Skip to content

[prisma_cloud] Add Dashboards for all the Data Streams and Update the Test Logs #8391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 15, 2023
Merged

[prisma_cloud] Add Dashboards for all the Data Streams and Update the Test Logs #8391

merged 3 commits into from
Nov 15, 2023

Conversation

@mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Nov 3, 2023
edited
Loading

Type of change

  • Enhancement

What does this PR do?

1. Add Support for the dashboards of all the data streams.

image
image
image
image
image

2. Update test logs for the incident audit data stream.

Previously we did not have the test data so we added strings in the fields, now we have updated the test logs.

3. Change incident_audit.data.attack.techniques from nested array to array.

In the API Document, it is mentioned in the schema that this field would be a nested array but in the live responses we are
getting incident_audit.data.attack.techniques as an array so we have implemented this change.

4. Add one ECS mapping in the Incident Audit Data Stream.

Mapped os.full with the incident_audit.data.os.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to: ^8.10.1

How to test this PR locally

Clone integrations repo.
Install the elastic package locally.
Start the elastic stack using the elastic package.
Move to integrations/packages/prisma_cloud directory.
Run the following command to run tests.
elastic-package test -v

Automated Test

test_logs.txt
@mohitjha-elastic
Add dashboards for all the data streams and update sample logs.
78a0285 
1. Update test logs for audit and incident audit data stream. 2. Add one ecs mapping of the incident_audit.data to os.full 3. Add dashboards for all the data streams. 4. Change incident_audit.data.attack.techniques from nested array to array.
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner November 3, 2023 07:37
@elasticmachine
Copy link

elasticmachine commented Nov 3, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-11-15T13:00:41.800+0000

  • Duration: 25 min 8 sec

Test stats 🧪

Test Results
Failed 0
Passed 36
Skipped 0
Total 36

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
@efd6
Copy link
Contributor

efd6 commented Nov 5, 2023

/test
@elasticmachine
Copy link

elasticmachine commented Nov 5, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (5/5) 💚
Files 100.0% (5/5) 💚
Classes 100.0% (5/5) 💚
Methods 94.203% (65/69) 👍 69.203
Lines 95.065% (7050/7416) 👎 -4.935
Conditionals 100.0% (0/0) 💚
efd6
efd6 reviewed Nov 5, 2023
View reviewed changes
packages/prisma_cloud/data_stream/incident_audit/elasticsearch/ingest_pipeline/default.yml
tag: append_prisma_cloud_incident_audit_data_attack_techniques
value: '{{{_ingest._value}}}'
allow_duplicates: false
append:
Copy link
Contributor

@efd6 efd6 Nov 5, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we confident about this change? That the data from the API is never nested?
Copy link
Collaborator Author

@mohitjha-elastic mohitjha-elastic Nov 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@efd6 We got the responses from the Palo Alto Prisma Cloud in which this data is never nested. Hence we decided to go with this.
Let me know your thoughts on this.
@mohitjha-elastic mohitjha-elastic requested a review from efd6 November 8, 2023 07:57
@P1llus P1llus merged commit ab242de into elastic:main Nov 15, 2023
@elasticmachine
Copy link

elasticmachine commented Nov 15, 2023

Package prisma_cloud - 0.4.0 containing this change is available at https://epr.elastic.co/search?package=prisma_cloud
@andrewkroh andrewkroh added the Integration:prisma_cloud Palo Alto Prisma Cloud label Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Integration:prisma_cloud Palo Alto Prisma Cloud

5 participants

@mohitjha-elastic @elasticmachine @efd6 @P1llus @andrewkroh