ti_custom: Improve pagination options for TAXII servers#12084
ti_custom: Improve pagination options for TAXII servers#12084chemamartinez merged 0 commit intoelastic:mainfrom
Conversation
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
|
chrisberkhout
left a comment
There was a problem hiding this comment.
The change is good.
You can use optMap, etc. to handle optional values in a more streamlined way.
I think that's better at least for the simpler examples. Maybe not worth it for the more complicated one.
packages/ti_custom/data_stream/indicator/agent/stream/cel.yml.hbs
Outdated
Show resolved
Hide resolved
packages/ti_custom/data_stream/indicator/agent/stream/cel.yml.hbs
Outdated
Show resolved
Hide resolved
packages/ti_custom/data_stream/indicator/agent/stream/cel.yml.hbs
Outdated
Show resolved
Hide resolved
packages/ti_custom/data_stream/indicator/agent/stream/cel.yml.hbs
Outdated
Show resolved
Hide resolved
chrisberkhout
left a comment
There was a problem hiding this comment.
one thing left in by mistake
packages/ti_custom/data_stream/indicator/agent/stream/cel.yml.hbs
Outdated
Show resolved
Hide resolved
|
💚 Build Succeeded
History
|
|
Package ti_custom - 0.6.0 containing this change is available at https://epr.elastic.co/package/ti_custom/0.6.0/ |
|
Good Morning. I found your integration, and it fits perfect into our TI feed for hashes with another server we have. But I'm running into an issue, where I'm getting a CEL error: failed eval: ERROR: :32:22: no such key: objects Is this where I need to set my CEL url location? And would that be changing the code that was commented out in the "The CEL program to be run for each polling." in settings? Any help would be appreciated. |
|
@AkodoGarou From the error you have posted, you are likely using the built-in CEL program. What is happening is that the document being returned by the API endpoint does not contain a field "objects", which the program expects (you can see that here). There is not enough information in your post to figure out what is going wrong for you, but this really should be a question in community slack or at https://discuss.elastic.co/. If you believe that it is a bug, please file an issue here. |
Changes added: - Add a limit parameter, that can be used to control the size of responses from TAXII servers (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107517) - To avoid fetching duplicate indicators every interval, now the response header X-Taxii-Date-Added-Last is stored in the cursor and used to populate the added_after parameter every iteration (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107519)
Changes added: - Add a limit parameter, that can be used to control the size of responses from TAXII servers (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107517) - To avoid fetching duplicate indicators every interval, now the response header X-Taxii-Date-Added-Last is stored in the cursor and used to populate the added_after parameter every iteration (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107519)
Proposed commit message
This PR adds the following changes:
limitparameter, that can be used to control the size of responses from TAXII servers (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107517)X-Taxii-Date-Added-Lastis stored in the cursor and used to populate theadded_afterparameter every iteration (see https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html#_Toc31107519)Checklist
changelog.ymlfile.