Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Add Zeek Signatures fileset #23772

Merged
merged 2 commits into from
Feb 16, 2021
Merged

[Filebeat] Add Zeek Signatures fileset #23772

merged 2 commits into from
Feb 16, 2021

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented Jan 30, 2021
edited by andrewkroh
Loading

What does this PR do?

Add the Signature fileset to the Zeek module for Filbeat.

Why is it important?

Its one of the last zeek logs that isn't parsed by Filebeat currently.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jan 30, 2021
@cla-checker-service
Copy link

cla-checker-service bot commented Jan 30, 2021
edited
Loading

💚 CLA has been signed

@legoguy1000 legoguy1000 changed the title init [Filebeat] Add Zeek Signatures fileset Jan 30, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jan 30, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #23772 updated

  • Start Time: 2021-02-16T21:01:49.762+0000

  • Duration: 49 min 39 sec

  • Commit: 1ca05f2

Test stats 🧪

Test Results
Failed 0
Passed 13046
Skipped 2075
Total 15121

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 13046
Skipped 2075
Total 15121

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jan 31, 2021
@legoguy1000 legoguy1000 marked this pull request as ready for review February 6, 2021 20:26
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@legoguy1000
Copy link
Contributor Author

I tried to do the local testing per the documentation but i don't know if I did it correctly and think someone with more beats module dev experience should look at this and make whatever changes are needed.

andrewstucki
andrewstucki suggested changes Feb 8, 2021
View reviewed changes
Copy link
Contributor

@andrewstucki andrewstucki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution!

I left a suggestion about a configuration change you likely were intending.

Additionally you'll also want to revert the Makefile change, change the top-level zeek/_meta/config.yml file that I mention, and run the mage commands for generating the expected document and the generated configuration files.

Let me know if you have any questions or need some help with running the generators.

x-pack/filebeat/Makefile Outdated Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/config/signature.yml Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/config/signature.yml Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json Outdated Show resolved Hide resolved
x-pack/filebeat/modules.d/zeek.yml.disabled Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/test/signature-json.log Outdated Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/config/signature.yml Outdated Show resolved Hide resolved
x-pack/filebeat/module/zeek/signature/config/signature.yml Outdated Show resolved Hide resolved
@andrewkroh
Copy link
Member

jenkins, run tests

andrewkroh
andrewkroh reviewed Feb 10, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a changelog entry into the CHANGELOG.next.asciidoc file under the Added/Filebeat section.

@legoguy1000
Copy link
Contributor Author

Please add a changelog entry into the CHANGELOG.next.asciidoc file under the Added/Filebeat section.

I will try to get to this today

@legoguy1000 legoguy1000 force-pushed the zeek-signatures branch 2 times, most recently from 89578a9 to 9e80f28 Compare February 10, 2021 16:49
@legoguy1000
Copy link
Contributor Author

Please add a changelog entry into the CHANGELOG.next.asciidoc file under the Added/Filebeat section.

I will try to get to this today

Done

@andrewkroh
Copy link
Member

jenkins, run tests

@legoguy1000 legoguy1000 force-pushed the zeek-signatures branch 2 times, most recently from cdcc1e5 to db21eda Compare February 16, 2021 14:05
@legoguy1000
Copy link
Contributor Author

@andrewkroh can u rerun the Jenkins tests?

@andrewkroh
Copy link
Member

jenkins, run tests

andrewkroh
andrewkroh approved these changes Feb 16, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuming CI is green.

@andrewkroh andrewkroh merged commit e332d9d into elastic:master Feb 16, 2021
@andrewkroh andrewkroh mentioned this pull request Feb 16, 2021
Merged
6 tasks
andrewkroh pushed a commit to andrewkroh/beats that referenced this pull request Feb 16, 2021
@legoguy1000 @andrewkroh
Add Zeek Signatures (elastic#23772)
68bddb5 
Add the Signature fileset to the Zeek module for Filbeat.

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
(cherry picked from commit e332d9d)
@andrewkroh
Copy link
Member

Thanks for your contribution. I opened a PR to move this into the 7.x branch so that it's included in the next minor release.

andrewkroh added a commit that referenced this pull request Feb 17, 2021
@andrewkroh @legoguy1000
Add Zeek Signatures (#23772) (#24078)
5f1bf05 
Add the Signature fileset to the Zeek module for Filbeat.

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
(cherry picked from commit e332d9d)

Co-authored-by: Alex Resnick <adr8292@gmail.com>
v1v added a commit to v1v/beats that referenced this pull request Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/packaging…
e737d7e 
…-arm

* upstream/master:
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
v1v added a commit to v1v/beats that referenced this pull request Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/retry-win…
e977e49 
…dows-7

* upstream/master: (332 commits)
  Use ECS v1.8.0 (elastic#24086)
  Add support for postgresql csv logs (elastic#23334)
  [Heartbeat] Refactor config system (elastic#23467)
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
  [Metricbeat][Kubernetes] Extend state_node with more conditions (elastic#23905)
  [CI] googleStorageUploadExt step (elastic#24048)
  Check fields are documented for aws metricsets (elastic#23887)
  Update go-concert to 0.1.0 (elastic#23770)
  ...
@legoguy1000 legoguy1000 deleted the zeek-signatures branch February 24, 2021 23:05
@111andre111 111andre111 mentioned this pull request May 6, 2022
Closed
28 tasks
This was referenced Aug 9, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@andrewstucki andrewstucki Awaiting requested review from andrewstucki

Assignees
No one assigned
Labels
enhancement Filebeat Filebeat v7.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@legoguy1000 @elasticmachine @andrewkroh @andrewstucki @andresrc