New integration created for "cloud_defend" for containers feature #4680
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
mitodrummer added enhancement 
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
m-sample reviewed Nov 18, 2022
lrishi approved these changes Nov 19, 2022
packages/cloud_defend/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
Co-authored-by: Lovel Rishi <lrishi@users.noreply.github.com>
6 tasks
added 5 commits November 21, 2022 12:04
…tions into cloud_defend_v0.0.1_stub
| Pinging @elastic/integrations (Team:Integrations) |
mitodrummer changed the title mitodrummer requested review from a team and removed request for a team, dimadavid and learhy 
…ther text content updates
mitodrummer added Team: Cloud Native Integrations and removed Team:AWP mitodrummer added a commit to elastic/kibana that referenced this pull request Dec 20, 2022
## Summary New Kibana plugin created for an integration called "Cloud defend for containers" which will have a corresponding agent service which can proactively block and alert on executable creation or modification in a running container. This plugin is purely in place to configure the fleet policy UX around this new integration. For now we have added a yaml editor as a custom input to our integration. The monaco-yaml libary was added to allow support for JSON schema validation support for yaml. Integration PR is up, and a work in progress: (waiting on some content for the doc page) elastic/integrations#4680 ### Screenshot  ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Co-authored-by: Karl Godard <karlgodard@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
| /test |
…tions into cloud_defend_v0.0.1_stub
6 tasks
| Package cloud_defend - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=cloud_defend |
| Package cloud_defend - 0.1.1 containing this change is available at https://epr.elastic.co/search?package=cloud_defend |
1 similar comment
| Package cloud_defend - 0.1.1 containing this change is available at https://epr.elastic.co/search?package=cloud_defend |
andrewkroh added Integration:cloud_defend andrewkroh added Team:Cloud Security | Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds an integration to support a new security capability in elastic-agent for detecting and preventing container drift.
Content for docs page is incomplete. Hopefully that can be addressed in subsequent PRs, as it could take time to get that content.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots