Skip to content

ti_misp: harmonise object fields between datastreams #5917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 28, 2023
Merged

ti_misp: harmonise object fields between datastreams #5917

merged 4 commits into from
Apr 28, 2023

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Apr 19, 2023

What does this PR do?

Brings field definitions into agreement. This is the second part of addressing #5834,

Note that if the event added in tests here is add to the threat datastream test, it fails due to a failure of the uri_parts processor to handle \ in the host part of a URL.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots
@efd6 efd6 added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:ti_misp MISP labels Apr 19, 2023
@efd6 efd6 self-assigned this Apr 19, 2023
@efd6 efd6 force-pushed the 5834-ti_misp-threat_attributes branch from 6840890 to be7a37c Compare April 19, 2023 06:16
@efd6 efd6 requested a review from P1llus April 19, 2023 06:16
@elasticmachine
Copy link

elasticmachine commented Apr 19, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-04-28T08:16:56.814+0000

  • Duration: 15 min 23 sec

Test stats 🧪

Test Results
Failed 0
Passed 15
Skipped 0
Total 15

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
@elasticmachine
Copy link

elasticmachine commented Apr 19, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 100.0% (30/30) 💚 10.596
Lines 86.792% (598/689) 👎 -4.555
Conditionals 100.0% (0/0) 💚
@efd6 efd6 marked this pull request as ready for review April 19, 2023 12:08
@efd6 efd6 requested a review from a team as a code owner April 19, 2023 12:08
@elasticmachine
Copy link

elasticmachine commented Apr 19, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
kcreddy
kcreddy reviewed Apr 26, 2023
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need clarification about sample log
packages/ti_misp/data_stream/threat_attributes/_dev/test/pipeline/test-misp-sample-ndjson.log Outdated
Copy link
Contributor

@kcreddy kcreddy Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This response doesn't seem to belong to threat attributes API

Was this supposed to be added to threat datastream instead?
Copy link
Contributor Author

@efd6 efd6 Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, good catch. Thanks
packages/ti_misp/data_stream/threat_attributes/elasticsearch/ingest_pipeline/default.yml Outdated
Copy link
Contributor

@kcreddy kcreddy Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are already renaming event.original to misp.attribute earlier in the pipeline.
Copy link
Contributor Author

@efd6 efd6 Apr 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.
Copy link
Contributor

@kcreddy kcreddy Apr 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, what I actually meant to say was that all these renaming with misp.event.* fields never exists in the Attributes API. It has fields named misp.attribute.* i.e., misp.attribute.Object, misp.attribute.Event, misp.attribute.Tag which were already renamed in the pipeline earlier.
Copy link
Contributor Author

@efd6 efd6 Apr 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, you're correct, fixed fixed.
@efd6 efd6 force-pushed the 5834-ti_misp-threat_attributes branch from be7a37c to 2b762c1 Compare April 26, 2023 21:23
@efd6 efd6 force-pushed the 5834-ti_misp-threat_attributes branch from 2b762c1 to 6446f1e Compare April 26, 2023 21:24
@efd6 efd6 force-pushed the 5834-ti_misp-threat_attributes branch from ab82a1c to 473dfb6 Compare April 27, 2023 23:39
kcreddy
kcreddy approved these changes Apr 28, 2023
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏼 Minor suggestion
packages/ti_misp/changelog.yml Outdated
# newer versions go on top
- version: "1.13.1"
changes:
- description: Harmonise object and org fields.
Copy link
Contributor

@kcreddy kcreddy Apr 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

org is probably not relevant anymore in this PR
efd6
efd6 commented Apr 28, 2023
View reviewed changes
@efd6 efd6 changed the title ti_misp: harmonise object and org fields between datastreams ti_misp: harmonise object fields between datastreams Apr 28, 2023
@efd6 efd6 merged commit 04aee29 into elastic:main Apr 28, 2023
@elasticmachine
Copy link

elasticmachine commented Apr 28, 2023

Package ti_misp - 1.13.1 containing this change is available at https://epr.elastic.co/search?package=ti_misp
@efd6 efd6 deleted the 5834-ti_misp-threat_attributes branch February 5, 2025 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working, use only for issues Integration:ti_misp MISP

3 participants

@efd6 @elasticmachine @kcreddy