Skip to content

Checkpoint Filebeat Module #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 6, 2020
Merged

Checkpoint Filebeat Module #220

merged 9 commits into from
Aug 6, 2020

Conversation

@andrewstucki
Copy link

@andrewstucki andrewstucki commented Aug 5, 2020
edited
Loading

What does this PR do?

Imports and implements the Checkpoint filebeat module

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all datasets collect metrics or logs.

Screenshots

Screen Shot 2020-08-04 at 9 48 37 PM

Screen Shot 2020-08-04 at 9 48 50 PM

Screen Shot 2020-08-04 at 9 56 14 PM

Screen Shot 2020-08-04 at 9 56 32 PM

Screen Shot 2020-08-04 at 9 56 47 PM

Screen Shot 2020-08-04 at 10 29 00 PM
@andrewstucki andrewstucki added enhancement New feature or request Team:Integrations Label for the Integrations team Team:SIEM (Deprecated) labels Aug 5, 2020
@elasticmachine
Copy link

elasticmachine commented Aug 5, 2020

Pinging @elastic/integrations (Team:Integrations)
@elasticmachine
Copy link

elasticmachine commented Aug 5, 2020

Pinging @elastic/siem (Team:SIEM)
andrewstucki
andrewstucki commented Aug 5, 2020
View reviewed changes
@elasticmachine
Copy link

elasticmachine commented Aug 5, 2020
edited
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #220 updated]

  • Start Time: 2020-08-05T14:56:27.195+0000

  • Duration: 5 min 19 sec

Steps errors

Expand to view the steps failures

  • Name: Check out from version control

    • Description: [2020-08-05T14:57:32.317Z] using credential f6c7695a-671e-4f4f-a331-acdce44ff9ba
      [2020-08-05T14:57:

    • Duration: 2 min 13 sec

    • Start Time: 2020-08-05T14:57:29.807+0000

    • log
andrewstucki
andrewstucki commented Aug 5, 2020
View reviewed changes
packages/checkpoint/dataset/firewall/manifest.yml
title: Check Point firewall logs
release: beta
streams:
- input: syslog
Copy link
Author

@andrewstucki andrewstucki Aug 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrewkroh do you happen to know if the syslog input adds any implicit fields like the logfile input by any chance? Checking the configuration only through the file input, so not entirely sure if I'm missing anything.
@mtojek mtojek self-requested a review August 6, 2020 11:22
mtojek
mtojek approved these changes Aug 6, 2020
View reviewed changes
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I think it would be much more convenient for you to review integrations inside the team. You don't need specifically our approvals (Nicolas, me) on this. We can verify the package format, but can't say too much about pipeline definitions.
@andrewstucki
Copy link
Author

andrewstucki commented Aug 6, 2020

You don't need specifically our approvals (Nicolas, me) on this. We can verify the package format, but can't say too much about pipeline definitions.

Sure thing, wasn't sure if you guys wanted to verify the first few packages coming from us or not to make sure we weren't doing something dumb 😅 , but definitely don't want to bombard you with like 20+ reviews for our team.
@mtojek
Copy link
Contributor

mtojek commented Aug 6, 2020

No worries, I saw you perform well with integrations, so need to check on them. Small request on my side: could you please configure your GH team (elastic/security-ingest) to have write perms to the package-storage? We configured a bot responsible for transferring changes from integrations to the package-storage.
@andrewstucki andrewstucki merged commit 018613d into elastic:master Aug 6, 2020
@andrewstucki andrewstucki deleted the checkpoint branch August 6, 2020 13:36
@andrewkroh andrewkroh added Integration:checkpoint Check Point New Integration Issue or pull request for creating a new integration package. labels Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Integration:checkpoint Check Point New Integration Issue or pull request for creating a new integration package. Team:Integrations Label for the Integrations team Team:SIEM (Deprecated)

5 participants

@andrewstucki @elasticmachine @mtojek @ruflin @andrewkroh