Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Release of Sysdig Secure Integration #10841

Merged
merged 23 commits into from
Sep 17, 2024
Merged

Initial Release of Sysdig Secure Integration #10841

merged 23 commits into from
Sep 17, 2024

Conversation

cole-labar
Copy link
Contributor

@cole-labar cole-labar commented Aug 21, 2024
edited
Loading

What does this PR do?

This is an initial release of a new integration for Sysdig Secure. It captures events that are created by Sysdig's Rules. It includes:

A data stream for events from Sysdig rules.
Ingest pipeline for events data stream
Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files
Dashboard and visualizations of events.
Test for pipeline for event data stream.
System test cases for event data stream.
Documentation for users on how to configure Sysdig for this integration.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

What's Ready to Review

  • Data Stream & Mappings
  • Ingest Pipelines
  • Pipeline Tests
  • System (Integration) Tests
  • Visualizations
  • Documentation

How to test this PR locally

Related issues

Screenshots

Screenshot 2024-08-22 at 3 26 32 PM Screenshot 2024-08-22 at 2 50 30 PM

@cole-labar cole-labar changed the title WIP: Initial Release of Sysdig Secure Integration Initial Release of Sysdig Secure Integration Aug 22, 2024
@cole-labar cole-labar marked this pull request as ready for review August 22, 2024 19:34
@andrewkroh
Copy link
Member

/test

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@chemamartinez chemamartinez self-requested a review August 28, 2024 14:14
chemamartinez
chemamartinez requested changes Sep 2, 2024
View reviewed changes
packages/sysdig/validation.yml Outdated Show resolved Hide resolved
packages/sysdig/kibana/dashboard/sysdig-1b3c9930-f0c2-46c8-9bce-47738b8bfa33.json Outdated Show resolved Hide resolved
packages/sysdig/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/sysdig/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/sysdig/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/sysdig/data_stream/alerts/manifest.yml Show resolved Hide resolved
packages/sysdig/data_stream/alerts/manifest.yml Outdated Show resolved Hide resolved
packages/sysdig/data_stream/alerts/manifest.yml Outdated Show resolved Hide resolved
packages/sysdig/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
packages/sysdig/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
@chemamartinez chemamartinez self-assigned this Sep 4, 2024
@chemamartinez chemamartinez added the Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] label Sep 4, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

chemamartinez
chemamartinez reviewed Sep 13, 2024
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR changes LGTM! Waiting for a manual test in a real scenario to approve it.

@cole-labar
Copy link
Contributor Author

PR changes LGTM! Waiting for a manual test in a real scenario to approve it.

Integration was connected to a Sysdig event forwarder for "live environment" testing and data was successfully intercepted!

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @chemamartinez

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@chemamartinez chemamartinez merged commit 6045da1 into elastic:main Sep 17, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@chemamartinez chemamartinez

Labels
Category: Cloud Workload Protection Integration:sysdig Sysdig New Integration Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cole-labar @andrewkroh @elasticmachine @chemamartinez @nathanheffley