Skip to content

[crowdstrike] Add Support of IDP and EPP Alert Fields #11135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 20, 2024
Merged

[crowdstrike] Add Support of IDP and EPP Alert Fields #11135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7439b31
Add support of IDP and EPP alert fields.
mohitjha-elastic Sep 16, 2024
d64c204
Update changelog entry.
mohitjha-elastic Sep 16, 2024
7190ec3
Merge branch 'main' of github.com:mohitjha-elastic/integrations into …
mohitjha-elastic Sep 18, 2024
ab43975
Resolve review comments.
mohitjha-elastic Sep 18, 2024
f419043
Merge branch 'main' of github.com:mohitjha-elastic/integrations into …
mohitjha-elastic Sep 20, 2024
2dec26b
Resolve review comments.
mohitjha-elastic Sep 20, 2024
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions packages/crowdstrike/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@ The [CrowdStrike](https://www.crowdstrike.com/) Falcon integration allows you to
This integration is compatible with both CrowdStrike Falcon SIEM-Connector-v2.0 and REST API.
For Rest API support, this module has been tested against the **CrowdStrike API Version v1/v2**.

The minimum **kibana.version** required is **8.12.0**.

## Setup
### To collect data from CrowdStrike REST API, the following parameters from your CrowdStrike instance are required:

Expand Down
609 changes: 402 additions & 207 deletions packages/crowdstrike/_dev/deploy/docker/files/config-alert.yml
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions packages/crowdstrike/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.42.0"
changes:
- description: Add support of IDP and EPP alert fields.
type: enhancement
link: https://github.com/elastic/integrations/pull/11135
- version: "1.41.1"
changes:
- description: Re-add ECS field definitions to enable fieldless search for kibana versions before v8.14.
Expand Down
4 changes: 3 additions & 1 deletion packages/crowdstrike/data_stream/alert/_dev/test/pipeline/test-alert.log
View file
Open in desktop

Large diffs are not rendered by default.

700 changes: 698 additions & 2 deletions packages/crowdstrike/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion packages/crowdstrike/data_stream/alert/_dev/test/system/test-common-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ data_stream:
preserve_original_event: true
preserve_duplicate_custom_fields: true
assert:
hit_count: 2
hit_count: 3
Loading