Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECURITY-ENDPOINT: add more host properties to metadata and policy #70238

Merged
merged 1 commit into from
Jun 29, 2020
Merged

SECURITY-ENDPOINT: add more host properties to metadata and policy #70238

merged 1 commit into from
Jun 29, 2020

Conversation

nnamdifrankie
Copy link
Contributor

@nnamdifrankie nnamdifrankie commented Jun 29, 2020
edited
Loading

Summary

Issue:

#70201

  • update generator and type to hold new fields.
{
          "@timestamp" : 1593452539763,
          "agent" : {
            "id" : "da16d6dd-9d6d-4711-90dc-b040c8035ff6",
            "version" : "1.0.0-local.20200416.0"
          },
          "elastic" : {
            "agent" : {
              "id" : "82dcace3-2be0-4155-abf2-fec19d2bb716"
            }
          },
          "ecs" : {
            "version" : "1.4.0"
          },
          "host" : {
            "id" : "743728ae-388d-40b2-8d98-6ca2dace27c1",
            "hostname" : "Host-why0jfi4w7",
            "name" : "Host-why0jfi4w7",
            "architecture" : "829lle6lhm",
            "ip" : [
              "10.25.175.177",
              "10.182.91.142",
              "10.228.55.210"
            ],
            "mac" : [
              "bd-8-87-3f-1a-cb",
              "5d-61-40-87-cb-62",
              "8-3d-f3-4a-3d-ad"
            ],
            "os" : {
              "name" : "windows 6.2",
              "full" : "Windows Server 2012",
              "version" : "6.2",
              "platform" : "Windows",
              "family" : "Windows",
              "Ext" : {
                "variant" : "Windows Server"
              }
            }
          },
          "Endpoint" : {
            "policy" : {
              "applied" : {
                "actions" : [
                  {
                    "name" : "configure_elasticsearch_connection",
                    "message" : "elasticsearch comes configured successfully",
                    "status" : "success"
                  },
                  {
                    "name" : "configure_kernel",
                    "message" : "Failed to configure kernel",
                    "status" : "failure"
                  },
                  {
                    "name" : "configure_logging",
                    "message" : "Successfully configured logging",
                    "status" : "success"
                  },
                  {
                    "name" : "configure_malware",
                    "message" : "Unexpected error configuring malware",
                    "status" : "failure"
                  },
                  {
                    "name" : "connect_kernel",
                    "message" : "Successfully initialized minifilter",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_file_open_events",
                    "message" : "Successfully stopped file open event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_file_write_events",
                    "message" : "Failed to stop file write event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_image_load_events",
                    "message" : "Successfully started image load event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "detect_process_events",
                    "message" : "Successfully started process event reporting",
                    "status" : "success"
                  },
                  {
                    "name" : "download_global_artifacts",
                    "message" : "Failed to download EXE model",
                    "status" : "success"
                  },
                  {
                    "name" : "load_config",
                    "message" : "Successfully parsed configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "load_malware_model",
                    "message" : "Error deserializing EXE model; no valid malware model installed",
                    "status" : "success"
                  },
                  {
                    "name" : "read_elasticsearch_config",
                    "message" : "Successfully read Elasticsearch configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_events_config",
                    "message" : "Successfully read events configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_kernel_config",
                    "message" : "Succesfully read kernel configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "read_logging_config",
                    "message" : "Field (logging.debugview) not found in config",
                    "status" : "success"
                  },
                  {
                    "name" : "read_malware_config",
                    "message" : "Successfully read malware detect configuration",
                    "status" : "success"
                  },
                  {
                    "name" : "workflow",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  },
                  {
                    "name" : "download_model",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  },
                  {
                    "name" : "ingest_events_config",
                    "message" : "Failed to apply a portion of the configuration (kernel)",
                    "status" : "success"
                  }
                ],
                "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
                "response" : {
                  "configurations" : {
                    "events" : {
                      "concerned_actions" : [
                        "download_model"
                      ],
                      "status" : "warning"
                    },
                    "logging" : {
                      "concerned_actions" : [
                        "load_config"
                      ],
                      "status" : "success"
                    },
                    "malware" : {
                      "concerned_actions" : [
                        "load_config"
                      ],
                      "status" : "failure"
                    },
                    "streaming" : {
                      "concerned_actions" : [
                        "workflow",
                        "connect_kernel"
                      ],
                      "status" : "warning"
                    }
                  }
                },
                "artifacts" : {
                  "global" : {
                    "version" : "1.4.0",
                    "identifiers" : [
                      {
                        "name" : "endpointpe-model",
                        "sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                      }
                    ]
                  },
                  "user" : {
                    "version" : "1.4.0",
                    "identifiers" : [
                      {
                        "name" : "user-model",
                        "sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                      }
                    ]
                  }
                },
                "status" : "success",
                "version" : "734806ca-bd98-4b22-937b-2b8339737cc0",
                "name" : "With Eventing"
              }
            }
          },
          "event" : {
            "created" : 1593452539763,
            "id" : "af95c838-eb08-4dcf-82e4-29d3ea209638",
            "kind" : "state",
            "category" : "host",
            "type" : "change",
            "module" : "endpoint",
            "action" : "endpoint_policy_response",
            "dataset" : "endpoint.policy"
          }
        }


{
            "created" : 1593452539763
          },
          "agent" : {
            "version" : "6.3.7",
            "id" : "da16d6dd-9d6d-4711-90dc-b040c8035ff6",
            "type" : "endpoint"
          },
          "elastic" : {
            "agent" : {
              "id" : "82dcace3-2be0-4155-abf2-fec19d2bb716"
            }
          },
          "host" : {
            "id" : "743728ae-388d-40b2-8d98-6ca2dace27c1",
            "hostname" : "Host-why0jfi4w7",
            "name" : "Host-why0jfi4w7",
            "architecture" : "829lle6lhm",
            "ip" : [
              "10.25.175.177",
              "10.182.91.142",
              "10.228.55.210"
            ],
            "mac" : [
              "bd-8-87-3f-1a-cb",
              "5d-61-40-87-cb-62",
              "8-3d-f3-4a-3d-ad"
            ],
            "os" : {
              "name" : "windows 6.2",
              "full" : "Windows Server 2012",
              "version" : "6.2",
              "platform" : "Windows",
              "family" : "Windows",
              "Ext" : {
                "variant" : "Windows Server"
              }
            }
          },
          "Endpoint" : {
            "status" : "enrolled",
            "policy" : {
              "applied" : {
                "name" : "With Eventing",
                "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
                "status" : "success"
              }
            }
          }
        }

Checklist

Delete any items that are not applicable to this PR.

@nnamdifrankie nnamdifrankie requested review from a team as code owners June 29, 2020 17:53
@nnamdifrankie nnamdifrankie added v7.9.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes labels Jun 29, 2020
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nnamdifrankie nnamdifrankie merged commit f196546 into elastic:master Jun 29, 2020
@nnamdifrankie nnamdifrankie deleted the SECURITY-ENDPOINT_add_more_host_properties branch June 29, 2020 20:04
@nnamdifrankie nnamdifrankie mentioned this pull request Jun 29, 2020
Merged
nnamdifrankie added a commit to nnamdifrankie/kibana that referenced this pull request Jun 29, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add host properties (elastic#70238)
8121b8c
nnamdifrankie added a commit that referenced this pull request Jun 29, 2020
@nnamdifrankie
SECURITY-ENDPOINT: add host properties (#70238) (#70254)
52b5e35 
SECURITY-ENDPOINT: add host properties (#70238) (#70254)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 30, 2020
@gmmorris
Merge branch 'alerting/consumer-based-rbac' of github.com:gmmorris/ki…
f22c7aa 
…bana into alerting/consumer-based-rbac

* 'alerting/consumer-based-rbac' of github.com:gmmorris/kibana: (49 commits)
  [Discover] Deangularize Skip to bottom button (elastic#69811)
  Implement recursive plugin discovery (elastic#68811)
  Use ts-expect-error in platform code (elastic#69883)
  [SIEM][Detection Engine][Lists] Moves getQueryFilter to common folder for use by both front and backend
  [Ingest Manager][SECURITY SOLUTION] adjust config reassign link and add roundtrip to Reassignment flow (elastic#70208)
  [Security][Lists] Add API functions and react hooks for value list APIs (elastic#69603)
  [ILM] Fix bug when clearing priority field (elastic#70154)
  [Platform][Security] Updates cluster_manager ignorePaths to include security scripts (elastic#70139)
  [IngestManager] Allow to filter agent by packages (elastic#69731)
  [code coverage] exclude folders: test_helpers, tests_bundle (elastic#70199)
  [Metrics UI] UX improvements for saved views (elastic#69910)
  [APM] docs: unique transaction troubleshooting (elastic#69831)
  Cross cluster search functional test with minimun privileges assigned to the test_user (elastic#70007)
  [Maps] choropleth layer wizard (elastic#69699)
  Make custom errors by extending Error (elastic#69966)
  [Ingest Manager] Support updated package output structure (elastic#69864)
  Resolver test coverage (elastic#70246)
  Async Discover search test (elastic#64388)
  [ui-shared-deps] include styled-components (elastic#69322)
  SECURITY-ENDPOINT: add host properties (elastic#70238)
  ...
Bamieh pushed a commit to Bamieh/kibana that referenced this pull request Jul 1, 2020
@nnamdifrankie @Bamieh
SECURITY-ENDPOINT: add host properties (elastic#70238)
fe4cd96
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marshallmain marshallmain marshallmain approved these changes

@kevinlog kevinlog kevinlog approved these changes

@aisantos aisantos aisantos approved these changes

Assignees
No one assigned
Labels
release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@nnamdifrankie @kibanamachine @elasticmachine @marshallmain @kevinlog @aisantos @MindyRS @LeeDr