Skip to content

Update Deployment and Devices integrations to ECS 8.17.0 (part 4)#12574

Merged
taylor-swanson merged 12 commits intoelastic:mainfrom
taylor-swanson:ecs/8.17-part4
Feb 4, 2025
Merged

Update Deployment and Devices integrations to ECS 8.17.0 (part 4)#12574
taylor-swanson merged 12 commits intoelastic:mainfrom
taylor-swanson:ecs/8.17-part4

Conversation

@taylor-swanson
Copy link
Copy Markdown
Contributor

@taylor-swanson taylor-swanson commented Feb 3, 2025
edited
Loading

Proposed commit message

Updates the following integrations to ECS 8.17.0:

  • qnap_nas
  • snort
  • sonicwall_firewall
  • sophos
  • squid
  • stormshield
  • suricata
  • tcp
  • udp
  • watchguard_firebox
  • zeek

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@taylor-swanson taylor-swanson added enhancement New feature or request Integration:squid Squid Proxy Integration:sophos Sophos Integration:suricata Suricata Integration:zeek Zeek Integration:snort Snort Integration:sonicwall_firewall SonicWall Firewall Integration:tcp Custom TCP Logs Integration:udp Custom UDP Logs Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] Integration:stormshield StormShield SNS Integration:watchguard_firebox WatchGuard Firebox Integration:qnap_nas QNAP NAS (Community supported) labels Feb 3, 2025
@taylor-swanson taylor-swanson self-assigned this Feb 3, 2025
@taylor-swanson taylor-swanson changed the title Update Deployment and Devices integrations to ECS 8.16.0 (part 4) Update Deployment and Devices integrations to ECS 8.17.0 (part 4) Feb 3, 2025
@taylor-swanson taylor-swanson mentioned this pull request Jan 8, 2025
Open
@taylor-swanson taylor-swanson marked this pull request as ready for review February 3, 2025 18:19
@taylor-swanson taylor-swanson requested a review from a team as a February 3, 2025 18:19
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Feb 3, 2025

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

dwhyrock
dwhyrock approved these changes Feb 3, 2025
View reviewed changes
packages/snort/data_stream/log/_dev/test/pipeline/test-log-pfsense.log-expected.json Outdated
Copy link
Copy Markdown
Contributor

@dwhyrock dwhyrock Feb 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Must have hit 88mph generating these expected logs...
Delorean

Copy link
Copy Markdown
Contributor Author

@taylor-swanson taylor-swanson Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhhh... I seem to recall this coming up before. I'll investigate this further. I have no idea how it's getting that date, other than maybe some help from the Doc.

Copy link
Copy Markdown
Contributor Author

@taylor-swanson taylor-swanson Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay figured it out, the time format mistakenly used "week-based-year" (Y) instead of "year-of-era" (y), which is more typical. The former gives very different results (as observed above). I'm going to fix that out-of-band since this is clearly a bug. (In fact, I think I had wrote a bug on this last time).

Copy link
Copy Markdown
Contributor Author

@taylor-swanson taylor-swanson Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for snort fix is here: #12599

packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json Outdated
Copy link
Copy Markdown
Contributor

@dwhyrock dwhyrock Feb 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🪒

@qcorporation qcorporation requested review from a team as code owners February 4, 2025 03:56
@qcorporation qcorporation requested a review from faec February 4, 2025 03:56
@taylor-swanson taylor-swanson removed Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:abnormal_security Abnormal AI labels Feb 4, 2025
@taylor-swanson
[qnap_nas] - change to ECS version git@v8.17.0
44de9c7 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/qnap_nas
@taylor-swanson
[snort] - change to ECS version git@v8.17.0
df44b68 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/snort
@taylor-swanson
[sonicwall_firewall] - change to ECS version git@v8.17.0
e301dbb 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/sonicwall_firewall
@taylor-swanson
[sophos] - change to ECS version git@v8.17.0
4e611e2 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/sophos
@taylor-swanson
[squid] - change to ECS version git@v8.17.0
9b01ceb 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/squid
@taylor-swanson
[stormshield] - change to ECS version git@v8.17.0
28393dc 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/stormshield
@taylor-swanson
[suricata] - change to ECS version git@v8.17.0
22adf70 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/suricata
@taylor-swanson
[tcp] - change to ECS version git@v8.17.0
f064713 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The
ecs.version in sample_event.json files was changed to 8.17.0. Previously
sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/tcp
@taylor-swanson
[udp] - change to ECS version git@v8.17.0
8b35ad9 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/udp
@taylor-swanson
[watchguard_firebox] - change to ECS version git@v8.17.0
be41ae7 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/watchguard_firebox
@taylor-swanson
[zeek] - change to ECS version git@v8.17.0
3cce015 
ECS version in build manifest changed from git@v8.11.0 to git@v8.17.0. The set
ecs.version processor in pipelines was changed 8.17.0. Previously the pipeline
was setting version 8.11.0. The ecs.version in sample_event.json files was
changed to 8.17.0. Previously sample_event.json files contained 8.11.0.

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.17.0 -ecs-git-ref=git@v8.17.0 -pr=1 packages/zeek
@taylor-swanson
changelogs
d15a551
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Feb 4, 2025

💚 Build Succeeded

History

  • 💚 Build #21611 succeeded a36e2fc2f1ad7158e5cbd4c90114bbad286a4338
  • 💚 Build #21489 succeeded fef5500785293effed9ca9e21ce1d4c87e404662

cc @taylor-swanson

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Feb 4, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@taylor-swanson taylor-swanson merged commit 35c6e66 into elastic:main Feb 4, 2025
@taylor-swanson taylor-swanson deleted the ecs/8.17-part4 branch February 4, 2025 21:18
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package qnap_nas - 1.21.0 containing this change is available at https://epr.elastic.co/package/qnap_nas/1.21.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package snort - 1.16.0 containing this change is available at https://epr.elastic.co/package/snort/1.16.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package sonicwall_firewall - 1.17.0 containing this change is available at https://epr.elastic.co/package/sonicwall_firewall/1.17.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package sophos - 3.11.0 containing this change is available at https://epr.elastic.co/package/sophos/3.11.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package squid - 1.1.0 containing this change is available at https://epr.elastic.co/package/squid/1.1.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package stormshield - 1.1.0 containing this change is available at https://epr.elastic.co/package/stormshield/1.1.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package suricata - 2.22.0 containing this change is available at https://epr.elastic.co/package/suricata/2.22.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package tcp - 1.20.0 containing this change is available at https://epr.elastic.co/package/tcp/1.20.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package udp - 2.1.0 containing this change is available at https://epr.elastic.co/package/udp/2.1.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package watchguard_firebox - 1.1.0 containing this change is available at https://epr.elastic.co/package/watchguard_firebox/1.1.0/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Feb 4, 2025

Package zeek - 2.26.0 containing this change is available at https://epr.elastic.co/package/zeek/2.26.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dwhyrock dwhyrock dwhyrock approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels

enhancement New feature or request Integration:qnap_nas QNAP NAS (Community supported) Integration:snort Snort Integration:sonicwall_firewall SonicWall Firewall Integration:sophos Sophos Integration:squid Squid Proxy Integration:stormshield StormShield SNS Integration:suricata Suricata Integration:tcp Custom TCP Logs Integration:udp Custom UDP Logs Integration:watchguard_firebox WatchGuard Firebox Integration:zeek Zeek Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@taylor-swanson @elasticmachine @dwhyrock @andrewkroh