Skip to content

[D4C] updated schema yaml format #5514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 13, 2023
Merged

[D4C] updated schema yaml format #5514

merged 3 commits into from
Mar 13, 2023

Conversation

mitodrummer
Copy link
Contributor

@mitodrummer mitodrummer commented Mar 10, 2023
edited
Loading

What does this PR do?

Sets a new default yaml config for the integration. The new policy format looks like this:

file: selectors: - name: nginxBinMods operation: - createExecutable - modifyExecutable targetFilePath: - /usr/bin/** containerImageName: - nginx - name: excludeTestServers containerImageTag: - staging - preprod responses: - match: - nginxBinMods exclude: - excludeTestServers actions: - alert process: selectors: - name: allProcesses operation: - fork - exec responses: - match: - allProcesses actions: - log

Todos

  • improve package documentation (reflect new schema and new selector conditions and response actions)
  • CI e2e testing with kind (once public artifact is available).

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

Screenshots

https://user-images.githubusercontent.com/16198204/224398453-e41d8bf7-e952-46f4-9cd9-340c4928ad7e.png
@mitodrummer mitodrummer added the enhancement New feature or request label Mar 10, 2023
@mitodrummer mitodrummer requested review from a team and norrietaylor March 10, 2023 22:47
@mitodrummer mitodrummer changed the title updated schema format [D4C] updated schema yaml format Mar 10, 2023
@elasticmachine
Copy link

elasticmachine commented Mar 10, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-03-10T23:01:16.012+0000

  • Duration: 14 min 47 sec

Test stats 🧪

Test Results
Failed 0
Passed 7
Skipped 0
Total 7

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
norrietaylor
norrietaylor approved these changes Mar 10, 2023
View reviewed changes
Copy link
Member

@norrietaylor norrietaylor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (0/0) 💚
Files 100.0% (0/0) 💚
Classes 100.0% (0/0) 💚
Methods 26.667% (4/15)
Lines 100.0% (0/0) 💚
Conditionals 100.0% (0/0) 💚
@mitodrummer mitodrummer merged commit 498f9b0 into main Mar 13, 2023
@elasticmachine
Copy link

Package cloud_defend - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=cloud_defend
agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 20, 2023
@mitodrummer @agithomas
[D4C] updated schema yaml format (elastic#5514)
5014324 
* updated schema format * changelog pr link updated * fix manifest version
agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 21, 2023
@mitodrummer @agithomas
[D4C] updated schema yaml format (elastic#5514)
14bdc6c 
* updated schema format * changelog pr link updated * fix manifest version
@andrewkroh andrewkroh added the Integration:cloud_defend Defend for Containers (Deprecated) label Jul 20, 2023
@andrewkroh andrewkroh added the Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] label Sep 18, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Integration:cloud_defend Defend for Containers (Deprecated) Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] v8.8.0

4 participants

@mitodrummer @elasticmachine @norrietaylor @andrewkroh