Skip to content

[windows] Add script block hash and signature to powershell pipelines#10044

Merged
marc-gr merged 1 commit intoelastic:mainfrom
marc-gr:feat/windows/ps-script_block-fields
Jun 4, 2024
Merged

[windows] Add script block hash and signature to powershell pipelines#10044
marc-gr merged 1 commit intoelastic:mainfrom
marc-gr:feat/windows/ps-script_block-fields

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented May 31, 2024

Proposed commit message

Adds parsing for powershell script signatures and generates a hash of the flattened script block so they can be used as part of rules.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@marc-gr marc-gr added enhancement New feature or request Integration:windows Windows Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels May 31, 2024
@marc-gr marc-gr force-pushed the feat/windows/ps-script_block-fields branch from aea1a23 to 4a83b6f Compare May 31, 2024 16:17
@marc-gr marc-gr marked this pull request as ready for review May 31, 2024 16:17
@marc-gr marc-gr requested review from a team as code owners May 31, 2024 16:17
@marc-gr marc-gr requested review from belimawr and faec May 31, 2024 16:17
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 31, 2024

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 31, 2024

💚 Build Succeeded

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented May 31, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] label Jun 3, 2024
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 3, 2024

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@pierrehilbert pierrehilbert requested review from belimawr and leehinman and removed request for belimawr and faec June 3, 2024 13:10
@marc-gr marc-gr merged commit c418fc9 into elastic:main Jun 4, 2024
@marc-gr marc-gr deleted the feat/windows/ps-script_block-fields branch June 4, 2024 05:35
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jun 4, 2024

Package windows - 1.45.0 containing this change is available at https://epr.elastic.co/search?package=windows

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leehinman leehinman leehinman approved these changes

@matthewscherer matthewscherer matthewscherer approved these changes

@belimawr belimawr Awaiting requested review from belimawr

Assignees

No one assigned

Labels

enhancement New feature or request Integration:windows Windows Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[windows] Adjust powershell ingest pipelines to include file signature and hash of script_block_text

5 participants

@marc-gr @elasticmachine @leehinman @matthewscherer @pierrehilbert