Add index pattern to identify "meow" attacks #75163
Conversation
Pinging @elastic/kibana-telemetry (Team:KibanaTelemetry) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love it!
LGMT 😹
@elasticmachine merge upstream |
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
…c#75163) Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* master: (71 commits) [Lens] Show 'No data for this field' for empty field in accordion (elastic#73772) Skip failing lens test Configure ScopedHistory consistenty regardless of URL used to mount app (elastic#75074) Fix returned payload by "search" usage collector (elastic#75340) [Security Solution] Fix missing key error (elastic#75576) Upgrade EUI to v27.4.1 (elastic#75240) Update datasets UI copy to data streams (elastic#75618) [Lens] Register saved object references (elastic#74523) [DOCS] Update links to Beats documentation (elastic#70380) [Enterprise Search] Convert our `public_url` route to `config_data` and collect initialAppData (elastic#75616) [Usage Collection Schemas] Remove Legacy entries (elastic#75652) [Dashboard First] Lens Originating App Breadcrumb (elastic#75470) Improve login UI error message. (elastic#75642) [Security Solution] modify circular deps checker to output images of circular deps graphs (elastic#75579) [Data Telemetry] Add index pattern to identify "meow" attacks (elastic#75163) Migrate CSP usage collector to `kibana_usage_collection` plugin (elastic#75536) [Console] Get ES Config from core (elastic#75406) [Uptime] Add delay in telemetry test (elastic#75162) [Lens] Use index pattern service instead saved object client (elastic#74654) Embeddable input (elastic#73033) ...
…c#75163) Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
I was wondering how this has been working and if there might be an easier way to identify owners that I am notifying with instructions on how to secure the open instances. Currently, I am running a shodan scan, aggregating the data, and notifying the larger providers of the IPs found with instructions. If not in this ticket is there another one that might be solving for this proactive alerting out to the security community? Thanks |
@agenest the changes will only take effect after 7.9.1 is released. Please reach out to Brian Milbier (@bmilbier), he has been working on a POC. @alexfrancoeur might also be able to help you out. |
Pinging @elastic/kibana-core (Team:Core) |
Summary
Adds
*meow*
to the list of index patterns to identify possible indices following meow attacks 🐱For maintainers