Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new modules/filesets from rsa2elk for 7.10 #20820

Merged
merged 9 commits into from
Sep 16, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Aug 27, 2020

This adds the following new modules:

And the following filesets to existing modules:

  • barracuda/spamfirewall
  • cisco/meraki
  • f5/bigipafm
  • fortinet/fortimail
  • fortinet/fortimanager
  • juniper/netscreen
  • sophos/utm

Testing logs are autogenerated from the devices so they don't make much
sense.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Note to reviewers

What to check:

  • Docs, esp. those for existing modules (barracuda, f5, fortinet, juniper, sophos).

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Aug 27, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 27, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20820 updated]

  • Start Time: 2020-09-16T08:42:11.734+0000

  • Duration: 60 min 26 sec

Test stats 🧪

Test Results
Failed 0
Passed 5606
Skipped 825
Total 6431

@adriansr adriansr added the in progress Pull request is currently in progress. label Aug 27, 2020
@adriansr adriansr marked this pull request as draft August 27, 2020 13:40
Copy link
Contributor Author

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review

filebeat/docs/modules/f5.asciidoc Outdated Show resolved Hide resolved
filebeat/docs/modules/fortinet.asciidoc Outdated Show resolved Hide resolved
filebeat/docs/modules/sophos.asciidoc Outdated Show resolved Hide resolved
@adriansr adriansr marked this pull request as ready for review September 1, 2020 18:38
@adriansr adriansr requested a review from a team September 1, 2020 18:38
@adriansr adriansr added review and removed in progress Pull request is currently in progress. labels Sep 2, 2020
@adriansr adriansr requested review from marc-gr and a team September 4, 2020 13:06
Copy link
Contributor

@marc-gr marc-gr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, seems to need a rebase though :)

This the following new modules:
- citrix (netscaler fileset): This existed in 7.9 but was removed by elastic#20706.
- cyberark (corepass fileset).
- proofpoint (emailsecurity fileset).
- snort (log fileset).
- symantec (endpointprotection fileset).

And the following filesets to existing modules:
- barracuda/spamfirewall
- cisco/meraki
- f5/bigipafm
- fortinet/fortimail
- fortinet/fortimanager
- juniper/netscreen
- sophos/utm

Testing logs are autogenerated from the devices so they don't make much
sense.
Some logs don't have a year in them, causing trouble
@adriansr adriansr merged commit 3390aa8 into elastic:master Sep 16, 2020
adriansr added a commit to adriansr/beats that referenced this pull request Sep 17, 2020
This the following new modules:
- citrix (netscaler fileset): This existed in 7.9 but was removed by elastic#20706.
- cyberark (corepass fileset).
- proofpoint (emailsecurity fileset).
- snort (log fileset).
- symantec (endpointprotection fileset).

And the following filesets to existing modules:
- barracuda/spamfirewall
- cisco/meraki
- f5/bigipafm
- fortinet/fortimail
- fortinet/fortimanager
- juniper/netscreen
- sophos/utm

(cherry picked from commit 3390aa8)
v1v added a commit to v1v/beats that referenced this pull request Sep 18, 2020
…ne-2.0

* upstream/master: (44 commits)
  Update users.asciidoc (elastic#20802) (elastic#21108)
  Fix docker provider builder. (elastic#21118)
  [Elastic Agent] Add docker composable dynamic provider. (elastic#20842)
  Add new modules/filesets from rsa2elk for 7.10 (elastic#20820)
  Fix broken links to external websites (elastic#21061)
  [docs] typo in the command line (elastic#20799)
  [Filebeat] add panos type and sub_type (elastic#20912)
  Move the `compute_vm_scalset` to  a light metricset and map the cloud metadata (elastic#21038)
  [Filebeat] Add support for Cloudtrail digest files (elastic#21086)
  Add metrics collection from cost explorer into aws/billing metricset (elastic#20527)
  Add vendoring to Google Cloud Functions again (elastic#21070)
  [Elastic Agent] Add fleet.host.id for sending to endpoint. (elastic#21042)
  Do not need Google credentials before using it (elastic#21072)
  [Filebeat][New Module] Zoom webhook module (elastic#20414)
  Add support for GMT timezone offset in decode_cef (elastic#20993)
  Filebeat: Fix random error on harvester close (elastic#21048)
  Add ingress controller dashboards (elastic#21052)
  Fix loggers in composable module. (elastic#21047)
  [Ingest Manager] Increase kibana client timeout to 5 minutes (elastic#21037)
  Add changelog. (elastic#21041)
  ...
adriansr added a commit that referenced this pull request Sep 21, 2020
This the following new modules:
- citrix (netscaler fileset): This existed in 7.9 but was removed by #20706.
- cyberark (corepass fileset).
- proofpoint (emailsecurity fileset).
- snort (log fileset).
- symantec (endpointprotection fileset).

And the following filesets to existing modules:
- barracuda/spamfirewall
- cisco/meraki
- f5/bigipafm
- fortinet/fortimail
- fortinet/fortimanager
- juniper/netscreen
- sophos/utm

(cherry picked from commit 3390aa8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants