[Cisco Duo] Integration updates #11200
Conversation
chemamartinez added enhancement 
andrewkroh added the dashboard 
| Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
chemamartinez force-pushed the cisco_duo-v2-support branch from ba88c6c to fe8c405 Compare 
🚀 Benchmarks reportTo see the full report comment with |
| state.next_url | ||
| : | ||
| state.url.trim_right("/") + "/admin/v2/logs/authentication?" + { | ||
| "limit": [string(int(state.limit))], |
There was a problem hiding this comment.
Is the int conversion due to float rendering?
There was a problem hiding this comment.
I think so... for some reason, it was formatting these variables as float so I was getting the following error:
failed eval: ERROR: <input>:51:58: no such overload for format_query: type conversion error from Double to 'string' | ).base64()], | ||
| }, |
There was a problem hiding this comment.
The formatting here looks a little weird; oh, there are mixed spaces and tabs.
There was a problem hiding this comment.
Yes, rendering the program with celfmt adds tabs, so probably I have mixed spaces and tabs in further modifications. I will leave spaces for all the code.
| "error": { | ||
| "code": has(body.code) ? string(body.code) : string(resp.StatusCode), | ||
| "id": string(resp.Status), | ||
| "message": "GET: " + |
There was a problem hiding this comment.
| "message": "GET: " + | |
| "message": "GET:" + |
There was a problem hiding this comment.
Don't you think the message looks better with an space in it? an example:
"error": { "code": "40102", "id": "401 Unauthorized", "message": "GET: Invalid identity in request credentials" } packages/cisco_duo/data_stream/telephony_v2/_dev/test/system/test-default-config.yml Show resolved Hide resolved
| "error": { | ||
| "code": has(body.code) ? string(body.code) : string(resp.StatusCode), | ||
| "id": string(resp.Status), | ||
| "message": "GET: " + |
There was a problem hiding this comment.
| "message": "GET: " + | |
| "message": "GET:" + |
packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs Outdated Show resolved Hide resolved
efd6 left a comment
efd6 left a comment There was a problem hiding this comment.
Needs an elastic-package build. Otherwise LGTM
|
💚 Build Succeeded
History
|
| Package cisco_duo - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=cisco_duo |
Added new data stream telephony_v2 to support the new v2 API endpoint. Updated the auth data stream to migrate from the HTTPJSON to CEL. Review documentation and dashboards
Added new data stream telephony_v2 to support the new v2 API endpoint. Updated the auth data stream to migrate from the HTTPJSON to CEL. Review documentation and dashboards
4 participants
Proposed commit message
This pull request contains several changes for the Cisco Duo integration:
Added new data stream
telephony_v2to support the new v2 API endpoint.Updated the
authdata stream to migrate from the HTTPJSON to CEL.Both data streams above include a CEL program to make requests to the v2 version of the Cisco Duo API, following the next specifications:
Review documentation and dashboards
The upgrade process has been tested manually to verify that changes in current data streams don't break current users during upgrades.
Data streams that use the new CEL inputs are disabled by default. For the case of the
authdata stream, users that are using it will have to enable it again when upgrading the integration, because of the migration from httpjson to CEL.Checklist
changelog.ymlfile.How to test this PR locally
Added pipeline and system tests for affected data streams.
Related issues
Screenshots
Integration page and configuration
Dashboards