Skip to content

cisco_meraki: fix webhook configuration and behavior #9415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 25, 2024
Merged

cisco_meraki: fix webhook configuration and behavior #9415

merged 1 commit into from
Mar 25, 2024

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented Mar 21, 2024

Proposed commit message

Cisco Meraki's approach to 'authentication' is not actually based on authentication. Instead a shared secret is passed as part of the event that is sent in the web hook publication[1]. So, in order to prevent ingestion of invalid or unauthorised events, check for shared secret matching in the ingest pipeline and drop event that do not match.

Note that Cisco Meraki's approach does not provide any mechanism to prevent unauthorized connections.

[1]https://developer.cisco.com/meraki/webhooks/introduction/#shared-secret

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots
@efd6 efd6 added Integration:cisco_meraki Cisco Meraki bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 21, 2024
@efd6 efd6 self-assigned this Mar 21, 2024
@efd6 efd6 force-pushed the 9388-cisco_meraki branch 2 times, most recently from ac540bb to 27df016 Compare March 21, 2024 23:42
@efd6
cisco_meraki: fix webhook configuration and behavior
113c2f1 
Cisco Meraki's approach to 'authentication' is not actually based on authentication. Instead a shared secret is passed as part of the event that is sent in the web hook publication[1]. So, in order to prevent ingestion of invalid or unauthorised events, check for shared secret matching in the ingest pipeline and drop event that do not match. Note that Cisco Meraki's approach does not provide any mechanism to prevent unauthorized connections. [1]https://developer.cisco.com/meraki/webhooks/introduction/#shared-secret
@efd6 efd6 force-pushed the 9388-cisco_meraki branch from 27df016 to 113c2f1 Compare March 22, 2024 00:11
@elasticmachine
Copy link

elasticmachine commented Mar 22, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@elasticmachine
Copy link

elasticmachine commented Mar 22, 2024

💚 Build Succeeded

History

  • 💔 Build #9769 failed 27df0168ec6594c523fe4d0f6c9d242b50a5e524
  • 💔 Build #9768 failed ac540bbed8c3bf74bf879656c013de3abccac942

cc @efd6
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Mar 22, 2024

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube
@efd6 efd6 marked this pull request as ready for review March 22, 2024 00:29
@efd6 efd6 requested a review from a team as a code owner March 22, 2024 00:29
@elasticmachine
Copy link

elasticmachine commented Mar 22, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
kcreddy
kcreddy approved these changes Mar 25, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏼
@efd6 efd6 merged commit 76eb715 into elastic:main Mar 25, 2024
@elasticmachine
Copy link

elasticmachine commented Mar 25, 2024

Package cisco_meraki - 1.21.2 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki
@efd6 efd6 deleted the 9388-cisco_meraki branch February 5, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_meraki Cisco Meraki Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

3 participants

@efd6 @elasticmachine @kcreddy