-
Notifications
You must be signed in to change notification settings - Fork 455
Opencanary #13970
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Opencanary #13970
Conversation
rebuild test event set, fix handling for certain error type events, add GeoIP enrichment for source.ip and destination.ip, rebuild/retest/regen sample events etc, retest dashboard
@navnit-elastic - new PR opened. |
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
This is a copy of PR #13026, which was reviewed but eventually closed due to inactivity. |
/test |
💔 Build Failed
Failed CI StepsHistory |
The failure reported by CI I have tried running on v8.15.0 and v8.18.0. Both of these succeed, so either the Event Summary dashboard needs to be made to conform to v8.13's expectation, or the kibana version needs to be bumped in the manifest. |
Thanks @efd6 for reporting, @colin-stubbs since there are major changes into the integration, I think it would be better to bump Kibana version to |
8.17.0 makes more sense. @efd6 - out of curiosity what's the situation that has you running tests on an 8.13.x stack? Did you explicitly look at the constraint and fire up an 8.13.x version to test with because it had 8.13.0? UPDATE: I realised you mentioned the CI pipeline... so I suppose it's smart enough to look at the constraint and fire up tests on the version/s listed there? I'm typically testing with the latest It strikes me that perhaps I've updated constraints now to 8.17.0 after explicitly re-testing using an 8.17.0 stack.
|
CI runs the tests on the lowest claimed stack version specified in the Since it works for 8.15, I'd be happy for it to be marked at that version. This drops the least number of users. |
Proposed commit message
Resolves issues #12911, #13024, #13025. Relevant to resolution of #2518.
Checklist
changelog.yml
file.Author's Checklist
Resolves multiple issues:
Testing:
elastic-package lint && check && build
elastic-package test system --generate
elastic-package test pipeline --generate
elastic-package test
How to test this PR locally
Install and operate OpenCanary, ideally via docker.
Use Elastic Agent to ingest OpenCanary log file OR webhooks.
Scan OpenCanary with nmap with scripting to trigger events, e.g.
nmap -sC 127.0.0.1
Review
Related issues
Screenshots
New basic summary dashboard added,