Skip to content

[windows_etw] Initial release of Custom Windows ETW integration #9413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chemamartinez merged 7 commits into from
Apr 8, 2024
Merged

[windows_etw] Initial release of Custom Windows ETW integration #9413

chemamartinez merged 7 commits into from
Apr 8, 2024

Conversation

@chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Mar 21, 2024

Proposed commit message

Add a new input package with a new integration Custom Windows ETW to collect Windows events from the new ETW input.

The minimum Kibana version to run the integration is 8.13.0.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists, useful guidelines to follow
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to: 8.13.0

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

  • Not added dashboards as an input package.

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists

Related issues

Screenshots

Main integration page
Screenshot 2024-03-21 at 16 51 06

Configuration
Screenshot 2024-03-21 at 16 51 45

Elastic Agent policy
Screenshot 2024-03-21 at 16 52 22

Fleet
Screenshot 2024-03-21 at 16 52 00
Screenshot 2024-03-21 at 16 52 40

Discover
Screenshot 2024-03-21 at 16 53 06

Document
Screenshot 2024-03-21 at 16 53 49
@chemamartinez chemamartinez added enhancement New feature or request New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 21, 2024
@chemamartinez chemamartinez self-assigned this Mar 21, 2024
@chemamartinez chemamartinez marked this pull request as ready for review March 21, 2024 16:21
@elasticmachine
Copy link

elasticmachine commented Mar 21, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@chemamartinez chemamartinez added Integration:windows_etw Custom Windows ETW logs Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels Mar 21, 2024
@elasticmachine
Copy link

elasticmachine commented Mar 21, 2024

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)
@chemamartinez chemamartinez requested review from a team March 25, 2024 12:37
jdu2600
jdu2600 reviewed Mar 28, 2024
View reviewed changes
jdu2600
jdu2600 reviewed Mar 28, 2024
View reviewed changes
jdu2600
jdu2600 reviewed Mar 28, 2024
View reviewed changes
jdu2600
jdu2600 reviewed Mar 28, 2024
View reviewed changes
@chemamartinez chemamartinez requested a review from jdu2600 April 3, 2024 10:16
efd6
efd6 reviewed Apr 3, 2024
View reviewed changes
@chemamartinez chemamartinez requested a review from efd6 April 5, 2024 06:31
@elasticmachine
Copy link

elasticmachine commented Apr 5, 2024

💚 Build Succeeded

History

cc @chemamartinez
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Apr 5, 2024

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube
@efd6
Copy link
Contributor

efd6 commented Apr 7, 2024

Please wait for sec-windows-platform approval.
marc-gr
marc-gr approved these changes Apr 8, 2024
View reviewed changes
Copy link
Contributor

@marc-gr marc-gr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
@chemamartinez chemamartinez merged commit a54d64e into elastic:main Apr 8, 2024
@elasticmachine
Copy link

elasticmachine commented Apr 8, 2024

Package windows_etw - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=windows_etw
@chemamartinez chemamartinez deleted the new-windows_etw branch February 6, 2025 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Integration:windows_etw Custom Windows ETW logs New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

5 participants

@chemamartinez @elasticmachine @efd6 @marc-gr @jdu2600